当前位置: 文江博客话题详情

WinVerifyTrust 检查特定签名?

发布于 2024-07-25 18:49:33 字数 355 浏览 4 评论 0原文

我正在为 Windows 实现一个进程提升助手。 该程序将以提升模式运行并以管理员权限启动其他程序,而不会显示其他 UAC 提示。 出于安全原因,我想确保只有使用我公司的 Authenticode 密钥进行数字签名的二进制文件才能执行。

WinVerifyTrust 函数让我成功了一半,但它仅确保二进制文件由属于 Microsoft 信任链一部分的某个密钥进行签名。 是否有一种相对简单的方法来执行 Authenticode 验证并确保它是由我们的私钥签名的?

原文

I'm implementing a process elevation helper for Windows. It's a program that will run in elevated mode and launch other programs with administrator privileges without displaying additional UAC prompts. For security reasons, I want to make sure only binaries that are digitally signed with my company's Authenticode key can be executed.

The WinVerifyTrust function gets me halfway there, but it only ensures that a binary is signed by some key that is part of Microsoft's chain of trust. Is there a relatively simple way to perform the Authenticode verification AND ensure that it is signed by our private key?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

∞琼窗梦回ˉ 2024-08-01 18:49:33

我相信您正在寻找的是 CryptQueryObject

有了它,您应该能够从 PE 中提取相关证书,并执行您想要的任何其他检查。

举例来说,这将使您进入 HCRYPTMSG。 从那里您可以使用 CryptMsgGetParam 提取任何内容你要。 我希望做出一些更“健壮”的东西,但是这些 API 非常复杂,因为它们需要大量分支来处理所有返回情况。

所以,这是 ap/invoke-rific c# 示例(我从 C 开始,但这基本上不可读):

static class Crypt32
{
    //Omitting flag constants; you can look these up in WinCrypt.h

    [DllImport("CRYPT32.DLL", EntryPoint = "CryptQueryObject", CharSet = CharSet.Auto, SetLastError = true)]
    public static extern bool CryptQueryObject(
        int dwObjectType,
        IntPtr pvObject,
        int dwExpectedContentTypeFlags,
        int dwExpectedFormatTypeFlags,
        int dwFlags,
        out int pdwMsgAndCertEncodingType,
        out int pdwContentType,
        out int pdwFormatType,
        ref IntPtr phCertStore,
        ref IntPtr phMsg,
        ref IntPtr ppvContext);
}

class Program
{
    static void Main(string[] args)
    {
        //Path to executable here
        //  I tested with MS-Office .exe's
        string path = "";

        int contentType;
        int formatType;
        int ignored;
        IntPtr context = IntPtr.Zero;
        IntPtr pIgnored = IntPtr.Zero;

        IntPtr cryptMsg = IntPtr.Zero;

        if (!Crypt32.CryptQueryObject(
            Crypt32.CERT_QUERY_OBJECT_FILE,
            Marshal.StringToHGlobalUni(path),
            Crypt32.CERT_QUERY_CONTENT_FLAG_ALL,
            Crypt32.CERT_QUERY_FORMAT_FLAG_ALL,
            0,
            out ignored,
            out contentType,
            out formatType,
            ref pIgnored,
            ref cryptMsg,
            ref context))
        {
            int error = Marshal.GetLastWin32Error();

            Console.WriteLine((new Win32Exception(error)).Message);

            return;
        }

        //expecting '10'; CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
        Console.WriteLine("Context Type: " + contentType);

        //Which implies this is set
        Console.WriteLine("Crypt Msg: " + cryptMsg.ToInt32());

        return;
    }

I believe what you're looking for is CryptQueryObject.

With it you should be able to pull the involved certificate out of a PE, and do any additional checks you want.

By way of example, this will get you to a HCRYPTMSG. From there you can use CryptMsgGetParam to pull out whatever you want. I'd hoped to make something more 'robust', but these APIs are pretty hairy insomuch as they require a lot of branching to handle all their return cases.

