So I had this week I had to figure out how to determine if a driver is signed for a little project of mine. this involves being signed by a code certificate or by Microsoft via WHQL (which between des checking cat files ). documentation on msdn for this was horrible at best. very little explained, and very few examples. and these functions CILS have a tons of paramenters, some to which I don't even re Ally understand what they do. I got my code working, thought I'm not sure I understand 100% of how everything works. I got little snippets of codes from a couple of places, did some of my own, and together came up with this. if anyone has improvementes or find any errors, please let me know !! Thanks, hope this helps!
# Include <windows. h> <br/> # include <softpub. h> <br/> # include <wincrypt. h> <br/> # include <wintrust. h> <br/> # include <mscat. h> </P> <p> bool verifyembeddedsignature (lpcwstr pwszsourcefile) <br/>{< br/> long lstatus; <br/> guid wintrustverifyguid = driver_action_verify; <br/> guid driveractionguid = driver_action_verify; <br/> handle hfile; <br/> DWORD dwhash; <br/> byte bhash [100]; <br/> hcatinfo; <br /> Hcatadmin; <br/> wintrust_data WD = {0}; <br/> wintrust_file_info WFI = {0}; <br/> wintrust_catalog_info WCI = {0 }; <br/> driver_ver_info DVI = {0}; </P> <p> DVI. cbstruct = sizeof (DVI); </P> <p> // set up structs to verify files with cert signatures <br/> memset (& WFI, 0, sizeof (WFI); <br/> WFI. cbstruct = sizeof (wintrust_file_info); <br/> WFI. pcwszfilepath = pwszsourcefile; <br/> WFI. hfile = NULL; <br/> WFI. pgknownsubject = NULL; </P> <p> memset (& WD, 0, sizeof (WD); <br/> WD. cbstruct = sizeof (wintrust_data); <br/> WD. dwunionchoice = wtd_choice_file; <br/> WD. pfile = & WFI; <br/> WD. dwuichoice = wtd_ui_none; <br/> WD. fdwrevocationchecks = wtd_revoke_none; <br/> WD. dwstateaction = 0; <br/> WD. dwprovflags = wtd_safer_flag; <br/> WD. hwvtstatedata = NULL; <br/> WD. pwszurlreference = NULL; <br/> WD. PP Olicycallbackdata = & DVI; <br/> WD. psipclientdata = NULL; <br/> WD. dwuicontext = 0; </P> <p> lstatus = winverifytrust (null, & wintrustverifyguid, & WD); </P> <p> /// if failed, try to verify using catalog files <br/> If (lstatus! = Error_success) <br/>{< br/> // open the file <br/> hfile = createfilew (pwszsourcefile, generic_read, file_share_read, null, open_existing, file_attribute_normal, null ); <br/> If (hfile = invalid_handle_value) <br/> return false; </P> <p> dwhash = sizeof (bhash); <br/> If (! Cryptcatadmincalchashfromfilehandle (hfile, & dwhash, bhash, 0) <br/>{< br/> closehandle (hfile); <br/> return false; <br/>}</P> <p> // create a string form of the hash (used later in pszmembertag) <br/> lpwstr pszmembertag = new wchar [dwhash * 2 + 1]; <br/> for (dword dw = 0; DW <dwhash; ++ DW) <br/>{< br/> wsprintfW (& pszmembertag [DW * 2], l "% 02x", bhash [DW]); <br/>}</P> <p> If (! Cryptcatadminacquirecontext (& hcatadmin, & driveractionguid, 0) <br/>{< br/> closehandle (hfile); <br/> return false; <br/>}</P> <p> // find the Catalog which contains the hash <br/> hcatinfo = cryptcatadminenumcatalogfromhash (hcatadmin, bhash, dwhash, 0, null ); </P> <p> If (hcatinfo) <br/>{< br/> catalog_info CI = {0}; <br/> cryptcataloginfofromcontext (hcatinfo, & CI, 0); </P> <p> memset (& WCI, 0, sizeof (W (CI); <br/> WCI. cbstruct = sizeof (wintrust_catalog_info); <br/> WCI. pcwszcatalogfilepath = CI. wszcatalogfile; <br/> WCI. pcwszmemberfilepath = pwszsourcefile; <br/> WCI. pcwszmembertag = pszmembertag; </P> <p> memset (& WD, 0, sizeof (WD); <br/> WD. cbstruct = sizeof (wintrust_data); <br/> WD. dwunionchoice = wtd_choice_catalog; <br/> WD. pcatalog = & WCI; <br/> WD. dwuichoice = wtd_ui_none; <br/> WD. fdwrevocationc Hecks = wtd_stateaction_verify; <br/> WD. dwprovflags = 0; <br/> WD. hwvtstatedata = NULL; <br/> WD. pwszurlreference = NULL; <br/> WD. ppolicycallbackdata = & DVI; <br/> WD. psipclientdata = NULL; <br/> WD. dwuicontext = 0; </P> <p> lstatus = winverifytrust (null, & wintrustverifyguid, & WD); </P> <p> cryptcatadminreleasecatalogcontext (hcatadmin, hcatinfo, 0 ); <br/>}</P> <p> cryptcatadminreleasecontext (hcatadmin, 0 ); <Br/> Delete [] pszmembertag; <br/> closehandle (hfile); <br/>}</P> <p> printf ("version: % S/nsigner: % s ", DVI. wszversion, DVI. wszsignedby); </P> <p> // I believe we have to clean up our Cert context <br/> certfreecertificatecontext (DVI. pcsignercertcontext); </P> <p> If (lstatus! = Error_success) <br/> return false; <br/> else <br/> return true; <br/>}</P> <p> int main () <br/> {</P> <p> verifyembeddedsignature (L "C: // windows // system32 // drivers // i8042prt. sys "); <br/>}</P> <p>
- # Include <windows. h>
- # Include <softpub. h>
- # Include <wincrypt. h>
- # Include <wintrust. h>
- # Include <mscat. h>
- Bool verifyembeddedsignature (lpcwstr pwszsourcefile)
- {
- Long lstatus;
- Guid wintrustverifyguid = driver_action_verify;
- Guid driveractionguid = driver_action_verify;
- Handle hfile;
- DWORD dwhash;
- Byte bhash [100];
- Hcatinfo;
- Hcatadmin;
- Wintrust_data WD = {0 };
- Wintrust_file_info WFI = {0 };
- Wintrust_catalog_info WCI = {0 };
- Driver_ver_info DVI = {0 };
- DVI. cbstruct = sizeof (DVI );
- /// Set up structs to verify files with cert signatures
- Memset (& WFI, 0, sizeof (WFI ));
- WFI. cbstruct = sizeof (wintrust_file_info );
- WFI. pcwszfilepath = pwszsourcefile;
- WFI. hfile = NULL;
- WFI. pgknownsubject = NULL;
- Memset (& WD, 0, sizeof (WD ));
- WD. cbstruct = sizeof (wintrust_data );
- WD. dwunionchoice = wtd_choice_file;
- WD. pfile = & WFI;
- WD. dwuichoice = wtd_ui_none;
- WD. fdwrevocationchecks = wtd_revoke_none;
- WD. dwstateaction = 0;
- WD. dwprovflags = wtd_safer_flag;
- WD. hwvtstatedata = NULL;
- WD. pwszurlreference = NULL;
- WD. ppolicycallbackdata = & DVI;
- WD. psipclientdata = NULL;
- WD. dwuicontext = 0;
- Lstatus = winverifytrust (null, & wintrustverifyguid, & WD );
- /// If failed, try to verify using catalog files
- If (lstatus! = Error_success)
- {
- // Open the file
- Hfile = createfilew (pwszsourcefile, generic_read, file_share_read, null, open_existing, file_attribute_normal, null );
- If (hfile = invalid_handle_value)
- Return false;
- Dwhash = sizeof (bhash );
- If (! Cryptcatadmincalchashfromfilehandle (hfile, & dwhash, bhash, 0 ))
- {
- Closehandle (hfile );
- Return false;
- }
- // Create a string form of the hash (used later in pszmembertag)
- Lpwstr pszmembertag = new wchar [dwhash * 2 + 1];
- For (dword dw = 0; DW <dwhash; ++ DW)
- {
- WsprintfW (& pszmembertag [DW * 2], l "% 02x", bhash [DW]);
- }
- If (! Cryptcatadminacquirecontext (& hcatadmin, & driveractionguid, 0 ))
- {
- Closehandle (hfile );
- Return false;
- }
- // Find the Catalog which contains the hash
- Hcatinfo = cryptcatadminenumcatalogfromhash (hcatadmin, bhash, dwhash, 0, null );
- If (hcatinfo)
- {
- Catalog_info CI = {0 };
- Cryptcatcataloginfofromcontext (hcatinfo, & CI, 0 );
- Memset (& WCI, 0, sizeof (WCI ));
- WCI. cbstruct = sizeof (wintrust_catalog_info );
- WCI. pcwszcatalogfilepath = CI. wszcatalogfile;
- WCI. pcwszmemberfilepath = pwszsourcefile;
- WCI. pcwszmembertag = pszmembertag;
- Memset (& WD, 0, sizeof (WD ));
- WD. cbstruct = sizeof (wintrust_data );
- WD. dwunionchoice = wtd_choice_catalog;
- WD. pcatalog = & WCI;
- WD. dwuichoice = wtd_ui_none;
- WD. fdwrevocationchecks = wtd_stateaction_verify;
- WD. dwprovflags = 0;
- WD. hwvtstatedata = NULL;
- WD. pwszurlreference = NULL;
- WD. ppolicycallbackdata = & DVI;
