- #include <windows.h>
- #include <stdio.h>
- #include <Mscat.h>
- #include <wintrust.h>
- #include <Softpub.h>
- #include <assert.h>
- //删除数组
- #define SafeDeleteArraySize(pData) { if(pData){delete []pData;pData=NULL;} }
- #pragma comment(lib, "Wintrust.lib")
- #pragma comment(lib, "crypt32.lib")
- #define ENCODING (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING)
- //关闭文件重定向系统
- BOOL DisableWow64FsRedirection(void)
- {
- PVOID pOldValue = NULL;
- typedef BOOL(WINAPI *pfnWow64DisableWow64FsRedirection)(PVOID *OldValue);
- static pfnWow64DisableWow64FsRedirection pWow64DisableWow64 = (pfnWow64DisableWow64FsRedirection)GetProcAddress(GetModuleHandle(TEXT("Kernel32.dll")), "Wow64DisableWow64FsRedirection");
- //处理wow64
- //if (IsWowo64System())
- {
- if (pWow64DisableWow64)
- {
- return pWow64DisableWow64(&pOldValue);
- }
- }
- return FALSE;
- }
- //开启文件重定向系统
- BOOL RevertWow64FsRedirection(void)
- {
- PVOID pOldValue = NULL;
- typedef BOOL(WINAPI *pfnWow64RevertWow64FsRedirection)(PVOID OldValue);
- static pfnWow64RevertWow64FsRedirection pWow64RevertWow64 = (pfnWow64RevertWow64FsRedirection)GetProcAddress(GetModuleHandle(TEXT("Kernel32.dll")), "Wow64RevertWow64FsRedirection");
- //if (IsWowo64System())
- {
- if (pWow64RevertWow64)
- {
- return pWow64RevertWow64(&pOldValue);
- }
- }
- return FALSE;
- }
- //带重定向打开文件
- BOOL RedirectionCreateFile(const wchar_t* pFilePath, HANDLE& hFile)
- {
- BOOL bRet = FALSE;
- assert(NULL != pFilePath);
- //关闭文件重定向系统
- BOOL bDisableWow64FsRedirection = DisableWow64FsRedirection();
- hFile = CreateFile(pFilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
- if (INVALID_HANDLE_VALUE != hFile)
- {
- bRet = TRUE;
- }
- //开启文件重定向系统
- if (bDisableWow64FsRedirection)
- {
- RevertWow64FsRedirection();
- }
- return bRet;
- }
- //获取文件数字签名
- wchar_t* GetCertName(wchar_t* pFilePath)
- {
- HCERTSTORE hStore = NULL;
- HCRYPTMSG hMsg = NULL;
- PCCERT_CONTEXT pCertContext = NULL;
- BOOL bResult = FALSE;
- DWORD dwEncoding, dwContentType, dwFormatType;
- PCMSG_SIGNER_INFO pSignerInfo = NULL;
- DWORD dwSignerInfo = 0;
- CERT_INFO CertInfo;
- wchar_t* pCertName = NULL;
- DWORD dwData = 0;
- HANDLE hFile = INVALID_HANDLE_VALUE;
- DWORD NumberOfBytesRead = 0;
- DWORD dwFilesize = 0;
- BYTE* pBuff = NULL;
- BOOL bDisableWow64FsRedirection = FALSE;
- memset(&CertInfo, 0, sizeof(CertInfo));
- if (IsBadReadPtr(pFilePath, sizeof(DWORD)) != 0)
- {
- return NULL;
- }
- do
- {
- if (!RedirectionCreateFile(pFilePath, hFile))
- break;
- dwFilesize = GetFileSize(hFile, NULL);
- pBuff = new BYTE[dwFilesize + 1];
- assert(NULL != pBuff);
- RtlZeroMemory(pBuff, dwFilesize + 1);
- if (ReadFile(hFile, pBuff, dwFilesize, &NumberOfBytesRead, NULL) == FALSE)
- {
- CloseHandle(hFile);
- break;
- }
- CloseHandle(hFile);
- CERT_BLOB Object = { 0 };
