diff --git a/test/fake_code_signer.rb b/test/fake_code_signer.rb index a166a083..2e817e9c 100644 --- a/test/fake_code_signer.rb +++ b/test/fake_code_signer.rb @@ -26,10 +26,8 @@ def initialize(input:, output:, padding: 4) end def sign - if pe_header.security_size !=0 + if pe_header.security_size != 0 raise "Binary already signed, nothing to do!" - elsif @input == @output - raise "input and output files must be different!" end # Below we access an instance of the IMAGE_DATA_DIRECTORY struct. @@ -37,10 +35,10 @@ def sign # see: https://msdn.microsoft.com/en-us/library/windows/desktop/ms680305(v=vs.85).aspx # write the offset (address) of the digital signature to the security header (VirtualAddress field) - @image[pe_header.security_offset, 4] = raw_bytes(@image.size + @padding) + @image[pe_header.security_address_offset, PEHeader::DWORD_SIZE] = raw_bytes(@image.size + @padding) # write the size of the digital signature to the security header (Size field) - @image[pe_header.security_offset + 4, 4] = raw_bytes(FAKE_SIG.size) + @image[pe_header.security_size_offset, PEHeader::DWORD_SIZE] = raw_bytes(FAKE_SIG.size) # append the "digital signature" to the end of the executable, complete with padding @image << padding_string << FAKE_SIG diff --git a/test/fake_code_signer/pe_header.rb b/test/fake_code_signer/pe_header.rb index 0d19908f..29445f81 100644 --- a/test/fake_code_signer/pe_header.rb +++ b/test/fake_code_signer/pe_header.rb @@ -39,14 +39,20 @@ def security_offset image_data_directory_offset + DATA_DIRECTORY_ENTRY_SIZE * 4 end + alias security_address_offset security_offset + + def security_size_offset + security_offset + DWORD_SIZE + end + # location of the digital signature def security_address - deref(security_offset) + deref(security_address_offset) end # size of the digital signature def security_size - deref(security_offset + DWORD_SIZE) + deref(security_size_offset) end private