1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00

Completed support for chaning windows executable file information resources.

This commit is contained in:
Ylian Saint-Hilaire 2022-06-20 14:31:28 -07:00
parent 63de362bc0
commit 34fdb39dcd
4 changed files with 86 additions and 27 deletions

View file

@ -1111,8 +1111,9 @@ function createAuthenticodeHandler(path) {
//function padPointer(ptr) { return ptr + (ptr % 4); }
// Hash the file using the selected hashing system
// This hash skips the executables CRC and code signing data and signing block
obj.getHash = function(algo) {
var hash = crypto.createHash(algo);
const hash = crypto.createHash(algo);
runHash(hash, 0, obj.header.peHeaderLocation + 88);
runHash(hash, obj.header.peHeaderLocation + 88 + 4, obj.header.peHeaderLocation + 152 + (obj.header.pe32plus * 16));
runHash(hash, obj.header.peHeaderLocation + 152 + (obj.header.pe32plus * 16) + 8, obj.header.sigpos > 0 ? obj.header.sigpos : obj.filesize);
@ -1120,14 +1121,41 @@ function createAuthenticodeHandler(path) {
}
// Hash of an open file using the selected hashing system
obj.getHashOfFile = function (fd, algo, filesize) {
var hash = crypto.createHash(algo);
// This hash skips the executables CRC and code signing data and signing block
obj.getHashOfFile = function(fd, algo, filesize) {
const hash = crypto.createHash(algo);
runHashOnFile(fd, hash, 0, obj.header.peHeaderLocation + 88);
runHashOnFile(fd, hash, obj.header.peHeaderLocation + 88 + 4, obj.header.peHeaderLocation + 152 + (obj.header.pe32plus * 16));
runHashOnFile(fd, hash, obj.header.peHeaderLocation + 152 + (obj.header.pe32plus * 16) + 8, obj.header.sigpos > 0 ? obj.header.sigpos : filesize);
return hash.digest();
}
// Hash the file using the selected hashing system skipping resource section
// This hash skips the executables CRC, sections table, resource section, code signing data and signing block
obj.getHashNoResources = function (algo) {
if (obj.header.sections['.rsrc'] == null) { return obj.getHash(algo); } // No resources in this executable, return a normal hash
// Get the sections table start and size
const sectionHeaderPtr = obj.header.SectionHeadersPtr;
const sectionHeaderSize = obj.header.coff.numberOfSections * 40;
// Get the resource section start and size
const resPtr = obj.header.sections['.rsrc'].rawAddr;
const resSize = obj.header.sections['.rsrc'].rawSize;
// Get the end-of-file location
const eof = obj.header.sigpos > 0 ? obj.header.sigpos : obj.filesize;
// Hash the remaining data
const hash = crypto.createHash(algo);
runHash(hash, 0, obj.header.peHeaderLocation + 88);
runHash(hash, obj.header.peHeaderLocation + 88 + 4, obj.header.peHeaderLocation + 152 + (obj.header.pe32plus * 16));
runHash(hash, obj.header.peHeaderLocation + 152 + (obj.header.pe32plus * 16) + 8, sectionHeaderPtr);
runHash(hash, sectionHeaderPtr + sectionHeaderSize, resPtr);
runHash(hash, resPtr + resSize, eof);
return hash.digest();
}
// Hash the file from start to end loading 64k chunks
function runHash(hash, start, end) {
var ptr = start;
@ -1137,8 +1165,8 @@ function createAuthenticodeHandler(path) {
// Hash the open file loading 64k chunks
// TODO: Do chunks on this!!!
function runHashOnFile(fd, hash, start, end) {
var buf = Buffer.alloc(end - start);
var len = fs.readSync(fd, buf, 0, buf.length, start);
const buf = Buffer.alloc(end - start);
const len = fs.readSync(fd, buf, 0, buf.length, start);
if (len != buf.length) { console.log('BAD runHashOnFile'); }
hash.update(buf);
}