Description
Hi,
Thanks for this library, I use it in my modding software I write to validate the source of a game. I'm wondering if it would be possible to extend this to support reading files from memory/byte arrays, which is apparently something that can be done in powershell (https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-authenticodesignature?view=powershell-7).
I ask for this feature because for one of the games my software mods, the executable has to be modified to support Large Address Aware (LAA - it's a really old game from mid 2000s), as well as patched in a few other areas to prevent things like running as admin (it's a long story) and other stuff. I want to be able to determine the source of it still, so I'm planning to write a 'executable reverser', which will read in the executable, reverse the changes we've made, and then I would feed that data to AuthenticodeExaminer. The game will not work if we don't make these changes so we will always have a game executable with a broken signature.
This is easily possible by doing a disk write but I'm trying to avoid writing a 20MB file to disk just to determine the signature.
I see you are using native windows API to perform this, and I haven't looked at powershell to see how it does it. Another use case for this is that I perform updates through patches, so I update my program's executable by applying a patch to it in memory and validating the hash. If I could validate the signature in memory instead, it would drop the need for me to validate the hash (I don't write to disk until I validate the result), which is extra manual work I have to do on every build of my software.