Verify the embedded signature

Source: Internet
Author: User

 

So I had this week I had to figure out how to determine if a driver is signed for a little project of mine. this involves being signed by a code certificate or by Microsoft via WHQL (which between des checking cat files ). documentation on msdn for this was horrible at best. very little explained, and very few examples. and these functions CILS have a tons of paramenters, some to which I don't even re Ally understand what they do. I got my code working, thought I'm not sure I understand 100% of how everything works. I got little snippets of codes from a couple of places, did some of my own, and together came up with this. if anyone has improvementes or find any errors, please let me know !! Thanks, hope this helps!

 

# Include <windows. h> <br/> # include <softpub. h> <br/> # include <wincrypt. h> <br/> # include <wintrust. h> <br/> # include <mscat. h> </P> <p> bool verifyembeddedsignature (lpcwstr pwszsourcefile) <br/>{< br/> long lstatus; <br/> guid wintrustverifyguid = driver_action_verify; <br/> guid driveractionguid = driver_action_verify; <br/> handle hfile; <br/> DWORD dwhash; <br/> byte bhash [100]; <br/> hcatinfo; <br /> Hcatadmin; <br/> wintrust_data WD = {0}; <br/> wintrust_file_info WFI = {0}; <br/> wintrust_catalog_info WCI = {0 }; <br/> driver_ver_info DVI = {0}; </P> <p> DVI. cbstruct = sizeof (DVI); </P> <p> // set up structs to verify files with cert signatures <br/> memset (& WFI, 0, sizeof (WFI); <br/> WFI. cbstruct = sizeof (wintrust_file_info); <br/> WFI. pcwszfilepath = pwszsourcefile; <br/> WFI. hfile = NULL; <br/> WFI. pgknownsubject = NULL; </P> <p> memset (& WD, 0, sizeof (WD); <br/> WD. cbstruct = sizeof (wintrust_data); <br/> WD. dwunionchoice = wtd_choice_file; <br/> WD. pfile = & WFI; <br/> WD. dwuichoice = wtd_ui_none; <br/> WD. fdwrevocationchecks = wtd_revoke_none; <br/> WD. dwstateaction = 0; <br/> WD. dwprovflags = wtd_safer_flag; <br/> WD. hwvtstatedata = NULL; <br/> WD. pwszurlreference = NULL; <br/> WD. PP Olicycallbackdata = & DVI; <br/> WD. psipclientdata = NULL; <br/> WD. dwuicontext = 0; </P> <p> lstatus = winverifytrust (null, & wintrustverifyguid, & WD); </P> <p> /// if failed, try to verify using catalog files <br/> If (lstatus! = Error_success) <br/>{< br/> // open the file <br/> hfile = createfilew (pwszsourcefile, generic_read, file_share_read, null, open_existing, file_attribute_normal, null ); <br/> If (hfile = invalid_handle_value) <br/> return false; </P> <p> dwhash = sizeof (bhash); <br/> If (! Cryptcatadmincalchashfromfilehandle (hfile, & dwhash, bhash, 0) <br/>{< br/> closehandle (hfile); <br/> return false; <br/>}</P> <p> // create a string form of the hash (used later in pszmembertag) <br/> lpwstr pszmembertag = new wchar [dwhash * 2 + 1]; <br/> for (dword dw = 0; DW <dwhash; ++ DW) <br/>{< br/> wsprintfW (& pszmembertag [DW * 2], l "% 02x", bhash [DW]); <br/>}</P> <p> If (! Cryptcatadminacquirecontext (& hcatadmin, & driveractionguid, 0) <br/>{< br/> closehandle (hfile); <br/> return false; <br/>}</P> <p> // find the Catalog which contains the hash <br/> hcatinfo = cryptcatadminenumcatalogfromhash (hcatadmin, bhash, dwhash, 0, null ); </P> <p> If (hcatinfo) <br/>{< br/> catalog_info CI = {0}; <br/> cryptcataloginfofromcontext (hcatinfo, & CI, 0); </P> <p> memset (& WCI, 0, sizeof (W (CI); <br/> WCI. cbstruct = sizeof (wintrust_catalog_info); <br/> WCI. pcwszcatalogfilepath = CI. wszcatalogfile; <br/> WCI. pcwszmemberfilepath = pwszsourcefile; <br/> WCI. pcwszmembertag = pszmembertag; </P> <p> memset (& WD, 0, sizeof (WD); <br/> WD. cbstruct = sizeof (wintrust_data); <br/> WD. dwunionchoice = wtd_choice_catalog; <br/> WD. pcatalog = & WCI; <br/> WD. dwuichoice = wtd_ui_none; <br/> WD. fdwrevocationc Hecks = wtd_stateaction_verify; <br/> WD. dwprovflags = 0; <br/> WD. hwvtstatedata = NULL; <br/> WD. pwszurlreference = NULL; <br/> WD. ppolicycallbackdata = & DVI; <br/> WD. psipclientdata = NULL; <br/> WD. dwuicontext = 0; </P> <p> lstatus = winverifytrust (null, & wintrustverifyguid, & WD); </P> <p> cryptcatadminreleasecatalogcontext (hcatadmin, hcatinfo, 0 ); <br/>}</P> <p> cryptcatadminreleasecontext (hcatadmin, 0 ); <Br/> Delete [] pszmembertag; <br/> closehandle (hfile); <br/>}</P> <p> printf ("version: % S/nsigner: % s ", DVI. wszversion, DVI. wszsignedby); </P> <p> // I believe we have to clean up our Cert context <br/> certfreecertificatecontext (DVI. pcsignercertcontext); </P> <p> If (lstatus! = Error_success) <br/> return false; <br/> else <br/> return true; <br/>}</P> <p> int main () <br/> {</P> <p> verifyembeddedsignature (L "C: // windows // system32 // drivers // i8042prt. sys "); <br/>}</P> <p>

