winexetag

package module
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 6, 2024 License: Apache-2.0 Imports: 15 Imported by: 1

README

go-winexetag

GoDoc Go Reference

Embed custom data in code-signed PE (Windows) executables without breaking the signature.

This project is comprised of three parts:

  • The winexetag library.
  • exetag-tool, a CLI tool, to manipulate tags on code-signed PE files.
  • exetag-httpd, a rudimentary HTTP server, to tag code-signed EXE files on the fly.

Origin

Original source code extracted from certificate_tag, a tool included in Google's Omaha project, which is the open-source version of Google Update for Windows.

Documentation

Index

Constants

View Source 
const (
	IMAGE_DOS_SIGNATURE              = 0x5A4D
	IMAGE_DOS_HEADER_SIZE            = 64
	IMAGE_FILE_HEADER_SIZE           = 20
	IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 14
)

Variables

View Source 
var (
	ErrTruncated = errors.New("truncated file")
)
View Source 
var (
	IMAGE_NT_HEADER_SIGNATURE = []byte{'P', 'E', 0, 0}
)

Functions

func SetTagCertTag 

func SetTagCertTag(signedData *signedData, tag []byte) ([]byte, error)

SetTagCertTag modifies signedData, adding the tagging cert with the given tag. It returns the asn1 serialization of the modified signedData.

Types

type Binary 

type Binary interface {
	GetTagCert() (cert *x509.Certificate, index int, err error)
	GetTag() (tag []byte, err error)
	SetTag(writer io.Writer, tag []byte) (err error)
}

Binary represents a taggable binary of any format.

func NewBinary 

func NewBinary(contents []byte) (Binary, error)

NewBinary returns a Binary that contains details of the PE32 or MSI binary given in |contents|. |contents| is modified if it is an MSI file.

type IMAGE_DATA_DIRECTORY 

type IMAGE_DATA_DIRECTORY struct {
	VirtualAddress uint32 `struc:"uint32,little"`
	Size           uint32 `struc:"uint32,little"`
}

type IMAGE_DOS_HEADER 

type IMAGE_DOS_HEADER struct {
	Magic    uint16     `struc:"uint16,little"` // Magic number
	Cblp     uint16     `struc:"uint16,little"` // Byte on last page of file
	Cp       uint16     `struc:"uint16,little"` // Pages in file
	Crlc     uint16     `struc:"uint16,little"` // Relocations
	Cparhdr  uint16     `struc:"uint16,little"` // Size of header in paragraphs
	Minalloc uint16     `struc:"uint16,little"` // Minimum extra paragraphs needed
	Maxalloc uint16     `struc:"uint16,little"` // Maximum extra paragraphs needed
	Ss       uint16     `struc:"uint16,little"` // Initial (relative) SS value
	Sp       uint16     `struc:"uint16,little"` // Initial SP value
	Csum     uint16     `struc:"uint16,little"` // Checksum
	Ip       uint16     `struc:"uint16,little"` // Initial IP value
	Cs       uint16     `struc:"uint16,little"` // Initial (relative) CS value
	Lfarlc   uint16     `struc:"uint16,little"` // File address of relocation table
	Ovno     uint16     `struc:"uint16,little"` // Overlay number
	Res      [4]uint16  `struc:"[4]uint16"`     // Reserved words
	Oemid    uint16     `struc:"uint16,little"` // OEM identifier (for e_oeminfo)
	Oeminfo  uint16     `struc:"uint16,little"` // OEM information; e_oemid specific
	Res2     [10]uint16 `struc:"[10]uint16"`    // Reserved words
	Lfanew   int32      `struc:"int32,little"`  // File address of new exe header
}

func (*IMAGE_DOS_HEADER) ReadFrom 

func (h *IMAGE_DOS_HEADER) ReadFrom(reader io.Reader) error

type IMAGE_FILE_HEADER 

type IMAGE_FILE_HEADER struct {
	Machine               ImageFileMachine `struc:"uint16,little"`
	NumberOfSections      uint16           `struc:"uint16,little"`
	TimeDateStamp         uint32           `struc:"uint32,little"`
	PointerForSymbolTable uint32           `struc:"uint32,little"`
	NumberOfSymbols       uint32           `struc:"uint32,little"`
	SizeOfOptionalHeader  uint16           `struc:"uint16,little"`
	Characteristics       uint16           `struc:"uint16,little"`
}

IMAGE_FILE_HEADER represents the IMAGE_FILE_HEADER structure from http://msdn.microsoft.com/en-us/library/windows/desktop/ms680313(v=vs.85).aspx.