So, here's a p/invoke-rific c# example (I started in C, but that was basically unreadable):

static class Crypt32
{
    //Omitting flag constants; you can look these up in WinCrypt.h

    [DllImport("CRYPT32.DLL", EntryPoint = "CryptQueryObject", CharSet = CharSet.Auto, SetLastError = true)]
    public static extern bool CryptQueryObject(
        int dwObjectType,
        IntPtr pvObject,
        int dwExpectedContentTypeFlags,
        int dwExpectedFormatTypeFlags,
        int dwFlags,
        out int pdwMsgAndCertEncodingType,
        out int pdwContentType,
        out int pdwFormatType,
        ref IntPtr phCertStore,
        ref IntPtr phMsg,
        ref IntPtr ppvContext);
}

class Program
{
    static void Main(string[] args)
    {
        //Path to executable here
        //  I tested with MS-Office .exe's
        string path = "";

        int contentType;
        int formatType;
        int ignored;
        IntPtr context = IntPtr.Zero;
        IntPtr pIgnored = IntPtr.Zero;

        IntPtr cryptMsg = IntPtr.Zero;

        if (!Crypt32.CryptQueryObject(
            Crypt32.CERT_QUERY_OBJECT_FILE,
            Marshal.StringToHGlobalUni(path),
            Crypt32.CERT_QUERY_CONTENT_FLAG_ALL,
            Crypt32.CERT_QUERY_FORMAT_FLAG_ALL,
            0,
            out ignored,
            out contentType,
            out formatType,
            ref pIgnored,
            ref cryptMsg,
            ref context))
        {
            int error = Marshal.GetLastWin32Error();

            Console.WriteLine((new Win32Exception(error)).Message);

            return;
        }

        //expecting '10'; CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
        Console.WriteLine("Context Type: " + contentType);

        //Which implies this is set
        Console.WriteLine("Crypt Msg: " + cryptMsg.ToInt32());

        return;
    }
回复 原文
后eg是否自 2024-08-01 18:49:33

要从签名代码中获取证书信息,请使用以下命令:

using System.Security.Cryptography.X509Certificates;
X509Certificate basicSigner = X509Certificate.CreateFromSignedFile(filename);
X509Certificate2 cert = new X509Certificate2(basicSigner);

然后您可以获得如下所示的证书详细信息:

Console.WriteLine(cert.IssuerName.Name);
Console.WriteLine(cert.SubjectName.Name);
// etc

To get the certificate information from signed code use this:

using System.Security.Cryptography.X509Certificates;
X509Certificate basicSigner = X509Certificate.CreateFromSignedFile(filename);
X509Certificate2 cert = new X509Certificate2(basicSigner);

Then you can get the cert details like this:

Console.WriteLine(cert.IssuerName.Name);
Console.WriteLine(cert.SubjectName.Name);
// etc
回复 原文
花落人断肠 2024-08-01 18:49:33

这些是我使用过的一些最令人讨厌的 API

警告:它比你想象的还要糟糕。

至少自从引入 SHA-256 签名以来(情况一直如此吗?),Authenticode 可以拥有多个签名。 它们没有在 PKCS-7 签名消息中编码为多重签名; 相反,它们是 OID_NESTED_SIGNATURE 类型的未经身份验证的消息属性,每个属性都包含另一个完整的 PKCS-7 签名消息。

如果任何签名有效并且来自受信任的证书链,WinVerifyTrust 会告诉您该文件有效。 但是它不会告诉您哪些签名是有效的。 如果您随后使用 CryptQueryObject 读取完整的 PKCS-7 消息,并且仅查看主签名的证书(如此处和 MSDN 上的代码示例所示),则您不一定会查看经过验证的证书。 关联的签名可能与可执行文件不匹配,和/或证书可能没有受信任的 CA 链。

如果您使用主签名的详细信息来验证该证书是否是您的软件信任的证书,则很容易出现 WinVerifyTrust 信任辅助签名的情况,但您的代码正在检查主签名的证书是否符合您的预期,并且您没有注意到主证书的签​​名是无意义的。 攻击者可以在不拥有私钥的情况下使用您的公共证书,并结合颁发给其他人的其他代码签名证书,以这种方式绕过发布者检查。

从 Win8 开始,WinVerifyTrust 可以选择验证特定签名,因此您应该能够迭代签名以找到有效的签名和满足您要求的签名。

不过,如果您必须兼容 Win7,据我所知,您可以管理的最好方法是 MsiGetFileSignatureInformation。 从实验来看(至于这里的其他所有内容,实际文档是令人沮丧的模糊),当 WinVerifyTrust 信任证书时,它似乎会返回受信任的证书。 但是,如果没有受信任的签名,它无论如何都会返回主签名的证书,因此您仍然必须首先使用 WinVerifyTrust 进行检查。

当然,这里也存在很多可能的检查时间/使用时间问题。

these are some of the nastiest APIs I've ever worked with

A word of warning: it's worse than you already thought.

At least since introducing SHA-256 signing (has this always been the case?), it's possible for Authenticode to have multiple signatures. They're not encoded as multiple signatures in the PKCS-7 signature message; instead, they're unauthenticated message attributes of type OID_NESTED_SIGNATURE, each containing another complete PKCS-7 signature message.

