// constructor for silent WinTrustDataChoice.File check public WinTrustData(String _fileName, bool isCatalog, String _hash, String _catalogPath, IntPtr hCatAdmin) { // On Win7SP1+, don't allow MD2 or MD4 signatures if ((Environment.OSVersion.Version.Major > 6) || ((Environment.OSVersion.Version.Major == 6) && (Environment.OSVersion.Version.Minor > 1)) || ((Environment.OSVersion.Version.Major == 6) && (Environment.OSVersion.Version.Minor == 1) && !String.IsNullOrEmpty(Environment.OSVersion.ServicePack))) { ProvFlags |= WinTrustDataProvFlags.DisableMD2andMD4; } if (isCatalog) { dwUnionChoice = WinTrustDataChoice.Catalog; WinTrustCatalogInfo wtfiData = new WinTrustCatalogInfo(_catalogPath, _hash, _fileName, hCatAdmin); FileInfoPtr = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(WinTrustCatalogInfo))); Marshal.StructureToPtr(wtfiData, FileInfoPtr, false); } else { WinTrustFileInfo wtfiData = new WinTrustFileInfo(_fileName); FileInfoPtr = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(WinTrustFileInfo))); Marshal.StructureToPtr(wtfiData, FileInfoPtr, false); } }
// constructor for silent WinTrustDataChoice.File check public WinTrustData(string _fileName) { WinTrustFileInfo wtfiData = new WinTrustFileInfo(_fileName); FileInfoPtr = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(WinTrustFileInfo))); Marshal.StructureToPtr(wtfiData, FileInfoPtr, false); }
// call WinTrust.WinVerifyTrust() to check embedded file signature public static bool VerifyEmbeddedSignature(string fileName) { WinTrustFileInfo winTrustFileInfo = null; WinTrustData winTrustData = null; try { winTrustFileInfo = new WinTrustFileInfo(fileName); winTrustData = new WinTrustData(winTrustFileInfo); Guid guidAction = new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2); WinVerifyTrustResult result = WinVerifyTrust(INVALID_HANDLE_VALUE, guidAction, winTrustData); bool ret = (result == WinVerifyTrustResult.Success); return(ret); } finally { // free the locally-held unmanaged memory in the data structures if (winTrustFileInfo != null) { winTrustFileInfo.Dispose(); } if (winTrustData != null) { winTrustData.Dispose(); } } }
// constructor for silent WinTrustDataChoice.File check public WinTrustData(String _fileName, WinTrustDataRevocationChecks revocationChecks) { RevocationChecks = revocationChecks; WinTrustFileInfo wtfiData = new WinTrustFileInfo(_fileName); FileInfoPtr = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(WinTrustFileInfo))); Marshal.StructureToPtr(wtfiData, FileInfoPtr, false); }
public bool SignatureExist(string fileName) { WinTrustFileInfo wtfi = new WinTrustFileInfo(fileName); WinTrustData wtd = new WinTrustData(wtfi); Guid guidAction = new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2); WinVerifyTrustResult result = Win32Api.WinVerifyTrust(new IntPtr(-1), guidAction, wtd); bool ret = (result == WinVerifyTrustResult.Success); wtfi.Dispose(); wtd.Dispose(); return(ret); }
// constructor for silent WinTrustDataChoice.File check public WinTrustData(WinTrustFileInfo _fileInfo) { // On Win7SP1+, don't allow MD2 or MD4 signatures if ((Environment.OSVersion.Version.Major > 6) || ((Environment.OSVersion.Version.Major == 6) && (Environment.OSVersion.Version.Minor > 1)) || ((Environment.OSVersion.Version.Major == 6) && (Environment.OSVersion.Version.Minor == 1) && !String.IsNullOrEmpty(Environment.OSVersion.ServicePack))) { ProvFlags |= WinTrustDataProvFlags.DisableMD2andMD4; } WinTrustFileInfo wtfiData = _fileInfo; FileInfoPtr = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(WinTrustFileInfo))); Marshal.StructureToPtr(wtfiData, FileInfoPtr, false); }
