Exemplo n.º 1
0
        public static VerifyResult VerifyFile(string fileName)
        {
            VerifyResult result = VerifyResult.NoSignature;

            using (MemoryAlloc strMem = new MemoryAlloc(fileName.Length * 2 + 2))
            {
                WintrustFileInfo fileInfo = new WintrustFileInfo();

                strMem.WriteUnicodeString(0, fileName);
                strMem.WriteByte(fileName.Length * 2, 0);
                strMem.WriteByte(fileName.Length * 2 + 1, 0);

                fileInfo.Size = Marshal.SizeOf(fileInfo);
                fileInfo.FilePath = strMem;

                WintrustData trustData = new WintrustData();

                trustData.Size = 12 * 4;
                trustData.UIChoice = 2; // WTD_UI_NONE
                trustData.UnionChoice = 1; // WTD_CHOICE_FILE
                trustData.RevocationChecks = WtRevocationChecks.None;
                trustData.ProvFlags = WtProvFlags.Safer;

                if (OSVersion.IsAboveOrEqual(WindowsVersion.Vista))
                    trustData.ProvFlags |= WtProvFlags.CacheOnlyUrlRetrieval;

                using (MemoryAlloc mem = new MemoryAlloc(fileInfo.Size))
                {
                    Marshal.StructureToPtr(fileInfo, mem, false);
                    trustData.UnionData = mem;

                    uint winTrustResult = Win32.WinVerifyTrust(IntPtr.Zero, WintrustActionGenericVerifyV2, ref trustData);

                    result = StatusToVerifyResult(winTrustResult);
                }
            }

            if (result == VerifyResult.NoSignature)
            {
                using (FileHandle sourceFile = FileHandle.CreateWin32(fileName, FileAccess.GenericRead, FileShareMode.Read,
                    FileCreationDispositionWin32.OpenExisting))
                {
                    byte[] hash = new byte[256];
                    int hashLength = 256;

                    if (!Win32.CryptCATAdminCalcHashFromFileHandle(sourceFile, ref hashLength, hash, 0))
                    {
                        hash = new byte[hashLength];

                        if (!Win32.CryptCATAdminCalcHashFromFileHandle(sourceFile, ref hashLength, hash, 0))
                            return VerifyResult.NoSignature;
                    }

                    StringBuilder memberTag = new StringBuilder(hashLength * 2);

                    for (int i = 0; i < hashLength; i++)
                        memberTag.Append(hash[i].ToString("X2"));

                    IntPtr catAdmin;

                    if (!Win32.CryptCATAdminAcquireContext(out catAdmin, DriverActionVerify, 0))
                        return VerifyResult.NoSignature;

                    IntPtr catInfo = Win32.CryptCATAdminEnumCatalogFromHash(catAdmin, hash, hashLength, 0, IntPtr.Zero);

                    if (catInfo == IntPtr.Zero)
                    {
                        Win32.CryptCATAdminReleaseContext(catAdmin, 0);
                        return VerifyResult.NoSignature;
                    }

                    CatalogInfo ci;

                    if (!Win32.CryptCATCatalogInfoFromContext(catInfo, out ci, 0))
                    {
                        Win32.CryptCATAdminReleaseCatalogContext(catAdmin, catInfo, 0);
                        Win32.CryptCATAdminReleaseContext(catAdmin, 0);
                        return VerifyResult.NoSignature;
                    }

                    WintrustCatalogInfo wci = new WintrustCatalogInfo();

                    wci.Size = Marshal.SizeOf(wci);
                    wci.CatalogFilePath = ci.CatalogFile;
                    wci.MemberFilePath = fileName;
                    wci.MemberTag = memberTag.ToString();

                    WintrustData trustData = new WintrustData();

                    trustData.Size = 12 * 4;
                    trustData.UIChoice = 1;
                    trustData.UnionChoice = 2;
                    trustData.RevocationChecks = WtRevocationChecks.None;

                    if (OSVersion.IsAboveOrEqual(WindowsVersion.Vista))
                        trustData.ProvFlags = WtProvFlags.CacheOnlyUrlRetrieval;

                    using (MemoryAlloc mem = new MemoryAlloc(wci.Size))
                    {
                        Marshal.StructureToPtr(wci, mem, false);

                        try
                        {
                            trustData.UnionData = mem;

                            uint winTrustResult = Win32.WinVerifyTrust(IntPtr.Zero, DriverActionVerify, ref trustData);

                            result = StatusToVerifyResult(winTrustResult);
                        }
                        finally
                        {
                            Win32.CryptCATAdminReleaseCatalogContext(catAdmin, catInfo, 0);
                            Win32.CryptCATAdminReleaseContext(catAdmin, 0);
                            Marshal.DestroyStructure(mem, typeof(WintrustCatalogInfo));
                        }
                    }
                }
            }

            return result;
        }
Exemplo n.º 2
0
        public static VerifyResult VerifyFile(string fileName, out string signerName)
        {
            VerifyResult result;

            using (MemoryAlloc strMem = new MemoryAlloc(fileName.Length * 2 + 2))
            {
                WintrustFileInfo fileInfo = new WintrustFileInfo();

                strMem.WriteUnicodeString(0, fileName);
                strMem.WriteInt16(fileName.Length * 2, 0);

                fileInfo.Size = WintrustFileInfo.SizeOf;
                fileInfo.FilePath = strMem;

