public void Run(ref Report report, List <Dictionary <string, string> > list)
{
var searcher = new ManagementObjectSearcher("SELECT * FROM Win32_SystemDriver");
foreach (ManagementObject entry in searcher.Get())
{
if (entry.GetPropertyValue("PathName") != null)
{
var description = entry.GetPropertyValue("Description").ToString().Trim();
var path = entry.GetPropertyValue("PathName").ToString().Trim();
var exists = File.Exists(path);
if (DriverWhitelist.IsWhitelisted(path, description))
{
continue;
}
var signed = !exists || Authenticode.IsSigned(path);
list.Add(new Dictionary <string, string>
{
{ "token", "Drv" },
{ "path", path },
{ "description", "(" + entry.GetPropertyValue("Description") + ")" },
{ "exists", !exists ? "[b](file not found)[/b]" : null },
{ "signed", !signed ? "[b](file not signed)[/b]" : null },
});
}
}
list.Sort((entry1, entry2) => entry1["path"].CompareTo(entry2["path"]));
report.Add(list);
}
public List <Dictionary <string, string> > Run(List <string> arguments, List <Dictionary <string, string> > list)
{
foreach (string file in arguments)
{
if (!File.Exists(file))
{
list.Add(new Dictionary <string, string>
{
{ "token", "Signature" },
{ "raw", "Could not find " + file },
});
continue;
}
bool isSigned = Authenticode.IsSigned(file);
list.Add(new Dictionary <string, string>
{
{ "token", "Signature" },
{ "raw", file + " is" + (isSigned ? " " : " not ") + "signed" },
});
}
return(list);
}
public static bool IsWhitelisted(string key, string value)
{
if (whitelist.ContainsKey(key) && whitelist[key] == value)
{
return(Authenticode.IsSigned(key));
}
return(false);
}
private void DownloadUpdateCompleted(object sender, AsyncCompletedEventArgs e)
{
var raiseEventArgs = e;
if (!e.Cancelled && e.Error == null)
{
try
{
#if !PORTABLE
var updateAuthenticode = new Authenticode(_currentUpdateInfo.UpdateFilePath)
{
RequireThumbprintMatch = true,
ThumbprintToMatch = _currentUpdateInfo.CertificateThumbprint
};
if (updateAuthenticode.Verify() != Authenticode.StatusValue.Verified)
{
if (updateAuthenticode.Status == Authenticode.StatusValue.UnhandledException)
{
throw (updateAuthenticode.Exception);
}
throw (new Exception(updateAuthenticode.StatusMessage));
}
#else
using (var md5 = MD5.Create())
{
using (var stream = File.OpenRead(_currentUpdateInfo.UpdateFilePath))
{
var hash = md5.ComputeHash(stream);
var hashString = BitConverter.ToString(hash).Replace("-", "");
if (!hashString.Equals(_currentUpdateInfo.CertificateThumbprint))
{
throw new Exception("MD5 Hashes didn't match!");
}
}
}
#endif
}
catch (Exception ex)
{
raiseEventArgs = new AsyncCompletedEventArgs(ex, false, null);
}
}
if (raiseEventArgs.Cancelled || raiseEventArgs.Error != null)
{
File.Delete(_currentUpdateInfo.UpdateFilePath);
}
DownloadUpdateCompletedEventEvent?.Invoke(this, raiseEventArgs);
_downloadUpdateWebClient.Dispose();
_downloadUpdateWebClient = null;
}
public void Run(ref Report report, List <Dictionary <string, string> > list)
{
foreach (var file in files)
{
var exists = File.Exists(file);
list.Add(new Dictionary <string, string>
{
{ "token", "Sig" },
{ "file", file },
{ "signed", exists
? !Authenticode.IsSigned(file, true) ? "[b]is not signed[/b]" : "is signed"