WinVerifyTrust will tell you the file is valid if any of the signatures are valid and come from a trusted certificate chain. However it won't tell you which of the signatures was valid. If you then use CryptQueryObject to read the full PKCS-7 message, and only look at the certificate for the primary signature (as in the code samples here and on MSDN), you're not necessarily looking at a verified certificate. The associated signature might not match the executable, and/or the certificate might not have a trusted CA chain.

If you're using the details of the primary signature to validate that the certificate is one your software trusts, you're vulnerable to a situation where WinVerifyTrust is trusting a secondary signature, but your code is checking the primary signature's certificate is what you expected, and you haven't noticed that the signature from the primary certificate is nonsense. An attacker could use your public certificate without owning its private key, combined with some other code-signing certificate issued to someone else, to bypass a publisher check this way.

From Win8 onwards, WinVerifyTrust can optionally validate specific signatures, so you should be able to iterate the signatures to find one that is valid and one that satisfies your requirements.

If you have to be Win7-compatible, though, as far as I know the best you can manage is MsiGetFileSignatureInformation. From experimentation (as for everything else here, the actual documentation is frustratingly woolly), it seems to return the trusted certificate when WinVerifyTrust trusts one. But if there isn't a trusted signature, it returns the primary signature's certificate anyway, so you still have to use WinVerifyTrust to check that first.

Of course there also plenty of possible time-of-check/time-of-use problems here.

回复 原文
千寻… 2024-08-01 18:49:33

在这里找到了解决方案:

http://www .ucosoft.com/how-to-program-to-retrieve-the-authenticode-information.html

这里有缩进:

#define _UNICODE 1
#define UNICODE 1

#include <windows.h>
#include <tchar.h>
#include <wincrypt.h>
#include <Softpub.h>
#include <stdio.h>
#include <stdlib.h>

#pragma comment (lib, "Crypt32")

// the Authenticode Signature is encode in PKCS7
#define ENCODING (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING)

// Information structure of authenticode sign
typedef struct 
{
    LPWSTR lpszProgramName; 
    LPWSTR lpszPublisherLink;
    LPWSTR lpszMoreInfoLink;

    DWORD cbSerialSize;
    LPBYTE lpSerialNumber;
    LPTSTR lpszIssuerName;
    LPTSTR lpszSubjectName;
} 
SPROG_SIGNATUREINFO, *PSPROG_SIGNATUREINFO;

VOID GetProgAndPublisherInfo(PCMSG_SIGNER_INFO pSignerInfo, PSPROG_SIGNATUREINFO pInfo);
VOID GetCertificateInfo(HCERTSTORE hStore, PCMSG_SIGNER_INFO pSignerInfo, PSPROG_SIGNATUREINFO pInfo);

BOOL GetAuthenticodeInformation(LPCTSTR lpszFileName, PSPROG_SIGNATUREINFO pInfo)
{
    HCERTSTORE hStore = NULL;
    HCRYPTMSG hMsg = NULL;
    PCMSG_SIGNER_INFO pSignerInfo = NULL;
    DWORD dwSignerInfo;

    BOOL bRet = FALSE;

    __try
    {
        // as CryptQueryObject() only accept WCHAR file name, convert first
        WCHAR wszFileName[MAX_PATH];
#ifdef UNICODE
        if ( !lstrcpynW( wszFileName, lpszFileName, MAX_PATH))
            __leave;
#else
        if ( mbstowcs( wszFileName, lpszFileName, MAX_PATH) == -1)
            __leave;
#endif
        //Retrieve the Message Handle and Store Handle
        DWORD dwEncoding, dwContentType, dwFormatType;
        if ( !CryptQueryObject( CERT_QUERY_OBJECT_FILE, wszFileName,
                                CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
                                CERT_QUERY_FORMAT_FLAG_BINARY, 0, &dwEncoding,
                                &dwContentType, &dwFormatType, &hStore,
                                &hMsg, NULL))
            __leave;

        //Get the length of SignerInfo
        if ( !CryptMsgGetParam( hMsg, CMSG_SIGNER_INFO_PARAM, 0, NULL, &dwSignerInfo))
            __leave;

        // allocate the memory for SignerInfo
        if ( !(pSignerInfo = (PCMSG_SIGNER_INFO)LocalAlloc( LPTR, dwSignerInfo)))
            __leave;

