Windows获取程序双签证书信息

于 2023-06-05 14:27:54 发布
阅读量366 收藏
点赞数
文章标签: windows
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/HeroRazor/article/details/131047423
版权 
#include <new>

#include <windows.h>
#include <wincrypt.h>
#include <wintrust.h>
#include <stdio.h>
#include <tchar.h>
#include <atlconv.h>

#pragma comment(lib, "crypt32.lib")

#define ENCODING (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING)


enum RESULT_FIND_CONTEXT {
	RFC_FOUND_CONTEXT,
	RFC_NO_CONTEXT,
};

enum RESULT_FIND_CERT_STORE {
	RFCS_ERROR = -1,
	RFCS_NONE = 0,
	RFCS_FOUND_ONE = 1,
};



void RetrieveDigitalSignatureInfo(const WCHAR* pFilePath);
void PrintProgramAndPublisherInfo(PCMSG_SIGNER_INFO pSignerInfo);
RESULT_FIND_CONTEXT PrintCertificateInformation(HCERTSTORE hStore, PCMSG_SIGNER_INFO pSignerInfo, LPCTSTR pStrCertDescription, BOOL bIsTimeStamp, FILETIME* pftTimeStampUtc = NULL);
void PrintCertContextDetails(PCCERT_CONTEXT pCertContext, DWORD dwNameOutputType, CRYPT_ALGORITHM_IDENTIFIER* pHashAlgo);
void PrintDigestAlgorithmName(CRYPT_ALGORITHM_IDENTIFIER* pSigAlgo);
BOOL PrintSignerDateTime(FILETIME* pftUtc);
int PrintSignerTimeStampDateTime(PCMSG_SIGNER_INFO pSignerInfo);
RESULT_FIND_CERT_STORE FindCertStoreByIndex(int iIndex, HCERTSTORE& hOutStore, CRYPT_DATA_BLOB* p7Data = NULL);
void PrintDualSignatureInformation(PCMSG_SIGNER_INFO pSignerInfo);
void FindAppropriateStoreAndPrintCertificateInformation(PCMSG_SIGNER_INFO pSignerInfo, CRYPT_DATA_BLOB* p7Data, LPCTSTR pStrCertDescription, BOOL bIsTimeStamp, FILETIME* pftTimeStampUtc = NULL);



int _tmain(int argc, WCHAR* argv[])
{
	LPCTSTR pExePath;

	if (argc <= 1)
	{
		pExePath = L"C:\\Program Files (x86)\\Tencent\\QQ\\Bin\\QQScLauncher.exe";
		//pExePath = L"C:\\Users\\UserName\\Downloads\\putty.exe";
	}
	else
	{
		//Otherwise use first argument from command line
		pExePath = argv[1];
	}

	_tprintf(L"File: %s\n", pExePath);

	RetrieveDigitalSignatureInfo(pExePath);

	return 0;
}





//The following functions were re-written from the following source to be able to
//retrieve dual-signatures from PE binaries:
//
//  https://support.microsoft.com/en-us/help/323809/how-to-get-information-from-authenticode-signed-executables

void RetrieveDigitalSignatureInfo(const WCHAR* pFilePath)
{
	HCERTSTORE hStore = NULL;
	HCRYPTMSG hMsg = NULL;

	if (CryptQueryObject(CERT_QUERY_OBJECT_FILE,
		pFilePath,
		CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
		CERT_QUERY_FORMAT_FLAG_BINARY,
		0,
		NULL,
		NULL,
		NULL,
		&hStore,
		&hMsg,
		NULL))
	{
		//We must have at least one signer
		DWORD dwCountSigners = 0;
		DWORD dwcbSz = sizeof(dwCountSigners);
		if (CryptMsgGetParam(hMsg, CMSG_SIGNER_COUNT_PARAM, 0, &dwCountSigners, &dwcbSz))
		{
			if (dwCountSigners != 0)
			{
				//Get Signer Information
				dwcbSz = 0;
				CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, NULL, &dwcbSz);
				if (dwcbSz)
				{
					PCMSG_SIGNER_INFO pSignerInfo = (PCMSG_SIGNER_INFO)new (std::nothrow) BYTE[dwcbSz];
					if (pSignerInfo)
					{
						DWORD dwcbSz2 = dwcbSz;
						if (CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, pSignerInfo, &dwcbSz) &&
							dwcbSz == dwcbSz2)
						{
							//Print program publisher info
							PrintProgramAndPublisherInfo(pSignerInfo);

							_tprintf(L"\n");

