internal static WINTRUST_DATA InitWintrustDataStructFromBlob(WINTRUST_BLOB_INFO wbi) { WINTRUST_DATA wtd = new WINTRUST_DATA(); wtd.cbStruct = (DWORD)Marshal.SizeOf(wbi); wtd.pPolicyCallbackData = IntPtr.Zero; wtd.pSIPClientData = IntPtr.Zero; wtd.dwUIChoice = (DWORD)WintrustUIChoice.WTD_UI_NONE; wtd.fdwRevocationChecks = 0; wtd.dwUnionChoice = (DWORD)WintrustUnionChoice.WTD_CHOICE_BLOB; IntPtr pBlob = Marshal.AllocCoTaskMem(Marshal.SizeOf(wbi)); Marshal.StructureToPtr(wbi, pBlob, false); wtd.Choice.pBlob = pBlob; wtd.dwStateAction = (DWORD)WintrustAction.WTD_STATEACTION_VERIFY; wtd.hWVTStateData = IntPtr.Zero; wtd.pwszURLReference = null; wtd.dwProvFlags = 0; return wtd; }
public static bool CheckFileDigitalSignature(string fileName) { Guid wintrust_action_generic_verify_v2 = new Guid("{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}"); WINTRUST_FILE_INFO fileInfo = new WINTRUST_FILE_INFO(fileName, Guid.Empty); WINTRUST_DATA data = new WINTRUST_DATA(fileInfo); uint ret = 0; using (SignCheckerUnmanagedPointer guidPtr = new SignCheckerUnmanagedPointer(Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Guid))), SignChecker_MemoryAllocator.HGlobal)) using (SignCheckerUnmanagedPointer wvtDataPtr = new SignCheckerUnmanagedPointer(Marshal.AllocHGlobal(Marshal.SizeOf(typeof(WINTRUST_DATA))), SignChecker_MemoryAllocator.HGlobal)) { IntPtr pGuid = guidPtr; IntPtr pData = wvtDataPtr; Marshal.StructureToPtr(wintrust_action_generic_verify_v2, pGuid, false); Marshal.StructureToPtr(data, pData, false); ret = WinVerifyTrust(IntPtr.Zero, pGuid, pData); } if (ret != 0) { return(false); } return(true); }
/// <summary> /// Checks if a file has a valid Authenticode signature. /// </summary> /// <param name="filePath">The path of a file to be checked.</param> /// <returns><c>true</c> if the file has a valid signature; otherwise, <c>false</c>.</returns> /// <exception cref="ArgumentException">Thrown if <paramref name="filePath" /> /// is either <c>null</c> or an empty string.</exception> public override bool IsValid(string filePath) { if (string.IsNullOrEmpty(filePath)) { throw new ArgumentException(Strings.ArgumentCannotBeNullOrEmpty, nameof(filePath)); } var WINTRUST_ACTION_GENERIC_VERIFY_V2 = new Guid("{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}"); using (var pFilePath = new SafeCoTaskMem(filePath)) { var fileInfo = new WINTRUST_FILE_INFO() { pcwszFilePath = pFilePath.DangerousGetHandle() }; using (var pFile = new SafeCoTaskMem((int)fileInfo.cbStruct)) { Marshal.StructureToPtr(fileInfo, pFile.DangerousGetHandle(), fDeleteOld: false); var data = new WINTRUST_DATA() { pFile = pFile.DangerousGetHandle() }; return(WinVerifyTrust(IntPtr.Zero, WINTRUST_ACTION_GENERIC_VERIFY_V2, data) == 0); } } }