        // get the SignerInfo
        if ( !CryptMsgGetParam( hMsg, CMSG_SIGNER_INFO_PARAM, 0, (PVOID)pSignerInfo, &dwSignerInfo))
            __leave;

        //get the Publisher from SignerInfo
        GetProgAndPublisherInfo( pSignerInfo, pInfo);

        //get the Certificate from SignerInfo
        GetCertificateInfo( hStore, pSignerInfo, pInfo);

        bRet = TRUE;
    }
    __finally
    {
        // release the memory
        if (pSignerInfo != NULL) LocalFree(pSignerInfo);
        if (hStore != NULL) CertCloseStore(hStore, 0);
        if (hMsg != NULL) CryptMsgClose(hMsg);
    }
    return bRet;
}


LPWSTR AllocateAndCopyWideString(LPCWSTR inputString)
{
    LPWSTR outputString = NULL;

    // allocate the memory
    outputString = (LPWSTR)VirtualAlloc(NULL, (wcslen(inputString) + 1) * sizeof(TCHAR), MEM_COMMIT, PAGE_READWRITE);

    // copy
    if (outputString != NULL)
    {
        lstrcpyW(outputString, inputString);
    }

    return outputString;
}


VOID GetProgAndPublisherInfo(PCMSG_SIGNER_INFO pSignerInfo, PSPROG_SIGNATUREINFO pInfo)
{
    PSPC_SP_OPUS_INFO OpusInfo = NULL;
    DWORD dwData;

    __try
    {
        // query SPC_SP_OPUS_INFO_OBJID OID in Authenticated Attributes
        for (DWORD n = 0; n < pSignerInfo->AuthAttrs.cAttr; n++)
        {
            if (lstrcmpA(SPC_SP_OPUS_INFO_OBJID, pSignerInfo->AuthAttrs.rgAttr[n].pszObjId) == 0)
            {
                // get the length of SPC_SP_OPUS_INFO
                if ( !CryptDecodeObject(ENCODING,
                                        SPC_SP_OPUS_INFO_OBJID,
                                        pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].pbData,
                                        pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].cbData,
                                        0,
                                        NULL,
                                        &dwData))
                    __leave;

                // allocate the memory for SPC_SP_OPUS_INFO
                if ( !(OpusInfo = (PSPC_SP_OPUS_INFO)LocalAlloc(LPTR, dwData)))
                    __leave;

                // get SPC_SP_OPUS_INFO structure
                if ( !CryptDecodeObject(ENCODING,
                                        SPC_SP_OPUS_INFO_OBJID,
                                        pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].pbData,
                                        pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].cbData,
                                        0,
                                        OpusInfo,
                                        &dwData))
                    __leave;

                // copy the Program Name of SPC_SP_OPUS_INFO to the return variable
                if (OpusInfo->pwszProgramName)
                {
                    pInfo->lpszProgramName = AllocateAndCopyWideString(OpusInfo->pwszProgramName);
                }
                else
                    pInfo->lpszProgramName = NULL;

                // copy the Publisher Info of SPC_SP_OPUS_INFO to the return variable
                if (OpusInfo->pPublisherInfo)
                {
                    switch (OpusInfo->pPublisherInfo->dwLinkChoice)
                    {
                        case SPC_URL_LINK_CHOICE:
                            pInfo->lpszPublisherLink = AllocateAndCopyWideString(OpusInfo->pPublisherInfo->pwszUrl);
                            break;

                        case SPC_FILE_LINK_CHOICE:
                            pInfo->lpszPublisherLink = AllocateAndCopyWideString(OpusInfo->pPublisherInfo->pwszFile);
                            break;

                        default:
                            pInfo->lpszPublisherLink = NULL;
                            break;
                    }
                }
                else
                {
                    pInfo->lpszPublisherLink = NULL;
                }

                // copy the More Info of SPC_SP_OPUS_INFO to the return variable
                if (OpusInfo->pMoreInfo)
                {
                    switch (OpusInfo->pMoreInfo->dwLinkChoice)
                    {
                        case SPC_URL_LINK_CHOICE:
                            pInfo->lpszMoreInfoLink = AllocateAndCopyWideString(OpusInfo->pMoreInfo->pwszUrl);
                            break;

                        case SPC_FILE_LINK_CHOICE:
                            pInfo->lpszMoreInfoLink = AllocateAndCopyWideString(OpusInfo->pMoreInfo->pwszFile);
                            break;

                        default:
                            pInfo->lpszMoreInfoLink = NULL;
                            break;
                    }
                }
                else
                {
                    pInfo->lpszMoreInfoLink = NULL;
                }

                break; // we have got the information, break
            }
        }
    }
    __finally
    {
        if (OpusInfo != NULL) LocalFree(OpusInfo);
    }
}