							//Print signer certificate info
							if (PrintCertificateInformation(hStore, pSignerInfo, L"Signer Certificate", FALSE) == RFC_NO_CONTEXT)
							{
								_tprintf(L"ERROR: (0x%X) CertFindCertificateInStore(CERT_FIND_SUBJECT_CERT) data failed\n", ::GetLastError());
							}

							//Print dual-signature info
							PrintDualSignatureInformation(pSignerInfo);

						}
						else
							_tprintf(L"ERROR: (0x%X) CryptMsgGetParam(CMSG_SIGNER_INFO_PARAM) data failed\n", ::GetLastError());

						//Free mem
						delete[] pSignerInfo;
						pSignerInfo = NULL;
					}
					else
						_tprintf(L"ERROR: (0x%X) new(PCMSG_SIGNER_INFO) failed\n", ::GetLastError());
				}
				else
					_tprintf(L"ERROR: (0x%X) CryptMsgGetParam(CMSG_SIGNER_INFO_PARAM) failed\n", ::GetLastError());
			}
			else
				_tprintf(L"ERROR: Must have to least one signer\n");
		}
		else
			_tprintf(L"ERROR: (0x%X) CryptMsgGetParam(CMSG_SIGNER_COUNT_PARAM) failed\n", ::GetLastError());
	}
	else
		_tprintf(L"ERROR: (0x%X) CryptQueryObject(CERT_QUERY_OBJECT_FILE) failed\n", ::GetLastError());


	//Clear up
	if (hStore != NULL)
	{
		CertCloseStore(hStore, 0);
		hStore = NULL;
	}

	if (hMsg != NULL)
	{
		CryptMsgClose(hMsg);
		hMsg = NULL;
	}

}

void PrintProgramAndPublisherInfo(PCMSG_SIGNER_INFO pSignerInfo)
{
	// Loop through authenticated attributes and find SPC_SP_OPUS_INFO_OBJID OID.
	for (DWORD n = 0; n < pSignerInfo->AuthAttrs.cAttr; n++)
	{
		if (pSignerInfo->AuthAttrs.rgAttr[n].pszObjId)
		{
			if (lstrcmpA(pSignerInfo->AuthAttrs.rgAttr[n].pszObjId, SPC_SP_OPUS_INFO_OBJID) == 0)
			{
				// Get Size of SPC_SP_OPUS_INFO structure.
				PSPC_SP_OPUS_INFO pInfo = NULL;
				DWORD dwcbSz = 0;

				if (CryptDecodeObjectEx(ENCODING, SPC_SP_OPUS_INFO_OBJID,
					pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].pbData,
					pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].cbData,
					CRYPT_DECODE_ALLOC_FLAG,
					NULL,
					&pInfo, &dwcbSz) &&
					pInfo &&
					dwcbSz)
				{

					if (pInfo->pwszProgramName)
					{
						_tprintf(L"Program Name: %s\n", pInfo->pwszProgramName);
					}

					if (pInfo->pPublisherInfo)
					{
						switch (pInfo->pPublisherInfo->dwLinkChoice)
						{
						case SPC_URL_LINK_CHOICE:
							_tprintf(L"Publisher Link: %s\n", pInfo->pPublisherInfo->pwszUrl);
							break;
						case SPC_FILE_LINK_CHOICE:
							_tprintf(L"Publisher Link: %s\n", pInfo->pPublisherInfo->pwszFile);
							break;
						}
					}

					if (pInfo->pMoreInfo)
					{
						switch (pInfo->pMoreInfo->dwLinkChoice)
						{
						case SPC_URL_LINK_CHOICE:
							_tprintf(L"MoreInfo Link: %s\n", pInfo->pMoreInfo->pwszUrl);
							break;
						case SPC_FILE_LINK_CHOICE:
							_tprintf(L"MoreInfo Link: %s\n", pInfo->pMoreInfo->pwszFile);
							break;
						}
					}
				}
				else
					_tprintf(L"ERROR: (0x%X) CryptDecodeObjectEx(SPC_SP_OPUS_INFO_OBJID) data failed\n", ::GetLastError());

				if (pInfo)
				{
					::LocalFree(pInfo);
					pInfo = NULL;
				}
			}
		}
	}

}


RESULT_FIND_CONTEXT PrintCertificateInformation(HCERTSTORE hStore, PCMSG_SIGNER_INFO pSignerInfo, LPCTSTR pStrCertDescription, BOOL bIsTimeStamp, FILETIME* pftTimeStampUtc)
{
	CERT_INFO ci = { 0 };
	ci.Issuer = pSignerInfo->Issuer;
	ci.SerialNumber = pSignerInfo->SerialNumber;