func (*IMAGE_FILE_HEADER) ReadFrom 

func (h *IMAGE_FILE_HEADER) ReadFrom(reader io.Reader) error

type IMAGE_OPTIONAL_HEADER32 

type IMAGE_OPTIONAL_HEADER32 struct {
	Magic                       uint16 `struc:"uint16,little"` // Magic number
	MajorLinkerVersion          byte   `struc:"byte"`          // Major linker version
	MinorLinkerVersion          byte   `struc:"byte"`          // Minor linker version
	SizeOfCode                  uint32 `struc:"uint32,little"` // Size of code
	SizeOfInitializedData       uint32 `struc:"uint32,little"` // Size of initialized data
	SizeOfUninitializedData     uint32 `struc:"uint32,little"` // Size of uninitialized data
	AddressOfEntryPoint         uint32 `struc:"uint32,little"` // Address of entry point
	BaseOfCode                  uint32 `struc:"uint32,little"` // Base address of code
	BaseOfData                  uint32 `struc:"uint32,little"` // Base address of data
	ImageBase                   uint32 `struc:"uint32,little"` // Image base address
	SectionAlignment            uint32 `struc:"uint32,little"` // Section alignment
	FileAlignment               uint32 `struc:"uint32,little"` // File alignment
	MajorOperatingSystemVersion uint16 `struc:"uint16,little"` // Major operating system version
	MinorOperatingSystemVersion uint16 `struc:"uint16,little"` // Minor operating system version
	MajorImageVersion           uint16 `struc:"uint16,little"` // Major image version
	MinorImageVersion           uint16 `struc:"uint16,little"` // Minor image version
	MajorSubsystemVersion       uint16 `struc:"uint16,little"` // Major subsystem version
	MinorSubsystemVersion       uint16 `struc:"uint16,little"` // Minor subsystem version
	Win32VersionValue           uint32 `struc:"uint32,little"` // Win32 version value
	SizeOfImage                 uint32 `struc:"uint32,little"` // Size of image
	SizeOfHeaders               uint32 `struc:"uint32,little"` // Size of headers
	CheckSum                    uint32 `struc:"uint32,little"` // Checksum
	Subsystem                   uint16 `struc:"uint16,little"` // Subsystem
	DllCharacteristics          uint16 `struc:"uint16,little"` // DLL characteristics
	SizeOfStackReserve          uint32 `struc:"uint32,little"` // Size of stack to reserve
	SizeOfStackCommit           uint32 `struc:"uint32,little"` // Size of stack to commit
	SizeOfHeapReserve           uint32 `struc:"uint32,little"` // Size of heap to reserve
	SizeOfHeapCommit            uint32 `struc:"uint32,little"` // Size of heap to commit
	LoaderFlags                 uint32 `struc:"uint32,little"` // Loader flags
	NumberOfRvaAndSizes         uint32 `struc:"uint32,little"` // Number of data-directory entries

}

IMAGE_OPTIONAL_HEADER32 represents the IMAGE_OPTIONAL_HEADER structure from http://msdn.microsoft.com/en-us/library/windows/desktop/ms680339(v=vs.85).aspx.

func (*IMAGE_OPTIONAL_HEADER32) ReadFrom 

func (h *IMAGE_OPTIONAL_HEADER32) ReadFrom(reader io.Reader) error

type IMAGE_OPTIONAL_HEADER64 

type IMAGE_OPTIONAL_HEADER64 struct {
	Magic                       uint16 `struc:"uint16,little"` // Magic number
	MajorLinkerVersion          byte   `struc:"byte"`          // Major linker version
	MinorLinkerVersion          byte   `struc:"byte"`          // Minor linker version
	SizeOfCode                  uint32 `struc:"uint32,little"` // Size of code
	SizeOfInitializedData       uint32 `struc:"uint32,little"` // Size of initialized data
	SizeOfUninitializedData     uint32 `struc:"uint32,little"` // Size of uninitialized data
	AddressOfEntryPoint         uint32 `struc:"uint32,little"` // Address of entry point
	BaseOfCode                  uint32 `struc:"uint32,little"` // Base address of code
	ImageBase                   uint64 `struc:"uint64,little"` // Image base address
	SectionAlignment            uint32 `struc:"uint32,little"` // Section alignment
	FileAlignment               uint32 `struc:"uint32,little"` // File alignment
	MajorOperatingSystemVersion uint16 `struc:"uint16,little"` // Major operating system version
	MinorOperatingSystemVersion uint16 `struc:"uint16,little"` // Minor operating system version
	MajorImageVersion           uint16 `struc:"uint16,little"` // Major image version
	MinorImageVersion           uint16 `struc:"uint16,little"` // Minor image version
	MajorSubsystemVersion       uint16 `struc:"uint16,little"` // Major subsystem version
	MinorSubsystemVersion       uint16 `struc:"uint16,little"` // Minor subsystem version
	Win32VersionValue           uint32 `struc:"uint32,little"` // Win32 version value
	SizeOfImage                 uint32 `struc:"uint32,little"` // Size of image
	SizeOfHeaders               uint32 `struc:"uint32,little"` // Size of headers
	CheckSum                    uint32 `struc:"uint32,little"` // Checksum
	Subsystem                   uint16 `struc:"uint16,little"` // Subsystem
	DllCharacteristics          uint16 `struc:"uint16,little"` // DLL characteristics
	SizeOfStackReserve          uint64 `struc:"uint64,little"` // Size of stack to reserve
	SizeOfStackCommit           uint64 `struc:"uint64,little"` // Size of stack to commit
	SizeOfHeapReserve           uint64 `struc:"uint64,little"` // Size of heap to reserve
	SizeOfHeapCommit            uint64 `struc:"uint64,little"` // Size of heap to commit
	LoaderFlags                 uint32 `struc:"uint32,little"` // Loader flags
	NumberOfRvaAndSizes         uint32 `struc:"uint32,little"` // Number of data-directory entries