VOID GetCertificateInfo(HCERTSTORE hStore, PCMSG_SIGNER_INFO pSignerInfo, PSPROG_SIGNATUREINFO pInfo)
{
    PCCERT_CONTEXT pCertContext = NULL;

    __try
    {
        CERT_INFO CertInfo;
        DWORD dwData;

        // query Signer Certificate in Certificate Store
        CertInfo.Issuer = pSignerInfo->Issuer;
        CertInfo.SerialNumber = pSignerInfo->SerialNumber;

        if ( !(pCertContext = CertFindCertificateInStore(   hStore,
                                                            ENCODING, 0, CERT_FIND_SUBJECT_CERT,
                                                            (PVOID)&CertInfo, NULL)))
            __leave;

        dwData = pCertContext->pCertInfo->SerialNumber.cbData;

        // SPROG_SIGNATUREINFO.cbSerialSize
        pInfo->cbSerialSize = dwData;

        // SPROG_SIGNATUREINFO.lpSerialNumber
        pInfo->lpSerialNumber = (LPBYTE)VirtualAlloc(NULL, dwData, MEM_COMMIT, PAGE_READWRITE);
        memcpy( pInfo->lpSerialNumber, pCertContext->pCertInfo->SerialNumber.pbData, dwData);

        // SPROG_SIGNATUREINFO.lpszIssuerName
        __try
        {
            // get the length of Issuer Name
            if (!(dwData = CertGetNameString(   pCertContext,
                                                CERT_NAME_SIMPLE_DISPLAY_TYPE,
                                                CERT_NAME_ISSUER_FLAG, NULL, NULL, 0)))
                __leave;

            // allocate the memory
            if ( !(pInfo->lpszIssuerName = (LPTSTR)VirtualAlloc(NULL, dwData * sizeof(TCHAR), MEM_COMMIT, PAGE_READWRITE)))
                __leave;

            // get Issuer Name
            if (!(CertGetNameString(pCertContext,
                                    CERT_NAME_SIMPLE_DISPLAY_TYPE,
                                    CERT_NAME_ISSUER_FLAG, NULL, pInfo->
                                    lpszIssuerName, dwData)))
                __leave;
        }
        __finally
        {
        }

        // SPROG_SIGNATUREINFO.lpszSubjectName
        __try
        {
            //get the length of Subject Name
            if (!(dwData = CertGetNameString( pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, NULL, 0)))
                __leave;

            // allocate the memory
            if ( !(pInfo->lpszSubjectName = (LPTSTR)VirtualAlloc(NULL, dwData * sizeof(TCHAR), MEM_COMMIT, PAGE_READWRITE)))
                __leave;

            // get Subject Name
            if (!(CertGetNameString( pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, pInfo->lpszSubjectName, dwData)))
                __leave;
        }
        __finally
        {
        }
    }
    __finally
    {
        if (pCertContext != NULL)
            CertFreeCertificateContext(pCertContext);
    }
}


int _tmain(int argc, TCHAR *argv[])
{
    if (argc != 2)
    {
        _tprintf(_T("Usage: SignedFileInfo \n"));
        return 0;
    }
    else
    {
        SPROG_SIGNATUREINFO SignInfo;

        ZeroMemory(&SignInfo, sizeof(SignInfo));

        GetAuthenticodeInformation( argv[1], &SignInfo);

        wprintf(L"Program Name: %s\n", SignInfo.lpszProgramName);
        wprintf(L"Publisher Link: %s\n", SignInfo.lpszPublisherLink);
        wprintf(L"More Info Link: %s\n", SignInfo.lpszMoreInfoLink);

        {
            _tprintf(_T("Serial Number: "));
            DWORD dwData = SignInfo.cbSerialSize;
            for (DWORD n = 0; n < dwData; n++)
            {
                _tprintf(_T("%02x "),
                    SignInfo.lpSerialNumber[dwData - (n + 1)]);
            }
            _tprintf(_T("\n"));
        }
        _tprintf(_T("Issuer Name: %s\n"), SignInfo.lpszIssuerName);
        _tprintf(_T("Subject Name: %s\n"), SignInfo.lpszSubjectName);
        if ( SignInfo.lpszProgramName) VirtualFree(SignInfo.lpszProgramName, 0, MEM_RELEASE);
        if ( SignInfo.lpszPublisherLink) VirtualFree(SignInfo.lpszPublisherLink, 0, MEM_RELEASE);
        if ( SignInfo.lpszMoreInfoLink) VirtualFree(SignInfo.lpszMoreInfoLink, 0, MEM_RELEASE);
        if ( SignInfo.lpSerialNumber) VirtualFree(SignInfo.lpSerialNumber, 0, MEM_RELEASE);
        if ( SignInfo.lpszIssuerName) VirtualFree(SignInfo.lpszIssuerName, 0, MEM_RELEASE);
        if ( SignInfo.lpszSubjectName) VirtualFree(SignInfo.lpszSubjectName, 0, MEM_RELEASE);

