• VerifyFile验证文件签名


    摘自金山pcmanager:http://code.ijinshan.com/trac/browser/pcmanager/src/publish/communits?order=name

    功能只适用于2000和xp,win7下不行。

    // testst.cpp : 定义控制台应用程序的入口点。
    //
    
    #include "stdafx.h"
    #include <Windows.h>
    #include <WinTrust.h>
    #include <SoftPub.h>
    //#pragma comment(lib, "WinTrust.lib")
    
    
    
    #ifndef _VERIFY_FILE_INC_
    #define _VERIFY_FILE_INC_
    HANDLE  AcquireVerifyHandle();
    void    ReleaseVerifyHandle(HANDLE hHandle);
    // 返回 0 失败
    // 返回 1 通过 win 签名
    // 返回 2 通过 cat 签名
    int     VerifyFile(HANDLE hHandle, LPCTSTR lpPath);
    BOOL    IsVerifiedFile(LPCTSTR lpPath);
    #endif /* _VERIFY_FILE_INC_ */
    
    
    typedef HANDLE HCATADMIN;
    typedef HANDLE HCATINFO;
    typedef BOOL (WINAPI* PFN_CryptCATAdminAcquireContext)(HCATADMIN* phCatAdmin, const GUID* pgSubsystem, DWORD dwFlags);
    typedef BOOL (WINAPI* PFN_CryptCATAdminReleaseContext)(HCATADMIN hCatAdmin, DWORD dwFlags);
    typedef BOOL (WINAPI* PFN_CryptCATAdminCalcHashFromFileHandle)(HANDLE hFile, DWORD* pcbHash, BYTE* pbHash, DWORD dwFlags);
    typedef HCATINFO (WINAPI* PFN_CryptCATAdminEnumCatalogFromHash)(HCATADMIN hCatAdmin, BYTE* pbHash, DWORD cbHash, DWORD dwFlags, HCATINFO* phPrevCatInfo );
    typedef BOOL (WINAPI* PFN_CryptCATAdminReleaseCatalogContext)(HCATADMIN hCatAdmin, HCATINFO hCatInfo, DWORD dwFlags);
    typedef LONG (WINAPI* PFN_WinVerifyTrust)(HWND hWnd, GUID* pgActionID, WINTRUST_DATA* pWinTrustData);
    static PFN_CryptCATAdminAcquireContext __pfnCryptCATAdminAcquireContext = NULL;
    static PFN_CryptCATAdminReleaseContext __pfnCryptCATAdminReleaseContext = NULL;
    static PFN_CryptCATAdminCalcHashFromFileHandle __pfnCryptCATAdminCalcHashFromFileHandle = NULL;
    static PFN_CryptCATAdminEnumCatalogFromHash __pfnCryptCATAdminEnumCatalogFromHash = NULL;
    static PFN_CryptCATAdminReleaseCatalogContext __pfnCryptCATAdminReleaseCatalogContext = NULL;
    static PFN_WinVerifyTrust __pfnWinVerifyTrust = NULL;
    static int LoadWinTrustDll()
    {
        static int nResult = 0;
    
        if ( nResult == 0 )
        {
            nResult = -1;
            HMODULE hModule = LoadLibraryW(SP_POLICY_PROVIDER_DLL_NAME);
            if ( hModule != NULL )
            {
                (FARPROC&)__pfnCryptCATAdminAcquireContext = GetProcAddress(hModule, "CryptCATAdminAcquireContext");
                if ( __pfnCryptCATAdminAcquireContext == NULL )
                {
                    goto _Failed_Exit;
                }
                (FARPROC&)__pfnCryptCATAdminReleaseContext = GetProcAddress(hModule, "CryptCATAdminReleaseContext");
                if ( __pfnCryptCATAdminReleaseContext == NULL )
                {
                    goto _Failed_Exit;
                }
                (FARPROC&)__pfnCryptCATAdminCalcHashFromFileHandle = GetProcAddress(hModule, "CryptCATAdminCalcHashFromFileHandle");
                if ( __pfnCryptCATAdminCalcHashFromFileHandle == NULL )
                {
                    goto _Failed_Exit;
                }
                (FARPROC&)__pfnCryptCATAdminEnumCatalogFromHash = GetProcAddress(hModule, "CryptCATAdminEnumCatalogFromHash");
                if ( __pfnCryptCATAdminEnumCatalogFromHash == NULL )
                {
                    goto _Failed_Exit;
                }
                (FARPROC&)__pfnCryptCATAdminReleaseCatalogContext = GetProcAddress(hModule, "CryptCATAdminReleaseCatalogContext");
                if ( __pfnCryptCATAdminReleaseCatalogContext == NULL )
                {
                    goto _Failed_Exit;
                }
                (FARPROC&)__pfnWinVerifyTrust = GetProcAddress(hModule, "WinVerifyTrust");
                if ( __pfnWinVerifyTrust == NULL )
                {
                    goto _Failed_Exit;
                }
                nResult = 1;
            }
    _Failed_Exit:;
        }
        return nResult;
    }
    static BOOL CalcCatHash(LPCWSTR lpFileName, DWORD* pcbHash, BYTE** ppbHash)
    {
        HANDLE hFile = CreateFileW(lpFileName, 
            GENERIC_READ,
            FILE_SHARE_READ,
            NULL,
            OPEN_EXISTING,
            0, 
            NULL
            );
        if ( hFile != INVALID_HANDLE_VALUE )
        {
            DWORD Err;
            LPBYTE Hash = NULL;
            DWORD HashSize = 0;
    