- Object.cbData = dwFilesize;
- Object.pbData = pBuff;
- bResult = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &Object
- , CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, CERT_QUERY_FORMAT_FLAG_BINARY
- , 0, &dwEncoding, &dwContentType, &dwFormatType, &hStore, &hMsg, NULL);
- if (!bResult)
- {
- // 如果失败,采用原有的判断方式再执行一遍,确保此次变更不会兼容以前的代码处理效果
- //关闭文件重定向系统
- bDisableWow64FsRedirection = DisableWow64FsRedirection();
- bResult = CryptQueryObject(CERT_QUERY_OBJECT_FILE, pFilePath
- , CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, CERT_QUERY_FORMAT_FLAG_BINARY
- , 0, &dwEncoding, &dwContentType, &dwFormatType, &hStore, &hMsg, NULL);
- if (bDisableWow64FsRedirection)
- {
- RevertWow64FsRedirection();
- }
- if (!bResult)break;
- }
- bResult = CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, NULL, &dwSignerInfo);
- if (!bResult)break;
- pSignerInfo = (PCMSG_SIGNER_INFO) new char[dwSignerInfo];
- if (NULL == pSignerInfo)break;
- ZeroMemory(pSignerInfo, dwSignerInfo);
- bResult = CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, (PVOID)pSignerInfo, &dwSignerInfo);
- if (!bResult)break;
- CertInfo.Issuer = pSignerInfo->Issuer;
- CertInfo.SerialNumber = pSignerInfo->SerialNumber;
- pCertContext = CertFindCertificateInStore(hStore, ENCODING, 0, CERT_FIND_SUBJECT_CERT, (PVOID)&CertInfo, NULL);
- if (NULL == pCertContext)break;
- dwData = CertGetNameString(pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, NULL, 0);
- if (1 >= dwData)
- break;
- pCertName = new wchar_t[dwData + 1];
- if (NULL == pCertName)break;
- ZeroMemory(pCertName, (dwData + 1) * sizeof(wchar_t));
- if (!(CertGetNameString(pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, pCertName, dwData)))
- break;
- } while (FALSE);
- SafeDeleteArraySize(pBuff);
- SafeDeleteArraySize(pSignerInfo);
- if (pCertContext != NULL) CertFreeCertificateContext(pCertContext);
- if (hStore != NULL) CertCloseStore(hStore, 0);
- if (hMsg != NULL) CryptMsgClose(hMsg);
- return pCertName;
- }
- //检测文件是否有签名
- wchar_t* GetFileCat(wchar_t* lpFileName)
- {
- WINTRUST_DATA wd = { 0 };
- WINTRUST_FILE_INFO wfi = { 0 };
- WINTRUST_CATALOG_INFO wci = { 0 };
- CATALOG_INFO ci = { 0 };
- HCATADMIN hCatAdmin = NULL;
- HANDLE hFile = INVALID_HANDLE_VALUE;
- DWORD dwCnt = 0;
- PBYTE pbyHash = NULL;
- wchar_t* pszMemberTag = NULL;
- HCATINFO hCatInfo = NULL;
- HRESULT hr;
- static GUID action = WINTRUST_ACTION_GENERIC_VERIFY_V2;
- const GUID gSubsystem = DRIVER_ACTION_VERIFY;
- wchar_t* pCatalogFile = NULL;
- do
- {
- if (!CryptCATAdminAcquireContext(&hCatAdmin, &gSubsystem, 0))
- break;
- if (!RedirectionCreateFile(lpFileName, hFile))
- break;
- if (CryptCATAdminCalcHashFromFileHandle(hFile, &dwCnt, pbyHash, 0) && dwCnt > 0 && ERROR_INSUFFICIENT_BUFFER == GetLastError())
- {
- pbyHash = new BYTE[dwCnt];