}

func (*IMAGE_OPTIONAL_HEADER64) ReadFrom 

func (h *IMAGE_OPTIONAL_HEADER64) ReadFrom(reader io.Reader) error

type ImageFileMachine 

type ImageFileMachine = uint16
const (
	IMAGE_FILE_MACHINE_I386  ImageFileMachine = 0x014c
	IMAGE_FILE_MACHINE_IA64  ImageFileMachine = 0x0200
	IMAGE_FILE_MACHINE_AMD64 ImageFileMachine = 0x8664
)

type MSIBinary 

type MSIBinary struct {
	// contains filtered or unexported fields
}

MSIBinary represents an MSI binary. |headerBytes| and |contents| are non-overlapping slices of the same backing array.

func NewMSIBinary 

func NewMSIBinary(fileContents []byte) (*MSIBinary, error)

NewMSIBinary returns a Binary that contains details of the MSI binary given in |contents|. |contents| is modified; the region occupied by the cert section is zeroed out.

func (*MSIBinary) GetTag 

func (bin *MSIBinary) GetTag() (tag []byte, err error)

func (*MSIBinary) GetTagCert 

func (bin *MSIBinary) GetTagCert() (cert *x509.Certificate, index int, err error)

func (*MSIBinary) SetTag 

func (bin *MSIBinary) SetTag(writer io.Writer, tag []byte) (err error)

SetTagCertTag returns an MSI binary based on bin, but where the superfluous certificate contains the given tag data. The (parsed) bin.signedData is modified; but bin.signedDataBytes, which contains the raw original bytes, is not.

type MSIDirEntry 

type MSIDirEntry struct {
	Name              [64]byte
	NumNameBytes      uint16
	ObjectType        uint8
	ColorFlag         uint8
	Left              uint32
	Right             uint32
	Child             uint32
	Clsid             [16]byte
	StateFlags        uint32
	CreateTime        uint64
	ModifyTime        uint64
	StreamFirstSector uint32
	StreamSize        uint64
}

MSIDirEntry represents a parsed MSI directory entry for a stream.

type MSIHeader 

type MSIHeader struct {
	Magic                      [8]byte
	Clsid                      [16]byte
	MinorVersion               uint16
	DllVersion                 uint16
	ByteOrder                  uint16
	SectorShift                uint16
	MiniSectorShift            uint16
	Reserved                   [6]byte
	NumDirSectors              uint32
	NumFatSectors              uint32
	FirstDirSector             uint32
	TransactionSignatureNumber uint32
	MiniStreamCutoffSize       uint32
	FirstMiniFatSector         uint32
	NumMiniFatSectors          uint32
	FirstDifatSector           uint32
	NumDifatSectors            uint32
}

MSIHeader represents a parsed MSI header.

type PE32Binary 

type PE32Binary struct {
	// contains filtered or unexported fields
}

PE32Binary represents a PE binary.

func NewPE32Binary 

func NewPE32Binary(reader io.ReadSeeker) (*PE32Binary, error)

NewPE32Binary returns a Binary that contains details of the PE32 binary given in contents.

func (*PE32Binary) GetTag 

func (bin *PE32Binary) GetTag() (tag []byte, err error)

func (*PE32Binary) GetTagCert 

func (bin *PE32Binary) GetTagCert() (cert *x509.Certificate, index int, err error)

func (*PE32Binary) SetTag 

func (bin *PE32Binary) SetTag(writer io.Writer, tag []byte) (err error)

SetTag returns a PE binary based on bin, but where the superfluous certificate contains the given tag data. The (parsed) bin.signedData is modified; but bin.asn1Bytes, which contains the raw original bytes, is not.

type SectorFormat 

type SectorFormat struct {
	Size offT // the size of a sector in bytes; 512 for dll v3 and 4096 for v4.
	Ints int  // the number of int32s in a sector.
}

SectorFormat represents parameters of an MSI file sector.

Source Files

View all Source files

Directories

Path Synopsis
cmd
exetag-tool
Program exetag-tool manipulates "tags" in Authenticode-signed Windows binaries.
 Program exetag-tool manipulates "tags" in Authenticode-signed Windows binaries.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.