// call WinTrust.WinVerifyTrust() to check embedded file signature
static WinVerifyTrustResult VerifyEmbeddedSignature(string fileName)
{
WinVerifyTrustResult result;
try
{
//If OS is 64 bit, we want to disable the WOW64 redirection, as LRDetect is 32bit process and it will be redirected to
//C:\Windows\SystemWOW64 instead of C:\Windows\System32 folder
Helper.Wow64DisableWow64FsRedirection();
WinTrustData wtd = new WinTrustData(fileName);
Guid guidAction = new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2);
result = WinVerifyTrust(INVALID_HANDLE_VALUE, guidAction, wtd);
Logger.Debug("WinVerifyTrustResut: " + result.ToString());
}
finally
{
Helper.Wow64RevertWow64FsRedirection();
}
return(result);
}
// call WinTrust.WinVerifyTrust() to check embedded file signature
static WinVerifyTrustResult VerifyEmbeddedSignature(string fileName)
{
WinVerifyTrustResult result;
try
{
//If OS is 64 bit, we want to disable the WOW64 redirection, as LRDetect is 32bit process and it will be redirected to
//C:\Windows\SystemWOW64 instead of C:\Windows\System32 folder
Helper.Wow64DisableWow64FsRedirection();
WinTrustData wtd = new WinTrustData(fileName);
Guid guidAction = new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2);
result = WinVerifyTrust(INVALID_HANDLE_VALUE, guidAction, wtd);
Logger.Debug("WinVerifyTrustResut: " + result.ToString());
}
finally
{
Helper.Wow64RevertWow64FsRedirection();
}
return result;
}
static extern WinVerifyTrustResult WinVerifyTrust(
[In] IntPtr hwnd,
[In][MarshalAs(UnmanagedType.LPStruct)] Guid pgActionID,
[In] WinTrustData pWVTData
);