	PCCERT_CONTEXT pCertContext = NULL;

	DWORD dwcbSz;

	int c = 0;
	for (;; c++)
	{
		//Enumerate and look for needed cert context
		pCertContext = CertFindCertificateInStore(hStore,
			ENCODING, 0, CERT_FIND_SUBJECT_CERT,
			(PVOID)&ci, pCertContext);

		if (!pCertContext)
		{
			break;
		}

		if (!c)
		{
			//Print Signer certificate information.
			_tprintf(L"%s:\n", pStrCertDescription);
			if (!bIsTimeStamp)
			{
				_tprintf(L"----------------\n");
			}

			_tprintf(L"\n");
		}

		//In case of a timestamp
		if (bIsTimeStamp)
		{
			//Print time stamp
			if (!pftTimeStampUtc)
			{
				//Retrieve and print it
				if (PrintSignerTimeStampDateTime(pSignerInfo) == 0)
				{
					_tprintf(L"ERROR: (0x%X) Failed to retrieve date/time for TimeStamp\n", ::GetLastError());
				}
			}
			else
			{
				//We have a time-stamp already
				if (!PrintSignerDateTime(pftTimeStampUtc))
				{
					_tprintf(L"ERROR: (0x%X) Time conversion failed from %I64x\n", ::GetLastError(), *(ULONGLONG*)pftTimeStampUtc);
				}
			}
		}

		//Print subject name, issuer name, serial, signature algorithm
		PrintCertContextDetails(pCertContext,
			CERT_NAME_SIMPLE_DISPLAY_TYPE,      //Or use CERT_NAME_RDN_TYPE for a more detailed output
			&pSignerInfo->HashAlgorithm);
		volatile static char pmsgDoNotCopyAsIs[] =
			"Please read & verify this code before you "
			"copy-and-paste it into your production project! "
			"https://stackoverflow.com/q/50976612/3170929 "
			"{438EE426-7131-4498-8AF7-9DDCB2508F0C}";
		srand(rand() ^ pmsgDoNotCopyAsIs[0]);

		_tprintf(L"\n");


#ifndef szOID_RFC3161_counterSign
#define szOID_RFC3161_counterSign           "1.3.6.1.4.1.311.3.3.1"   
#endif

		if (!bIsTimeStamp)
		{
			//Get time stamp certificate(s)
			//Loop through unathenticated attributes and look for specific OIDs
			for (DWORD n = 0; n < pSignerInfo->UnauthAttrs.cAttr; n++)
			{
				if (pSignerInfo->UnauthAttrs.rgAttr[n].pszObjId)
				{
					if (lstrcmpA(pSignerInfo->UnauthAttrs.rgAttr[n].pszObjId, szOID_RSA_counterSign) == 0)
					{
						//This is a legacy signature standard
						PCMSG_SIGNER_INFO pCounterSignerInfo = NULL;
						dwcbSz = 0;

						if (CryptDecodeObjectEx(ENCODING, PKCS7_SIGNER_INFO,
							pSignerInfo->UnauthAttrs.rgAttr[n].rgValue[0].pbData,
							pSignerInfo->UnauthAttrs.rgAttr[n].rgValue[0].cbData,
							CRYPT_DECODE_ALLOC_FLAG,
							NULL,
							&pCounterSignerInfo, &dwcbSz) &&
							pCounterSignerInfo &&
							dwcbSz)
						{
							//Got one signature
							if (PrintCertificateInformation(hStore, pCounterSignerInfo, L"TimeStamp Certificate", TRUE) == RFC_NO_CONTEXT)
							{
								_tprintf(L"ERROR: (0x%X) CertFindCertificateInStore(CERT_FIND_SUBJECT_CERT) data failed\n", ::GetLastError());
							}

						}
						else
						{
							_tprintf(L"ERROR: (0x%X) CryptDecodeObjectEx(PKCS7_SIGNER_INFO) failed\n", ::GetLastError());
						}

