有没有办法在WinDbg中查看,验证或提取可执行文件的数字签名信息?
到目前为止,我发现可执行文件有一个安全目录:
0:048> !dh customerapp
...
0 [ 0] address [size] of Export Directory
43DC [ 64] address [size] of Import Directory
7000 [ 47C38] address [size] of Resource Directory
6000 [ 1A4] address [size] of Exception Directory
4C600 [ 1ED8] address [size] of Security Directory
...
查看内存无济于事:
0:048> db customerapp+4C600
00000000`0044c600 ff ff ff 00 ff ff ff 00-ff ff ff 00 ff ff ff 00 ................
00000000`0044c610 ff ff ff 00 ff ff ff 00-ff ff ff 00 ff ff ff 00 ................
00000000`0044c620 ff ff ff 00 ff ff ff 00-ff ff ff 00 ff ff ff 00 ................
00000000`0044c630 ff ff ff 00 ff ff ff 00-ff ff ff 00 ff ff ff 00 ................
...
我希望至少看到一些像DigiCert或类似的字符串。