On Wed Apr 24 15:30:39 2024 +0000, Hans Leidekker wrote:

The entry itself must skipped. The hash should be the same whether the image is signed or not. right, but this means that you never include in the hash what's after the content of the security directory?

(and another nitpick, not sure it does matter so much for real images, but it should be checked against nth->OptionalHeader.NumberOfRvaAndSizes that security header in present) -- https://gitlab.winehq.org/wine/wine/-/merge_requests/5516#note_68711