private static uint WinVerifyTrust(string fileName) { Guid wintrust_action_generic_verify_v2 = new Guid("{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}"); uint result = 0; using (WINTRUST_FILE_INFO fileInfo = new WINTRUST_FILE_INFO(fileName, Guid.Empty)) using (UnmanagedPointer guidPtr = new UnmanagedPointer(Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Guid))), AllocMethod.HGlobal)) using (UnmanagedPointer wvtDataPtr = new UnmanagedPointer(Marshal.AllocHGlobal(Marshal.SizeOf(typeof(WINTRUST_DATA))), AllocMethod.HGlobal)) { WINTRUST_DATA data = new WINTRUST_DATA(fileInfo); IntPtr pGuid = guidPtr; IntPtr pData = wvtDataPtr; Marshal.StructureToPtr(wintrust_action_generic_verify_v2, pGuid, true); Marshal.StructureToPtr(data, pData, true); result = WinVerifyTrust(IntPtr.Zero, pGuid, pData); } return(result); }
public static unsafe SignatureVerificationResult VerifyAuthenticodeTrust( ProviderFlags flags, string file) { var fileInfo = new WINTRUST_FILE_INFO(); var wintrustData = new WINTRUST_DATA(); try { fileInfo.cbStruct = Marshal.SizeOf(typeof(WINTRUST_FILE_INFO)); fileInfo.pcwszFilePath = Marshal.StringToHGlobalAuto(file); wintrustData.cbStruct = Marshal.SizeOf(typeof(WINTRUST_DATA)); wintrustData.dwUIChoice = WTD_UI_NONE; wintrustData.dwUnionChoice = WTD_CHOICE_FILE; wintrustData.fdwRevocationChecks = WTD_REVOKE_WHOLECHAIN; wintrustData.pFile = &fileInfo; wintrustData.dwStateAction = WTD_STATEACTION_VERIFY; wintrustData.dwProvFlags = flags; wintrustData.dwUIContext = WTD_UICONTEXT_INSTALL; try { fixed(Guid *pgActionID = &WINTRUST_ACTION_GENERIC_VERIFY_V2) return(WinVerifyTrust(IntPtr.Zero, pgActionID, &wintrustData)); } finally { wintrustData.dwStateAction = WTD_STATEACTION_CLOSE; fixed(Guid *pgActionID = &WINTRUST_ACTION_GENERIC_VERIFY_V2) WinVerifyTrust(IntPtr.Zero, pgActionID, &wintrustData); } } finally { Marshal.FreeHGlobal(fileInfo.pcwszFilePath); } }
public static bool IsSigned(string filePath) { if (filePath == null) { throw new ArgumentNullException(nameof(filePath)); } var file = new WINTRUST_FILE_INFO(); file.cbStruct = Marshal.SizeOf(typeof(WINTRUST_FILE_INFO)); file.pcwszFilePath = filePath; var data = new WINTRUST_DATA(); data.cbStruct = Marshal.SizeOf(typeof(WINTRUST_DATA)); data.dwUIChoice = WTD_UI_NONE; data.dwUnionChoice = WTD_CHOICE_FILE; data.fdwRevocationChecks = WTD_REVOKE_NONE; data.pFile = Marshal.AllocHGlobal(file.cbStruct); Marshal.StructureToPtr(file, data.pFile, false); int hr; try { hr = WinVerifyTrust(INVALID_HANDLE_VALUE, WINTRUST_ACTION_GENERIC_VERIFY_V2, ref data); } finally { Marshal.FreeHGlobal(data.pFile); } return(hr == 0); }
public static uint WinVerifyTrustWrapper( IntPtr hwnd, ref Guid action, [In, Out] ref WINTRUST_DATA winVerifyTrustData) { BinaryParsers.PlatformSpecificHelpers.ThrowIfNotOnWindows(); return(WinVerifyTrust(hwnd, ref action, ref winVerifyTrustData)); }
public static bool Signed(string filePath) { if (string.IsNullOrWhiteSpace(filePath)) { Log.Error("SIGNED: File Path cannot be Null"); } else { try { var File = new WINTRUST_FILE_INFO { cbStruct = Marshal.SizeOf(typeof(WINTRUST_FILE_INFO)), pcwszFilePath = filePath }; var Data = new WINTRUST_DATA { cbStruct = Marshal.SizeOf(typeof(WINTRUST_DATA)), dwUIChoice = WTD_UI_NONE, dwUnionChoice = WTD_CHOICE_FILE, fdwRevocationChecks = WTD_REVOKE_NONE, pFile = Marshal.AllocHGlobal(File.cbStruct) }; Marshal.StructureToPtr(File, Data.pFile, false); int hr; try { hr = WinVerifyTrust(INVALID_HANDLE_VALUE, WINTRUST_ACTION_GENERIC_VERIFY_V2, ref Data); } finally { Marshal.FreeHGlobal(Data.pFile); } return(hr == 0); } catch (Exception Error) { LogToFileAddons.OpenLog("SIGNED", null, Error, null, true); return(false); } } return(false); }
