Windows 8和Windows 2012提供新的WinVerifyTrust API对PE文件进行签名认证

最新推荐文章于 2023-10-04 12:53:27 发布
最新推荐文章于 2023-10-04 12:53:27 发布
阅读量5k 收藏 5
点赞数
分类专栏: Windows

微软官方说明网址(内含示例程序代码):http://code.msdn.microsoft.com/windowsdesktop/WinVerifyTrust-signature-a95ab1f6

// THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
// ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
// THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
// PARTICULAR PURPOSE.
//
// Copyright (c) Microsoft Corporation. All rights reserved

#include <windows.h>
#include <stdio.h>
#include <wintrust.h>
#include <softpub.h>
#include <mscat.h>

void PrintUsage(_In_ PCWSTR fileName)
{
    wprintf(L"%s [-p] <-c | -e> file\n", fileName);
    wprintf(L"Flags:\n");
    wprintf(L"  -p: Use signature policy of the current os (szOID_CERT_STRONG_SIGN_OS_CURRENT)\n");
    wprintf(L"  -c: Search for the file in system catalogs\n");
    wprintf(L"  -e: Verify embedded file signature\n");
}

//----------------------------------------------------------------------------
//
//  PrintError
//  Prints error information to the console
//
//----------------------------------------------------------------------------
void PrintError(_In_ DWORD Status)
{
    wprintf(L"Error: 0x%08x (%d)\n", Status, Status);
}

//----------------------------------------------------------------------------
//
//  VerifyEmbeddedSignatures
//  Verifies all embedded signatures of a file
//
//----------------------------------------------------------------------------
DWORD VerifyEmbeddedSignatures(_In_ PCWSTR FileName,
                               _In_ HANDLE FileHandle,
                               _In_ bool UseStrongSigPolicy)
{
    DWORD Error = ERROR_SUCCESS;    
    bool WintrustCalled = false;
    GUID GenericActionId = WINTRUST_ACTION_GENERIC_VERIFY_V2;
    WINTRUST_DATA WintrustData = {};
    WINTRUST_FILE_INFO FileInfo = {};    
    WINTRUST_SIGNATURE_SETTINGS SignatureSettings = {};
    CERT_STRONG_SIGN_PARA StrongSigPolicy = {};

    // Setup data structures for calling WinVerifyTrust
    WintrustData.cbStruct = sizeof(WINTRUST_DATA);
    WintrustData.dwStateAction  = WTD_STATEACTION_VERIFY;
    WintrustData.dwUIChoice = WTD_UI_NONE;
    WintrustData.fdwRevocationChecks = WTD_REVOKE_NONE;
    WintrustData.dwUnionChoice = WTD_CHOICE_FILE;
    
    FileInfo.cbStruct = sizeof(WINTRUST_FILE_INFO_);
    FileInfo.hFile = FileHandle;
    FileInfo.pcwszFilePath = FileName;
    WintrustData.pFile = &FileInfo;
    
    //
    // First verify the primary signature (index 0) to determine how many secondary signatures
    // are present. We use WSS_VERIFY_SPECIFIC and dwIndex to do this, also setting 
    // WSS_GET_SECONDARY_SIG_COUNT to have the number of secondary signatures returned.
    //
    SignatureSettings.cbStruct = sizeof(WINTRUST_SIGNATURE_SETTINGS);
    SignatureSettings.dwFlags = WSS_GET_SECONDARY_SIG_COUNT | WSS_VERIFY_SPECIFIC;
    SignatureSettings.dwIndex = 0;
    WintrustData.pSignatureSettings = &SignatureSettings;
    
    if (UseStrongSigPolicy != false)
    {
        StrongSigPolicy.cbSize = sizeof(CERT_STRONG_SIGN_PARA);
        StrongSigPolicy.dwInfoChoice = CERT_STRONG_SIGN_OID_INFO_CHOICE;
        StrongSigPolicy.pszOID = szOID_CERT_STRONG_SIGN_OS_CURRENT;
        WintrustData.pSignatureSettings->pCryptoPolicy = &StrongSigPolicy;
    }
    
    wprintf(L"Verifying primary signature... ");
    Error = WinVerifyTrust(NULL, &GenericActionId, &WintrustData);
    WintrustCalled = true;
    if (Error != ERROR_SUCCESS) 
    {
        PrintError(Error);        
        goto Cleanup;
    }

    wprintf(L"Success!\n");

    wprintf(L"Found %d secondary signatures\n", WintrustData.pSignatureSettings->cSecondarySigs);