: "[b]does not exist[/b]" }
});
}
report.Add(list);
}
private void DownloadUpdateCompleted(object sender, AsyncCompletedEventArgs e)
{
AsyncCompletedEventArgs raiseEventArgs = e;
if (!e.Cancelled && e.Error == null)
{
try
{
Authenticode updateAuthenticode = new Authenticode(_currentUpdateInfo.UpdateFilePath);
updateAuthenticode.RequireThumbprintMatch = true;
updateAuthenticode.ThumbprintToMatch = _currentUpdateInfo.CertificateThumbprint;
if (updateAuthenticode.Verify() != Authenticode.StatusValue.Verified)
{
if (updateAuthenticode.Status == Authenticode.StatusValue.UnhandledException)
{
throw (updateAuthenticode.Exception);
}
else
{
throw (new Exception(updateAuthenticode.StatusMessage));
}
}
}
catch (Exception ex)
{
raiseEventArgs = new AsyncCompletedEventArgs(ex, false, null);
}
}
if (raiseEventArgs.Cancelled || raiseEventArgs.Error != null)
{
File.Delete(_currentUpdateInfo.UpdateFilePath);
}
if (DownloadUpdateCompletedEventEvent != null)
{
DownloadUpdateCompletedEventEvent(this, raiseEventArgs);
}
_downloadUpdateWebClient.Dispose();
_downloadUpdateWebClient = null;
}
private FilePropertiesInfo(FileInfo fileInfo)
{
if (fileInfo == null)
{
return;
}
if (!fileInfo.Exists)
{
Logger.GetInstance(typeof(FilePropertiesInfo)).Warn("Can not find " + fileInfo.FullName + " to get properties");
return;
}
X509Certificate certificate = null;
try
{
certificate = X509Certificate.CreateFromSignedFile(fileInfo.FullName);
}
catch (Exception)
{
var key = Sha1.GetInstance().GenerateInHex(
fileInfo.FullName + "_" + Util.Convert.ToTimestampInMilli(DateTime.UtcNow) / ErrorPathCacheTimeInMilli
);
if (string.IsNullOrEmpty(key))
{
Logger.GetInstance(typeof(FilePropertiesInfo)).Warn("Can not find certificate from file " + fileInfo.FullName);
}
else if (!CachedErrorPaths.Contains(key))
{
Logger.GetInstance(typeof(FilePropertiesInfo)).Warn("Can not find certificate from file " + fileInfo.FullName);
CachedErrorPaths.Add(key);
}
}
if (certificate != null)
{
IssuerDistinguishedName = certificate.Issuer;
IssuerName = DistinguishedName.Parse(IssuerDistinguishedName).O;
SubjectDistinguishedName = certificate.Subject;
SubjectName = DistinguishedName.Parse(SubjectDistinguishedName).O;
PublicKey = certificate.GetPublicKeyString();
Verified = Authenticode.IsVerified(fileInfo);
}
var versionInfo = FileVersionInfo.GetVersionInfo(fileInfo.FullName);
try
{
Version = string.Format(
CultureInfo.InvariantCulture,
@"{0}.{1}.{2}.{3}",
versionInfo.FileMajorPart,
versionInfo.FileMinorPart,
versionInfo.FileBuildPart,
versionInfo.FilePrivatePart
);
}
catch (Exception)
{
Logger.GetInstance(typeof(FilePropertiesInfo)).Warn("Can not find version from file " + fileInfo.FullName);
Version = "0.0.0.0";
}
try
{
ProductVersion = string.Format(
CultureInfo.InvariantCulture,
@"{0}.{1}.{2}.{3}",
versionInfo.ProductMajorPart,
versionInfo.ProductMinorPart,
versionInfo.ProductBuildPart,
versionInfo.ProductPrivatePart
);
}
catch (Exception)
{
Logger.GetInstance(typeof(FilePropertiesInfo)).Warn("Can not find product version from file " + fileInfo.FullName);
ProductVersion = "0.0.0.0";
}
if (Verified)
{
TimestampList.AddRange(Authenticode.GetTimestampList(fileInfo));
}
}