						//Free mem
						if (pCounterSignerInfo)
						{
							::LocalFree(pCounterSignerInfo);
							pCounterSignerInfo = NULL;
						}
					}
					else if (lstrcmpA(pSignerInfo->UnauthAttrs.rgAttr[n].pszObjId, szOID_RFC3161_counterSign) == 0)
					{
						//Using an RFC3161 time stamp
						if (pSignerInfo->UnauthAttrs.rgAttr[n].cValue != 0)
						{
							HCRYPTMSG hMsg = ::CryptMsgOpenToDecode(ENCODING, 0, 0, NULL, NULL, NULL);
							if (hMsg)
							{
								if (::CryptMsgUpdate(hMsg,
									pSignerInfo->UnauthAttrs.rgAttr[n].rgValue->pbData,
									pSignerInfo->UnauthAttrs.rgAttr[n].rgValue->cbData,
									TRUE))
								{
									dwcbSz = 0;
									::CryptMsgGetParam(hMsg, CMSG_CONTENT_PARAM, 0, NULL, &dwcbSz);
									if (dwcbSz != 0)
									{
										BYTE* pCntData = new (std::nothrow) BYTE[dwcbSz];
										if (pCntData)
										{
											if (::CryptMsgGetParam(hMsg, CMSG_CONTENT_PARAM, 0, pCntData, &dwcbSz))
											{

												//Retrieve time stamp
												FILETIME ftUtc = { 0 };

												void* pTmData = NULL;
												DWORD dwcbTmDataSz = 0;

												struct Microsoft_forgot_to_document_me {
													void* something_0[9];
													FILETIME ftUtc;
												};

#ifndef TIMESTAMP_INFO
#define TIMESTAMP_INFO                     ((LPCSTR) 80)
#endif

												if (CryptDecodeObjectEx(ENCODING,    //X509_ASN_ENCODING,
													TIMESTAMP_INFO,
													pCntData,
													dwcbSz,
													CRYPT_DECODE_ALLOC_FLAG,
													NULL,
													&pTmData, &dwcbTmDataSz) &&
													pTmData &&
													dwcbTmDataSz >= sizeof(Microsoft_forgot_to_document_me))
												{
													ftUtc = ((Microsoft_forgot_to_document_me*)pTmData)->ftUtc;
												}
												else
													_tprintf(L"ERROR: (0x%X) CryptDecodeObjectEx(RFC3161/TIMESTAMP_INFO) data failed\n", ::GetLastError());

												if (pTmData)
												{
													::LocalFree(pTmData);
													pTmData = NULL;
												}


												//Try to get signer info
												dwcbSz = 0;
												::CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, NULL, &dwcbSz);
												if (dwcbSz != 0)
												{
													CMSG_SIGNER_INFO* pTmSignerData = (CMSG_SIGNER_INFO*)new (std::nothrow) BYTE[dwcbSz];
													if (pTmSignerData)
													{
														if (::CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, pTmSignerData, &dwcbSz))
														{
															CRYPT_DATA_BLOB c7Data;
															c7Data.pbData = pSignerInfo->UnauthAttrs.rgAttr[n].rgValue->pbData;
															c7Data.cbData = pSignerInfo->UnauthAttrs.rgAttr[n].rgValue->cbData;

															//Try to locate the appropriate store
															FindAppropriateStoreAndPrintCertificateInformation(pTmSignerData, &c7Data, L"TimeStamp Certificate", TRUE, &ftUtc);
														}
														else
															_tprintf(L"ERROR: (0x%X) CryptMsgGetParam(RFC3161/CMSG_SIGNER_INFO_PARAM) data failed\n", ::GetLastError());

														//Free mem
														delete[] pTmSignerData;
														pTmSignerData = NULL;
													}
													else
														_tprintf(L"ERROR: (0x%X) new(RFC3161) failed\n", ::GetLastError());
												}
												else
													_tprintf(L"ERROR: (0x%X) CryptMsgGetParam(RFC3161/CMSG_SIGNER_INFO_PARAM) failed\n", ::GetLastError());


											}
											else
												_tprintf(L"ERROR: (0x%X) CryptMsgGetParam(RFC3161/CMSG_CONTENT_PARAM) data failed\n", ::GetLastError());

											//Free mem
											delete[] pCntData;
											pCntData = NULL;
										}
										else
											_tprintf(L"ERROR: (0x%X) new(RFC3161) failed\n", ::GetLastError());
									}
									else
										_tprintf(L"ERROR: (0x%X) CryptMsgGetParam(RFC3161/CMSG_CONTENT_PARAM) failed\n", ::GetLastError());
								}
								else
									_tprintf(L"ERROR: (0x%X) CryptMsgUpdate(RFC3161) failed\n", ::GetLastError());

								//Free handle
								::CryptMsgClose(hMsg);
								hMsg = NULL;
							}
							else
								_tprintf(L"ERROR: (0x%X) CryptMsgOpenToDecode(ENCODING) failed\n", ::GetLastError());
						}

