public void Run(ref Report report, List <Dictionary <string, string> > list) { var searcher = new ManagementObjectSearcher("SELECT * FROM Win32_SystemDriver"); foreach (ManagementObject entry in searcher.Get()) { if (entry.GetPropertyValue("PathName") != null) { var description = entry.GetPropertyValue("Description").ToString().Trim(); var path = entry.GetPropertyValue("PathName").ToString().Trim(); var exists = File.Exists(path); if (DriverWhitelist.IsWhitelisted(path, description)) { continue; } var signed = !exists || Authenticode.IsSigned(path); list.Add(new Dictionary <string, string> { { "token", "Drv" }, { "path", path }, { "description", "(" + entry.GetPropertyValue("Description") + ")" }, { "exists", !exists ? "[b](file not found)[/b]" : null }, { "signed", !signed ? "[b](file not signed)[/b]" : null }, }); } } list.Sort((entry1, entry2) => entry1["path"].CompareTo(entry2["path"])); report.Add(list); }
public List <Dictionary <string, string> > Run(List <string> arguments, List <Dictionary <string, string> > list) { foreach (string file in arguments) { if (!File.Exists(file)) { list.Add(new Dictionary <string, string> { { "token", "Signature" }, { "raw", "Could not find " + file }, }); continue; } bool isSigned = Authenticode.IsSigned(file); list.Add(new Dictionary <string, string> { { "token", "Signature" }, { "raw", file + " is" + (isSigned ? " " : " not ") + "signed" }, }); } return(list); }
public static bool IsWhitelisted(string key, string value) { if (whitelist.ContainsKey(key) && whitelist[key] == value) { return(Authenticode.IsSigned(key)); } return(false); }
private void DownloadUpdateCompleted(object sender, AsyncCompletedEventArgs e) { var raiseEventArgs = e; if (!e.Cancelled && e.Error == null) { try { #if !PORTABLE var updateAuthenticode = new Authenticode(_currentUpdateInfo.UpdateFilePath) { RequireThumbprintMatch = true, ThumbprintToMatch = _currentUpdateInfo.CertificateThumbprint }; if (updateAuthenticode.Verify() != Authenticode.StatusValue.Verified) { if (updateAuthenticode.Status == Authenticode.StatusValue.UnhandledException) { throw (updateAuthenticode.Exception); } throw (new Exception(updateAuthenticode.StatusMessage)); } #else using (var md5 = MD5.Create()) { using (var stream = File.OpenRead(_currentUpdateInfo.UpdateFilePath)) { var hash = md5.ComputeHash(stream); var hashString = BitConverter.ToString(hash).Replace("-", ""); if (!hashString.Equals(_currentUpdateInfo.CertificateThumbprint)) { throw new Exception("MD5 Hashes didn't match!"); } } } #endif } catch (Exception ex) { raiseEventArgs = new AsyncCompletedEventArgs(ex, false, null); } } if (raiseEventArgs.Cancelled || raiseEventArgs.Error != null) { File.Delete(_currentUpdateInfo.UpdateFilePath); } DownloadUpdateCompletedEventEvent?.Invoke(this, raiseEventArgs); _downloadUpdateWebClient.Dispose(); _downloadUpdateWebClient = null; }
public void Run(ref Report report, List <Dictionary <string, string> > list) { foreach (var file in files) { var exists = File.Exists(file); list.Add(new Dictionary <string, string> { { "token", "Sig" }, { "file", file }, { "signed", exists ? !Authenticode.IsSigned(file, true) ? "[b]is not signed[/b]" : "is signed" : "[b]does not exist[/b]" } }); } report.Add(list); }
private void DownloadUpdateCompleted(object sender, AsyncCompletedEventArgs e) { AsyncCompletedEventArgs raiseEventArgs = e; if (!e.Cancelled && e.Error == null) { try { Authenticode updateAuthenticode = new Authenticode(_currentUpdateInfo.UpdateFilePath); updateAuthenticode.RequireThumbprintMatch = true; updateAuthenticode.ThumbprintToMatch = _currentUpdateInfo.CertificateThumbprint; if (updateAuthenticode.Verify() != Authenticode.StatusValue.Verified) { if (updateAuthenticode.Status == Authenticode.StatusValue.UnhandledException) { throw (updateAuthenticode.Exception); } else { throw (new Exception(updateAuthenticode.StatusMessage)); } } } catch (Exception ex) { raiseEventArgs = new AsyncCompletedEventArgs(ex, false, null); } } if (raiseEventArgs.Cancelled || raiseEventArgs.Error != null) { File.Delete(_currentUpdateInfo.UpdateFilePath); } if (DownloadUpdateCompletedEventEvent != null) { DownloadUpdateCompletedEventEvent(this, raiseEventArgs); } _downloadUpdateWebClient.Dispose(); _downloadUpdateWebClient = null; }
private FilePropertiesInfo(FileInfo fileInfo) { if (fileInfo == null) { return; } if (!fileInfo.Exists) { Logger.GetInstance(typeof(FilePropertiesInfo)).Warn("Can not find " + fileInfo.FullName + " to get properties"); return; } X509Certificate certificate = null; try { certificate = X509Certificate.CreateFromSignedFile(fileInfo.FullName); } catch (Exception) { var key = Sha1.GetInstance().GenerateInHex( fileInfo.FullName + "_" + Util.Convert.ToTimestampInMilli(DateTime.UtcNow) / ErrorPathCacheTimeInMilli ); if (string.IsNullOrEmpty(key)) { Logger.GetInstance(typeof(FilePropertiesInfo)).Warn("Can not find certificate from file " + fileInfo.FullName); } else if (!CachedErrorPaths.Contains(key)) { Logger.GetInstance(typeof(FilePropertiesInfo)).Warn("Can not find certificate from file " + fileInfo.FullName); CachedErrorPaths.Add(key); } } if (certificate != null) { IssuerDistinguishedName = certificate.Issuer; IssuerName = DistinguishedName.Parse(IssuerDistinguishedName).O; SubjectDistinguishedName = certificate.Subject; SubjectName = DistinguishedName.Parse(SubjectDistinguishedName).O; PublicKey = certificate.GetPublicKeyString(); Verified = Authenticode.IsVerified(fileInfo); } var versionInfo = FileVersionInfo.GetVersionInfo(fileInfo.FullName); try { Version = string.Format( CultureInfo.InvariantCulture, @"{0}.{1}.{2}.{3}", versionInfo.FileMajorPart, versionInfo.FileMinorPart, versionInfo.FileBuildPart, versionInfo.FilePrivatePart ); } catch (Exception) { Logger.GetInstance(typeof(FilePropertiesInfo)).Warn("Can not find version from file " + fileInfo.FullName); Version = "0.0.0.0"; } try { ProductVersion = string.Format( CultureInfo.InvariantCulture, @"{0}.{1}.{2}.{3}", versionInfo.ProductMajorPart, versionInfo.ProductMinorPart, versionInfo.ProductBuildPart, versionInfo.ProductPrivatePart ); } catch (Exception) { Logger.GetInstance(typeof(FilePropertiesInfo)).Warn("Can not find product version from file " + fileInfo.FullName); ProductVersion = "0.0.0.0"; } if (Verified) { TimestampList.AddRange(Authenticode.GetTimestampList(fileInfo)); } }