当前位置: 文江博客话题详情

C - 验证代码签名 - Windows API

发布于 2024-11-02 14:12:17 字数 89 浏览 1 评论 0原文

我需要验证二进制文件的代码签名。我认为 Microsoft Authenticode 就是这个术语。有没有一种使用 Windows API 的合理方法来做到这一点?

原文

I need to verify code signatures of binaries. Microsoft Authenticode I think is the term. Is there a sane way to do this using the Windows API?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

潜移默化 2024-11-09 14:12:17

您是否查看过 WinVerifyTrust ?由于如何使用它来验证二进制文件的签名并不是很明显,因此您可能需要查看 示例代码专门用于此目的。

Have you looked at WinVerifyTrust ? Since it's not immediately obvious how to use it to verify the signature of a binary, you probably want to look at the sample code specifically for that.

回复 原文
江城子 2024-11-09 14:12:17

如何查找驱动程序的authenticode:

免责声明:我没有编写此代码。

BOOL VerifyEmbeddedSignature(LPCWSTR pwszSourceFile)
{
LONG lStatus;
GUID WintrustVerifyGuid = WINTRUST_ACTION_GENERIC_VERIFY_V2;
GUID DriverActionGuid = DRIVER_ACTION_VERIFY;
HANDLE hFile;
DWORD dwHash;
BYTE bHash[100];
HCATINFO hCatInfo;
HCATADMIN hCatAdmin;

WINTRUST_DATA wd = { 0 };
WINTRUST_FILE_INFO wfi = { 0 };
WINTRUST_CATALOG_INFO wci = { 0 };

////set up structs to verify files with cert signatures
memset(&wfi, 0, sizeof(wfi));
wfi.cbStruct               = sizeof( WINTRUST_FILE_INFO );
wfi.pcwszFilePath          = pwszSourceFile;
wfi.hFile                  = NULL;
wfi.pgKnownSubject         = NULL;

memset(&wd, 0, sizeof(wd));
wd.cbStruct                = sizeof( WINTRUST_DATA );
wd.dwUnionChoice           = WTD_CHOICE_FILE;
wd.pFile                   = &wfi;
wd.dwUIChoice              = WTD_UI_NONE;
wd.fdwRevocationChecks     = WTD_REVOKE_NONE;
wd.dwStateAction           = 0;
wd.dwProvFlags             = WTD_SAFER_FLAG;
wd.hWVTStateData           = NULL;
wd.pwszURLReference        = NULL;
wd.pPolicyCallbackData    = NULL;
wd.pSIPClientData        = NULL;
wd.dwUIContext            = 0;

lStatus = WinVerifyTrust( NULL, &WintrustVerifyGuid, &wd );

////if failed, try to verify using catalog files
if (lStatus != ERROR_SUCCESS)
{
    //open the file
    hFile = CreateFileW(pwszSourceFile, GENERIC_READ,  FILE_SHARE_READ, NULL,  OPEN_EXISTING,  FILE_ATTRIBUTE_NORMAL, NULL);
    if (hFile == INVALID_HANDLE_VALUE)
        return FALSE;

    dwHash = sizeof(bHash);
    if (!CryptCATAdminCalcHashFromFileHandle(hFile, &dwHash, bHash, 0))
    {
        CloseHandle(hFile);
        return FALSE;
    }

    //Create a string form of the hash (used later in pszMemberTag)
    LPWSTR pszMemberTag = new WCHAR[dwHash * 2 + 1];
    for ( DWORD dw = 0; dw < dwHash; ++dw )
    {
        wsprintfW( &pszMemberTag[dw * 2], L"%02X", bHash[dw] );
    }

    if (!CryptCATAdminAcquireContext(&hCatAdmin, &DriverActionGuid, 0))
    {
        CloseHandle(hFile);
        return FALSE;
    }