  1. # Include <windows. h>
  2. # Include <softpub. h>
  3. # Include <wincrypt. h>
  4. # Include <wintrust. h>
  5. # Include <mscat. h>
  6. Bool verifyembeddedsignature (lpcwstr pwszsourcefile)
  7. {
  8. Long lstatus;
  9. Guid wintrustverifyguid = driver_action_verify;
  10. Guid driveractionguid = driver_action_verify;
  11. Handle hfile;
  12. DWORD dwhash;
  13. Byte bhash [100];
  14. Hcatinfo;
  15. Hcatadmin;
  16. Wintrust_data WD = {0 };
  17. Wintrust_file_info WFI = {0 };
  18. Wintrust_catalog_info WCI = {0 };
  19. Driver_ver_info DVI = {0 };
  20. DVI. cbstruct = sizeof (DVI );
  21. /// Set up structs to verify files with cert signatures
  22. Memset (& WFI, 0, sizeof (WFI ));
  23. WFI. cbstruct = sizeof (wintrust_file_info );
  24. WFI. pcwszfilepath = pwszsourcefile;
  25. WFI. hfile = NULL;
  26. WFI. pgknownsubject = NULL;
  27. Memset (& WD, 0, sizeof (WD ));
  28. WD. cbstruct = sizeof (wintrust_data );
  29. WD. dwunionchoice = wtd_choice_file;
  30. WD. pfile = & WFI;
  31. WD. dwuichoice = wtd_ui_none;
  32. WD. fdwrevocationchecks = wtd_revoke_none;
  33. WD. dwstateaction = 0;
  34. WD. dwprovflags = wtd_safer_flag;
  35. WD. hwvtstatedata = NULL;
  36. WD. pwszurlreference = NULL;
  37. WD. ppolicycallbackdata = & DVI;
  38. WD. psipclientdata = NULL;
  39. WD. dwuicontext = 0;
  40. Lstatus = winverifytrust (null, & wintrustverifyguid, & WD );
  41. /// If failed, try to verify using catalog files
  42. If (lstatus! = Error_success)
  43. {
  44. // Open the file
  45. Hfile = createfilew (pwszsourcefile, generic_read, file_share_read, null, open_existing, file_attribute_normal, null );
  46. If (hfile = invalid_handle_value)
  47. Return false;
  48. Dwhash = sizeof (bhash );
  49. If (! Cryptcatadmincalchashfromfilehandle (hfile, & dwhash, bhash, 0 ))
  50. {
  51. Closehandle (hfile );
  52. Return false;
  53. }
  54. // Create a string form of the hash (used later in pszmembertag)
  55. Lpwstr pszmembertag = new wchar [dwhash * 2 + 1];
  56. For (dword dw = 0; DW <dwhash; ++ DW)
  57. {
  58. WsprintfW (& pszmembertag [DW * 2], l "% 02x", bhash [DW]);
  59. }
  60. If (! Cryptcatadminacquirecontext (& hcatadmin, & driveractionguid, 0 ))
  61. {
  62. Closehandle (hfile );
  63. Return false;
  64. }
  65. // Find the Catalog which contains the hash
  66. Hcatinfo = cryptcatadminenumcatalogfromhash (hcatadmin, bhash, dwhash, 0, null );
  67. If (hcatinfo)
  68. {
  69. Catalog_info CI = {0 };
  70. Cryptcatcataloginfofromcontext (hcatinfo, & CI, 0 );
  71. Memset (& WCI, 0, sizeof (WCI ));
  72. WCI. cbstruct = sizeof (wintrust_catalog_info );
  73. WCI. pcwszcatalogfilepath = CI. wszcatalogfile;
  74. WCI. pcwszmemberfilepath = pwszsourcefile;
  75. WCI. pcwszmembertag = pszmembertag;
  76. Memset (& WD, 0, sizeof (WD ));
  77. WD. cbstruct = sizeof (wintrust_data );
  78. WD. dwunionchoice = wtd_choice_catalog;
  79. WD. pcatalog = & WCI;
  80. WD. dwuichoice = wtd_ui_none;
  81. WD. fdwrevocationchecks = wtd_stateaction_verify;
  82. WD. dwprovflags = 0;
  83. WD. hwvtstatedata = NULL;
  84. WD. pwszurlreference = NULL;
  85. WD. ppolicycallbackdata = & DVI;
  86. WD. psipclientdata = NULL;
  87. WD. dwuicontext = 0;
  88. Lstatus = winverifytrust (null, & wintrustverifyguid, & WD );
  89. Cryptcatadminreleasecatalogcontext (hcatadmin, hcatinfo, 0 );
  90. }
  91. Cryptcatadminreleasecontext (hcatadmin, 0 );
  92. Delete [] pszmembertag;
  93. Closehandle (hfile );
  94. }
  95. Printf ("version: % S/nsigner: % s", DVI. wszversion, DVI. wszsignedby );
  96. // I believe we have to clean up our Cert Context
  97. Certfreecertificatecontext (DVI. pcsignercertcontext );
  98. If (lstatus! = Error_success)
  99. Return false;
  100. Else
  101. Return true;
  102. }
  103. Int main ()
  104. {
  105. Verifyembeddedsignature (L "C: // windows // system32 // drivers // i8042prt. sys ");
  106. }

