typedef struct _IMAGE_DATA_DIRECTORY { DWORD VirtualAddress; DWORD Size; } IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
IMAGE_DIRECTORY_ENTRY_SECURITY【证书属性表 - WIN_CERTIFICATE】
typedef struct _WIN_CERTIFICATE { DWORD dwLength; WORD wRevision; WORD wCertificateType; // WIN_CERT_TYPE_xxx BYTE bCertificate[ANYSIZE_ARRAY]; } WIN_CERTIFICATE, *LPWIN_CERTIFICATE;
WIN_CERTIFICATE结构记录了证书长度、版本、类型、二进制内容。,版本是由WIN_CERT_REVISION_XXX定义,类型是WIN_CERT_TYPE_XXX定义。因为证书不会被映射到内存里,所以IMAGE_DATA_DIRECTORY[IMAGE_DIRECTORY_ENTRY_SECURITY]里的VirtualAddress存的是文件偏移。
利用: