/// <summary> /// Query ELAM information from a driver's resource section. /// </summary> /// <param name="path">The path to the file.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The ELAM information if present.</returns> public static NtResult <IReadOnlyList <ElamInformation> > GetElamInformation(string path, bool throw_on_error) { using (var lib = SafeLoadLibraryHandle.LoadLibrary(path, LoadLibraryFlags.LoadLibraryAsDataFile, throw_on_error)) { if (!lib.IsSuccess) { return(lib.Cast <IReadOnlyList <ElamInformation> >()); } var ptr = Win32NativeMethods.FindResource(lib.Result, "MicrosoftElamCertificateInfo", "MSElamCertInfoID"); if (ptr == IntPtr.Zero) { return(Win32Utils.GetLastWin32Error().CreateResultFromDosError <IReadOnlyList <ElamInformation> >(throw_on_error)); } IntPtr hResource = Win32NativeMethods.LoadResource(lib.Result, ptr); IntPtr buf = Win32NativeMethods.LockResource(hResource); int size = Win32NativeMethods.SizeofResource(lib.Result, ptr); if (size <= 0) { return(NtStatus.STATUS_INVALID_BUFFER_SIZE.CreateResultFromError <IReadOnlyList <ElamInformation> >(throw_on_error)); } byte[] elam_info = new byte[size]; Marshal.Copy(buf, elam_info, 0, size); MemoryStream stm = new MemoryStream(elam_info); BinaryReader reader = new BinaryReader(stm, Encoding.Unicode); try { List <ElamInformation> ret = new List <ElamInformation>(); int count = reader.ReadUInt16(); for (int i = 0; i < count; ++i) { string cert_hash = reader.ReadNulTerminated(); HashAlgorithm algorithm = (HashAlgorithm)reader.ReadUInt16(); string[] ekus = reader.ReadNulTerminated().Split(';'); ret.Add(new ElamInformation(cert_hash, algorithm, ekus)); } return(ret.AsReadOnly().CreateResult().Cast <IReadOnlyList <ElamInformation> >()); } catch (EndOfStreamException) { return(NtStatus.STATUS_END_OF_FILE.CreateResultFromError <IReadOnlyList <ElamInformation> >(throw_on_error)); } } }