internal static WINTRUST_DATA InitWintrustDataStructFromBlob(WINTRUST_BLOB_INFO wbi) { WINTRUST_DATA wintrust_data = new WINTRUST_DATA { cbStruct = (int)Marshal.SizeOf(wbi), pPolicyCallbackData = IntPtr.Zero, pSIPClientData = IntPtr.Zero, dwUIChoice = 2, fdwRevocationChecks = 0, dwUnionChoice = 3 }; IntPtr ptr = Marshal.AllocCoTaskMem(Marshal.SizeOf(wbi)); Marshal.StructureToPtr(wbi, ptr, false); wintrust_data.Choice.pBlob = ptr; wintrust_data.dwStateAction = 1; wintrust_data.hWVTStateData = IntPtr.Zero; wintrust_data.pwszURLReference = null; wintrust_data.dwProvFlags = 0; return(wintrust_data); }
internal static uint DestroyWintrustDataStruct(WINTRUST_DATA wtd) { uint num = 0x80004005; IntPtr zero = IntPtr.Zero; IntPtr ptr = IntPtr.Zero; Guid structure = new Guid("00AAC56B-CD44-11d0-8CC2-00C04FC295EE"); try { zero = Marshal.AllocCoTaskMem(Marshal.SizeOf(structure)); Marshal.StructureToPtr(structure, zero, false); wtd.dwStateAction = 2; ptr = Marshal.AllocCoTaskMem(Marshal.SizeOf(wtd)); Marshal.StructureToPtr(wtd, ptr, false); num = WinVerifyTrust(IntPtr.Zero, zero, ptr); wtd = (WINTRUST_DATA)Marshal.PtrToStructure(ptr, typeof(WINTRUST_DATA)); } finally { Marshal.DestroyStructure(ptr, typeof(WINTRUST_DATA)); Marshal.FreeCoTaskMem(ptr); Marshal.DestroyStructure(zero, typeof(Guid)); Marshal.FreeCoTaskMem(zero); } if (wtd.dwUnionChoice == 3) { WINTRUST_BLOB_INFO wintrust_blob_info = (WINTRUST_BLOB_INFO)Marshal.PtrToStructure(wtd.Choice.pBlob, typeof(WINTRUST_BLOB_INFO)); Marshal.FreeCoTaskMem(wintrust_blob_info.pbMemObject); Marshal.DestroyStructure(wtd.Choice.pBlob, typeof(WINTRUST_BLOB_INFO)); Marshal.FreeCoTaskMem(wtd.Choice.pBlob); return(num); } Marshal.DestroyStructure(wtd.Choice.pFile, typeof(WINTRUST_FILE_INFO)); Marshal.FreeCoTaskMem(wtd.Choice.pFile); return(num); }
public static extern uint WinVerifyTrust(int WindowHandle, ref GUID Action, ref WINTRUST_DATA Data);
internal static extern int WinVerifyTrust( IntPtr hWnd, [MarshalAs(UnmanagedType.LPStruct)] Guid actionId, ref WINTRUST_DATA pData );
internal static void Main(string[] args) { string fileName = args[0]; IntPtr hWind = IntPtr.Zero; Guid WINTRUST_ACTION_GENERIC_VERIFY_V2 = new Guid("{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}"); byte[] actionIdBytes = WINTRUST_ACTION_GENERIC_VERIFY_V2.ToByteArray(); IntPtr pcwszFilePath = Marshal.StringToHGlobalAuto(fileName); try { WINTRUST_FILE_INFO File = new WINTRUST_FILE_INFO() { cbStruct = Marshal.SizeOf(typeof(WINTRUST_FILE_INFO)), pcwszFilePath = pcwszFilePath, hFile = IntPtr.Zero, pgKnownSubject = IntPtr.Zero, }; IntPtr ptrFile = Marshal.AllocHGlobal(File.cbStruct); try { Marshal.StructureToPtr(File, ptrFile, false); WINTRUST_DATA WVTData = new WINTRUST_DATA() { cbStruct = Marshal.SizeOf(typeof(WINTRUST_DATA)), pPolicyCallbackData = IntPtr.Zero, pSIPClientData = IntPtr.Zero, dwUIChoice = WTD_UI_NONE, fdwRevocationChecks = WTD_REVOKE_NONE, dwUnionChoice = WTD_CHOICE_FILE, pFile = ptrFile, dwStateAction = WTD_STATEACTION_IGNORE, hWVTStateData = IntPtr.Zero, pwszURLReference = IntPtr.Zero, dwProvFlags = WTD_REVOCATION_CHECK_NONE, dwUIContext = WTD_UICONTEXT_EXECUTE, pSignatureSettings = IntPtr.Zero, }; // N.B. Use of this member is only supported on Windows 8 and Windows Server 2012 (and later) WINTRUST_SIGNATURE_SETTINGS signatureSettings = default(WINTRUST_SIGNATURE_SETTINGS); bool canUseSignatureSettings = Environment.OSVersion.Version > new Version(6, 2, 0, 0); IntPtr pSignatureSettings = IntPtr.Zero; if (canUseSignatureSettings) { // Setup WINTRUST_SIGNATURE_SETTINGS to get the number of signatures in the file signatureSettings = new WINTRUST_SIGNATURE_SETTINGS() { cbStruct = Marshal.SizeOf(typeof(WINTRUST_SIGNATURE_SETTINGS)), dwIndex = 0, dwFlags = WSS_GET_SECONDARY_SIG_COUNT, cSecondarySigs = 0, dwVerifiedSigIndex = 0, pCryptoPolicy = IntPtr.Zero, }; pSignatureSettings = Marshal.AllocHGlobal(signatureSettings.cbStruct); } try { if (pSignatureSettings != IntPtr.Zero) { Marshal.StructureToPtr(signatureSettings, pSignatureSettings, false); WVTData.pSignatureSettings = pSignatureSettings; } IntPtr pgActionID = Marshal.AllocHGlobal(actionIdBytes.Length); try { Marshal.Copy(actionIdBytes, 0, pgActionID, actionIdBytes.Length); IntPtr pWVTData = Marshal.AllocHGlobal(WVTData.cbStruct); try { Marshal.StructureToPtr(WVTData, pWVTData, false); int hRESULT = WinVerifyTrust(hWind, pgActionID, pWVTData); if (hRESULT == 0) { if (pSignatureSettings != IntPtr.Zero) { // Read back the signature settings signatureSettings = (WINTRUST_SIGNATURE_SETTINGS)Marshal.PtrToStructure(pSignatureSettings, typeof(WINTRUST_SIGNATURE_SETTINGS)); } int signatureCount = signatureSettings.cSecondarySigs + 1; Console.WriteLine("File: {0}", fileName); Console.WriteLine("Authenticode signatures: {0}", signatureCount); Console.WriteLine(); for (int dwIndex = 0; dwIndex < signatureCount; dwIndex++) { if (pSignatureSettings != IntPtr.Zero) { signatureSettings.dwIndex = dwIndex; signatureSettings.dwFlags = WSS_VERIFY_SPECIFIC; Marshal.StructureToPtr(signatureSettings, pSignatureSettings, false); } WVTData.dwStateAction = WTD_STATEACTION_VERIFY; WVTData.hWVTStateData = IntPtr.Zero; Marshal.StructureToPtr(WVTData, pWVTData, false); hRESULT = WinVerifyTrust(hWind, pgActionID, pWVTData); try { if (hRESULT == 0) { WVTData = (WINTRUST_DATA)Marshal.PtrToStructure(pWVTData, typeof(WINTRUST_DATA)); IntPtr ptrProvData = WTHelperProvDataFromStateData(WVTData.hWVTStateData); CRYPT_PROVIDER_DATA provData = (CRYPT_PROVIDER_DATA)Marshal.PtrToStructure(ptrProvData, typeof(CRYPT_PROVIDER_DATA)); for (int idxSigner = 0; idxSigner < provData.csSigners; idxSigner++) { IntPtr ptrProvSigner = WTHelperGetProvSignerFromChain(ptrProvData, idxSigner, false, 0); CRYPT_PROVIDER_SGNR ProvSigner = (CRYPT_PROVIDER_SGNR)Marshal.PtrToStructure(ptrProvSigner, typeof(CRYPT_PROVIDER_SGNR)); CMSG_SIGNER_INFO Signer = (CMSG_SIGNER_INFO)Marshal.PtrToStructure(ProvSigner.psSigner, typeof(CMSG_SIGNER_INFO)); if (Signer.HashAlgorithm.pszObjId != IntPtr.Zero) { string objId = Marshal.PtrToStringAnsi(Signer.HashAlgorithm.pszObjId); if (objId != null) { Oid hashOid = Oid.FromOidValue(objId, OidGroup.All); if (hashOid != null) { Console.WriteLine("Hash algorithm of signature {0}: {1}.", dwIndex + 1, hashOid.FriendlyName); } } } IntPtr ptrCert = WTHelperGetProvCertFromChain(ptrProvSigner, idxSigner); CRYPT_PROVIDER_CERT cert = (CRYPT_PROVIDER_CERT)Marshal.PtrToStructure(ptrCert, typeof(CRYPT_PROVIDER_CERT)); if (cert.cbStruct > 0) { X509Certificate2 certificate = new X509Certificate2(cert.pCert); Console.WriteLine("Certificate thumbprint of signature {0}: {1}", dwIndex + 1, certificate.Thumbprint); } if (ProvSigner.sftVerifyAsOf.dwHighDateTime != provData.sftSystemTime.dwHighDateTime && ProvSigner.sftVerifyAsOf.dwLowDateTime != provData.sftSystemTime.dwLowDateTime) { DateTime timestamp = DateTime.FromFileTimeUtc(((long)ProvSigner.sftVerifyAsOf.dwHighDateTime << 32) | (uint)ProvSigner.sftVerifyAsOf.dwLowDateTime); Console.WriteLine("Timestamp of signature {0}: {1}", dwIndex + 1, timestamp); } } } } finally { WVTData.dwStateAction = WTD_STATEACTION_CLOSE; Marshal.StructureToPtr(WVTData, pWVTData, false); hRESULT = WinVerifyTrust(hWind, pgActionID, pWVTData); } Console.WriteLine(); } } else if ((uint)hRESULT == 0x800b0100) { Console.WriteLine("{0} has no Authenticode signatures.", fileName); } } finally { Marshal.FreeHGlobal(pWVTData); } } finally { Marshal.FreeHGlobal(pgActionID); } } finally { if (pSignatureSettings != IntPtr.Zero) { Marshal.FreeHGlobal(pSignatureSettings); } } } finally { Marshal.FreeHGlobal(ptrFile); } } finally { Marshal.FreeHGlobal(pcwszFilePath); } Console.WriteLine("Press enter to exit."); Console.ReadLine(); }
public static extern int WinVerifyTrust(IntPtr hWnd, ref Guid pgActionID, ref WINTRUST_DATA pWVTData);
internal static WINTRUST_DATA InitWintrustDataStructFromFile(WINTRUST_FILE_INFO wfi) { WINTRUST_DATA wintrust_data; wintrust_data = new WINTRUST_DATA { cbStruct = (int)Marshal.SizeOf(typeof(WINTRUST_FILE_INFO)), pPolicyCallbackData = IntPtr.Zero, pSIPClientData = IntPtr.Zero, dwUIChoice = 2, fdwRevocationChecks = 0, dwUnionChoice = 1 }; IntPtr ptr = Marshal.AllocCoTaskMem(Marshal.SizeOf(wfi)); Marshal.StructureToPtr(wfi, ptr, false); wintrust_data.Choice.pFile = ptr; wintrust_data.dwStateAction = 1; wintrust_data.hWVTStateData = IntPtr.Zero; wintrust_data.pwszURLReference = null; wintrust_data.dwProvFlags = 0; return wintrust_data; }
private static extern uint WinVerifyTrust( IntPtr hwnd, ref Guid action, [In, Out] ref WINTRUST_DATA winVerifyTrustData);
internal static uint DestroyWintrustDataStruct(WINTRUST_DATA wtd) { uint num = 0x80004005; IntPtr zero = IntPtr.Zero; IntPtr ptr = IntPtr.Zero; Guid structure = new Guid("00AAC56B-CD44-11d0-8CC2-00C04FC295EE"); try { zero = Marshal.AllocCoTaskMem(Marshal.SizeOf(structure)); Marshal.StructureToPtr(structure, zero, false); wtd.dwStateAction = 2; ptr = Marshal.AllocCoTaskMem(Marshal.SizeOf(wtd)); Marshal.StructureToPtr(wtd, ptr, false); num = WinVerifyTrust(IntPtr.Zero, zero, ptr); wtd = (WINTRUST_DATA) Marshal.PtrToStructure(ptr, typeof(WINTRUST_DATA)); } finally { Marshal.DestroyStructure(ptr, typeof(WINTRUST_DATA)); Marshal.FreeCoTaskMem(ptr); Marshal.DestroyStructure(zero, typeof(Guid)); Marshal.FreeCoTaskMem(zero); } if (wtd.dwUnionChoice == 3) { WINTRUST_BLOB_INFO wintrust_blob_info = (WINTRUST_BLOB_INFO) Marshal.PtrToStructure(wtd.Choice.pBlob, typeof(WINTRUST_BLOB_INFO)); Marshal.FreeCoTaskMem(wintrust_blob_info.pbMemObject); Marshal.DestroyStructure(wtd.Choice.pBlob, typeof(WINTRUST_BLOB_INFO)); Marshal.FreeCoTaskMem(wtd.Choice.pBlob); return num; } Marshal.DestroyStructure(wtd.Choice.pFile, typeof(WINTRUST_FILE_INFO)); Marshal.FreeCoTaskMem(wtd.Choice.pFile); return num; }
internal static void FreeWVTStateData(System.IntPtr phWVTStateData) { WINTRUST_DATA wtd = new WINTRUST_DATA(); DWORD dwResult = Win32Errors.E_FAIL; IntPtr WINTRUST_ACTION_GENERIC_VERIFY_V2 = IntPtr.Zero; IntPtr wtdBuffer = IntPtr.Zero; Guid actionVerify = new Guid("00AAC56B-CD44-11d0-8CC2-00C04FC295EE"); try { WINTRUST_ACTION_GENERIC_VERIFY_V2 = Marshal.AllocCoTaskMem(Marshal.SizeOf(actionVerify)); Marshal.StructureToPtr(actionVerify, WINTRUST_ACTION_GENERIC_VERIFY_V2, false); wtd.cbStruct = (DWORD)Marshal.SizeOf(wtd); wtd.dwUIChoice = (DWORD)WintrustUIChoice.WTD_UI_NONE; wtd.fdwRevocationChecks = 0; wtd.dwUnionChoice = (DWORD)WintrustUnionChoice.WTD_CHOICE_BLOB; wtd.dwStateAction = (DWORD)WintrustAction.WTD_STATEACTION_CLOSE; wtd.hWVTStateData = phWVTStateData; wtdBuffer = Marshal.AllocCoTaskMem(Marshal.SizeOf(wtd)); Marshal.StructureToPtr(wtd, wtdBuffer, false); // The GetLastWin32Error of this is checked, but PreSharp doesn't seem to be // able to see that. #pragma warning disable 56523 dwResult = WinVerifyTrust( IntPtr.Zero, WINTRUST_ACTION_GENERIC_VERIFY_V2, wtdBuffer); #pragma warning enable 56523 } finally { ClrFacade.DestroyStructure<WINTRUST_DATA>(wtdBuffer); Marshal.FreeCoTaskMem(wtdBuffer); ClrFacade.DestroyStructure<Guid>(WINTRUST_ACTION_GENERIC_VERIFY_V2); Marshal.FreeCoTaskMem(WINTRUST_ACTION_GENERIC_VERIFY_V2); } }
public static WinVerifyTrustResult WinVerifyTrust(string fileName) { WINTRUST_FILE_INFO fileInfo = new WINTRUST_FILE_INFO(fileName, Guid.Empty); WINTRUST_DATA data = new WINTRUST_DATA(fileInfo); uint result; #if DEBUG uint r2; #endif using (UnmanagedPointer guidPtr = new UnmanagedPointer(typeof(Guid), true)) using (UnmanagedPointer wvtDataPtr = new UnmanagedPointer(typeof(WINTRUST_DATA), true)) { IntPtr pGuid = guidPtr; IntPtr pData = wvtDataPtr; Marshal.StructureToPtr(wintrust_action_generic_verify_v2, pGuid, false); data.dwStateAction = NativeMethods.StateAction.Verify; Marshal.StructureToPtr(data, pData, false); result = NativeMethods.WinVerifyTrust(INVALID_HANDLE_VALUE, pGuid, pData); data.dwStateAction = NativeMethods.StateAction.Close; Marshal.StructureToPtr(data, pData, true); #if DEBUG r2 = #endif NativeMethods.WinVerifyTrust(INVALID_HANDLE_VALUE, pGuid, pData); } if ((result >= (uint)NativeMethods.TrustE.ProviderUnknown) && (result <= (uint)NativeMethods.TrustE.SubjectNotTrusted)) { return((WinVerifyTrustResult)((int)(result - (uint)NativeMethods.TrustE.Unknown) + (int)WinVerifyTrustResult.FunctionCallFailed)); } switch (result) { case NativeMethods.ERROR_SUCCESS: return(WinVerifyTrustResult.Success); case (uint)NativeMethods.TrustE.FileError: return(WinVerifyTrustResult.FileError); case (uint)NativeMethods.TrustE.BadMsg: return(WinVerifyTrustResult.BadMsg); case (uint)NativeMethods.TrustE.SecuritySettings: return(WinVerifyTrustResult.SecuritySettings); case (uint)NativeMethods.TrustE.ASN1BadTag: return(WinVerifyTrustResult.ASN1BadTag); case (uint)NativeMethods.TrustE.CounterSigner: return(WinVerifyTrustResult.CounterSigner); case (uint)NativeMethods.TrustE.BadDigest: return(WinVerifyTrustResult.BadDigest); case (uint)NativeMethods.TrustE.NoSignature: return(WinVerifyTrustResult.NoSignature); case (uint)NativeMethods.TrustE.CertExpired: return(WinVerifyTrustResult.CertExpired); case (uint)NativeMethods.TrustE.CertUntrustedRoot: return(WinVerifyTrustResult.CertUntrustedRoot); case (uint)NativeMethods.TrustE.CertChaining: return(WinVerifyTrustResult.CertChaining); case (uint)NativeMethods.TrustE.CertRevoked: return(WinVerifyTrustResult.CertRevoked); case (uint)NativeMethods.TrustE.CertWrongUsage: return(WinVerifyTrustResult.CertWrongUsage); case (uint)NativeMethods.TrustE.ExplicitDistrust: return(WinVerifyTrustResult.ExplicitDistrust); default: return(WinVerifyTrustResult.FunctionCallFailed); } }
public static extern int WinVerifyTrust( [In] IntPtr hwnd, [In][MarshalAs(UnmanagedType.LPStruct)] Guid pgActionID, [In] WINTRUST_DATA pWVTData );
private static extern int WinVerifyTrust(IntPtr hwnd, [MarshalAs(UnmanagedType.LPStruct)] Guid pgActionID, ref WINTRUST_DATA pWVTData);
public static bool CheckFileDigitalSignature(string fileName) { Guid wintrust_action_generic_verify_v2 = new Guid("{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}"); WINTRUST_FILE_INFO fileInfo = new WINTRUST_FILE_INFO(fileName, Guid.Empty); WINTRUST_DATA data = new WINTRUST_DATA(fileInfo); uint ret = 0; using (SignCheckerUnmanagedPointer guidPtr = new SignCheckerUnmanagedPointer(Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Guid))), SignChecker_MemoryAllocator.HGlobal)) using (SignCheckerUnmanagedPointer wvtDataPtr = new SignCheckerUnmanagedPointer(Marshal.AllocHGlobal(Marshal.SizeOf(typeof(WINTRUST_DATA))), SignChecker_MemoryAllocator.HGlobal)) { IntPtr pGuid = guidPtr; IntPtr pData = wvtDataPtr; Marshal.StructureToPtr(wintrust_action_generic_verify_v2, pGuid, false); Marshal.StructureToPtr(data, pData, false); ret = WinVerifyTrust(IntPtr.Zero, pGuid, pData); } if (ret != 0) { return false; } return true; }
public WinVerifyTrustResult GetSign(string filePath) { var result = new WinVerifyTrustResult(); var file = new WINTRUST_FILE_INFO { cbStruct = Marshal.SizeOf(typeof(WINTRUST_FILE_INFO)), pcwszFilePath = filePath }; var data = new WINTRUST_DATA { cbStruct = Marshal.SizeOf(typeof(WINTRUST_DATA)), dwUIChoice = NativeMethods.WTD_UI_NONE, dwUnionChoice = NativeMethods.WTD_CHOICE_FILE, fdwRevocationChecks = NativeMethods.WTD_REVOKE_NONE, dwStateAction = NativeMethods.WTD_STATEACTION_VERIFY, pFile = Marshal.AllocHGlobal(file.cbStruct) }; Marshal.StructureToPtr(file, data.pFile, false); try { var hr = NativeMethods.WinVerifyTrust(NativeMethods.INVALID_HANDLE_VALUE, NativeMethods.WINTRUST_ACTION_GENERIC_VERIFY_V2, ref