    //find the catalog which contains the hash
    hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdmin, bHash, dwHash, 0, NULL);

    if ( hCatInfo )
    {
        CATALOG_INFO ci = { 0 };
        CryptCATCatalogInfoFromContext( hCatInfo, &ci, 0 );

        memset(&wci, 0, sizeof(wci));
        wci.cbStruct                 = sizeof( WINTRUST_CATALOG_INFO );
        wci.pcwszCatalogFilePath     = ci.wszCatalogFile;
        wci.pcwszMemberFilePath      = pwszSourceFile;
        wci.pcwszMemberTag           = pszMemberTag;

        memset(&wd, 0, sizeof(wd));
        wd.cbStruct                    = sizeof( WINTRUST_DATA );
        wd.dwUnionChoice               = WTD_CHOICE_CATALOG;
        wd.pCatalog                    = &wci;
        wd.dwUIChoice                  = WTD_UI_NONE;
        wd.fdwRevocationChecks         = WTD_STATEACTION_VERIFY;
        wd.dwProvFlags                 = 0;
        wd.hWVTStateData               = NULL;
        wd.pwszURLReference            = NULL;
        wd.pPolicyCallbackData        = NULL;
        wd.pSIPClientData            = NULL;
        wd.dwUIContext                = 0;

        lStatus = WinVerifyTrust( NULL, &WintrustVerifyGuid, &wd );

        CryptCATAdminReleaseCatalogContext( hCatAdmin, hCatInfo, 0 );
    }


    CryptCATAdminReleaseContext( hCatAdmin, 0 );
    delete[] pszMemberTag;
    CloseHandle(hFile);
}

if (lStatus != ERROR_SUCCESS)
    return false;
else
    return true;
}

How to find authenticode for drivers:

Disclaimer: I did not write this code.

BOOL VerifyEmbeddedSignature(LPCWSTR pwszSourceFile)
{
LONG lStatus;
GUID WintrustVerifyGuid = WINTRUST_ACTION_GENERIC_VERIFY_V2;
GUID DriverActionGuid = DRIVER_ACTION_VERIFY;
HANDLE hFile;
DWORD dwHash;
BYTE bHash[100];
HCATINFO hCatInfo;
HCATADMIN hCatAdmin;

WINTRUST_DATA wd = { 0 };
WINTRUST_FILE_INFO wfi = { 0 };
WINTRUST_CATALOG_INFO wci = { 0 };

////set up structs to verify files with cert signatures
memset(&wfi, 0, sizeof(wfi));
wfi.cbStruct               = sizeof( WINTRUST_FILE_INFO );
wfi.pcwszFilePath          = pwszSourceFile;
wfi.hFile                  = NULL;
wfi.pgKnownSubject         = NULL;

memset(&wd, 0, sizeof(wd));
wd.cbStruct                = sizeof( WINTRUST_DATA );
wd.dwUnionChoice           = WTD_CHOICE_FILE;
wd.pFile                   = &wfi;
wd.dwUIChoice              = WTD_UI_NONE;
wd.fdwRevocationChecks     = WTD_REVOKE_NONE;
wd.dwStateAction           = 0;
wd.dwProvFlags             = WTD_SAFER_FLAG;
wd.hWVTStateData           = NULL;
wd.pwszURLReference        = NULL;
wd.pPolicyCallbackData    = NULL;
wd.pSIPClientData        = NULL;
wd.dwUIContext            = 0;

lStatus = WinVerifyTrust( NULL, &WintrustVerifyGuid, &wd );

////if failed, try to verify using catalog files
if (lStatus != ERROR_SUCCESS)
{
    //open the file
    hFile = CreateFileW(pwszSourceFile, GENERIC_READ,  FILE_SHARE_READ, NULL,  OPEN_EXISTING,  FILE_ATTRIBUTE_NORMAL, NULL);
    if (hFile == INVALID_HANDLE_VALUE)
        return FALSE;

    dwHash = sizeof(bHash);
    if (!CryptCATAdminCalcHashFromFileHandle(hFile, &dwHash, bHash, 0))
    {
        CloseHandle(hFile);
        return FALSE;
    }

    //Create a string form of the hash (used later in pszMemberTag)
    LPWSTR pszMemberTag = new WCHAR[dwHash * 2 + 1];
    for ( DWORD dw = 0; dw < dwHash; ++dw )
    {
        wsprintfW( &pszMemberTag[dw * 2], L"%02X", bHash[dw] );
    }

    if (!CryptCATAdminAcquireContext(&hCatAdmin, &DriverActionGuid, 0))
    {
        CloseHandle(hFile);
        return FALSE;
    }