    // Now attempt to verify all secondary signatures that were found
    for(DWORD x = 1; x <= WintrustData.pSignatureSettings->cSecondarySigs; x++)
    {
        wprintf(L"Verify secondary signature at index %d... ", x);

        // Need to clear the previous state data from the last call to WinVerifyTrust
        WintrustData.dwStateAction = WTD_STATEACTION_CLOSE;
        Error = WinVerifyTrust(NULL, &GenericActionId, &WintrustData);
        if (Error != ERROR_SUCCESS) 
        {
            //No need to call WinVerifyTrust again
            WintrustCalled = false;
            PrintError(Error);            
            goto Cleanup;
        }

        WintrustData.hWVTStateData = NULL;

        // Caller must reset dwStateAction as it may have been changed during the last call
        WintrustData.dwStateAction = WTD_STATEACTION_VERIFY;
        WintrustData.pSignatureSettings->dwIndex = x;
        Error = WinVerifyTrust(NULL, &GenericActionId, &WintrustData);
        if (Error != ERROR_SUCCESS) 
        {
            PrintError(Error);            
            goto Cleanup;
        }

        wprintf(L"Success!\n");
    }

Cleanup:

    //
    // Caller must call WinVerifyTrust with WTD_STATEACTION_CLOSE to free memory
    // allocate by WinVerifyTrust
    //
    if (WintrustCalled != false)
    {
        WintrustData.dwStateAction = WTD_STATEACTION_CLOSE;
        WinVerifyTrust(NULL, &GenericActionId, &WintrustData);
    }

    return Error;     
}


//----------------------------------------------------------------------------
//
//  VerifyCatalogSignature
//  Looks up a file by hash in the system catalogs. 
//
//----------------------------------------------------------------------------
DWORD VerifyCatalogSignature(_In_ HANDLE FileHandle,
                             _In_ bool UseStrongSigPolicy)
{
    DWORD Error = ERROR_SUCCESS;
    bool Found = false;
    HCATADMIN CatAdminHandle = NULL;
    HCATINFO CatInfoHandle = NULL;
    DWORD HashLength = 0;
    PBYTE HashData = NULL;
    CERT_STRONG_SIGN_PARA SigningPolicy = {};

    if (UseStrongSigPolicy != false)
    {
        SigningPolicy.cbSize = sizeof(CERT_STRONG_SIGN_PARA);
        SigningPolicy.dwInfoChoice = CERT_STRONG_SIGN_OID_INFO_CHOICE;
        SigningPolicy.pszOID = szOID_CERT_STRONG_SIGN_OS_CURRENT;
        if (!CryptCATAdminAcquireContext2(
                    &CatAdminHandle,
                    NULL,
                    BCRYPT_SHA256_ALGORITHM,
                    &SigningPolicy,
                    0))
        {
            Error = GetLastError();
            goto Cleanup;
        }
    }
    else
    {
        if (!CryptCATAdminAcquireContext2(
                    &CatAdminHandle,
                    NULL,
                    BCRYPT_SHA256_ALGORITHM,
                    NULL,
                    0))
        {
            Error = GetLastError();
            goto Cleanup;
        }
    }

    // Get size of hash to be used
    if (!CryptCATAdminCalcHashFromFileHandle2(
                CatAdminHandle,
                FileHandle,
                &HashLength,
                NULL,
                NULL))
    {
        Error = GetLastError();
        goto Cleanup;
    }

    HashData = (PBYTE) HeapAlloc(GetProcessHeap(), 0, HashLength);
    if (HashData == NULL)
    {
        Error = ERROR_OUTOFMEMORY;
        goto Cleanup;
    }

    // Generate hash for a give file
    if (!CryptCATAdminCalcHashFromFileHandle2(
                CatAdminHandle,
                FileHandle,
                &HashLength,
                HashData,
                NULL))
    {
        Error = GetLastError();
        goto Cleanup;
    }

    // Find the first catalog containing this hash
    CatInfoHandle = NULL;
    CatInfoHandle = CryptCATAdminEnumCatalogFromHash(
                CatAdminHandle,
                HashData,
                HashLength,
                0,
                &CatInfoHandle);

    while (CatInfoHandle != NULL)
    {
        CATALOG_INFO catalogInfo = {};
        catalogInfo.cbStruct = sizeof(catalogInfo);
        Found = true;

        if (!CryptCATCatalogInfoFromContext(
                    CatInfoHandle,
                    &catalogInfo,
                    0))
        {
            Error = GetLastError();
            break;
        }

        wprintf(L"Hash was found in catalog %s\n\n", catalogInfo.wszCatalogFile);

