Package ghidra.app.util.bin.format.pe

Class SecurityCertificate

java.lang.Object
ghidra.app.util.bin.format.pe.SecurityCertificate
All Implemented Interfaces:
StructConverter
public class SecurityCertificate extends Object implements StructConverter
A class to represent the WIN_CERTIFICATE struct as defined in winbase.h.

This structure encapsulates a signature used in verifying executables. 

 typedef struct _WIN_CERTIFICATE {
     DWORD       dwLength;
     WORD        wRevision;
     WORD        wCertificateType;   // WIN_CERT_TYPE_xxx
     BYTE        bCertificate[ANYSIZE_ARRAY];
 } WIN_CERTIFICATE, *LPWIN_CERTIFICATE;

  • Field Details

    • NAME

      public static final String NAME
      The name to use when converting into a structure data type.
      See Also:

    • WIN_CERT_REVISION_1_0

      public static final int WIN_CERT_REVISION_1_0
      See Also:

    • WIN_CERT_REVISION_2_0

      public static final int WIN_CERT_REVISION_2_0
      See Also:

    • WIN_CERT_TYPE_X509

      public static final int WIN_CERT_TYPE_X509
      bCertificate contains an X.509 Certificate.
      See Also:

    • WIN_CERT_TYPE_PKCS_SIGNED_DATA

      public static final int WIN_CERT_TYPE_PKCS_SIGNED_DATA
      bCertificate contains a PKCS SignedData structure.
      See Also:

    • WIN_CERT_TYPE_RESERVED_1

      public static final int WIN_CERT_TYPE_RESERVED_1
      Reserved.
      See Also:

    • WIN_CERT_TYPE_PKCS1_SIGN

      public static final int WIN_CERT_TYPE_PKCS1_SIGN
      bCertificate contains PKCS1_MODULE_SIGN fields.
      See Also:

  • Constructor Details

    • SecurityCertificate

      public SecurityCertificate()

  • Method Details

    • getLength

      public int getLength()
      Returns the length, in bytes, of the signature.
      Returns:
      the length, in bytes, of the signature

    • getRevision

      public int getRevision()
      Returns the certificate revision. Currently, the only defined certificate revision is WIN_CERT_REVISION_1_0 (0x0100).
      Returns:
      the certificate revision

    • getType

      public int getType()
      Returns the certificate type.
      Returns:
      the certificate type

    • getTypeAsString

      public String getTypeAsString()
      Returns a string representation of the certificate type.
      Returns:
      a string representation of the certificate type

    • getData

      public byte[] getData()
      An array of certificates. The format of this member depends on the value of wCertificateType.
      Returns:
      an array of certificates

    • toDataType

      public DataType toDataType() throws DuplicateNameException
      Description copied from interface: StructConverter
      Returns a structure datatype representing the contents of the implementor of this interface.

      For example, given: 

       class A {
     int foo;
     double bar;
 }

      The return value should be a structure data type with two data type components; an INT and a DOUBLE. The structure should contain field names and, if possible, field comments.

      Specified by:
      toDataType in interface StructConverter
      Returns:
      returns a structure datatype representing the implementor of this interface
      Throws:
      DuplicateNameException - when a datatype of the same name already exists
      See Also: