验证微软数字签名

发表于 分类于

代码共享如下,在Win2K sp4/WinXP sp2上调试通过。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
BOOL CheckFileTrust( LPCWSTR lpFileName )
{
        BOOL bRet = FALSE;
    WINTRUST_DATA wd = { 0 };
    WINTRUST_FILE_INFO wfi = { 0 };
    WINTRUST_CATALOG_INFO wci = { 0 };
    CATALOG_INFO ci = { 0 };

    HCATADMIN hCatAdmin = NULL;
    <FONT color=blue>if</FONT> ( !CryptCATAdminAcquireContext( &amp;hCatAdmin, NULL, 0 ) )
    {
            <FONT color=blue>return</FONT> FALSE;
    }

    HANDLE hFile = CreateFileW( lpFileName, GENERIC_READ, FILE_SHARE_READ,
        NULL, OPEN_EXISTING, 0, NULL );
    <FONT color=blue>if</FONT> ( INVALID_HANDLE_VALUE == hFile )
    {
            CryptCATAdminReleaseContext( hCatAdmin, 0 );
        <FONT color=blue>return</FONT> FALSE;
    }

    DWORD dwCnt = 100;
    BYTE byHash[100];
    CryptCATAdminCalcHashFromFileHandle( hFile, &amp;dwCnt, byHash, 0 );
    CloseHandle( hFile );

    LPWSTR pszMemberTag = <FONT color=blue>new</FONT> WCHAR[dwCnt * 2 + 1];
    <FONT color=blue>for</FONT> ( DWORD dw = 0; dw &lt; dwCnt; ++dw )
    {
            wsprintfW( &amp;pszMemberTag[dw * 2], L"%02X", byHash[dw] );
    }

    HCATINFO hCatInfo = CryptCATAdminEnumCatalogFromHash( hCatAdmin,
        byHash, dwCnt, 0, NULL );
    <FONT color=blue>if</FONT> ( NULL == hCatInfo )
    {
            wfi.cbStruct       = <FONT color=blue>sizeof</FONT>( WINTRUST_FILE_INFO );
        wfi.pcwszFilePath  = lpFileName;
        wfi.hFile          = NULL;
        wfi.pgKnownSubject = NULL;

        wd.cbStruct            = <FONT color=blue>sizeof</FONT>( WINTRUST_DATA );
        wd.dwUnionChoice       = WTD_CHOICE_FILE;
        wd.pFile               = &amp;wfi;
        wd.dwUIChoice          = WTD_UI_NONE;
        wd.fdwRevocationChecks = WTD_REVOKE_NONE;
        wd.dwStateAction       = WTD_STATEACTION_IGNORE;
        wd.dwProvFlags         = WTD_SAFER_FLAG;
        wd.hWVTStateData       = NULL;
        wd.pwszURLReference    = NULL;
    }
    <FONT color=blue>else</FONT>
    {
            CryptCATCatalogInfoFromContext( hCatInfo, &amp;ci, 0 );
        wci.cbStruct             = <FONT color=blue>sizeof</FONT>( WINTRUST_CATALOG_INFO );
        wci.pcwszCatalogFilePath = ci.wszCatalogFile;
        wci.pcwszMemberFilePath  = lpFileName;
        wci.pcwszMemberTag       = pszMemberTag;

        wd.cbStruct            = <FONT color=blue>sizeof</FONT>( WINTRUST_DATA );
        wd.dwUnionChoice       = WTD_CHOICE_CATALOG;
        wd.pCatalog            = &amp;wci;
        wd.dwUIChoice          = WTD_UI_NONE;
        wd.fdwRevocationChecks = WTD_STATEACTION_VERIFY;
        wd.dwProvFlags         = 0;
        wd.hWVTStateData       = NULL;
        wd.pwszURLReference    = NULL;
    }
    GUID action = WINTRUST_ACTION_GENERIC_VERIFY_V2;
    HRESULT hr  = WinVerifyTrust( NULL, &amp;action, &amp;wd );
    bRet        = SUCCEEDED( hr );

    <FONT color=blue>if</FONT> ( NULL != hCatInfo )
    {
            CryptCATAdminReleaseCatalogContext( hCatAdmin, hCatInfo, 0 );
    }
    CryptCATAdminReleaseContext( hCatAdmin, 0 ); <FONT color=green>// 2007.4.10感谢童志明君指出一处内存泄漏</FONT>
    <FONT color=blue>delete</FONT>[] pszMemberTag;
    <FONT color=blue>return</FONT> bRet;
}

这段代码是在一个老外的论坛上不经意搜索到的,一个貌似德国人(因为他的注释不是英文写的,德国亦仅猜测尔,西班牙、葡萄牙、法兰西、俄罗斯亦都有可能)写的Delphi代码,其中使用了WinTrust.dll中的导出函数。使用VS2005的朋友们可以包含WinTrust.h、SoftPub.h和Mscat.h,并添加导入库WinTrust.lib;使用VC6的朋友们可以参考MSDN上的函数及结构体声明,并用函数指针进行调用。