        // Look for the next catalog containing the file's hash
        CatInfoHandle = CryptCATAdminEnumCatalogFromHash(
                    CatAdminHandle,
                    HashData,
                    HashLength,
                    0,
                    &CatInfoHandle);
    }

    if (Found != true)
    {
        wprintf(L"Hash was not found in any catalogs.\n");
    }

Cleanup:
    if (CatAdminHandle != NULL)
    {
        if (CatInfoHandle != NULL)
        {
            CryptCATAdminReleaseCatalogContext(CatAdminHandle, CatInfoHandle, 0);
        }

        CryptCATAdminReleaseContext(CatAdminHandle, 0);
    }

    if (HashData != NULL)
    {
        HeapFree(GetProcessHeap(), 0, HashData);
    }

     return Error;
}

int __cdecl wmain(_In_ unsigned int argc, _In_reads_(argc) PCWSTR wargv[])
{
    DWORD Error = ERROR_SUCCESS;
    HANDLE FileHandle = INVALID_HANDLE_VALUE;
    DWORD ArgStart = 1;
    bool UseStrongSigPolicy = false;

    if (argc < 3 || argc > 4)
    {
        PrintUsage(wargv[0]);
        Error = ERROR_INVALID_PARAMETER;
        goto Cleanup;
    }

    if (_wcsicmp(wargv[ArgStart], L"-p") == 0)
    {
        UseStrongSigPolicy = true;
        ArgStart++;
    }

    if (ArgStart + 1 >= argc)
    {
        PrintUsage(wargv[0]);
        Error = ERROR_INVALID_PARAMETER;        
        goto Cleanup;
    }
    
    if ((wcslen(wargv[ArgStart]) != 2) ||
        ((_wcsicmp(wargv[ArgStart], L"-c") != 0) &&
         (_wcsicmp(wargv[ArgStart], L"-e") != 0)))
    {   
        PrintUsage(wargv[0]);
        Error = ERROR_INVALID_PARAMETER;        
        goto Cleanup;
    }

    FileHandle = CreateFileW(wargv[ArgStart+1],
                             GENERIC_READ,
                             FILE_SHARE_READ,
                             NULL,
                             OPEN_EXISTING,
                             0,
                             NULL);
    if (FileHandle == INVALID_HANDLE_VALUE)
    {
        Error = GetLastError();
        PrintError(Error);        
        goto Cleanup;
    }

    if (_wcsicmp(wargv[ArgStart], L"-c") == 0)
    {
        Error = VerifyCatalogSignature(FileHandle, UseStrongSigPolicy);
    }else if (_wcsicmp(wargv[ArgStart], L"-e") == 0)
    {
        Error = VerifyEmbeddedSignatures(wargv[ArgStart+1], FileHandle, UseStrongSigPolicy);
    }else
    {
        PrintUsage(wargv[0]);
        Error = ERROR_INVALID_PARAMETER;
    }

Cleanup:
    if (FileHandle != INVALID_HANDLE_VALUE)
    {
        CloseHandle(FileHandle);
    }

