Esempio n. 1
0
        public static VerifyResult VerifyFile(string fileName)
        {
            VerifyResult result = VerifyResult.NoSignature;

            using (MemoryAlloc strMem = new MemoryAlloc(fileName.Length * 2 + 2))
            {
                WintrustFileInfo fileInfo = new WintrustFileInfo();

                strMem.WriteUnicodeString(0, fileName);
                strMem.WriteByte(fileName.Length * 2, 0);
                strMem.WriteByte(fileName.Length * 2 + 1, 0);

                fileInfo.Size = Marshal.SizeOf(fileInfo);
                fileInfo.FilePath = strMem;

                WintrustData trustData = new WintrustData();

                trustData.Size = 12 * 4;
                trustData.UIChoice = 2; // WTD_UI_NONE
                trustData.UnionChoice = 1; // WTD_CHOICE_FILE
                trustData.RevocationChecks = WtRevocationChecks.None;
                trustData.ProvFlags = WtProvFlags.Safer;

                if (OSVersion.IsAboveOrEqual(WindowsVersion.Vista))
                    trustData.ProvFlags |= WtProvFlags.CacheOnlyUrlRetrieval;

                using (MemoryAlloc mem = new MemoryAlloc(fileInfo.Size))
                {
                    Marshal.StructureToPtr(fileInfo, mem, false);
                    trustData.UnionData = mem;

                    uint winTrustResult = Win32.WinVerifyTrust(IntPtr.Zero, WintrustActionGenericVerifyV2, ref trustData);

                    result = StatusToVerifyResult(winTrustResult);
                }
            }

            if (result == VerifyResult.NoSignature)
            {
                using (FileHandle sourceFile = FileHandle.CreateWin32(fileName, FileAccess.GenericRead, FileShareMode.Read,
                    FileCreationDispositionWin32.OpenExisting))
                {
                    byte[] hash = new byte[256];
                    int hashLength = 256;

                    if (!Win32.CryptCATAdminCalcHashFromFileHandle(sourceFile, ref hashLength, hash, 0))
                    {
                        hash = new byte[hashLength];

                        if (!Win32.CryptCATAdminCalcHashFromFileHandle(sourceFile, ref hashLength, hash, 0))
                            return VerifyResult.NoSignature;
                    }

                    StringBuilder memberTag = new StringBuilder(hashLength * 2);

                    for (int i = 0; i < hashLength; i++)
                        memberTag.Append(hash[i].ToString("X2"));

                    IntPtr catAdmin;

                    if (!Win32.CryptCATAdminAcquireContext(out catAdmin, DriverActionVerify, 0))
                        return VerifyResult.NoSignature;

                    IntPtr catInfo = Win32.CryptCATAdminEnumCatalogFromHash(catAdmin, hash, hashLength, 0, IntPtr.Zero);

                    if (catInfo == IntPtr.Zero)
                    {
                        Win32.CryptCATAdminReleaseContext(catAdmin, 0);
                        return VerifyResult.NoSignature;
                    }

                    CatalogInfo ci;

                    if (!Win32.CryptCATCatalogInfoFromContext(catInfo, out ci, 0))
                    {
                        Win32.CryptCATAdminReleaseCatalogContext(catAdmin, catInfo, 0);
                        Win32.CryptCATAdminReleaseContext(catAdmin, 0);
                        return VerifyResult.NoSignature;
                    }

                    WintrustCatalogInfo wci = new WintrustCatalogInfo();

                    wci.Size = Marshal.SizeOf(wci);
                    wci.CatalogFilePath = ci.CatalogFile;
                    wci.MemberFilePath = fileName;
                    wci.MemberTag = memberTag.ToString();

                    WintrustData trustData = new WintrustData();

                    trustData.Size = 12 * 4;
                    trustData.UIChoice = 1;
                    trustData.UnionChoice = 2;
                    trustData.RevocationChecks = WtRevocationChecks.None;

                    if (OSVersion.IsAboveOrEqual(WindowsVersion.Vista))
                        trustData.ProvFlags = WtProvFlags.CacheOnlyUrlRetrieval;

                    using (MemoryAlloc mem = new MemoryAlloc(wci.Size))
                    {
                        Marshal.StructureToPtr(wci, mem, false);

                        try
                        {
                            trustData.UnionData = mem;

                            uint winTrustResult = Win32.WinVerifyTrust(IntPtr.Zero, DriverActionVerify, ref trustData);