private bool IsFileTrusted(string filePath) { if (string.IsNullOrEmpty(filePath)) { throw new ArgumentNullException(nameof(filePath)); } _file = File.OpenRead(filePath); using (var fileInfo = new WinTrustFileInfo(filePath)) using (var winTrustData = new WinTrustData(fileInfo)) { var result = WinVerifyTrust(IntPtr.Zero, WINTRUST_ACTION_GENERIC_VERIFY_V2, winTrustData); return(result == WinVerifyTrustResult.Success); } }
public static bool IsAuthenticodeSigned(string path) { var fileInfo = new WinTrustFileInfo { cbStruct = (uint)Marshal.SizeOf <WinTrustFileInfo>(), pcwszFilePath = Path.GetFullPath(path), hFile = IntPtr.Zero, pgKnownSubject = IntPtr.Zero }; var data = new WinTrustData { cbStruct = (uint)Marshal.SizeOf <WinTrustData>(), dwProvFlags = Convert.ToUInt32(Provider.WTD_SAFER_FLAG), dwStateAction = Convert.ToUInt32(StateAction.WTD_STATEACTION_IGNORE), dwUIChoice = Convert.ToUInt32(UIChoice.WTD_UI_NONE), dwUIContext = 0, dwUnionChoice = Convert.ToUInt32(UnionChoice.WTD_CHOICE_FILE), fdwRevocationChecks = Convert.ToUInt32(RevocationChecks.WTD_REVOKE_NONE), hWVTStateData = IntPtr.Zero, pFile = Marshal.AllocHGlobal(Marshal.SizeOf <WinTrustFileInfo>()), pPolicyCallbackData = IntPtr.Zero, pSIPClientData = IntPtr.Zero, pwszURLReference = IntPtr.Zero }; // TODO: Potential memory leak. Need to invetigate Marshal.StructureToPtr(fileInfo, data.pFile, false); var pGuid = Marshal.AllocHGlobal(Marshal.SizeOf <Guid>()); var pData = Marshal.AllocHGlobal(Marshal.SizeOf <WinTrustData>()); Marshal.StructureToPtr(data, pData, true); Marshal.StructureToPtr(new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2), pGuid, true); var result = WinVerifyTrust(IntPtr.Zero, pGuid, pData); Marshal.FreeHGlobal(pGuid); Marshal.FreeHGlobal(pData); return(result == 0); }
public static uint IsSigned(string path) { WinTrustFileInfo fileInfo = new WinTrustFileInfo() { cbStruct = (uint)Marshal.SizeOf(typeof(WinTrustFileInfo)), pcwszFilePath = Path.GetFullPath(path), hFile = IntPtr.Zero, pgKnownSubject = IntPtr.Zero }; WinTrustData data = new WinTrustData() { cbStruct = (uint)Marshal.SizeOf(typeof(WinTrustData)), dwProvFlags = 0, dwStateAction = Convert.ToUInt32(StateAction.WTD_STATEACTION_IGNORE), dwUIChoice = Convert.ToUInt32(UIChoice.WTD_UI_NONE), dwUIContext = 0, dwUnionChoice = Convert.ToUInt32(UnionChoice.WTD_CHOICE_FILE), fdwRevocationChecks = Convert.ToUInt32(RevocationChecks.WTD_REVOKE_NONE), hWVTStateData = IntPtr.Zero, pFile = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(WinTrustFileInfo))), pPolicyCallbackData = IntPtr.Zero, pSIPClientData = IntPtr.Zero, pwszURLReference = IntPtr.Zero }; // Potential memory leak. Need to investigate Marshal.StructureToPtr(fileInfo, data.pFile, false); IntPtr pGuid = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Guid))); IntPtr pData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(WinTrustData))); Marshal.StructureToPtr(data, pData, true); Marshal.StructureToPtr(WinTrust.WINTRUST_ACTION_GENERIC_VERIFY_V2, pGuid, true); uint result = WinTrust.WinVerifyTrust(IntPtr.Zero, pGuid, pData); Marshal.FreeHGlobal(pGuid); Marshal.FreeHGlobal(pData); return(result); }
public static WinVerifyResult VerifyEmbeddedSignature(string path) { WinTrustFileInfo winTrustFileInfo = null; WinTrustData winTrustData = null; try { // specify the WinVerifyTrust function/action that we want var action = new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2); // instantiate our WinTrustFileInfo and WinTrustData data structures winTrustFileInfo = new WinTrustFileInfo(path); winTrustData = new WinTrustData(winTrustFileInfo); // call into WinVerifyTrust return(WinVerifyTrust(INVALID_HANDLE_VALUE, action, winTrustData)); } finally { // free the locally-held unmanaged memory in the data structures winTrustFileInfo?.Dispose(); winTrustData?.Dispose(); } }
// constructor for silent WinTrustDataChoice.File check internal WinTrustData(String fileName, WinTrustDataRevocationChecks checks) { var wtfiData = new WinTrustFileInfo(fileName); FileInfoPtr = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(WinTrustFileInfo))); Marshal.StructureToPtr(wtfiData, FileInfoPtr, false); RevocationChecks = checks; }
public static bool IsAuthenticodeSigned(string path) { WinTrustFileInfo fileInfo = new WinTrustFileInfo() { cbStruct = (uint)Marshal.SizeOf(typeof(WinTrustFileInfo)), pcwszFilePath = Path.GetFullPath(path), hFile = IntPtr.Zero, pgKnownSubject = IntPtr.Zero }; WinTrustData data = new WinTrustData() { cbStruct = (uint)Marshal.SizeOf(typeof(WinTrustData)), dwProvFlags = Convert.ToUInt32(Provider.WTD_SAFER_FLAG), dwStateAction = Convert.ToUInt32(StateAction.WTD_STATEACTION_IGNORE), dwUIChoice = Convert.ToUInt32(UIChoice.WTD_UI_NONE), dwUIContext = 0, dwUnionChoice = Convert.ToUInt32(UnionChoice.WTD_CHOICE_FILE), fdwRevocationChecks = Convert.ToUInt32(RevocationChecks.WTD_REVOKE_NONE), hWVTStateData = IntPtr.Zero, pFile = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(WinTrustFileInfo))), pPolicyCallbackData = IntPtr.Zero, pSIPClientData = IntPtr.Zero, pwszURLReference = IntPtr.Zero }; // TODO: Potential memory leak. Need to invetigate Marshal.StructureToPtr(fileInfo, data.pFile, false); IntPtr pGuid = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Guid))); IntPtr pData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(WinTrustData))); Marshal.StructureToPtr(data, pData, true); Marshal.StructureToPtr(new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2), pGuid, true); uint result = WinVerifyTrust(IntPtr.Zero, pGuid, pData); Marshal.FreeHGlobal(pGuid); Marshal.FreeHGlobal(pData); return result == 0; }
// call WinTrust.WinVerifyTrust() to check embedded file signature public static string VerifyEmbeddedSignature(string filename) { WinTrustFileInfo winTrustFileInfo = null; WinTrustData winTrustData = null; try { // specify the WinVerifyTrust function/action that we want Guid action = new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2); // instantiate our WinTrustFileInfo and WinTrustData data structures winTrustFileInfo = new WinTrustFileInfo(filename); winTrustData = new WinTrustData(filename); // call into WinVerifyTrust WinVerifyTrustResult result = WinVerifyTrust(INVALID_HANDLE_VALUE, action, winTrustData); switch (result) { case WinVerifyTrustResult.Success: return("Valid"); case WinVerifyTrustResult.ProviderUnknown: return("ProviderUnknown"); case WinVerifyTrustResult.ActionUnknown: return("ActionUnknown"); case WinVerifyTrustResult.SubjectFormUnknown: return("SubjectFormUnknown"); case WinVerifyTrustResult.SubjectNotTrusted: return("SubjectNotTrusted"); case WinVerifyTrustResult.FileNotSigned: return("FileNotSigned"); case WinVerifyTrustResult.SubjectExplicitlyDistrusted: return("SubjectExplicitlyDistrusted"); case WinVerifyTrustResult.SignatureOrFileCorrupt: return("SignatureOrFileCorrupt"); case WinVerifyTrustResult.SubjectCertExpired: return("SubjectCertExpired"); case WinVerifyTrustResult.SubjectCertificateRevoked: return("SubjectCertificateRevoked"); case WinVerifyTrustResult.UntrustedRoot: return("UntrustedRoot"); default: // The UI was disabled in dwUIChoice or the admin policy // has disabled user trust. lStatus contains the // publisher or time stamp chain error. return(result.ToString()); } } catch (Exception e) { Log.Debug("{0} error decoding signature on {1}", e.GetType().ToString(), filename); } return("Unknown"); }
// constructor for silent WinTrustDataChoice.File check public WinTrustData(String _fileName) { var wtfiData = new WinTrustFileInfo(_fileName); FileInfoPtr = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof (WinTrustFileInfo))); Marshal.StructureToPtr(wtfiData, FileInfoPtr, false); }
// constructor for silent WinTrustDataChoice.File check public WinTrustData(String _fileName) { // On Win7SP1+, don't allow MD2 or MD4 signatures if ((Environment.OSVersion.Version.Major > 6) || ((Environment.OSVersion.Version.Major == 6) && (Environment.OSVersion.Version.Minor > 1)) || ((Environment.OSVersion.Version.Major == 6) && (Environment.OSVersion.Version.Minor == 1) && !String.IsNullOrEmpty(Environment.OSVersion.ServicePack))) { ProvFlags |= WinTrustDataProvFlags.DisableMD2andMD4; } WinTrustFileInfo wtfiData = new WinTrustFileInfo(_fileName); FileInfoPtr = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(WinTrustFileInfo))); Marshal.StructureToPtr(wtfiData, FileInfoPtr, false); }
public static string VerifyEmbeddedSignature(string filename) { try { WinTrustFileInfo winTrustFileInfo = null; WinTrustData winTrustData = null; // specify the WinVerifyTrust function/action that we want Guid action = new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2); // instantiate our WinTrustFileInfo and WinTrustData data structures winTrustFileInfo = new WinTrustFileInfo(filename); winTrustData = new WinTrustData(filename); WinVerifyTrustResult result = WinVerifyTrust(INVALID_HANDLE_VALUE, action, winTrustData); // call into WinVerifyTrust switch (result) { case WinVerifyTrustResult.Success: return("Valid"); case WinVerifyTrustResult.ProviderUnknown: return("ProviderUnknown"); case WinVerifyTrustResult.ActionUnknown: return("ActionUnknown"); case WinVerifyTrustResult.SubjectFormUnknown: return("SubjectFormUnknown"); case WinVerifyTrustResult.SubjectNotTrusted: return("SubjectNotTrusted"); case WinVerifyTrustResult.FileNotSigned: return("FileNotSigned"); case WinVerifyTrustResult.SubjectExplicitlyDistrusted: return("SubjectExplicitlyDistrusted"); case WinVerifyTrustResult.SignatureOrFileCorrupt: return("SignatureOrFileCorrupt"); case WinVerifyTrustResult.SubjectCertExpired: return("SubjectCertExpired"); case WinVerifyTrustResult.SubjectCertificateRevoked: return("SubjectCertificateRevoked"); case WinVerifyTrustResult.UntrustedRoot: return("UntrustedRoot"); default: // The UI was disabled in dwUIChoice or the admin policy // has disabled user trust. lStatus contains the // publisher or time stamp chain error. return(result.ToString()); } } catch (Exception e) when( e is System.AccessViolationException || e is Exception) { Dictionary <string, string> ExceptionEvent = new Dictionary <string, string>(); ExceptionEvent.Add("Exception Type", e.GetType().ToString()); AsaTelemetry.TrackEvent("VerifyEmbeddedSignatureException", ExceptionEvent); return("FailedToFetch"); } }