Certificate WinVerifyTrust为有效(已加载)驱动程序返回CERT_E_UNTRUSTEDROOT
在以下代码段中,WinVerifyTrust为系统上加载并运行的内核驱动程序文件(.sys)返回CERT_E_untrustdroot:Certificate WinVerifyTrust为有效(已加载)驱动程序返回CERT_E_UNTRUSTEDROOT,certificate,driver,windows-kernel,winverifytrust,Certificate,Driver,Windows Kernel,Winverifytrust,在以下代码段中,WinVerifyTrust为系统上加载并运行的内核驱动程序文件(.sys)返回CERT_E_untrustdroot: GUID guidAction = DRIVER_ACTION_VERIFY; WINTRUST_FILE_INFO sWintrustFileInfo = { 0 }; WINTRUST_DATA sWintrustData = { 0 }; HRESULT hr = 0; sWintrustF
GUID guidAction = DRIVER_ACTION_VERIFY;
WINTRUST_FILE_INFO sWintrustFileInfo = { 0 };
WINTRUST_DATA sWintrustData = { 0 };
HRESULT hr = 0;
sWintrustFileInfo.cbStruct = sizeof(WINTRUST_FILE_INFO);
sWintrustFileInfo.pcwszFilePath = argv[1];
sWintrustFileInfo.hFile = NULL;
sWintrustData.cbStruct = sizeof(WINTRUST_DATA);
sWintrustData.dwUIChoice = WTD_UI_NONE;
sWintrustData.fdwRevocationChecks = WTD_REVOKE_NONE;
sWintrustData.dwUnionChoice = WTD_CHOICE_FILE;
sWintrustData.pFile = &sWintrustFileInfo;
sWintrustData.dwStateAction = WTD_STATEACTION_VERIFY;
hr = WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &guidAction, &sWintrustData);
有几点很有趣:
-使用SHA-256使用有效(购买的)证书对驱动程序进行签名。
-KB3033929安装在系统上(Win7/32)
-从文件属性查看证书时,整个证书链显示为有效
我给WinVerifyTrust打错电话了吗
备选问题:是否有其他方法(通过存在注册表项或类似的方式)知道目标系统上可以使用基于SHA-256的代码签名验证?(我需要在安装过程中对此进行验证…)
谢谢:)
这里还有一些你可以参考的东西
DRIVER_ACTION works good for WHQL afaik. Try
GUID WINTRUST_ACTION_GENERIC_VERIFY_V2