Issue with Signify v0.9.2 #13
Description
When importing thrember with recent versions of signify, the following error occurs:
ImportError: cannot import name 'SignedPEFile' from 'signify.authenticode'
Root cause
thrember/features.py currently imports:
from signify.authenticode import SignedPEFileHowever, in recent versions of signify, SignedPEFile is no longer exposed at this location.
According to the current Signify documentation, the class is now defined in:
from signify.authenticode.signed_file import SignedPEFileAdditionally, the Signify API has changed:
iter_signed_datas()has been replaced byiter_embedded_signatures()
As a result, thrember fails to import with up-to-date Signify versions, even though the required class still exists.
Proposed fix
- Update the import in
thrember/features.py:
from signify.authenticode.signed_file import SignedPEFile- Replace calls to:
iter_signed_datas()with:
iter_embedded_signatures()This aligns thrember with the current Signify public API and restores compatibility without removing Authenticode features.
Environment
- Python: 3.10 / 3.11
- signify: recent (>= 0.7.x)
- thrember / EMBER2024: current main branch