C# (CSharp) HPValidateSignature SignedObject Examples

Example #1

        static void Main(string[] args)
        {
            SignedObject so = new SignedObject();

            Console.WriteLine(so.ValidatePeSignature("C:\\Users\\b\\Desktop\\HPwn.dll"));
            return;
        }

Example #2

File: SignedObject.cs Project: wdsjxh/HPwn

        public SignedObjRet ValidatePeSignature(string fileName)
        {
            try
            {
                using (FileStream file = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read))
                {
                    byte[] numArray1 = new byte[8192];
                    int    bytesRead = file.Read(numArray1, 0, numArray1.Length);
                    if (bytesRead < 576 || 23117 != (int)BitConverter.ToUInt16(numArray1, 0))
                    {
                        return(SignedObjRet.InvalidFileFormat);
                    }
                    int int32_1 = BitConverter.ToInt32(numArray1, 60);
                    //This check looks for the string "PE" at offset *numArray1[3C] = 0x80
                    if (int32_1 > numArray1.Length || (int)BitConverter.ToUInt32(numArray1, int32_1) != 17744)
                    {
                        return(SignedObjRet.InvalidFileFormat);
                    }
                    //Now we index 152 bytes into the PE = 0x80 +  0x98 = 0x118 = this should specify an offset to
                    //beginning of numArray2
                    int int32_2 = BitConverter.ToInt32(numArray1, int32_1 + 152);
                    //Grab the int at index 0x80 + 0x9C = 0x11C
                    int int32_3 = BitConverter.ToInt32(numArray1, int32_1 + 156);

                    if (int32_3 <= 8 || ((long)int32_2 > file.Length || (long)(int32_2 + int32_3) > file.Length || int32_3 > 65536))
                    {
                        return(SignedObjRet.InvalidFileFormat);
                    }
                    long   position  = file.Position;
                    byte[] numArray2 = new byte[int32_3 - 8];
                    if (file.Position != (long)(int32_2 + 8))
                    {
                        file.Seek((long)(int32_2 + 8), SeekOrigin.Begin);
                    }
                    file.Read(numArray2, 0, int32_3 - 8);
                    SignedDataIndex inIndex = new SignedDataIndex(numArray2);
                    inIndex.FindTags();
                    byte[] numArray3 = new byte[inIndex.SigHashOidLen];
                    Buffer.BlockCopy((Array)numArray2, (int)inIndex.SigHashOid, (Array)numArray3, 0, numArray3.Length);
                    HashAlgorithm hashAlgorithm = !SignedObjectAsn.CompareByteArrays(numArray3, this.sha1Oid) ? (!SignedObjectAsn.CompareByteArrays(numArray3, this.sha256Oid) ? (HashAlgorithm) new MD5CryptoServiceProvider() : (HashAlgorithm) new WinSHA256()) : (HashAlgorithm) new SHA1CryptoServiceProvider();
                    using (hashAlgorithm)
                    {
                        file.Seek(position, SeekOrigin.Begin);
                        SignedObject.PeHash(file, hashAlgorithm, numArray1, int32_1, int32_2, bytesRead);
                        using (SignedObjectAsn signedObjectAsn = new SignedObjectAsn())
                            return(signedObjectAsn.ValidateSignature(numArray2, hashAlgorithm, inIndex));
                    }
                }
            }
            catch (ObjectDisposedException ex)
            {
                return(SignedObjRet.InvalidSignature);
            }
            catch (InvalidOperationException ex)
            {
                return(SignedObjRet.InvalidFileFormat);
            }
            catch (ArgumentException ex)
            {
                return(SignedObjRet.InvalidFileFormat);
            }
            catch (IOException ex)
            {
                return(SignedObjRet.InvalidFileFormat);
            }
            catch (COMException ex)
            {
                return(SignedObjRet.InvalidSignature);
            }
        }