                            result = StatusToVerifyResult(winTrustResult);
                        }
                        finally
                        {
                            Win32.CryptCATAdminReleaseCatalogContext(catAdmin, catInfo, 0);
                            Win32.CryptCATAdminReleaseContext(catAdmin, 0);
                            Marshal.DestroyStructure(mem, typeof(WintrustCatalogInfo));
                        }
                    }
                }
            }

            return result;
        }
Esempio n. 2
0
        public static VerifyResult VerifyFile(string fileName)
        {
            VerifyResult result = VerifyResult.NoSignature;

            using (MemoryAlloc strMem = new MemoryAlloc(fileName.Length * 2 + 2))
            {
                WintrustFileInfo fileInfo = new WintrustFileInfo();

                strMem.WriteUnicodeString(0, fileName);
                strMem.WriteByte(fileName.Length * 2, 0);
                strMem.WriteByte(fileName.Length * 2 + 1, 0);

                fileInfo.Size     = Marshal.SizeOf(fileInfo);
                fileInfo.FilePath = strMem;

                WintrustData trustData = new WintrustData();

                trustData.Size             = 12 * 4;
                trustData.UIChoice         = 2; // WTD_UI_NONE
                trustData.UnionChoice      = 1; // WTD_CHOICE_FILE
                trustData.RevocationChecks = WtRevocationChecks.None;
                trustData.ProvFlags        = WtProvFlags.Safer;

                if (OSVersion.IsAboveOrEqual(WindowsVersion.Vista))
                {
                    trustData.ProvFlags |= WtProvFlags.CacheOnlyUrlRetrieval;
                }

                using (MemoryAlloc mem = new MemoryAlloc(fileInfo.Size))
                {
                    Marshal.StructureToPtr(fileInfo, mem, false);
                    trustData.UnionData = mem;

                    uint winTrustResult = Win32.WinVerifyTrust(IntPtr.Zero, WintrustActionGenericVerifyV2, ref trustData);

                    result = StatusToVerifyResult(winTrustResult);
                }
            }

            if (result == VerifyResult.NoSignature)
            {
                using (FileHandle sourceFile = FileHandle.CreateWin32(fileName, FileAccess.GenericRead, FileShareMode.Read,
                                                                      FileCreationDispositionWin32.OpenExisting))
                {
                    byte[] hash       = new byte[256];
                    int    hashLength = 256;

                    if (!Win32.CryptCATAdminCalcHashFromFileHandle(sourceFile, ref hashLength, hash, 0))
                    {
                        hash = new byte[hashLength];

                        if (!Win32.CryptCATAdminCalcHashFromFileHandle(sourceFile, ref hashLength, hash, 0))
                        {
                            return(VerifyResult.NoSignature);
                        }
                    }

                    StringBuilder memberTag = new StringBuilder(hashLength * 2);

                    for (int i = 0; i < hashLength; i++)
                    {
                        memberTag.Append(hash[i].ToString("X2"));
                    }

                    IntPtr catAdmin;

                    if (!Win32.CryptCATAdminAcquireContext(out catAdmin, DriverActionVerify, 0))
                    {
                        return(VerifyResult.NoSignature);
                    }

                    IntPtr catInfo = Win32.CryptCATAdminEnumCatalogFromHash(catAdmin, hash, hashLength, 0, IntPtr.Zero);

                    if (catInfo == IntPtr.Zero)
                    {
                        Win32.CryptCATAdminReleaseContext(catAdmin, 0);
                        return(VerifyResult.NoSignature);
                    }

                    CatalogInfo ci;

                    if (!Win32.CryptCATCatalogInfoFromContext(catInfo, out ci, 0))
                    {
                        Win32.CryptCATAdminReleaseCatalogContext(catAdmin, catInfo, 0);
                        Win32.CryptCATAdminReleaseContext(catAdmin, 0);
                        return(VerifyResult.NoSignature);
                    }

                    WintrustCatalogInfo wci = new WintrustCatalogInfo();

                    wci.Size            = Marshal.SizeOf(wci);
                    wci.CatalogFilePath = ci.CatalogFile;
                    wci.MemberFilePath  = fileName;
                    wci.MemberTag       = memberTag.ToString();

                    WintrustData trustData = new WintrustData();

                    trustData.Size             = 12 * 4;
                    trustData.UIChoice         = 1;
                    trustData.UnionChoice      = 2;
                    trustData.RevocationChecks = WtRevocationChecks.None;

                    if (OSVersion.IsAboveOrEqual(WindowsVersion.Vista))
                    {
                        trustData.ProvFlags = WtProvFlags.CacheOnlyUrlRetrieval;
                    }

                    using (MemoryAlloc mem = new MemoryAlloc(wci.Size))
                    {
                        Marshal.StructureToPtr(wci, mem, false);

                        try
                        {
                            trustData.UnionData = mem;

                            uint winTrustResult = Win32.WinVerifyTrust(IntPtr.Zero, DriverActionVerify, ref trustData);

                            result = StatusToVerifyResult(winTrustResult);
                        }
                        finally
                        {
                            Win32.CryptCATAdminReleaseCatalogContext(catAdmin, catInfo, 0);
                            Win32.CryptCATAdminReleaseContext(catAdmin, 0);
                            Marshal.DestroyStructure(mem, typeof(WintrustCatalogInfo));
                        }
                    }
                }
            }

            return(result);
        }