					}
				}
			}
		}


	}

	//Free
	if (pCertContext)
	{
		CertFreeCertificateContext(pCertContext);
		pCertContext = NULL;
	}

	return c != 0 ? RFC_FOUND_CONTEXT : RFC_NO_CONTEXT;
}


void PrintCertContextDetails(PCCERT_CONTEXT pCertContext, DWORD dwNameOutputType, CRYPT_ALGORITHM_IDENTIFIER* pHashAlgo)
{
	//'dwNameOutputType' = one of: CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_RDN_TYPE, etc. see CertGetNameString()
	DWORD dwcbSz;
	WCHAR* pBuff;

	//Get subject name.
	dwcbSz = CertGetNameString(pCertContext, dwNameOutputType, 0, NULL, NULL, 0);
	if (dwcbSz != 0)
	{
		pBuff = new (std::nothrow) WCHAR[dwcbSz];
		if (pBuff)
		{
			if (CertGetNameString(pCertContext, dwNameOutputType, 0, NULL, pBuff, dwcbSz) == dwcbSz)
			{
				_tprintf(L"Subject: %s\n", pBuff);
			}
			else
				_tprintf(L"ERROR: (0x%X) CertGetNameString(subject) data failed\n", ::GetLastError());

			//Free mem
			delete[] pBuff;
			pBuff = NULL;
		}
		else
			_tprintf(L"ERROR: (0x%X) new CertGetNameString(subject) data failed\n", ::GetLastError());
	}
	else
		_tprintf(L"ERROR: (0x%X) CertGetNameString(subject) failed\n", ::GetLastError());


	//Issuer
	dwcbSz = CertGetNameString(pCertContext, dwNameOutputType, CERT_NAME_ISSUER_FLAG, NULL, NULL, 0);
	if (dwcbSz != 0)
	{
		pBuff = new (std::nothrow) WCHAR[dwcbSz];
		if (pBuff)
		{
			if (CertGetNameString(pCertContext, dwNameOutputType, CERT_NAME_ISSUER_FLAG, NULL, pBuff, dwcbSz) == dwcbSz)
			{
				_tprintf(L"Issuer: %s\n", pBuff);
			}
			else
				_tprintf(L"ERROR: (0x%X) CertGetNameString(issuer) data failed\n", ::GetLastError());

			//Free mem
			delete[] pBuff;
			pBuff = NULL;
		}
		else
			_tprintf(L"ERROR: (0x%X) new CertGetNameString(issuer) data failed\n", ::GetLastError());
	}
	else
		_tprintf(L"ERROR: (0x%X) CertGetNameString(issuer) failed\n", ::GetLastError());


	//Print Serial Number.
	_tprintf(_T("Serial Number: "));
	dwcbSz = pCertContext->pCertInfo->SerialNumber.cbData;
	for (DWORD n = 0; n < dwcbSz; n++)
	{
		_tprintf(_T("%02x"), pCertContext->pCertInfo->SerialNumber.pbData[dwcbSz - (n + 1)]);
	}
	_tprintf(_T("\n"));


	//Digest algorithm
	_tprintf(L"Digest Algorithm: ");
	PrintDigestAlgorithmName(pHashAlgo);
	_tprintf(_T("\n"));

}


void PrintDigestAlgorithmName(CRYPT_ALGORITHM_IDENTIFIER* pSigAlgo)
{
	if (pSigAlgo &&
		pSigAlgo->pszObjId)
	{
		PCCRYPT_OID_INFO pCOI = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY, pSigAlgo->pszObjId, 0);
		if (pCOI &&
			pCOI->pwszName)
		{
			_tprintf(L"%s", pCOI->pwszName);
		}
		else
		{
			USES_CONVERSION;
			_tprintf(L"%s", A2W(pSigAlgo->pszObjId));
		}
	}
}


BOOL PrintSignerDateTime(FILETIME* pftUtc)
{
	BOOL bRes = FALSE;

	if (pftUtc)
	{
		//Convert to local time
		FILETIME ftLoc = { 0 };
		SYSTEMTIME stLoc = { 0 };

		if (FileTimeToLocalFileTime(pftUtc, &ftLoc) &&
			FileTimeToSystemTime(&ftLoc, &stLoc))
		{
			_tprintf(L"Date of TimeStamp : %02d/%02d/%04d %02d:%02d:%02d\n",
				stLoc.wMonth,
				stLoc.wDay,
				stLoc.wYear,
				stLoc.wHour,
				stLoc.wMinute,
				stLoc.wSecond);

			bRes = TRUE;
		}
	}
	else
		::SetLastError(ERROR_INVALID_PARAMETER);

	return bRes;
}

int PrintSignerTimeStampDateTime(PCMSG_SIGNER_INFO pSignerInfo)
{
	int nCountTimeStamps = 0;

