PE文件数字签名验证

Verification of the digital signature of a PE file

通过 signtool 检查文件时，我得到一个哈希值，在解码证书时，得到另一个哈希值。我错过了什么？

命令： signtool verify /a /ph /pa /v .\EmptyExe.exe
文件哈希 (sha256)：9FCC67FA3FAA88BCDED22E9FCF6AE1D6D62A95A79A1C777743052DF16F63DADC

解码八位字节字符串： 0001f...f003031300d06096086480165030402010500042066cea53b15089957fc4ca86e419e2058f562e17a802e23e7d5154d2e71412e1a
已解析的字符串：https://lapo.it/asn1js/#MDEwDQYJYIZIAWUDBAIBBQAEIGbOpTsVCJlX_EyobkGeIFj1YuF6gC4j59UVTS5xQS4a

据我观察，在对不同的文件进行签名时，只有3个字段发生变化：hash、messageDigest、encoded hash。 messageDigest 字段中存储了什么？

剪切数字签名： https://lapo.it/asn1js/#MIIGRgYJKoZIhvcNAQcCoIIGNzCCBjMCAQExDzANBglghkgBZQMEAgEFADBcBgorBgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgBZQMEAgEFAAQgn8xn-j-qiLze0i6fz2rh1tYqlaeaHHd3QwUt8W9j2tygggPFMIIDwTCCAqmgAwIBAgIQGhQKhwNj5Z5IvU4kiPIzqjANBgkqhkiG9w0BAQsFADBVMVMwUQYDVQQDHkoARwBvAGwAbwB2AGwAZQB2ACAAVABpAG0AbwBmAGUAeQAgACgAVABpAG0AXwBkAGUAdgApACAAMQA1AC4AMAA1AC4AMgAwADAAMDAeFw0yMTAzMDMwMjEzNTJaFw0zOTEyMzEyMzU5NTlaMFUxUzBRBgNVBAMeSgBHAG8AbABvAHYAbABlAHYAIABUAGkAbQBvAGYAZQB5ACAAKABUAGkAbQBfAGQAZQB2ACkAIAAxADUALgAwADUALgAyADAAMAAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdIyw8JcPlDHM1fQGiBKmpWRYRhrOe31xwvYTYaQ02Uc-g0pIGzCu3Q-o6MS0i-2efIKs5shX0HFkLjMy1zgZc2F-PTx8f8HySRxroi5QVngQWLxu638sB9uYdVqBwWyNd7scZx-Z9Fd-kS0rFRIPlyuLCg8UOGtR5KbZ4V7dSNm8myHFTtVqD79n42oJEe2vkmUXQ266B2rHUdHDXJPTiXKwoZg4wAjeTkJUlgJwHeZUvpOkQfoo27C9dh8-4BRR4dHJOtwA1RDyuaVYl1tiQmBAAOcqjKf1bl9u3JLvxldIM8jura2k9oWLA3cxzx7Gr6DlIlGhD7EkyLww3n6VQIDAQABo4GMMIGJMIGGBgNVHQEEfzB9gBBOBdKqObwJh3JpHeW1T741oVcwVTFTMFEGA1UEAx5KAEcAbwBsAG8AdgBsAGUAdgAgAFQAaQBtAG8AZgBlAHkAIAAoAFQAaQBtAF8AZABlAHYAKQAgADEANQAuADAANQAuADIAMAAwADCCEBoUCocDY-WeSL1OJIjyM6owDQYJKoZIhvcNAQELBQADggEBAJeNUpwyUVqKSYGXPj6ibGfs4xxYaHf4obEJ3pgnWFblVgPahzQTutVJ5Ny-TSp0Ger8fTtu9soal35Zz9dpUE9aTYp-YWtEpaaqx5IC-OnH9Cao7ZJ_zM8fwiP9PtHNMuYCBiO24PmHF6oyB0gwcNYh0oa0YaVKJcmtHAVSH6WSzbdea3j9sdlBPVA6FeNchHCCiatesoM75IAUCvKYuBQ9JLenPvCXoKhXBDsiVb5tMKdZD8Vbvoj7b1JzKuv6NkICV99rLWW5MwfRMB-HG-BoML9E2mNJ-kqaVLFbJOZHCaNNIxejR70fY-ijexPNwvr_rI4VW01uYkdmSMlzRLExggH0MIIB8AIBATBpMFUxUzBRBgNVBAMeSgBHAG8AbABvAHYAbABlAHYAIABUAGkAbQBvAGYAZQB5ACAAKABUAGkAbQBfAGQAZQB2ACkAIAAxADUALgAwADUALgAyADAAMAAwAhAaFAqHA2Plnki9TiSI8jOqMA0GCWCGSAFlAwQCAQUAoF4wEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwLwYJKoZIhvcNAQkEMSIEIBiU-ad7f9l47QV96ioO0N-tTrlArZspsH_A9t1TtmEGMA0GCSqGSIb3DQEBAQUABIIBAC8ocpjX6r77Kr4vEdo4F4PsNFZqxEaugEWpOqwjoYERAZ1QutqyrOebeU9iafvjXAC3chFsgMdpyH4NqW0_Wi1tShhpfhl-fNYatBCXaVbBFYUYuXCdpuXcYtN2nMaO3YR8aQVEKYJKB4UpLTlcho5LmxQDkYy42CZ-L795REpSW_Ts3_6Vcq7ZqBZ7nsRfhOxMOCFqb8gAKBdI8yv2XqZtJeQ258ChkkaUHyKnCWAKXlEVNJC4vhVYJWqBcQhcAdAA1lwHsnl0RklZ1httRb7a5inIH10HrJGypv2E9Zu8knCuQPbRzQvwnwu8k43zOrJnp2DlXspfAB0nxhR6s9w

messageDigest 包含 PKCS#7 消息内容的哈希值，后者又包含签名数据（PE，在给定情况下）的哈希值。