    return Error;
}


StanfordZhang
关注
  • 0
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
WinVerifyTrust调用返回80096005错误,时间戳签名或证书无法验证或已损坏
Think88666的博客
07-23 1772
WinVerifyTrust;80096005;时间戳签名或证书无法验证或已损坏
Java JDK 8安装版(Windows 64位)
02-26
8. **开发环境配置**:对于开发人员来说,安装JDK后还需要配置IDE(如Eclipse、IntelliJ IDEA等)以使用Java 8进行开发,同时确保项目的构建路径和编译器设置正确。 综上所述,Java JDK 8是Java开发的核心组件,其...
Windows 平台下PE文件数字签名的一些研究
snowfoxmonitor的专栏
04-05 6956
Windows平台上PE文件的数字签名有两个作用:确保文件来自指定的发布者和文件签名后没有被修改过。因此有些软件用数字签名来验证文件是否来自家厂商以及文件的完整性,安全软件也经常通过验证文件是否有数字签名来防误报。但是因为windows对于常用的数字签名验证API- WinVerifyTrust实现的问题,以及一些并不恰当的示例代码,很多地方在验证数字签名时存在卡慢或者安全性不高的问题。本文将介...
获取windows下执行文件签名和证书信息
weixin_34232617的博客
11-13 5237
获取证书信息验证文件数字签名是否有效可以使用函数 WinVerifyTrust,可以用:取得文件数字签名证书信息需要使用函数 CryptQueryObject,再用CertFindCertificateInStore获取证书Cert也可以通过,WTHelperProvDataFromStateData WTHelperGetProvSignerFromChain WTHelperGetProvCe...
获取文件数字签名证书信息
热门推荐
云守护的专栏
03-28 1万+
验证文件数字签名是否有效可以使用函数 WinVerifyTrust 取得文件数字签名证书信息需要使用函数 CryptQueryObject。// FileSign.cpp : 定义控制台应用程序的入口点。 // #include "stdafx.h" #include #include #include #include #include #pragma comment(lib, "
验证PE文件签名-易语言
06-12
易语言提供API调用来实现对PE文件签名的验证。在易语言中,可以使用如`WinAPI`或`系统.进程与线程`等模块来调用Windows API函数,例如`Crypt32.dll`库中的`CertVerifyCertificateChainPolicy`和`WinVerifyTrust`...
c++获取pe文件签名
05-23
在C++中获取PE(Portable Executable)文件签名是一个涉及Windows API调用和二进制文件解析的过程。PE文件格式是Windows操作系统中的可执行文件和动态链接库(DLL)的标准格式。PE文件签名用于验证软件的来源和完整...
精通Windows.API-函数、接口、编程实例.pdf
01-27
12.1.1 Shell对目录和文件的管理形式 335 12.1.2 “我的文档”等特殊目录相关操作 335 12.1.3 绑定、遍历、属性获取 337 12.1.4 浏览文件对话框 339 12.2 文件协助(File Associations) 340 12.2.1 文件...
检查一个可执行文件是否通过微软签名
12-19
验证微软的PE文件签名是通过调用WinVerifyTrust实现的,但要真正用好这个函数,是有一定的技巧的,许多网友从网上下载了C++代码却一直未能调通。而这个权威的例子,可以让我们学到很多。
Windows API参考手册完全版.rar
10-03
这个压缩包包含了多个配置文件和帮助文档,旨在为开发者提供深入理解Windows API的详细信息。以下是一些主要的知识点: 1. **Windows API**: Windows API(应用程序接口)是Microsoft Windows操作系统提供的一组...
tongweb7.0,windows和linux安装包
04-27
同时,TongWeb提供完善的API和管理工具,便于集成到现有IT环境中,实现自动化部署和管理。 四、总结 TongWeb 7.0作为一款跨平台的应用服务器,具备高性能、高可用性和易管理性,无论是在Windows还是Linux环境下,...
windows API CHM
10-30
windows API CHM,1000个API函数的介绍 windows API CHM,1000个API函数的介绍 windows API CHM,1000个API函数的介绍 windows API CHM,1000个API函数的介绍 windows API CHM,1000个API函数的介绍
windows API开发详解
04-25
Windows API开发详解 函数、接口、编程实例 要就拿走吧
C/C++防御99%的简单远程控制木马病毒
最新发布
vShaShen_的博客
10-04 854
【代码】C/C++防御99%的简单远程控制木马病毒。
Delphi 编写【数字签名验证】并获取签名信息
weixin_34194379的博客
02-27 258
一个客户想通过编程实现验证程序自身的数字签名来确保程序的完整性,防范病毒感染以及防止一些无聊人士的修改(通过十六进制编辑器替换一些版权、网址、LOGO..); 为此我做了一个数字签名验证的小例子,其中也有获取签名者信息的方法,以满足“自验证”的需求。 示例: WinAPI: 安全编录(CAT) CryptCATAdminReleaseCatalog...
WinVerifyTrust signature verification sample
董盼山的专栏
03-19 3280
// THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF  // ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO  // THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNES
文件数字签名校验与信息获取
c/c++、x86汇编、Win32汇编、逆向、破解
02-10 6545
方法一、二兼容XP,三不兼容XP。 方法一: /* * An example of file signature verification using WinTrust API * Derived from the sample vertrust.cpp in the Platform SDK * * Copyright (c) 2009 Mounir IDRASSI . Al
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值