                WintrustData trustData = new WintrustData
                {
                    Size = WintrustData.SizeOf,
                    UIChoice = 2, // WTD_UI_NONE
                    UnionChoice = 1, // WTD_CHOICE_FILE
                    RevocationChecks = WtdRevocationChecks.None,
                    ProvFlags = WtdProvFlags.Safer,
                    StateAction = WtdStateAction.Verify
                };

                if (OSVersion.IsAboveOrEqual(WindowsVersion.Vista))
                    trustData.ProvFlags |= WtdProvFlags.CacheOnlyUrlRetrieval;

                using (MemoryAlloc mem = new MemoryAlloc(fileInfo.Size))
                {
                    mem.WriteStruct(fileInfo);
                    trustData.UnionData = mem;

                    uint winTrustResult = Win32.WinVerifyTrust(IntPtr.Zero, WintrustActionGenericVerifyV2, ref trustData);

                    result = StatusToVerifyResult(winTrustResult);

                    try
                    {
                        if (result != VerifyResult.NoSignature)
                        {
                            signerName = GetSignerNameFromStateData(trustData.StateData);

                            return result;
                        }
                    }
                    finally
                    {
                        // Close the state data.
                        trustData.StateAction = WtdStateAction.Close;
                        Win32.WinVerifyTrust(IntPtr.Zero, WintrustActionGenericVerifyV2, ref trustData);
                    }
                }
            }

            signerName = null;

            using (FileHandle sourceFile = FileHandle.CreateWin32(fileName, FileAccess.GenericRead, FileShareMode.Read, FileCreationDispositionWin32.OpenExisting))
            {
                byte[] hash = new byte[256];
                int hashLength = 256;

                if (!Win32.CryptCATAdminCalcHashFromFileHandle(sourceFile, ref hashLength, hash, 0))
                {
                    hash = new byte[hashLength];

                    if (!Win32.CryptCATAdminCalcHashFromFileHandle(sourceFile, ref hashLength, hash, 0))
                        return VerifyResult.NoSignature;
                }

                StringBuilder memberTag = new StringBuilder(hashLength * 2);

                for (int i = 0; i < hashLength; i++)
                    memberTag.Append(hash[i].ToString("X2"));

                IntPtr catAdmin;

                if (!Win32.CryptCATAdminAcquireContext(out catAdmin, DriverActionVerify, 0))
                    return VerifyResult.NoSignature;

                IntPtr catInfo = Win32.CryptCATAdminEnumCatalogFromHash(catAdmin, hash, hashLength, 0, IntPtr.Zero);

                if (catInfo == IntPtr.Zero)
                {
                    Win32.CryptCATAdminReleaseContext(catAdmin, 0);
                    return VerifyResult.NoSignature;
                }

                CatalogInfo ci;

                if (!Win32.CryptCATCatalogInfoFromContext(catInfo, out ci, 0))
                {
                    Win32.CryptCATAdminReleaseCatalogContext(catAdmin, catInfo, 0);
                    Win32.CryptCATAdminReleaseContext(catAdmin, 0);
                    return VerifyResult.NoSignature;
                }

                WintrustCatalogInfo wci = new WintrustCatalogInfo
                {
                    Size = WintrustCatalogInfo.SizeOf, 
                    CatalogFilePath = ci.CatalogFile, 
                    MemberFilePath = fileName, 
                    MemberTag = memberTag.ToString()
                };

                WintrustData trustData = new WintrustData
                {
                    Size = WintrustData.SizeOf, 
                    UIChoice = 1, 
                    UnionChoice = 2, 
                    RevocationChecks = WtdRevocationChecks.None, 
                    StateAction = WtdStateAction.Verify
                };

                if (OSVersion.IsAboveOrEqual(WindowsVersion.Vista))
                    trustData.ProvFlags = WtdProvFlags.CacheOnlyUrlRetrieval;

                using (MemoryAlloc mem = new MemoryAlloc(wci.Size))
                {
                    mem.WriteStruct(wci);

                    try
                    {
                        trustData.UnionData = mem;

                        uint winTrustResult = Win32.WinVerifyTrust(IntPtr.Zero, DriverActionVerify, ref trustData);

                        result = StatusToVerifyResult(winTrustResult);

                        if (result != VerifyResult.NoSignature)
                        {
                            signerName = GetSignerNameFromStateData(trustData.StateData);
                        }
                    }
                    finally
                    {
                        try
                        {
                            // Close the state data.
                            trustData.StateAction = WtdStateAction.Close;
                            Win32.WinVerifyTrust(IntPtr.Zero, DriverActionVerify, ref trustData);
                        }
                        finally
                        {
                            Win32.CryptCATAdminReleaseCatalogContext(catAdmin, catInfo, 0);
                            Win32.CryptCATAdminReleaseContext(catAdmin, 0);
                            mem.DestroyStruct<WintrustCatalogInfo>();
                        }
                    }
                }
            }

            return result;
        }