* Change the Rich header analysis to bottom-up
* Propagate real offset from start of the file to the Rich header
* set default offset value
* Change code style to follow the rest of the file code
This fixes the following two warnings reported by GCC 11:
src/llvmir2hll/llvm/llvmir2bir_converter/structure_converter.cpp:1957:25:
warning: loop variable ‘clause’ creates a copy from type ‘const
std::shared_ptr<std::pair<std::vector<std::shared_ptr<retdec::llvmir2hll::Expression>
src/llvmir2hll/llvmir2hll.cpp:894:25: warning: loop variable ‘pfId’ creates
a copy from type ‘const std::__cxx11::basic_string<char>’
[-Wrange-loop-construct]
* init
* Some more glue
* Add Certificate processing
* Added ability to get signers cert chain, counter signer chain, restructuring start
* Solve merge conflicts
* Add printing of nested signatures
* Major refactor
* Refactoring, adding details
* Refactor
* refactor, extending authenticode to return signature abstraciton, restructuing certificate table to accept new Authenticode content
* large restructuring, implementing authenticode to general signature inteface
* Added prototype of new json format for certificates
* adhere to the code style
* commiting forgotten certificate TU
* Adding copyright header
* decluttering authenticode interfaces, removing obsolete comments
* decluttering authenticode interfaces, removing obsolete comments, updating copyright
* Remove <filesystem> dependency
* Restructure of ContentInfo parsing, better error checking based on MS Authenticode spec
* Completed parsing of all members of SignedData that are in the specification, added exception handler in pe_format
* Complete parsing of all SignerInfo information based on MS specification
* Added sha1 and sha256 certificate digests
* Finish extraction of all certificate information that was exported in existing fileinfo impl
* Improving error handling and proper deallocation
* Got rid of all leaks
* Added base for MsCounterSignatures and Pkcs9CounterSignatures and their chain + signing time
* Remove fileinfo certificateTable
* Add more parsed information to the output, Implement plain text output
* Forgot to add ms_counter_signature files to git
* Adding better validation and feedback
* Add the renamed source files to git
* Add verification of Pkcs7 signatures and Pkcs9 countersignatures
* Implement ms counter signature verification and output of verification warnings
* remove non trivial intializers
* Polishing verification, adding all certificates to the output, redone chain bulding
* Improve error handling
* Fix uninitialized values due to parsing errors
* Get rid of exceptions
* Fix more edge cases
* Add verification if the signed and file hash match, modify the plain and json output
* Fix unhandled null dereferences and uninitialized branches
* Remove unnecessary copying
* Add programName from SpcOpusInfo to the output, remove dead code, add missing newlines, fix windows build
* Revert indent, add proper doxygen file comments
* Add certificate public key back to output
* Remove dots from error messages
* pkcs7_signature.cpp: fix doxygen
* pkcs7_signature.h: fix doxygen
* pkcs9_counter_signature.cpp: fix doxygen
* pkcs9_counter_signature.h: fix doxygen
* pkcs7_signature.cpp: fix doxygen and source
* authenticode_structs.h: fix doxygen
* authenticode_structs.cpp: fix doxygen
* Remove undefined behaviour, set default value of algorithm type
Co-authored-by: Karel Hájek <karel.hajek@avast.com>
Co-authored-by: Peter Matula <p3t3r.matula@gmail.com>
* Implement telfhash for import table and add TLSH to the project
* comment the import symbol filter regexes
* Use std::set for faster lookup
* Address code review comments
* better formatting
* Move TLSH to deps/ using cmake
* Forgot to commit tlsh headers
* Restructure elf_format to get symbols in the same manner as telfhash
* Ignore symbols from dynamic segments
* First exclude then convert to lower_case
* mask out symbol visibility from others
* Move telfhash outside import table to elf_format, use TLSH for all imphashes, create default imphash for ELF
* Fix uninitialized value
* Fixed TLSH build on Windows
* fileformat/CMakeLists.txt: do not add tlsh-related stuff
* deps/tlsh: refactor CMake
* cmake/options.cmake: move TLSH to deps section
* deps/tlsh/cmake: add new line at the end
* fileformat/elf_format: C comment -> C++ comment
* fileformat/elf_import_table.h: add missing new line
* fileformat: remove trailing spaces
Co-authored-by: Peter Matula <peter.matula@avast.com>
Co-authored-by: Peter Matula <p3t3r.matula@gmail.com>
* Detection of invalid import directory will now be triggered by invalid import names
* Detection of corrupt import directories was made stricter
* Refactored detection if invalid imports
Co-authored-by: Ladislav Zezula <ladislav.zezula@avast.com>
