* Fixed ImageLoader::Save()
* Review comment solved
* Fixed out-of-bounds read
* Previous behavior of ImageLoader::Save() is back as special case (needed for unpackers)
Co-authored-by: Ladislav Zezula <ladislav.zezula@avast.com>
* Integrate new authenticode-parser
* Add comments
* Integrate authenticode-parser repository as dependency
* Update to new authenticode-parser version
* Change the verification flow
Co-authored-by: Peter Matula <peter.matula@avast.com>
* Parse various PE timestamps and export them out
* Enable parsing of debug entries other than CodeView
* Include the pe_timestamps header
* Change timestamp format
`PythonInterp` is old and deprecated module which may gave up on a system with multiple python installation like 2.7 and 3.x where `/usr/bin/python` is 2.7.
* Check if certificate table is outside of the image and export the information
* Move signatures that are inside images into their own invalid signatures container
* Don't output invalid signatures
* Add sanity check for offset existence within a file
* Change unsigned long long to std::uint64_t
* Fix the entry point anomaly flow and add new anomaly for memory only entry point
* Change the entry point evaluation so that EP offset ouside of a file doesn't give warning about invalid entry point due to the memory-only entry points
* Edit the RvaToOffset so it uses virtual size in case real size is larger. Separate the ignore of invalid offset just for PE.
* Create separate function for the valid offset calculation
* Fix comment
* More unsigned long long refactoring, fix found indent issues
* Remove unsigned long long from tests aswell
* Use type namespace if exists even when nested
* Reconstruct parameters from signature if no Param info exists
* Fix incorrect .NET visibility representation
* Change FIleInfo to use always the first occurence of the .NET stream type
* Understand ExtraData flag in MetadataTable header
* Accept empty strings inside StringHeap
* Add check if the type is actually nested
* Rework BlobStream
* Add bound checking
* Fix missing bound checks when parsing arrays
* Update dotnet file detection
* Update doxygen comments
* Add reference to code adapted from YARA
* Specify type, add move semantics to BlobStream
* Comment blob parsing and fix incorrect condition in dotnet detection
macOS/clang never had the stdc++fs library that is required on some
systems using gcc. The message is therefore confusing when it
appears on a macos device and may be misleading when solving
for a compilation error.
This commit removes the message on macOS builds.
* Add signatureVerified flag for each signature
* Simplify condition
* Remove checking for version == 1 when validating signatures
* Modify plain signature presentation