    //find the catalog which contains the hash
    hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdmin, bHash, dwHash, 0, NULL);

    if ( hCatInfo )
    {
        CATALOG_INFO ci = { 0 };
        CryptCATCatalogInfoFromContext( hCatInfo, &ci, 0 );

        memset(&wci, 0, sizeof(wci));
        wci.cbStruct                 = sizeof( WINTRUST_CATALOG_INFO );
        wci.pcwszCatalogFilePath     = ci.wszCatalogFile;
        wci.pcwszMemberFilePath      = pwszSourceFile;
        wci.pcwszMemberTag           = pszMemberTag;

        memset(&wd, 0, sizeof(wd));
        wd.cbStruct                    = sizeof( WINTRUST_DATA );
        wd.dwUnionChoice               = WTD_CHOICE_CATALOG;
        wd.pCatalog                    = &wci;
        wd.dwUIChoice                  = WTD_UI_NONE;
        wd.fdwRevocationChecks         = WTD_STATEACTION_VERIFY;
        wd.dwProvFlags                 = 0;
        wd.hWVTStateData               = NULL;
        wd.pwszURLReference            = NULL;
        wd.pPolicyCallbackData        = NULL;
        wd.pSIPClientData            = NULL;
        wd.dwUIContext                = 0;

        lStatus = WinVerifyTrust( NULL, &WintrustVerifyGuid, &wd );

        CryptCATAdminReleaseCatalogContext( hCatAdmin, hCatInfo, 0 );
    }


    CryptCATAdminReleaseContext( hCatAdmin, 0 );
    delete[] pszMemberTag;
    CloseHandle(hFile);
}

if (lStatus != ERROR_SUCCESS)
    return false;
else
    return true;
}
回复 原文
戈亓 2024-11-09 14:12:17

这是验证文件(技术上是任何文件类型)的工作代码。

#include <stdio.h>
#include <windows.h>
#include <Softpub.h>
#include <wincrypt.h>
#include <wintrust.h>
#include <mscat.h>
#include <atlbase.h>

// Link with the Wintrust.lib file.
#pragma comment (lib, "wintrust")

BOOL VerifySignature(LPCSTR path) //We will receive the char* filepath not wchar*
{
    USES_CONVERSION;
    LPCWSTR pwszSourceFile = A2W(path); //We convert the char* to wchar*
    LONG lStatus;
    GUID WintrustVerifyGuid = WINTRUST_ACTION_GENERIC_VERIFY_V2;
    GUID DriverActionGuid = DRIVER_ACTION_VERIFY;
    HANDLE hFile;
    DWORD dwHash;
    BYTE bHash[100];
    HCATINFO hCatInfo;
    HCATADMIN hCatAdmin;

    WINTRUST_DATA wd = { 0 };
    WINTRUST_FILE_INFO wfi = { 0 };
    WINTRUST_CATALOG_INFO wci = { 0 };

    ////set up structs to verify files with cert signatures
    wfi.cbStruct = sizeof(WINTRUST_FILE_INFO);
    wfi.pcwszFilePath = pwszSourceFile;
    wfi.hFile = NULL;
    wfi.pgKnownSubject = NULL;

    wd.cbStruct = sizeof(WINTRUST_DATA);
    wd.pPolicyCallbackData = NULL;
    wd.pSIPClientData = NULL;
    wd.dwUIChoice = WTD_UI_NONE;
    wd.fdwRevocationChecks = WTD_REVOKE_NONE;
    wd.dwUnionChoice = WTD_CHOICE_FILE;
    wd.pFile = &wfi;
    wd.dwStateAction = WTD_STATEACTION_VERIFY;
    wd.hWVTStateData = NULL;
    wd.pwszURLReference = NULL;
    wd.dwProvFlags |= WTD_CACHE_ONLY_URL_RETRIEVAL;
    wd.dwUIContext = 0;
    wd.pSignatureSettings = 0;
    

    lStatus = WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd);
    wd.dwStateAction = WTD_STATEACTION_CLOSE;
    WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd); //close hWVTStateData

    ////if failed, try to verify using catalog files
    if (lStatus != ERROR_SUCCESS)
    {
        //open the file
        hFile = CreateFileW(pwszSourceFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
        if (hFile == INVALID_HANDLE_VALUE)
            return FALSE;

        dwHash = sizeof(bHash);
        if (!CryptCATAdminCalcHashFromFileHandle(hFile, &dwHash, bHash, 0))
        {
            CloseHandle(hFile);
            return FALSE;
        }

