authenticode

PE Authenticode parser based on libyara implementation


Keywords
library, cryptography, digital-signature, executable, pe, authenticode, forensics
License
BSD-3-Clause
Install
nimble install authenticode

Documentation

Authenticode

run tests

PE Authenticode parser based on libyara implementation

Installation

nimble install authenticode

Usage

You'll probably want to parse PE file mapped into memory with parse_authenticode function, like this:

import authenticode
import authenticode/parser
import std/memfiles

initialize_authenticode_parser()

var data = memfiles.open("path/to/pefile.exe", mode = fmReadWrite, mappedSize = -1)
let auth = parse_authenticode(cast[ptr uint8](data.mem), data.size.uint)

Consult tests/testParsing.nim file for detailed usage.