# Include <windows. h> # include <softpub. h> # include <wincrypt. h> # include <wintrust. h> # include <mscat. h> bool pull (lpcwstr pwszsourcefile) {long lstatus; guid pull = strong; guid driveractionguid = strong; handle hfile; DWORD dwhash; byte bhash [100]; hcatinfo; hcatadmin; wintrust_data WD = {0}; wintrust_file_info WFI = {0}; wintrust_catalog_info WCI = {0}; driver_ver_info DVI = {0}; DVI. cbstruct = sizeof (DVI); // set up structs to verify files with cert signatures memset (& WFI, 0, sizeof (WFI); WFI. cbstruct = sizeof (wintrust_file_info); WFI. pcwszfilepath = pwszsourcefile; WFI. hfile = NULL; WFI. pgknownsubject = NULL; memset (& WD, 0, sizeof (WD); WD. cbstruct = sizeof (wintrust_data); WD. dwunionchoice = WT D_choice_file; WD. pfile = & WFI; WD. dwuichoice = wtd_ui_none; WD. fdwrevocationchecks = wtd_revoke_none; WD. dwstateaction = 0; WD. dwprovflags = wtd_safer_flag; WD. hwvtstatedata = NULL; WD. pwszurlreference = NULL; WD. ppolicycallbackdata = & DVI; WD. psipclientdata = NULL; WD. dwuicontext = 0; lstatus = winverifytrust (null, & wintrustverifyguid, & WD); // If failed, try to verify using catalog files if (Lstatus! = Error_success) {// open the file hfile = createfilew (pwszsourcefile, generic_read, file_assist_read, null, open_existing, file_attribute_normal, null); If (hfile = success) return false; dwhash = sizeof (bhash); If (! Cryptcatadmincalchashfromfilehandle (hfile, & dwhash, bhash, 0) {closehandle (hfile); Return false;} // create a string form of the hash (used later in pszmembertag) lpwstr pszmembertag = new wchar [dwhash * 2 + 1]; for (dword dw = 0; DW <dwhash; ++ DW) {wsprintfW (& pszmembertag [DW * 2], L "% 02x", bhash [DW]);} If (! Cryptcatadminacquirecontext (& hcatadmin, & driveractionguid, 0) {closehandle (hfile); Return false;} // find the Catalog which contains the hash hcatinfo = encrypt (hcatadmin, bhash, dwhash, 0, null); If (hcatinfo) {catalog_info CI = {0}; cryptcataloginfofromcontext (hcatinfo, & CI, 0); memset (& WCI, 0, sizeof (WCI )); WCI. cbstruct = sizeof (wintrust_catalog_info); WCI. Pcwszcatalogfilepath = CI. wszcatalogfile; WCI. pcwszmemberfilepath = pwszsourcefile; WCI. pcwszmembertag = pszmembertag; memset (& WD, 0, sizeof (WD); WD. cbstruct = sizeof (wintrust_data); WD. dwunionchoice = wtd_choice_catalog; WD. pcatalog = & WCI; WD. dwuichoice = wtd_ui_none; WD. fdwrevocationchecks = wtd_stateaction_verify; WD. dwprovflags = 0; WD. hwvtstatedata = NULL; WD. pwszurlreference = NULL; WD. P Policycallbackdata = & DVI; WD. psipclientdata = NULL; WD. dwuicontext = 0; lstatus = winverifytrust (null, & wintrustverifyguid, & WD); encrypt (hcatadmin, hcatinfo, 0);} cryptcatadminreleasecontext (hcatadmin, 0); Delete [] pszmembertag; closehandle (hfile);} printf ("version: % S/nsigner: % s", DVI. wszversion, DVI. wszsignedby); // I believe we have to clean up our Cert cont EXT certfreecertificatecontext (DVI. pcsignercertcontext); If (lstatus! = Error_success) return false; else return true;} int main () {verifyembeddedsignature (L "C: // windows // system32 // drivers // i8042prt. sys ");}

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.