- ZeroMemory(pbyHash, dwCnt);
- if (CryptCATAdminCalcHashFromFileHandle(hFile, &dwCnt, pbyHash, 0) == FALSE)
- {
- CloseHandle(hFile);
- break;
- }
- }
- else
- {
- CloseHandle(hFile);
- break;
- }
- CloseHandle(hFile);
- hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdmin, pbyHash, dwCnt, 0, NULL);
- if (NULL == hCatInfo)
- {
- wfi.cbStruct = sizeof(WINTRUST_FILE_INFO);
- wfi.pcwszFilePath = lpFileName;
- wfi.hFile = NULL;
- wfi.pgKnownSubject = NULL;
- wd.cbStruct = sizeof(WINTRUST_DATA);
- wd.dwUnionChoice = WTD_CHOICE_FILE;
- wd.pFile = &wfi;
- wd.dwUIChoice = WTD_UI_NONE;
- wd.fdwRevocationChecks = WTD_REVOKE_NONE;
- wd.dwStateAction = WTD_STATEACTION_IGNORE;
- wd.dwProvFlags = WTD_SAFER_FLAG;
- wd.hWVTStateData = NULL;
- wd.pwszURLReference = NULL;
- }
- else
- {
- if (CryptCATCatalogInfoFromContext(hCatInfo, &ci, 0))
- {
- pszMemberTag = new wchar_t[dwCnt * 2 + 1];
- ZeroMemory(pszMemberTag, (dwCnt * 2 + 1)*sizeof(wchar_t));
- for (DWORD dw = 0; dw < dwCnt; ++dw)
- {
- wsprintfW(&pszMemberTag[dw * 2], L"%02X", pbyHash[dw]);
- }
- wci.cbStruct = sizeof(WINTRUST_CATALOG_INFO);
- wci.pcwszCatalogFilePath = ci.wszCatalogFile;
- wci.pcwszMemberFilePath = lpFileName;
- wci.pcwszMemberTag = pszMemberTag;
- wd.cbStruct = sizeof(WINTRUST_DATA);
- wd.pCatalog = &wci;
- wd.dwUIChoice = WTD_UI_NONE;
- wd.dwUnionChoice = WTD_CHOICE_CATALOG;
- wd.fdwRevocationChecks = WTD_STATEACTION_VERIFY;
- wd.dwStateAction = WTD_STATEACTION_VERIFY;
- wd.dwProvFlags = 0;
- wd.hWVTStateData = NULL;
- wd.pwszURLReference = NULL;
- }
- }
- hr = WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &action, &wd);
- if (SUCCEEDED(hr) || wcslen(ci.wszCatalogFile) > 0)
- {
- //返回cat文件
- pCatalogFile = new wchar_t[MAX_PATH];
- ZeroMemory(pCatalogFile, MAX_PATH*sizeof(wchar_t));
- CopyMemory(pCatalogFile, ci.wszCatalogFile, wcslen(ci.wszCatalogFile)*sizeof(wchar_t));
- }
- if (NULL != hCatInfo)
- {
- CryptCATAdminReleaseCatalogContext(hCatAdmin, hCatInfo, 0);
- }
- } while (FALSE);
- if (hCatAdmin)
- {
- CryptCATAdminReleaseContext(hCatAdmin, 0);
- }
- SafeDeleteArraySize(pbyHash);
- SafeDeleteArraySize(pszMemberTag);
- return pCatalogFile;
- }
- //获取文件数字签名
- wchar_t* GetFileCertName(wchar_t* pFilePath)
- {
- wchar_t* pCertName = NULL;
- wchar_t* pCatFilePath = NULL;
- //获取文件数字签名
- pCertName = GetCertName(pFilePath);
- if (pCertName == NULL)
- {
- //获取文件cat
- pCatFilePath = GetFileCat(pFilePath);
- if (pCatFilePath)
- {
- //获取cat文件数字签名
- pCertName = GetCertName(pCatFilePath);
- }
- }
- SafeDeleteArraySize(pCatFilePath);
- return pCertName;
- }
- int main(void)
- {
- getchar();
- GetFileCertName(L"C:\\Windows\\System32\\drivers\\http.sys");
- GetFileCertName(L"C:\\Windows\\System32\\drivers\\spsys.sys");
- getchar();
- getchar();
- return 0;
- }
获取数字签名
最新推荐文章于 2019-04-28 09:54:18 发布