C-验证代码签名-Windows API
我需要验证二进制文件的代码签名。我认为Microsoft Authenticode就是这个术语。使用Windows API有没有一种明智的方法来实现这一点?您看过吗?由于目前还不清楚如何使用它来验证二进制文件的签名,因此您可能需要查看专门用于验证二进制文件的验证码。如何查找驱动程序的验证码: 免责声明:我没有写这段代码C-验证代码签名-Windows API,c,api,code-signing,authenticode,C,Api,Code Signing,Authenticode,我需要验证二进制文件的代码签名。我认为Microsoft Authenticode就是这个术语。使用Windows API有没有一种明智的方法来实现这一点?您看过吗?由于目前还不清楚如何使用它来验证二进制文件的签名,因此您可能需要查看专门用于验证二进制文件的验证码。如何查找驱动程序的验证码: 免责声明:我没有写这段代码 BOOL-VerifyEmbeddedSignature(LPCWSTR-pwszSourceFile) { 长柱状体; GUID WintrustVerifyGuid=WINT
BOOL-VerifyEmbeddedSignature(LPCWSTR-pwszSourceFile)
{
长柱状体;
GUID WintrustVerifyGuid=WINTRUST\u ACTION\u GENERIC\u VERIFY\u V2;
GUID DriverActionGuid=驱动程序\u操作\u验证;
处理文件;
德沃德·德哈什;
字节bHash[100];
HCATINFO HCATINFO;
HCATADMIN-HCATADMIN;
WINTRUST_数据wd={0};
WINTRUST_文件_信息wfi={0};
WINTRUST_目录_信息wci={0};
////设置结构以验证具有证书签名的文件
memset(&wfi,0,sizeof(wfi));
wfi.cbStruct=sizeof(WINTRUST\u文件\u信息);
wfi.pcwszFilePath=pwszSourceFile;
wfi.hFile=NULL;
wfi.pgknownsObject=NULL;
memset(&wd,0,sizeof(wd));
wd.cbStruct=sizeof(WINTRUST_数据);
wd.dwUnionChoice=WTD_CHOICE_文件;
wd.pFile=&wfi;
wd.dwUIChoice=WTD_UI_NONE;
wd.fdwre=WTD_REVOKE_NONE;
wd.dwStateAction=0;
wd.dwProvFlags=WTD_安全_标志;
wd.hWVTStateData=NULL;
wd.pwszURLReference=NULL;
wd.pPolicyCallbackData=NULL;
wd.pSIPClientData=NULL;
wd.dwUIContext=0;
lStatus=WinVerifyTrust(NULL,&WintrustVerifyGuid,&wd);
////如果失败,请尝试使用目录文件进行验证
如果(lStatus!=错误\u成功)
{
//打开文件
hFile=CreateFileW(pwszSourceFile,通用读取,文件共享读取,NULL,打开现有,文件属性正常,NULL);
if(hFile==无效的句柄值)
返回FALSE;
dwHash=sizeof(bHash);
if(!CryptCATAdminCalcHashFromFileHandle(hFile,&dwHash,bHash,0))
{
闭合手柄(hFile);
返回FALSE;
}
//创建哈希的字符串形式(稍后在pszMemberTag中使用)
LPWSTR pszMemberTag=新的WCHAR[dwHash*2+1];
for(DWORD dw=0;dw
以下是验证文件(技术上是任何文件类型)的工作代码
#包括
#包括
#包括
#包括
#包括
#包括
#包括
//链接到Wintrust.lib文件。
#pragma注释(lib,“wintrust”)
BOOL-VerifySignature(LPCSTR-path)//我们将收到char*filepath而不是wchar*
{
使用_转换;
LPCWSTR pwszSourceFile=A2W(path);//我们将char*转换为wchar*
长柱状体;
GUID WintrustVerifyGuid=WINTRUST\u ACTION\u GENERIC\u VERIFY\u V2;
GUID DriverActionGuid=驱动程序\u操作\u验证;
处理文件;
德沃德·德哈什;
字节bHash[100];
HCATINFO HCATINFO;
HCATADMIN-HCATADMIN;
WINTRUST_数据wd={0};
WINTRUST_文件_信息wfi={0};
WINTRUST_目录_信息wci={0};
////设置结构以验证具有证书签名的文件
wfi.cbStruct=sizeof(WINTRUST\u文件\u信息);
wfi.pcwszFilePath=pwszSourceFile;
wfi.hFile=NULL;
wfi.pgknownsObject=NULL;
wd.cbStruct=sizeof(WINTRUST_数据);
wd.pPolicyCallbackData=NULL;
wd.pSIPClientData=NULL;
wd.dwUIChoice=WTD_UI_NONE;
wd.fdwre=WTD_REVOKE_NONE;
wd.dwUnionChoice=WTD_CHOICE_文件;
wd.pFile=&wfi;
wd.dwStateAction=WTD_STATEACTION_VERIFY;
wd.hWVTStateData=NULL;
wd.pwszURLReference=NULL;
wd.dwProvFlags |=WTD_缓存_仅_URL_检索;
wd.dwUIContext=0;
wd.pSignatureSettings=0;
lStatus=WinVerifyTrust((HWND)无效的句柄值,&WintrustVerifyGuid,&wd);
wd.dwStateAction=WTD_STATEACTION_CLOSE;
WinVerifyTrust((HWND)无效_HANDLE_VALUE,&WintrustVerifyGuid,&wd);//关闭hWVTStateData
////如果失败,请尝试使用目录文件进行验证
如果(lStatus!=错误\u成功)
{
//打开文件
hFile=CreateFileW(pwszSourceFile,通用读取,文件共享读取,NULL,打开现有,文件属性正常,NULL);
if(hFile==无效的句柄值)
