/
cert.go
50 lines (41 loc) · 1.39 KB
/
cert.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
package pe
import (
"errors"
"fmt"
"io"
)
// CERTIFICATE_TABLE is the index of the Certificate Table info in the Data Directory structure
// in the PE header
const CERTIFICATE_TABLE = 4
func readCertTable(f *File, r io.ReadSeeker) ([]byte, error) {
if f.OptionalHeader == nil { // Optional header is optional, might not exist
return nil, nil
}
var certTableOffset, certTableSize uint32
switch f.FileHeader.Machine {
case IMAGE_FILE_MACHINE_I386:
certTableOffset = f.OptionalHeader.(*OptionalHeader32).DataDirectory[CERTIFICATE_TABLE].VirtualAddress
certTableSize = f.OptionalHeader.(*OptionalHeader32).DataDirectory[CERTIFICATE_TABLE].Size
case IMAGE_FILE_MACHINE_AMD64:
certTableOffset = f.OptionalHeader.(*OptionalHeader64).DataDirectory[CERTIFICATE_TABLE].VirtualAddress
certTableSize = f.OptionalHeader.(*OptionalHeader64).DataDirectory[CERTIFICATE_TABLE].Size
default:
return nil, errors.New("architecture not supported")
}
// check if certificate table exists
if certTableOffset == 0 || certTableSize == 0 {
return nil, nil
}
var err error
_, err = r.Seek(int64(certTableOffset), seekStart)
if err != nil {
return nil, fmt.Errorf("fail to seek to certificate table: %v", err)
}
// grab the cert
cert := make([]byte, certTableSize)
_, err = io.ReadFull(r, cert)
if err != nil {
return nil, fmt.Errorf("fail to read certificate table: %v", err)
}
return cert, nil
}