data); result.HasSign = (hr == NativeMethods.TRUST_SUCCESS || hr == NativeMethods.TRUST_E_BAD_DIGEST); result.IsSignValid = hr == NativeMethods.TRUST_SUCCESS; if (result.HasSign) { IntPtr ptrProvData = NativeMethods.WTHelperProvDataFromStateData(data.hWVTStateData); var lastError = Marshal.GetLastWin32Error(); if (ptrProvData == IntPtr.Zero && result.IsSignValid) { throw new Win32Exception(lastError); } IntPtr ptrProvSigner = NativeMethods.WTHelperGetProvSignerFromChain(ptrProvData, 0, false, 0); lastError = Marshal.GetLastWin32Error(); if (ptrProvSigner == IntPtr.Zero) { throw new Win32Exception(lastError); } IntPtr ptrCert = NativeMethods.WTHelperGetProvCertFromChain(ptrProvSigner, 0); lastError = Marshal.GetLastWin32Error(); if (ptrCert == IntPtr.Zero) { throw new Win32Exception(lastError); } CRYPT_PROVIDER_CERT cert = (CRYPT_PROVIDER_CERT)Marshal.PtrToStructure(ptrCert, typeof(CRYPT_PROVIDER_CERT)); using (X509Certificate2 certificate = new X509Certificate2(cert.pCert)) { result.Publisher = GetPublisherName(certificate.Subject); } } } finally { data.dwStateAction = NativeMethods.WTD_STATEACTION_CLOSE; NativeMethods.WinVerifyTrust(NativeMethods.INVALID_HANDLE_VALUE, NativeMethods.WINTRUST_ACTION_GENERIC_VERIFY_V2, ref data); Marshal.FreeHGlobal(data.pFile); } return(result); }
public static extern UInt32 WinVerifyTrust( IntPtr hwnd, ref Guid action, [In, Out] ref WINTRUST_DATA winVerifyTrustData);
internal static DWORD DestroyWintrustDataStruct(WINTRUST_DATA wtd) { DWORD dwResult = Win32Errors.E_FAIL; IntPtr WINTRUST_ACTION_GENERIC_VERIFY_V2 = IntPtr.Zero; IntPtr wtdBuffer = IntPtr.Zero; Guid actionVerify = new Guid("00AAC56B-CD44-11d0-8CC2-00C04FC295EE"); try { WINTRUST_ACTION_GENERIC_VERIFY_V2 = Marshal.AllocCoTaskMem(Marshal.SizeOf(actionVerify)); Marshal.StructureToPtr(actionVerify, WINTRUST_ACTION_GENERIC_VERIFY_V2, false); wtd.dwStateAction = (DWORD)WintrustAction.WTD_STATEACTION_CLOSE; wtdBuffer = Marshal.AllocCoTaskMem(Marshal.SizeOf(wtd)); Marshal.StructureToPtr(wtd, wtdBuffer, false); // The GetLastWin32Error of this is checked, but PreSharp doesn't seem to be // able to see that. #pragma warning disable 56523 dwResult = WinVerifyTrust( IntPtr.Zero, WINTRUST_ACTION_GENERIC_VERIFY_V2, wtdBuffer); #pragma warning enable 56523 wtd = ClrFacade.PtrToStructure<WINTRUST_DATA>(wtdBuffer); } finally { ClrFacade.DestroyStructure<WINTRUST_DATA>(wtdBuffer); Marshal.FreeCoTaskMem(wtdBuffer); ClrFacade.DestroyStructure<Guid>(WINTRUST_ACTION_GENERIC_VERIFY_V2); Marshal.FreeCoTaskMem(WINTRUST_ACTION_GENERIC_VERIFY_V2); } // Clear the blob or file info, depending on the type of // verification that was done. if (wtd.dwUnionChoice == (DWORD)WintrustUnionChoice.WTD_CHOICE_BLOB) { WINTRUST_BLOB_INFO originalBlob = (WINTRUST_BLOB_INFO)ClrFacade.PtrToStructure<WINTRUST_BLOB_INFO>(wtd.Choice.pBlob); Marshal.FreeCoTaskMem(originalBlob.pbMemObject); ClrFacade.DestroyStructure<WINTRUST_BLOB_INFO>(wtd.Choice.pBlob); Marshal.FreeCoTaskMem(wtd.Choice.pBlob); } else { ClrFacade.DestroyStructure<WINTRUST_FILE_INFO>(wtd.Choice.pFile); Marshal.FreeCoTaskMem(wtd.Choice.pFile); } return dwResult; }