        return 0;
    }
}

found the solution here:

http://www.ucosoft.com/how-to-program-to-retrieve-the-authenticode-information.html

here it is with indentation:

#define _UNICODE 1
#define UNICODE 1

#include <windows.h>
#include <tchar.h>
#include <wincrypt.h>
#include <Softpub.h>
#include <stdio.h>
#include <stdlib.h>

#pragma comment (lib, "Crypt32")

// the Authenticode Signature is encode in PKCS7
#define ENCODING (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING)

// Information structure of authenticode sign
typedef struct 
{
    LPWSTR lpszProgramName; 
    LPWSTR lpszPublisherLink;
    LPWSTR lpszMoreInfoLink;

    DWORD cbSerialSize;
    LPBYTE lpSerialNumber;
    LPTSTR lpszIssuerName;
    LPTSTR lpszSubjectName;
} 
SPROG_SIGNATUREINFO, *PSPROG_SIGNATUREINFO;

VOID GetProgAndPublisherInfo(PCMSG_SIGNER_INFO pSignerInfo, PSPROG_SIGNATUREINFO pInfo);
VOID GetCertificateInfo(HCERTSTORE hStore, PCMSG_SIGNER_INFO pSignerInfo, PSPROG_SIGNATUREINFO pInfo);

BOOL GetAuthenticodeInformation(LPCTSTR lpszFileName, PSPROG_SIGNATUREINFO pInfo)
{
    HCERTSTORE hStore = NULL;
    HCRYPTMSG hMsg = NULL;
    PCMSG_SIGNER_INFO pSignerInfo = NULL;
    DWORD dwSignerInfo;

    BOOL bRet = FALSE;

    __try
    {
        // as CryptQueryObject() only accept WCHAR file name, convert first
        WCHAR wszFileName[MAX_PATH];
#ifdef UNICODE
        if ( !lstrcpynW( wszFileName, lpszFileName, MAX_PATH))
            __leave;
#else
        if ( mbstowcs( wszFileName, lpszFileName, MAX_PATH) == -1)
            __leave;
#endif
        //Retrieve the Message Handle and Store Handle
        DWORD dwEncoding, dwContentType, dwFormatType;
        if ( !CryptQueryObject( CERT_QUERY_OBJECT_FILE, wszFileName,
                                CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
                                CERT_QUERY_FORMAT_FLAG_BINARY, 0, &dwEncoding,
                                &dwContentType, &dwFormatType, &hStore,
                                &hMsg, NULL))
            __leave;

        //Get the length of SignerInfo
        if ( !CryptMsgGetParam( hMsg, CMSG_SIGNER_INFO_PARAM, 0, NULL, &dwSignerInfo))
            __leave;

        // allocate the memory for SignerInfo
        if ( !(pSignerInfo = (PCMSG_SIGNER_INFO)LocalAlloc( LPTR, dwSignerInfo)))
            __leave;

        // get the SignerInfo
        if ( !CryptMsgGetParam( hMsg, CMSG_SIGNER_INFO_PARAM, 0, (PVOID)pSignerInfo, &dwSignerInfo))
            __leave;

        //get the Publisher from SignerInfo
        GetProgAndPublisherInfo( pSignerInfo, pInfo);

        //get the Certificate from SignerInfo
        GetCertificateInfo( hStore, pSignerInfo, pInfo);

        bRet = TRUE;
    }
    __finally
    {
        // release the memory
        if (pSignerInfo != NULL) LocalFree(pSignerInfo);
        if (hStore != NULL) CertCloseStore(hStore, 0);
        if (hMsg != NULL) CryptMsgClose(hMsg);
    }
    return bRet;
}


LPWSTR AllocateAndCopyWideString(LPCWSTR inputString)
{
    LPWSTR outputString = NULL;

    // allocate the memory
    outputString = (LPWSTR)VirtualAlloc(NULL, (wcslen(inputString) + 1) * sizeof(TCHAR), MEM_COMMIT, PAGE_READWRITE);