            //
            // Start out with a hash buffer size that should be large enough for
            // most requests.
            //
            HashSize = 100;
    
            do
            {
                Hash = (LPBYTE)LocalAlloc(LPTR, HashSize);
    
                if(!Hash)
                {
                    Err = ERROR_NOT_ENOUGH_MEMORY;
                    break;
                }
    
                if( __pfnCryptCATAdminCalcHashFromFileHandle(hFile, &HashSize, Hash, 0))
                {
                    Err = NO_ERROR;
                }
                else
                {
                    Err = GetLastError();
    
                    //
                    // If this API did screw up and not set last error, go ahead
                    // and set something.
                    //
                    if(Err == NO_ERROR)
                    {
                        Err = ERROR_INVALID_DATA;
                    }
    
                    LocalFree(Hash);
    
                    if(Err != ERROR_INSUFFICIENT_BUFFER)
                    {
                        //
                        // The API failed for some reason other than
                        // buffer-too-small.  We gotta bail.
                        //
                        Hash = NULL;  // reset this so we won't try to free it later
                        break;
                    }
                }
            } while(Err != NO_ERROR);
    
            CloseHandle(hFile);
            if(Err == NO_ERROR)
            {
                *pcbHash = HashSize;
                *ppbHash = Hash;
                return TRUE;
            }
        }
        *pcbHash = 0;
        *ppbHash = NULL;
        return FALSE;
    }
    HANDLE  AcquireVerifyHandle()
    {
        if ( LoadWinTrustDll() != 1 )
        {
            return NULL;
        }
    
        HANDLE hHandle = NULL;
        if ( __pfnCryptCATAdminAcquireContext(&hHandle, NULL, 0) )
        {
            return hHandle;
        }
        return NULL;
    }
    void ReleaseVerifyHandle(HANDLE hHandle)
    {
        if ( LoadWinTrustDll() != 1 )
        {
            return ;
        }
        __pfnCryptCATAdminReleaseContext(hHandle, 0);
    }
    int VerifyFile(HANDLE hHandle, LPCTSTR lpPath)
    {
        int nResult = 0;
        if ( LoadWinTrustDll() != 1 )
        {
            return 0;
        }
        WINTRUST_DATA wd = { 0 };
        WINTRUST_FILE_INFO wfi = { 0 };
        GUID guid = WINTRUST_ACTION_GENERIC_VERIFY_V2;
    
        wfi.cbStruct = sizeof(WINTRUST_FILE_INFO); 
        wfi.pcwszFilePath = lpPath; 
    
        wd.cbStruct = sizeof(WINTRUST_DATA);
        wd.dwUnionChoice = WTD_CHOICE_FILE;
        wd.pFile = &wfi;
        wd.dwUIChoice = WTD_UI_NONE;
        wd.fdwRevocationChecks = WTD_REVOKE_NONE;
        wd.dwStateAction = WTD_STATEACTION_AUTO_CACHE;
        wd.dwProvFlags = WTD_REVOCATION_CHECK_NONE;
        if ( __pfnWinVerifyTrust(NULL, &guid , &wd) == 0 ) // pe Ç©Ãû
        {
            MessageBox(0,_T("1"),0,0);
            nResult = 1;
        }
        else
        {
            if ( hHandle != NULL )
            {
                // cat Ç©Ãû
                LPBYTE lpHash;
                DWORD dwHashSize;
    
                if ( CalcCatHash(lpPath, &dwHashSize, &lpHash))
                {
                    HANDLE hCatalogContext = __pfnCryptCATAdminEnumCatalogFromHash(hHandle, lpHash, dwHashSize, 0, NULL);
                    if ( NULL != hCatalogContext)
                    {
                        __pfnCryptCATAdminReleaseCatalogContext(hHandle, hCatalogContext, 0);
                        MessageBox(0,_T("2"),0,0);
                        nResult = 2;
                    }
    
                    LocalFree(lpHash);
                    lpHash = NULL;
                }
            }
        }
        return nResult;
    }
    BOOL IsVerifiedFile(LPCTSTR lpPath)
    {
        BOOL bResult = FALSE;
    
        HANDLE hHandle = AcquireVerifyHandle();
        if ( hHandle != NULL )
        {
            __try
            {
                // Ñé֤ǩÃûÒì³££¬±ÀÀ£ÔÚϵͳº¯ÊýÀïÃæ
                // ÔÝʱÎÞ·¨È·¶¨Ô­Òò
                if ( VerifyFile(hHandle, lpPath) != 0 )
                {
                    bResult = TRUE;
                }
            }
            __except ( EXCEPTION_EXECUTE_HANDLER )
            {
            }
    
            ReleaseVerifyHandle(hHandle);
        }
        return bResult;
    }
    
    int _tmain(int argc, _TCHAR* argv[])
    {
        IsVerifiedFile(_T("C:\\Windows\\System32\\kernel32.dll"));
        return 0;
    }
  • 相关阅读:
    java.logging的重定向?
    java.rmi.NoSuchObjectException: no such object in table
    jmx : ClientCommunicatorAdmin Checker-run
    jmx完整示例
    Android studio 下的SDK Manager只显示已安装包的情况
    Android Studio: Error:Cannot locate factory for objects of type DefaultGradleConnector, as ConnectorServiceRegistry
    浅谈Kotlin(二):基本类型、基本语法、代码风格
    浅谈Kotlin(一):简介及Android Studio中配置
    源码浅谈(一):java中的 toString()方法
    ButterKnife注解框架详解
  • 原文地址:https://www.cnblogs.com/daxingxing/p/2453796.html
Copyright © 2020-2023  润新知