Last active
September 10, 2021 08:15
-
-
Save mattifestation/d10f91859bd0dffd4a539945ae02eccb to your computer and use it in GitHub Desktop.
Simple 010 Editor template to parse an embedded WIN_CERTIFICATE structure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//------------------------------------------------ | |
//--- 010 Editor v7.0 Binary Template | |
// | |
// File: | |
// Authors: Matt Graeber (@mattifestation) | |
// Version: | |
// Purpose: | |
// Category: | |
// File Mask: | |
// ID Bytes: | |
// History: | |
//------------------------------------------------ | |
typedef enum <ushort> WinCertRevision { | |
WIN_CERT_REVISION_1_0 = 0x0100, | |
WIN_CERT_REVISION_2_0 = 0x0200 | |
} WIN_CERT_REVISION; | |
typedef enum <ushort> WinCertType { | |
WIN_CERT_TYPE_X509 = 1, | |
WIN_CERT_TYPE_PKCS_SIGNED_DATA = 2, | |
WIN_CERT_TYPE_RESERVED_1 = 3, | |
WIN_CERT_TYPE_TS_STACK_SIGNED = 4 | |
} WIN_CERT_TYPE; | |
typedef struct WIN_CERTIFICATE { | |
ulong dwLength <bgcolor=cLtRed>; | |
WIN_CERT_REVISION wRevision <bgcolor=cLtGreen>; | |
WIN_CERT_TYPE wCertificateType <bgcolor=cLtBlue>; | |
BYTE bCertificate[dwLength - 8] <bgcolor=cLtPurple>; | |
}; | |
WIN_CERTIFICATE WinCertificate; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment