Beispiel #1
0
        // call WinTrust.WinVerifyTrust() to check embedded file signature
        static WinVerifyTrustResult VerifyEmbeddedSignature(string fileName)
        {
            WinVerifyTrustResult result;

            try
            {
                //If OS is 64 bit, we want to disable the WOW64 redirection, as LRDetect is 32bit process and it will be redirected to
                //C:\Windows\SystemWOW64 instead of C:\Windows\System32 folder
                Helper.Wow64DisableWow64FsRedirection();

                WinTrustData wtd        = new WinTrustData(fileName);
                Guid         guidAction = new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2);
                result = WinVerifyTrust(INVALID_HANDLE_VALUE, guidAction, wtd);
                Logger.Debug("WinVerifyTrustResut: " + result.ToString());
            }
            finally
            {
                Helper.Wow64RevertWow64FsRedirection();
            }
            return(result);
        }
Beispiel #2
0
        // call WinTrust.WinVerifyTrust() to check embedded file signature
        static WinVerifyTrustResult VerifyEmbeddedSignature(string fileName)
        {
            WinVerifyTrustResult result;
              try
              {
            //If OS is 64 bit, we want to disable the WOW64 redirection, as LRDetect is 32bit process and it will be redirected to
            //C:\Windows\SystemWOW64 instead of C:\Windows\System32 folder
            Helper.Wow64DisableWow64FsRedirection();

            WinTrustData wtd = new WinTrustData(fileName);
            Guid guidAction = new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2);
            result = WinVerifyTrust(INVALID_HANDLE_VALUE, guidAction, wtd);
            Logger.Debug("WinVerifyTrustResut: " + result.ToString());
              }
              finally
              {
            Helper.Wow64RevertWow64FsRedirection();
              }
              return result;
        }
Beispiel #3
0
 static extern WinVerifyTrustResult WinVerifyTrust(
     [In] IntPtr hwnd,
     [In][MarshalAs(UnmanagedType.LPStruct)] Guid pgActionID,
     [In] WinTrustData pWVTData
     );