public static VerifyResult VerifyFile(string fileName)
{
VerifyResult result = VerifyResult.NoSignature;
using (MemoryAlloc strMem = new MemoryAlloc(fileName.Length * 2 + 2))
{
WintrustFileInfo fileInfo = new WintrustFileInfo();
strMem.WriteUnicodeString(0, fileName);
strMem.WriteByte(fileName.Length * 2, 0);
strMem.WriteByte(fileName.Length * 2 + 1, 0);
fileInfo.Size = Marshal.SizeOf(fileInfo);
fileInfo.FilePath = strMem;
WintrustData trustData = new WintrustData();
trustData.Size = 12 * 4;
trustData.UIChoice = 2; // WTD_UI_NONE
trustData.UnionChoice = 1; // WTD_CHOICE_FILE
trustData.RevocationChecks = WtRevocationChecks.None;
trustData.ProvFlags = WtProvFlags.Safer;
if (OSVersion.IsAboveOrEqual(WindowsVersion.Vista))
trustData.ProvFlags |= WtProvFlags.CacheOnlyUrlRetrieval;
using (MemoryAlloc mem = new MemoryAlloc(fileInfo.Size))
{
Marshal.StructureToPtr(fileInfo, mem, false);
trustData.UnionData = mem;
uint winTrustResult = Win32.WinVerifyTrust(IntPtr.Zero, WintrustActionGenericVerifyV2, ref trustData);
result = StatusToVerifyResult(winTrustResult);
}
}
if (result == VerifyResult.NoSignature)
{
using (FileHandle sourceFile = FileHandle.CreateWin32(fileName, FileAccess.GenericRead, FileShareMode.Read,
FileCreationDispositionWin32.OpenExisting))
{
byte[] hash = new byte[256];
int hashLength = 256;
if (!Win32.CryptCATAdminCalcHashFromFileHandle(sourceFile, ref hashLength, hash, 0))
{
hash = new byte[hashLength];
if (!Win32.CryptCATAdminCalcHashFromFileHandle(sourceFile, ref hashLength, hash, 0))
return VerifyResult.NoSignature;
}
StringBuilder memberTag = new StringBuilder(hashLength * 2);
for (int i = 0; i < hashLength; i++)
memberTag.Append(hash[i].ToString("X2"));
IntPtr catAdmin;
if (!Win32.CryptCATAdminAcquireContext(out catAdmin, DriverActionVerify, 0))
return VerifyResult.NoSignature;
IntPtr catInfo = Win32.CryptCATAdminEnumCatalogFromHash(catAdmin, hash, hashLength, 0, IntPtr.Zero);
if (catInfo == IntPtr.Zero)
{
Win32.CryptCATAdminReleaseContext(catAdmin, 0);
return VerifyResult.NoSignature;
}
CatalogInfo ci;
if (!Win32.CryptCATCatalogInfoFromContext(catInfo, out ci, 0))
{
Win32.CryptCATAdminReleaseCatalogContext(catAdmin, catInfo, 0);
Win32.CryptCATAdminReleaseContext(catAdmin, 0);
return VerifyResult.NoSignature;
}
WintrustCatalogInfo wci = new WintrustCatalogInfo();
wci.Size = Marshal.SizeOf(wci);
wci.CatalogFilePath = ci.CatalogFile;
wci.MemberFilePath = fileName;
wci.MemberTag = memberTag.ToString();
WintrustData trustData = new WintrustData();
trustData.Size = 12 * 4;
trustData.UIChoice = 1;
trustData.UnionChoice = 2;
trustData.RevocationChecks = WtRevocationChecks.None;
if (OSVersion.IsAboveOrEqual(WindowsVersion.Vista))
trustData.ProvFlags = WtProvFlags.CacheOnlyUrlRetrieval;
using (MemoryAlloc mem = new MemoryAlloc(wci.Size))
{
Marshal.StructureToPtr(wci, mem, false);
try
{
trustData.UnionData = mem;
uint winTrustResult = Win32.WinVerifyTrust(IntPtr.Zero, DriverActionVerify, ref trustData);
result = StatusToVerifyResult(winTrustResult);
}
finally
{
Win32.CryptCATAdminReleaseCatalogContext(catAdmin, catInfo, 0);
Win32.CryptCATAdminReleaseContext(catAdmin, 0);
Marshal.DestroyStructure(mem, typeof(WintrustCatalogInfo));
}
}
}
}
return result;
}
public static VerifyResult VerifyFile(string fileName, out string signerName)
{
VerifyResult result;
using (MemoryAlloc strMem = new MemoryAlloc(fileName.Length * 2 + 2))
{
WintrustFileInfo fileInfo = new WintrustFileInfo();
strMem.WriteUnicodeString(0, fileName);
strMem.WriteInt16(fileName.Length * 2, 0);
fileInfo.Size = WintrustFileInfo.SizeOf;
fileInfo.FilePath = strMem;
WintrustData trustData = new WintrustData
{
Size = WintrustData.SizeOf,
UIChoice = 2, // WTD_UI_NONE
UnionChoice = 1, // WTD_CHOICE_FILE
RevocationChecks = WtdRevocationChecks.None,
ProvFlags = WtdProvFlags.Safer,
StateAction = WtdStateAction.Verify
};
if (OSVersion.IsAboveOrEqual(WindowsVersion.Vista))
trustData.ProvFlags |= WtdProvFlags.CacheOnlyUrlRetrieval;
using (MemoryAlloc mem = new MemoryAlloc(fileInfo.Size))
{
mem.WriteStruct(fileInfo);
trustData.UnionData = mem;
uint winTrustResult = Win32.WinVerifyTrust(IntPtr.Zero, WintrustActionGenericVerifyV2, ref trustData);
result = StatusToVerifyResult(winTrustResult);
try
{
if (result != VerifyResult.NoSignature)
{
signerName = GetSignerNameFromStateData(trustData.StateData);
return result;
}
}
finally
{
// Close the state data.