        //Create a string form of the hash (used later in pszMemberTag)
        LPWSTR pszMemberTag = new WCHAR[dwHash * 2 + 1];
        for (DWORD dw = 0; dw < dwHash; ++dw)
        {
            wsprintfW(&pszMemberTag[dw * 2], L"%02X", bHash[dw]);
        }

        if (!CryptCATAdminAcquireContext(&hCatAdmin, &DriverActionGuid, 0))
        {
            CloseHandle(hFile);
            return FALSE;
        }

        //find the catalog which contains the hash
        hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdmin, bHash, dwHash, 0, NULL);

        if (hCatInfo)
        {
            CATALOG_INFO ci = { 0 };
            CryptCATCatalogInfoFromContext(hCatInfo, &ci, 0);

            memset(&wci, 0, sizeof(wci));
            wci.cbStruct = sizeof(WINTRUST_CATALOG_INFO);
            wci.pcwszCatalogFilePath = ci.wszCatalogFile;
            wci.pcwszMemberFilePath = pwszSourceFile;
            wci.hMemberFile = hFile;
            wci.pcwszMemberTag = pszMemberTag;
            wci.pbCalculatedFileHash = bHash;
            wci.cbCalculatedFileHash = dwHash;
            wci.hCatAdmin = hCatAdmin;

            memset(&wd, 0, sizeof(wd));
            wd.cbStruct = sizeof(WINTRUST_DATA);
            wd.pPolicyCallbackData = NULL;
            wd.pSIPClientData = NULL;
            wd.dwUIChoice = WTD_UI_NONE;
            wd.fdwRevocationChecks = WTD_REVOKE_NONE;
            wd.dwUnionChoice = WTD_CHOICE_CATALOG;
            wd.pCatalog = &wci;
            wd.dwStateAction = WTD_STATEACTION_VERIFY;
            wd.hWVTStateData = NULL;
            wd.pwszURLReference = NULL;
            wd.dwProvFlags |= WTD_CACHE_ONLY_URL_RETRIEVAL;
            wd.dwUIContext = 0;
            wd.pSignatureSettings = 0;

            lStatus = WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd);
            wd.dwStateAction = WTD_STATEACTION_CLOSE;
            WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd); //close hWVTStateData
            CryptCATAdminReleaseCatalogContext(hCatAdmin, hCatInfo, 0);
        }


        CryptCATAdminReleaseContext(hCatAdmin, 0);
        delete[] pszMemberTag;
        CloseHandle(hFile);
    }

    return (lStatus == ERROR_SUCCESS);
}


int main(int argc, char *argv[])
{
    if (VerifySignature(argv[1]))
        printf("Verified file signature\n");
    else
        printf("Could not verify file signature\n");
    return 0;
}

Here is the working code to verify a file (technically any file type).

#include <stdio.h>
#include <windows.h>
#include <Softpub.h>
#include <wincrypt.h>
#include <wintrust.h>
#include <mscat.h>
#include <atlbase.h>

// Link with the Wintrust.lib file.
#pragma comment (lib, "wintrust")

BOOL VerifySignature(LPCSTR path) //We will receive the char* filepath not wchar*
{
    USES_CONVERSION;
    LPCWSTR pwszSourceFile = A2W(path); //We convert the char* to wchar*
    LONG lStatus;
    GUID WintrustVerifyGuid = WINTRUST_ACTION_GENERIC_VERIFY_V2;
    GUID DriverActionGuid = DRIVER_ACTION_VERIFY;
    HANDLE hFile;
    DWORD dwHash;
    BYTE bHash[100];
    HCATINFO hCatInfo;
    HCATADMIN hCatAdmin;

    WINTRUST_DATA wd = { 0 };
    WINTRUST_FILE_INFO wfi = { 0 };
    WINTRUST_CATALOG_INFO wci = { 0 };