    // copy
    if (outputString != NULL)
    {
        lstrcpyW(outputString, inputString);
    }

    return outputString;
}


VOID GetProgAndPublisherInfo(PCMSG_SIGNER_INFO pSignerInfo, PSPROG_SIGNATUREINFO pInfo)
{
    PSPC_SP_OPUS_INFO OpusInfo = NULL;
    DWORD dwData;

    __try
    {
        // query SPC_SP_OPUS_INFO_OBJID OID in Authenticated Attributes
        for (DWORD n = 0; n < pSignerInfo->AuthAttrs.cAttr; n++)
        {
            if (lstrcmpA(SPC_SP_OPUS_INFO_OBJID, pSignerInfo->AuthAttrs.rgAttr[n].pszObjId) == 0)
            {
                // get the length of SPC_SP_OPUS_INFO
                if ( !CryptDecodeObject(ENCODING,
                                        SPC_SP_OPUS_INFO_OBJID,
                                        pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].pbData,
                                        pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].cbData,
                                        0,
                                        NULL,
                                        &dwData))
                    __leave;

                // allocate the memory for SPC_SP_OPUS_INFO
                if ( !(OpusInfo = (PSPC_SP_OPUS_INFO)LocalAlloc(LPTR, dwData)))
                    __leave;

                // get SPC_SP_OPUS_INFO structure
                if ( !CryptDecodeObject(ENCODING,
                                        SPC_SP_OPUS_INFO_OBJID,
                                        pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].pbData,
                                        pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].cbData,
                                        0,
                                        OpusInfo,
                                        &dwData))
                    __leave;

                // copy the Program Name of SPC_SP_OPUS_INFO to the return variable
                if (OpusInfo->pwszProgramName)
                {
                    pInfo->lpszProgramName = AllocateAndCopyWideString(OpusInfo->pwszProgramName);
                }
                else
                    pInfo->lpszProgramName = NULL;

                // copy the Publisher Info of SPC_SP_OPUS_INFO to the return variable
                if (OpusInfo->pPublisherInfo)
                {
                    switch (OpusInfo->pPublisherInfo->dwLinkChoice)
                    {
                        case SPC_URL_LINK_CHOICE:
                            pInfo->lpszPublisherLink = AllocateAndCopyWideString(OpusInfo->pPublisherInfo->pwszUrl);
                            break;

                        case SPC_FILE_LINK_CHOICE:
                            pInfo->lpszPublisherLink = AllocateAndCopyWideString(OpusInfo->pPublisherInfo->pwszFile);
                            break;

                        default:
                            pInfo->lpszPublisherLink = NULL;
                            break;
                    }
                }
                else
                {
                    pInfo->lpszPublisherLink = NULL;
                }

                // copy the More Info of SPC_SP_OPUS_INFO to the return variable
                if (OpusInfo->pMoreInfo)
                {
                    switch (OpusInfo->pMoreInfo->dwLinkChoice)
                    {
                        case SPC_URL_LINK_CHOICE:
                            pInfo->lpszMoreInfoLink = AllocateAndCopyWideString(OpusInfo->pMoreInfo->pwszUrl);
                            break;

                        case SPC_FILE_LINK_CHOICE:
                            pInfo->lpszMoreInfoLink = AllocateAndCopyWideString(OpusInfo->pMoreInfo->pwszFile);
                            break;

                        default:
                            pInfo->lpszMoreInfoLink = NULL;
                            break;
                    }
                }
                else
                {
                    pInfo->lpszMoreInfoLink = NULL;
                }

                break; // we have got the information, break
            }
        }
    }
    __finally
    {
        if (OpusInfo != NULL) LocalFree(OpusInfo);
    }
}


VOID GetCertificateInfo(HCERTSTORE hStore, PCMSG_SIGNER_INFO pSignerInfo, PSPROG_SIGNATUREINFO pInfo)
{
    PCCERT_CONTEXT pCertContext = NULL;

    __try
    {
        CERT_INFO CertInfo;
        DWORD dwData;

        // query Signer Certificate in Certificate Store
        CertInfo.Issuer = pSignerInfo->Issuer;
        CertInfo.SerialNumber = pSignerInfo->SerialNumber;

        if ( !(pCertContext = CertFindCertificateInStore(   hStore,
                                                            ENCODING, 0, CERT_FIND_SUBJECT_CERT,
                                                            (PVOID)&CertInfo, NULL)))
            __leave;

        dwData = pCertContext->pCertInfo->SerialNumber.cbData;

