Use SigCheck w/ Zimmerman Tools

[emtuls]

This fixes many of the tools that are running into an error in our Daily checks (https://github.com/mandiant/VM-Packages/wiki/Daily-Failures). These specific tools run into an issue where we need to manually update the hashes due to the links not having a version in them so our updater does not properly update the packages for us.

Specifically, this fixes:

• evtxecmd.vm
• pecmd.vm
• recmd.vm
• registry_explorer.vm
• rla.vm
• sqlecmd.vm

[Ana06]

This is a great improvement, thanks for working on this @emtuls!! 💖

I do not like that we have a code that is long and complicated repeated in many packages. could you please add a helper function that we can reuse so that the code in every of the packages is simple and the complicated code is in a single place making it easier to maintain and understand? 🙏

Question: Why can't we use VM-Assert-Signature for RegCool? It seem you didn't need to do anything special in this case 🤔

[emtuls]

This is a great improvement, thanks for working on this @emtuls!! 💖

I do not like that we have a code that is long and complicated repeated in many packages. could you please add a helper function that we can reuse so that the code in every of the packages is simple and the complicated code is in a single place making it easier to maintain and understand? 🙏

Question: Why can't we use VM-Assert-Signature for RegCool? It seem you didn't need to do anything special in this case 🤔

I've modified the VM-Install-From-Zip to include a new argument for verifying a signature. I was a bit hesitant at first to do it because it seems to make the code look a little bit ugly, but I think it is generally fine and makes for the other code bits in each package to be much cleaner.

The alternative would have been its own function, but it would mimic the VM-Install-From-Zip function in a lot of ways, so I wasn't sure if that would be any better.

As for why we can't use it with RegCool. I believe that this is because the cert used to sign that tool is a self signed cert which is not verified via our method that we use to verify signatures, whereas these tools have a standard CA signing authority.

[Ana06]

Question: Can we now use the helper function to simplify the packages that are already using signature verification (sysinternals, googlechrome, metasploit)?

[Ana06]

you need to make the hash optional and remove it from the packages using signature verification:

Suggested change

	VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false -verifySignature $true
	VM-Install-From-Zip $toolName $category $zipUrl -consoleApp $true -innerFolder $false -verifySignature $true

[Ana06]

you also need to ensure signtool is installed in all the packages that use signature verification

Suggested change

	<dependency id="common.vm" version="0.0.0.20241212" />
	<dependency id="common.vm" version="0.0.0.20241212" />
	<!-- vcbuildtools.vm installs signtool.exe needed by VM-Assert-Signature -->
	<dependency id="vcbuildtools.vm" />