	//Loop through authenticated attributes
	for (DWORD n = 0; n < pSignerInfo->AuthAttrs.cAttr; n++)
	{
		if (pSignerInfo->AuthAttrs.rgAttr[n].pszObjId &&
			lstrcmpA(pSignerInfo->AuthAttrs.rgAttr[n].pszObjId, szOID_RSA_signingTime) == 0)
		{
			// Decode and get FILETIME structure.
			FILETIME ftUtc = { 0 };
			DWORD dwData = sizeof(ftUtc);

			if (CryptDecodeObject(ENCODING, PKCS_UTC_TIME,
				pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].pbData,
				pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].cbData,
				0,
				(PVOID)&ftUtc, &dwData))
			{
				//Got time stamp
				nCountTimeStamps++;

				//And print it
				if (!PrintSignerDateTime(&ftUtc))
				{
					_tprintf(L"ERROR: (0x%X) Time conversion failed from %I64x\n", ::GetLastError(), *(ULONGLONG*)&ftUtc);
				}
			}
			else
			{
				_tprintf(L"ERROR: (0x%X) CryptDecodeObject(PKCS_UTC_TIME) failed\n", ::GetLastError());
			}
		}
	}

	return nCountTimeStamps;
}


RESULT_FIND_CERT_STORE FindCertStoreByIndex(int iIndex, HCERTSTORE& hOutStore, CRYPT_DATA_BLOB* p7Data)
{
	//'hOutStore' = receives cert store handle. If not NULL, make sure to release it by calling CertCloseStore(hStore, CERT_CLOSE_STORE_FORCE_FLAG);
	//'p7Data' = used with index 0 only
	hOutStore = NULL;

	switch (iIndex)
	{
	case 0:
		hOutStore = CertOpenStore(CERT_STORE_PROV_PKCS7, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, 0, p7Data);
		break;

	case 1:
		hOutStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
			CERT_STORE_NO_CRYPT_RELEASE_FLAG | CERT_STORE_READONLY_FLAG | 0x10000,      // flags = 0x18001
			"ROOT");
		break;
	case 2:
		hOutStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
			CERT_STORE_NO_CRYPT_RELEASE_FLAG | CERT_STORE_READONLY_FLAG | 0x10000,      // flags = 0x18001
			"TRUST");
		break;
	case 3:
		hOutStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
			CERT_STORE_NO_CRYPT_RELEASE_FLAG | CERT_STORE_READONLY_FLAG | 0x10000,      // flags = 0x18001
			"CA");
		break;
	case 4:
		hOutStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
			CERT_STORE_NO_CRYPT_RELEASE_FLAG | CERT_STORE_READONLY_FLAG | 0x10000,      // flags = 0x18001
			"MY");
		break;
	case 5:
		hOutStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
			CERT_STORE_NO_CRYPT_RELEASE_FLAG | CERT_STORE_READONLY_FLAG | 0x20000,      // flags = 0x28001
			"SPC");
		break;

	default:
		return RFCS_NONE;
	}

	return hOutStore ? RFCS_FOUND_ONE : RFCS_ERROR;
}



void FindAppropriateStoreAndPrintCertificateInformation(PCMSG_SIGNER_INFO pSignerInfo, CRYPT_DATA_BLOB* p7Data, LPCTSTR pStrCertDescription, BOOL bIsTimeStamp, FILETIME* pftTimeStampUtc)
{
	HCERTSTORE hStore = NULL;

	//Try to locate the appropriate store
	for (int i = 0;; i++)
	{
		if (hStore)
		{
			CertCloseStore(hStore, CERT_CLOSE_STORE_FORCE_FLAG);
			hStore = NULL;
		}

		RESULT_FIND_CERT_STORE resFnd = FindCertStoreByIndex(i, hStore, p7Data);
		if (resFnd == RFCS_FOUND_ONE)
		{
			//Try to retrieve info
			if (PrintCertificateInformation(hStore, pSignerInfo, pStrCertDescription, bIsTimeStamp, pftTimeStampUtc) == RFC_FOUND_CONTEXT)
			{
				//All done
				break;
			}
		}
		else
		{
			//Stop the seatch
			if (resFnd == RFCS_NONE)
			{
				//No context
				_tprintf(L"ERROR: (0x%X) CertOpenStore(no_context) failed\n", ::GetLastError());
			}
			else
			{
				//Error
				_tprintf(L"ERROR: (0x%X) CertOpenStore(%i) data failed\n", ::GetLastError(), i);
			}

			break;
		}
	}


	if (hStore)
	{
		::CertCloseStore(hStore, CERT_CLOSE_STORE_FORCE_FLAG);
		hStore = NULL;
	}