        // SPROG_SIGNATUREINFO.cbSerialSize
        pInfo->cbSerialSize = dwData;

        // SPROG_SIGNATUREINFO.lpSerialNumber
        pInfo->lpSerialNumber = (LPBYTE)VirtualAlloc(NULL, dwData, MEM_COMMIT, PAGE_READWRITE);
        memcpy( pInfo->lpSerialNumber, pCertContext->pCertInfo->SerialNumber.pbData, dwData);

        // SPROG_SIGNATUREINFO.lpszIssuerName
        __try
        {
            // get the length of Issuer Name
            if (!(dwData = CertGetNameString(   pCertContext,
                                                CERT_NAME_SIMPLE_DISPLAY_TYPE,
                                                CERT_NAME_ISSUER_FLAG, NULL, NULL, 0)))
                __leave;

            // allocate the memory
            if ( !(pInfo->lpszIssuerName = (LPTSTR)VirtualAlloc(NULL, dwData * sizeof(TCHAR), MEM_COMMIT, PAGE_READWRITE)))
                __leave;

            // get Issuer Name
            if (!(CertGetNameString(pCertContext,
                                    CERT_NAME_SIMPLE_DISPLAY_TYPE,
                                    CERT_NAME_ISSUER_FLAG, NULL, pInfo->
                                    lpszIssuerName, dwData)))
                __leave;
        }
        __finally
        {
        }

        // SPROG_SIGNATUREINFO.lpszSubjectName
        __try
        {
            //get the length of Subject Name
            if (!(dwData = CertGetNameString( pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, NULL, 0)))
                __leave;

            // allocate the memory
            if ( !(pInfo->lpszSubjectName = (LPTSTR)VirtualAlloc(NULL, dwData * sizeof(TCHAR), MEM_COMMIT, PAGE_READWRITE)))
                __leave;

            // get Subject Name
            if (!(CertGetNameString( pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, pInfo->lpszSubjectName, dwData)))
                __leave;
        }
        __finally
        {
        }
    }
    __finally
    {
        if (pCertContext != NULL)
            CertFreeCertificateContext(pCertContext);
    }
}


int _tmain(int argc, TCHAR *argv[])
{
    if (argc != 2)
    {
        _tprintf(_T("Usage: SignedFileInfo \n"));
        return 0;
    }
    else
    {
        SPROG_SIGNATUREINFO SignInfo;

        ZeroMemory(&SignInfo, sizeof(SignInfo));

        GetAuthenticodeInformation( argv[1], &SignInfo);

        wprintf(L"Program Name: %s\n", SignInfo.lpszProgramName);
        wprintf(L"Publisher Link: %s\n", SignInfo.lpszPublisherLink);
        wprintf(L"More Info Link: %s\n", SignInfo.lpszMoreInfoLink);

        {
            _tprintf(_T("Serial Number: "));
            DWORD dwData = SignInfo.cbSerialSize;
            for (DWORD n = 0; n < dwData; n++)
            {
                _tprintf(_T("%02x "),
                    SignInfo.lpSerialNumber[dwData - (n + 1)]);
            }
            _tprintf(_T("\n"));
        }
        _tprintf(_T("Issuer Name: %s\n"), SignInfo.lpszIssuerName);
        _tprintf(_T("Subject Name: %s\n"), SignInfo.lpszSubjectName);
        if ( SignInfo.lpszProgramName) VirtualFree(SignInfo.lpszProgramName, 0, MEM_RELEASE);
        if ( SignInfo.lpszPublisherLink) VirtualFree(SignInfo.lpszPublisherLink, 0, MEM_RELEASE);
        if ( SignInfo.lpszMoreInfoLink) VirtualFree(SignInfo.lpszMoreInfoLink, 0, MEM_RELEASE);
        if ( SignInfo.lpSerialNumber) VirtualFree(SignInfo.lpSerialNumber, 0, MEM_RELEASE);
        if ( SignInfo.lpszIssuerName) VirtualFree(SignInfo.lpszIssuerName, 0, MEM_RELEASE);
        if ( SignInfo.lpszSubjectName) VirtualFree(SignInfo.lpszSubjectName, 0, MEM_RELEASE);

        return 0;
    }
}
回复 原文
~没有更多了~

关于作者

ゞ记忆︶ㄣ

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

忆悲凉

文章 0 评论 0

hgfg1645

文章 0 评论 0

qq_qLPLYi

文章 0 评论 0

戏舞

文章 0 评论 0

殊姿

文章 0 评论 0

﹂绝世的画

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文