- WD. psipclientdata = NULL;
- WD. dwuicontext = 0;
- Lstatus = winverifytrust (null, & wintrustverifyguid, & WD );
- Cryptcatadminreleasecatalogcontext (hcatadmin, hcatinfo, 0 );
- }
- Cryptcatadminreleasecontext (hcatadmin, 0 );
- Delete [] pszmembertag;
- Closehandle (hfile );
- }
- Printf ("version: % S/nsigner: % s", DVI. wszversion, DVI. wszsignedby );
- // I believe we have to clean up our Cert Context
- Certfreecertificatecontext (DVI. pcsignercertcontext );
- If (lstatus! = Error_success)
- Return false;
- Else
- Return true;
- }
- Int main ()
- {
- Verifyembeddedsignature (L "C: // windows // system32 // drivers // i8042prt. sys ");
- }
# Include <windows. h> # include <softpub. h> # include <wincrypt. h> # include <wintrust. h> # include <mscat. h> bool pull (lpcwstr pwszsourcefile) {long lstatus; guid pull = strong; guid driveractionguid = strong; handle hfile; DWORD dwhash; byte bhash [100]; hcatinfo; hcatadmin; wintrust_data WD = {0}; wintrust_file_info WFI = {0}; wintrust_catalog_info WCI = {0}; driver_ver_info DVI = {0}; DVI. cbstruct = sizeof (DVI); // set up structs to verify files with cert signatures memset (& WFI, 0, sizeof (WFI); WFI. cbstruct = sizeof (wintrust_file_info); WFI. pcwszfilepath = pwszsourcefile; WFI. hfile = NULL; WFI. pgknownsubject = NULL; memset (& WD, 0, sizeof (WD); WD. cbstruct = sizeof (wintrust_data); WD. dwunionchoice = WT D_choice_file; WD. pfile = & WFI; WD. dwuichoice = wtd_ui_none; WD. fdwrevocationchecks = wtd_revoke_none; WD. dwstateaction = 0; WD. dwprovflags = wtd_safer_flag; WD. hwvtstatedata = NULL; WD. pwszurlreference = NULL; WD. ppolicycallbackdata = & DVI; WD. psipclientdata = NULL; WD. dwuicontext = 0; lstatus = winverifytrust (null, & wintrustverifyguid, & WD); // If failed, try to verify using catalog files if (Lstatus! = Error_success) {// open the file hfile = createfilew (pwszsourcefile, generic_read, file_assist_read, null, open_existing, file_attribute_normal, null); If (hfile = success) return false; dwhash = sizeof (bhash); If (! Cryptcatadmincalchashfromfilehandle (hfile, & dwhash, bhash, 0) {closehandle (hfile); Return false;} // create a string form of the hash (used later in pszmembertag) lpwstr pszmembertag = new wchar [dwhash * 2 + 1]; for (dword dw = 0; DW <dwhash; ++ DW) {wsprintfW (& pszmembertag [DW * 2], L "% 02x", bhash [DW]);} If (! Cryptcatadminacquirecontext (& hcatadmin, & driveractionguid, 0) {closehandle (hfile); Return false;} // find the Catalog which contains the hash hcatinfo = encrypt (hcatadmin, bhash, dwhash, 0, null); If (hcatinfo) {catalog_info CI = {0}; cryptcataloginfofromcontext (hcatinfo, & CI, 0); memset (& WCI, 0, sizeof (WCI )); WCI. cbstruct = sizeof (wintrust_catalog_info); WCI. Pcwszcatalogfilepath = CI. wszcatalogfile; WCI. pcwszmemberfilepath = pwszsourcefile; WCI. pcwszmembertag = pszmembertag; memset (& WD, 0, sizeof (WD); WD. cbstruct = sizeof (wintrust_data); WD. dwunionchoice = wtd_choice_catalog; WD. pcatalog = & WCI; WD. dwuichoice = wtd_ui_none; WD. fdwrevocationchecks = wtd_stateaction_verify; WD. dwprovflags = 0; WD. hwvtstatedata = NULL; WD. pwszurlreference = NULL; WD. P Policycallbackdata = & DVI; WD. psipclientdata = NULL; WD. dwuicontext = 0; lstatus = winverifytrust (null, & wintrustverifyguid, & WD); encrypt (hcatadmin, hcatinfo, 0);} cryptcatadminreleasecontext (hcatadmin, 0); Delete [] pszmembertag; closehandle (hfile);} printf ("version: % S/nsigner: % s", DVI. wszversion, DVI. wszsignedby); // I believe we have to clean up our Cert cont EXT certfreecertificatecontext (DVI. pcsignercertcontext); If (lstatus! = Error_success) return false; else return true;} int main () {verifyembeddedsignature (L "C: // windows // system32 // drivers // i8042prt. sys ");}