返回FALSE;
dwHash=sizeof(bHash);
if(!CryptCATAdminCalcHashFromFileHandle(hFile,&dwHash,bHash,0))
{
闭合手柄(hFil
BOOL VerifyEmbeddedSignature(LPCWSTR pwszSourceFile)
{
LONG lStatus;
GUID WintrustVerifyGuid = WINTRUST_ACTION_GENERIC_VERIFY_V2;
GUID DriverActionGuid = DRIVER_ACTION_VERIFY;
HANDLE hFile;
DWORD dwHash;
BYTE bHash[100];
HCATINFO hCatInfo;
HCATADMIN hCatAdmin;
WINTRUST_DATA wd = { 0 };
WINTRUST_FILE_INFO wfi = { 0 };
WINTRUST_CATALOG_INFO wci = { 0 };
////set up structs to verify files with cert signatures
memset(&wfi, 0, sizeof(wfi));
wfi.cbStruct = sizeof( WINTRUST_FILE_INFO );
wfi.pcwszFilePath = pwszSourceFile;
wfi.hFile = NULL;
wfi.pgKnownSubject = NULL;
memset(&wd, 0, sizeof(wd));
wd.cbStruct = sizeof( WINTRUST_DATA );
wd.dwUnionChoice = WTD_CHOICE_FILE;
wd.pFile = &wfi;
wd.dwUIChoice = WTD_UI_NONE;
wd.fdwRevocationChecks = WTD_REVOKE_NONE;
wd.dwStateAction = 0;
wd.dwProvFlags = WTD_SAFER_FLAG;
wd.hWVTStateData = NULL;
wd.pwszURLReference = NULL;
wd.pPolicyCallbackData = NULL;
wd.pSIPClientData = NULL;
wd.dwUIContext = 0;
lStatus = WinVerifyTrust( NULL, &WintrustVerifyGuid, &wd );
////if failed, try to verify using catalog files
if (lStatus != ERROR_SUCCESS)
{
//open the file
hFile = CreateFileW(pwszSourceFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE)
return FALSE;
dwHash = sizeof(bHash);
if (!CryptCATAdminCalcHashFromFileHandle(hFile, &dwHash, bHash, 0))
{
CloseHandle(hFile);
return FALSE;
}
//Create a string form of the hash (used later in pszMemberTag)
LPWSTR pszMemberTag = new WCHAR[dwHash * 2 + 1];
for ( DWORD dw = 0; dw < dwHash; ++dw )
{
wsprintfW( &pszMemberTag[dw * 2], L"%02X", bHash[dw] );
}
if (!CryptCATAdminAcquireContext(&hCatAdmin, &DriverActionGuid, 0))
{
CloseHandle(hFile);
return FALSE;
}
//find the catalog which contains the hash
hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdmin, bHash, dwHash, 0, NULL);
if ( hCatInfo )
{
CATALOG_INFO ci = { 0 };
CryptCATCatalogInfoFromContext( hCatInfo, &ci, 0 );
memset(&wci, 0, sizeof(wci));
wci.cbStruct = sizeof( WINTRUST_CATALOG_INFO );
wci.pcwszCatalogFilePath = ci.wszCatalogFile;
wci.pcwszMemberFilePath = pwszSourceFile;
wci.pcwszMemberTag = pszMemberTag;
memset(&wd, 0, sizeof(wd));
wd.cbStruct = sizeof( WINTRUST_DATA );
wd.dwUnionChoice = WTD_CHOICE_CATALOG;
wd.pCatalog = &wci;
wd.dwUIChoice = WTD_UI_NONE;
wd.fdwRevocationChecks = WTD_STATEACTION_VERIFY;
wd.dwProvFlags = 0;
wd.hWVTStateData = NULL;
wd.pwszURLReference = NULL;
wd.pPolicyCallbackData = NULL;
wd.pSIPClientData = NULL;
wd.dwUIContext = 0;
lStatus = WinVerifyTrust( NULL, &WintrustVerifyGuid, &wd );
CryptCATAdminReleaseCatalogContext( hCatAdmin, hCatInfo, 0 );
}
CryptCATAdminReleaseContext( hCatAdmin, 0 );
delete[] pszMemberTag;
CloseHandle(hFile);
}
if (lStatus != ERROR_SUCCESS)
return false;
else
return true;
}
#include <stdio.h>
#include <windows.h>
#include <Softpub.h>
#include <wincrypt.h>
#include <wintrust.h>
#include <mscat.h>
#include <atlbase.h>
// Link with the Wintrust.lib file.