trustData.StateAction = WtdStateAction.Close;
Win32.WinVerifyTrust(IntPtr.Zero, WintrustActionGenericVerifyV2, ref trustData);
}
}
}
signerName = null;
using (FileHandle sourceFile = FileHandle.CreateWin32(fileName, FileAccess.GenericRead, FileShareMode.Read, FileCreationDispositionWin32.OpenExisting))
{
byte[] hash = new byte[256];
int hashLength = 256;
if (!Win32.CryptCATAdminCalcHashFromFileHandle(sourceFile, ref hashLength, hash, 0))
{
hash = new byte[hashLength];
if (!Win32.CryptCATAdminCalcHashFromFileHandle(sourceFile, ref hashLength, hash, 0))
return VerifyResult.NoSignature;
}
StringBuilder memberTag = new StringBuilder(hashLength * 2);
for (int i = 0; i < hashLength; i++)
memberTag.Append(hash[i].ToString("X2"));
IntPtr catAdmin;
if (!Win32.CryptCATAdminAcquireContext(out catAdmin, DriverActionVerify, 0))
return VerifyResult.NoSignature;
IntPtr catInfo = Win32.CryptCATAdminEnumCatalogFromHash(catAdmin, hash, hashLength, 0, IntPtr.Zero);
if (catInfo == IntPtr.Zero)
{
Win32.CryptCATAdminReleaseContext(catAdmin, 0);
return VerifyResult.NoSignature;
}
CatalogInfo ci;
if (!Win32.CryptCATCatalogInfoFromContext(catInfo, out ci, 0))
{
Win32.CryptCATAdminReleaseCatalogContext(catAdmin, catInfo, 0);
Win32.CryptCATAdminReleaseContext(catAdmin, 0);
return VerifyResult.NoSignature;
}
WintrustCatalogInfo wci = new WintrustCatalogInfo
{
Size = WintrustCatalogInfo.SizeOf,
CatalogFilePath = ci.CatalogFile,
MemberFilePath = fileName,
MemberTag = memberTag.ToString()
};
WintrustData trustData = new WintrustData
{
Size = WintrustData.SizeOf,
UIChoice = 1,
UnionChoice = 2,
RevocationChecks = WtdRevocationChecks.None,
StateAction = WtdStateAction.Verify
};
if (OSVersion.IsAboveOrEqual(WindowsVersion.Vista))
trustData.ProvFlags = WtdProvFlags.CacheOnlyUrlRetrieval;
using (MemoryAlloc mem = new MemoryAlloc(wci.Size))
{
mem.WriteStruct(wci);
try
{
trustData.UnionData = mem;
uint winTrustResult = Win32.WinVerifyTrust(IntPtr.Zero, DriverActionVerify, ref trustData);
result = StatusToVerifyResult(winTrustResult);
if (result != VerifyResult.NoSignature)
{
signerName = GetSignerNameFromStateData(trustData.StateData);
}
}
finally
{
try
{
// Close the state data.
trustData.StateAction = WtdStateAction.Close;
Win32.WinVerifyTrust(IntPtr.Zero, DriverActionVerify, ref trustData);
}
finally
{
Win32.CryptCATAdminReleaseCatalogContext(catAdmin, catInfo, 0);
Win32.CryptCATAdminReleaseContext(catAdmin, 0);
mem.DestroyStruct<WintrustCatalogInfo>();
}
}
}
}
return result;
}