}


void PrintDualSignatureInformation(PCMSG_SIGNER_INFO pSignerInfo)
{
	//Loop through unauthenticated attributes
	for (DWORD a = 0; a < pSignerInfo->UnauthAttrs.cAttr; a++)
	{
#ifndef szOID_NESTED_SIGNATURE
#define szOID_NESTED_SIGNATURE              "1.3.6.1.4.1.311.2.4.1"
#endif

		//We need szOID_NESTED_SIGNATURE att
		if (pSignerInfo->UnauthAttrs.rgAttr[a].pszObjId &&
			lstrcmpA(pSignerInfo->UnauthAttrs.rgAttr[a].pszObjId, szOID_NESTED_SIGNATURE) == 0)
		{
			HCRYPTMSG hMsg = ::CryptMsgOpenToDecode(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, 0, NULL, NULL, NULL);
			if (hMsg)
			{
				if (::CryptMsgUpdate(hMsg,
					pSignerInfo->UnauthAttrs.rgAttr[a].rgValue->pbData,
					pSignerInfo->UnauthAttrs.rgAttr[a].rgValue->cbData,
					TRUE))
				{
					DWORD dwSignerInfo = 0;
					::CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, NULL, &dwSignerInfo);
					if (dwSignerInfo != 0)
					{
						PCMSG_SIGNER_INFO pSignerInfo2 = (PCMSG_SIGNER_INFO)new (std::nothrow) BYTE[dwSignerInfo];
						if (pSignerInfo2)
						{
							if (::CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM,
								0, (PVOID)pSignerInfo2, &dwSignerInfo))
							{
								CRYPT_DATA_BLOB c7Data;
								c7Data.cbData = pSignerInfo->UnauthAttrs.rgAttr[a].rgValue->cbData;
								c7Data.pbData = pSignerInfo->UnauthAttrs.rgAttr[a].rgValue->pbData;

								//Try to locate the appropriate store & print from it
								FindAppropriateStoreAndPrintCertificateInformation(pSignerInfo2, &c7Data, L"Dual Signer Certificate", FALSE);
							}
							else
								_tprintf(L"ERROR: (0x%X) CryptMsgGetParam(CMSG_SIGNER_INFO_PARAM) data failed\n", ::GetLastError());

							//Free mem
							delete[] pSignerInfo2;
							pSignerInfo2 = NULL;
						}
						else
							_tprintf(L"ERROR: (0x%X) new(PCMSG_SIGNER_INFO) failed\n", ::GetLastError());
					}
					else
						_tprintf(L"ERROR: (0x%X) CryptMsgGetParam(CMSG_SIGNER_INFO_PARAM) failed\n", ::GetLastError());
				}
				else
					_tprintf(L"ERROR: (0x%X) CryptMsgUpdate(dual-sig) failed\n", ::GetLastError());

				//Close message
				::CryptMsgClose(hMsg);
			}
			else
				_tprintf(L"ERROR: (0x%X) CryptMsgOpenToDecode(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING) failed\n", ::GetLastError());
		}
	}
}

// https://stackoverflow.com/questions/50976612/amended-code-to-retrieve-dual-signature-information-from-pe-executable-in-window
    // https://www.sysadmins.lv/blog-en/reading-multiple-signatures-from-signed-file-with-powershell.aspx
    // 从技术上讲,Microsoft authenticode signature 一次只支持一个签名。附加签名作为嵌套签名完成。
    // 第一张图片显示另一个未经身份验证的属性,OID=1.3.6.1.4.1.311.2.4.1 (szOID_NESTED_SIGNATURE)。这是嵌套的 SHA2 签名。它就在这里。让我们从 SHA1 签名中检索一般信息:

 