    ////set up structs to verify files with cert signatures
    wfi.cbStruct = sizeof(WINTRUST_FILE_INFO);
    wfi.pcwszFilePath = pwszSourceFile;
    wfi.hFile = NULL;
    wfi.pgKnownSubject = NULL;

    wd.cbStruct = sizeof(WINTRUST_DATA);
    wd.pPolicyCallbackData = NULL;
    wd.pSIPClientData = NULL;
    wd.dwUIChoice = WTD_UI_NONE;
    wd.fdwRevocationChecks = WTD_REVOKE_NONE;
    wd.dwUnionChoice = WTD_CHOICE_FILE;
    wd.pFile = &wfi;
    wd.dwStateAction = WTD_STATEACTION_VERIFY;
    wd.hWVTStateData = NULL;
    wd.pwszURLReference = NULL;
    wd.dwProvFlags |= WTD_CACHE_ONLY_URL_RETRIEVAL;
    wd.dwUIContext = 0;
    wd.pSignatureSettings = 0;
    

    lStatus = WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd);
    wd.dwStateAction = WTD_STATEACTION_CLOSE;
    WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd); //close hWVTStateData

    ////if failed, try to verify using catalog files
    if (lStatus != ERROR_SUCCESS)
    {
        //open the file
        hFile = CreateFileW(pwszSourceFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
        if (hFile == INVALID_HANDLE_VALUE)
            return FALSE;

        dwHash = sizeof(bHash);
        if (!CryptCATAdminCalcHashFromFileHandle(hFile, &dwHash, bHash, 0))
        {
            CloseHandle(hFile);
            return FALSE;
        }

        //Create a string form of the hash (used later in pszMemberTag)
        LPWSTR pszMemberTag = new WCHAR[dwHash * 2 + 1];
        for (DWORD dw = 0; dw < dwHash; ++dw)
        {
            wsprintfW(&pszMemberTag[dw * 2], L"%02X", bHash[dw]);
        }

        if (!CryptCATAdminAcquireContext(&hCatAdmin, &DriverActionGuid, 0))
        {
            CloseHandle(hFile);
            return FALSE;
        }

        //find the catalog which contains the hash
        hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdmin, bHash, dwHash, 0, NULL);

        if (hCatInfo)
        {
            CATALOG_INFO ci = { 0 };
            CryptCATCatalogInfoFromContext(hCatInfo, &ci, 0);

            memset(&wci, 0, sizeof(wci));
            wci.cbStruct = sizeof(WINTRUST_CATALOG_INFO);
            wci.pcwszCatalogFilePath = ci.wszCatalogFile;
            wci.pcwszMemberFilePath = pwszSourceFile;
            wci.hMemberFile = hFile;
            wci.pcwszMemberTag = pszMemberTag;
            wci.pbCalculatedFileHash = bHash;
            wci.cbCalculatedFileHash = dwHash;
            wci.hCatAdmin = hCatAdmin;

            memset(&wd, 0, sizeof(wd));
            wd.cbStruct = sizeof(WINTRUST_DATA);
            wd.pPolicyCallbackData = NULL;
            wd.pSIPClientData = NULL;
            wd.dwUIChoice = WTD_UI_NONE;
            wd.fdwRevocationChecks = WTD_REVOKE_NONE;
            wd.dwUnionChoice = WTD_CHOICE_CATALOG;
            wd.pCatalog = &wci;
            wd.dwStateAction = WTD_STATEACTION_VERIFY;
            wd.hWVTStateData = NULL;
            wd.pwszURLReference = NULL;
            wd.dwProvFlags |= WTD_CACHE_ONLY_URL_RETRIEVAL;
            wd.dwUIContext = 0;
            wd.pSignatureSettings = 0;

            lStatus = WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd);
            wd.dwStateAction = WTD_STATEACTION_CLOSE;
            WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd); //close hWVTStateData
            CryptCATAdminReleaseCatalogContext(hCatAdmin, hCatInfo, 0);
        }


        CryptCATAdminReleaseContext(hCatAdmin, 0);
        delete[] pszMemberTag;
        CloseHandle(hFile);
    }

    return (lStatus == ERROR_SUCCESS);
}


int main(int argc, char *argv[])
{
    if (VerifySignature(argv[1]))
        printf("Verified file signature\n");
    else
        printf("Could not verify file signature\n");
    return 0;
}
回复 原文
~没有更多了~

关于作者

无边思念无边月

暂无简介

0 文章
0 评论
520 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文