#pragma comment (lib, "wintrust")
BOOL VerifySignature(LPCSTR path) //We will receive the char* filepath not wchar*
{
USES_CONVERSION;
LPCWSTR pwszSourceFile = A2W(path); //We convert the char* to wchar*
LONG lStatus;
GUID WintrustVerifyGuid = WINTRUST_ACTION_GENERIC_VERIFY_V2;
GUID DriverActionGuid = DRIVER_ACTION_VERIFY;
HANDLE hFile;
DWORD dwHash;
BYTE bHash[100];
HCATINFO hCatInfo;
HCATADMIN hCatAdmin;
WINTRUST_DATA wd = { 0 };
WINTRUST_FILE_INFO wfi = { 0 };
WINTRUST_CATALOG_INFO wci = { 0 };
////set up structs to verify files with cert signatures
wfi.cbStruct = sizeof(WINTRUST_FILE_INFO);
wfi.pcwszFilePath = pwszSourceFile;
wfi.hFile = NULL;
wfi.pgKnownSubject = NULL;
wd.cbStruct = sizeof(WINTRUST_DATA);
wd.pPolicyCallbackData = NULL;
wd.pSIPClientData = NULL;
wd.dwUIChoice = WTD_UI_NONE;
wd.fdwRevocationChecks = WTD_REVOKE_NONE;
wd.dwUnionChoice = WTD_CHOICE_FILE;
wd.pFile = &wfi;
wd.dwStateAction = WTD_STATEACTION_VERIFY;
wd.hWVTStateData = NULL;
wd.pwszURLReference = NULL;
wd.dwProvFlags |= WTD_CACHE_ONLY_URL_RETRIEVAL;
wd.dwUIContext = 0;
wd.pSignatureSettings = 0;
lStatus = WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd);
wd.dwStateAction = WTD_STATEACTION_CLOSE;
WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd); //close hWVTStateData
////if failed, try to verify using catalog files
if (lStatus != ERROR_SUCCESS)
{
//open the file
hFile = CreateFileW(pwszSourceFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE)
return FALSE;
dwHash = sizeof(bHash);
if (!CryptCATAdminCalcHashFromFileHandle(hFile, &dwHash, bHash, 0))
{
CloseHandle(hFile);
return FALSE;
}
//Create a string form of the hash (used later in pszMemberTag)
LPWSTR pszMemberTag = new WCHAR[dwHash * 2 + 1];
for (DWORD dw = 0; dw < dwHash; ++dw)
{
wsprintfW(&pszMemberTag[dw * 2], L"%02X", bHash[dw]);
}
if (!CryptCATAdminAcquireContext(&hCatAdmin, &DriverActionGuid, 0))
{
CloseHandle(hFile);
return FALSE;
}
//find the catalog which contains the hash
hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdmin, bHash, dwHash, 0, NULL);
if (hCatInfo)
{
CATALOG_INFO ci = { 0 };
CryptCATCatalogInfoFromContext(hCatInfo, &ci, 0);
memset(&wci, 0, sizeof(wci));
wci.cbStruct = sizeof(WINTRUST_CATALOG_INFO);
wci.pcwszCatalogFilePath = ci.wszCatalogFile;
wci.pcwszMemberFilePath = pwszSourceFile;
wci.hMemberFile = hFile;
wci.pcwszMemberTag = pszMemberTag;
wci.pbCalculatedFileHash = bHash;
wci.cbCalculatedFileHash = dwHash;
wci.hCatAdmin = hCatAdmin;
memset(&wd, 0, sizeof(wd));
wd.cbStruct = sizeof(WINTRUST_DATA);
wd.pPolicyCallbackData = NULL;
wd.pSIPClientData = NULL;
wd.dwUIChoice = WTD_UI_NONE;
wd.fdwRevocationChecks = WTD_REVOKE_NONE;
wd.dwUnionChoice = WTD_CHOICE_CATALOG;
wd.pCatalog = &wci;
wd.dwStateAction = WTD_STATEACTION_VERIFY;
wd.hWVTStateData = NULL;
wd.pwszURLReference = NULL;
wd.dwProvFlags |= WTD_CACHE_ONLY_URL_RETRIEVAL;
wd.dwUIContext = 0;
wd.pSignatureSettings = 0;
lStatus = WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd);
wd.dwStateAction = WTD_STATEACTION_CLOSE;
WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd); //close hWVTStateData
CryptCATAdminReleaseCatalogContext(hCatAdmin, hCatInfo, 0);
}
CryptCATAdminReleaseContext(hCatAdmin, 0);
delete[] pszMemberTag;
CloseHandle(hFile);
}
return (lStatus == ERROR_SUCCESS);
}
int main(int argc, char *argv[])
{
if (VerifySignature(argv[1]))
printf("Verified file signature\n");
else
printf("Could not verify file signature\n");
return 0;
}