Huge Signed PE File: Keeping The Signature - SANS Internet Storm Center

SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Huge Signed PE File: Keeping The Signature
In my diary entry "Huge Signed PE File" we stripped a huge PE file with signature like this: I was asked how to strip a PE file but keep the signature. So, doing this: To achieve this, you follow the procedure as explain in my diary entry, and then you copy the signature from the original file to the stripped file with my disitool.py, like this: Of course, the signature will remain invalid (except for a very special case :-) ). Didier Stevens Senior handler Microsoft MVP blog.DidierStevens.com	DidierStevens 649 Posts ISC Handler May 28th 2022
Thread locked Subscribe	May 28th 2022 1 month ago