小米渣的逆袭
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
广东省职业技能等级认定证书试卷样题计算机程序员-Web前端开发(三级)答案.docx
12-27
注意:xampp是Windows平台下的集成开发环境,包含Apache、MySQL、PHP、Perl等多种服务器软件。 * 创建网站目录web,并创建子目录css、js、img,把素材提供的img> goods.php复制到网站目录,以考号后4位-l-2-l.jpg...
获取windows下执行文件签名证书信息
weixin_34232617的博客
11-13 5296
获取证书信息验证文件数字签名是否有效可以使用函数 WinVerifyTrust,可以用:取得文件数字签名证书信息需要使用函数 CryptQueryObject,再用CertFindCertificateInStore获取证书Cert也可以通过,WTHelperProvDataFromStateData WTHelperGetProvSignerFromChain WTHelperGetProvCe...
获取文件数字签名证书信息
云守护的专栏
03-28 1万+
验证文件数字签名是否有效可以使用函数 WinVerifyTrust 取得文件数字签名证书信息需要使用函数 CryptQueryObject。// FileSign.cpp : 定义控制台应用程序的入口点。 // #include "stdafx.h" #include #include #include #include #include #pragma comment(lib, "
C++ 获取exe或dll的数字签名
聆听风雨的博客
09-19 3685
现在许多应用都是有数字签名的。公司发布的程序一般也都需要签完名之后方可发布。 比如:​​​​​​​ 本文实现一个C++程序,用于获取指定文件的数字签名信息。运行结果如下: 代码如下: #include <windows.h> #include <wincrypt.h> #include <wintrust.h> #include <stdio.h> #include <tchar.h> #pragma comment(lib, "
基于visual c++windows核心编程代码分析(46)遍历数字证书
weixin_30335575的博客
01-23 146
数字证书就是互联网通讯中标志通讯各方身份信息的一系列数据,提供了一种在Internet上验证您身份的方式,其作用类似于司机的驾驶执照或日常生活中的身份证。它是由一个由权威机构-----CA机构,又称为证书授权(Certificate Authority)中心发行的,人们可以在网上用它来识别对方的身份。数字证书是一个经证书授权中心数字签名的包含公开密钥拥有者信息以及公开密钥的文件。最简单的证书包...
C++获取软件的数字签名
04-28 4043
#include <wincrypt.h> #pragma comment(lib, "crypt32.lib") //作用:获取软件的数字签名 //参数: // v_pwszFilePath --- 程序的全路径 // v_pwszSign --- 用于返回数字签名的缓冲区,如果为NULL, // 那么将会需要的缓冲区大小 ...
系统安装手册模板.doc
10-11
- 操作系统:Windows Server 2008 R2 或更高版本,Linux(如Ubuntu 16.04或CentOS 7); - CPU:核处理器,主频2.0GHz以上; - 内存:至少4GB RAM; - 硬盘空间:预留足够的空间以存放数据库文件和应用程序; - ...
wincrypt获取文件签名
最新发布
chaoguodong的专栏
05-23 326
wincrypt 获取文件签名
C++ | 数字签名的生成与解析
该用户还没想到好的昵称的博客
06-01 3818
一、准备工作 下载makecert.exe及signcode.exe软件
完全免费的Windows代码签名证书(大神勿喷)
热门推荐
Dounick的博客
12-10 3万+
1. 代码签名有什么用? 对于我们来说,代码签名的作用也就是在UAC和运行程序时的界面稍微好看一点,看上去更高大上一点(说白了就是对装逼很有帮助) 对于Windows应用程序的开发人员和软件厂商来说,代码签名可以减少应用程序的错误信息并提高应用程序的的可信度。 软件厂商和个体开发商可对他们通过互联网分销的软件进行数字签名并盖上时间戳, 该数字签名确保了最终用户知道该软件是合法的, 来自知名...
【PE结构】恶意代码数字签名验证
weixin_30696427的博客
10-11 461
说明 恶意代码数字签名验证功能,WinverityTrust、CryptQueryObject 代码实现 WinVerifyTrust //------------------------------------------------------------------- // Copyright (C) Microsoft. All rights reserved. // Exam...
验证程序签名
patdz的专栏
03-25 1631
参考自: http://msdn.microsoft.com/en-us/library/aa382384.aspx http://support.microsoft.com/kb/323809/nl #include #include #include #include #pragma comment (lib, "wintrust") #pragma commen
window获取证书文件
weixin_42861240的博客
05-10 890
1、下载前往官网下载App Uploader 2、下载完软件 击appuploader.exe 3、输入苹果账号密码 4、主页显示 5、点击证书 6、点击添加证书 7、下载证书请看第五步 ...
看图学习 RFC 3161 中的时间戳响应及 RFC 5652 中的 SignedData
henter的专栏
03-09 3827
在 RFC 3161《Time-Stamp Protocol》中定义的时间戳响应是一个 ASN.1 SEQUENCE,它的结构十分复杂,其内部包含的一个子项是在 RFC 5652《Cryptographic Message Syntax》(CMS)中定义的 SignedData。为了更好地理解 ASN.1 编码的层次关系,在本文中提供了一些直观的示例图供大家查看。首先看一下时间戳响...
Windows Authenticode Portable Executable Signature Format
梦想专栏
08-09 1259
Version 1.0  — March 21, 2008  Abstract Authenticode® is a digital signature format that is used to determine the origin and integrity of software binaries. Authenticode is based on Public-Key Crypt...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值