C# implementation to get SignedCms from signed file

Question

I am having an implementation using C++ CRYPT32.DLL to extract a SignedCms object from a signed c# assembly dll.

The certificate used to sign the dll is expired

Answer 1

I haven't found a CNG equivalent of the call but here is the specification which should let you extract the PKCS#7 which are the bytes for the SignedCms:

The spec says:

Authenticode signatures can be “embedded” in a Windows PE file, in a location specified by the Certificate Table entry in Optional Header Data Directories

Here are nice overviews of the bytes in the PE header: - https://resources.infosecinstitute.com/presenting-the-pe-header/ - https://www.red-gate.com/simple-talk/blogs/anatomy-of-a-net-assembly-pe-headers/

And almost all details: https://blog.kowalczyk.info/articles/pefileformat.html

On github I found a managed sample that reads the PE header: https://gist.github.com/augustoproiete/b51f29f74f5f5b2c59c39e47a8afc3a3

EDIT: The code on github was not reliable according to a comment of @martin-s and he succeeded with this alternative:

https://github.com/secana/PeNet

All pieces together should do the job.