获取数字签名

#include <windows.h>#include <stdio.h>#include <Mscat.h>#include <wintrust.h>#include <Softpub.h>#include <assert.h>//删除数组#define SafeDeleteArraySize(pData) { if(pData){delete []pData;pData=NULL;} }#pragma comment(lib, "Wintrust.lib") #pragma comment(lib, "crypt32.lib")#define ENCODING (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING)//关闭文件重定向系统BOOL DisableWow64FsRedirection(void){PVOID   pOldValue = NULL;typedef BOOL(WINAPI *pfnWow64DisableWow64FsRedirection)(PVOID *OldValue);static pfnWow64DisableWow64FsRedirection pWow64DisableWow64 = (pfnWow64DisableWow64FsRedirection)GetProcAddress(GetModuleHandle(TEXT("Kernel32.dll")), "Wow64DisableWow64FsRedirection");//处理wow64//if (IsWowo64System()){if (pWow64DisableWow64){return pWow64DisableWow64(&pOldValue);}}return FALSE;}//开启文件重定向系统BOOL RevertWow64FsRedirection(void){PVOID   pOldValue = NULL;typedef BOOL(WINAPI *pfnWow64RevertWow64FsRedirection)(PVOID OldValue);static pfnWow64RevertWow64FsRedirection pWow64RevertWow64 = (pfnWow64RevertWow64FsRedirection)GetProcAddress(GetModuleHandle(TEXT("Kernel32.dll")), "Wow64RevertWow64FsRedirection");//if (IsWowo64System()){if (pWow64RevertWow64){return pWow64RevertWow64(&pOldValue);}}return FALSE;}//带重定向打开文件BOOL RedirectionCreateFile(const wchar_t* pFilePath, HANDLE& hFile){BOOL bRet = FALSE;assert(NULL != pFilePath);//关闭文件重定向系统BOOL bDisableWow64FsRedirection = DisableWow64FsRedirection();hFile = CreateFile(pFilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);if (INVALID_HANDLE_VALUE != hFile){bRet = TRUE;}//开启文件重定向系统if (bDisableWow64FsRedirection){RevertWow64FsRedirection();}return bRet;}//获取文件数字签名wchar_t* GetCertName(wchar_t* pFilePath){HCERTSTORE hStore = NULL;HCRYPTMSG hMsg = NULL;PCCERT_CONTEXT pCertContext = NULL;BOOL bResult = FALSE;DWORD dwEncoding, dwContentType, dwFormatType;PCMSG_SIGNER_INFO pSignerInfo = NULL;DWORD dwSignerInfo = 0;CERT_INFO CertInfo;wchar_t* pCertName = NULL;DWORD dwData = 0;HANDLE hFile = INVALID_HANDLE_VALUE;DWORD NumberOfBytesRead = 0;DWORD dwFilesize = 0;BYTE* pBuff = NULL;BOOL bDisableWow64FsRedirection = FALSE;memset(&CertInfo, 0, sizeof(CertInfo));if (IsBadReadPtr(pFilePath, sizeof(DWORD)) != 0){return NULL;}do{if (!RedirectionCreateFile(pFilePath, hFile))break;dwFilesize = GetFileSize(hFile, NULL);pBuff = new BYTE[dwFilesize + 1];assert(NULL != pBuff);RtlZeroMemory(pBuff, dwFilesize + 1);if (ReadFile(hFile, pBuff, dwFilesize, &NumberOfBytesRead, NULL) == FALSE){CloseHandle(hFile);break;}CloseHandle(hFile);CERT_BLOB Object = { 0 };Object.cbData = dwFilesize;Object.pbData = pBuff;bResult = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &Object, CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, CERT_QUERY_FORMAT_FLAG_BINARY, 0, &dwEncoding, &dwContentType, &dwFormatType, &hStore, &hMsg, NULL);if (!bResult){// 如果失败，采用原有的判断方式再执行一遍，确保此次变更不会兼容以前的代码处理效果//关闭文件重定向系统bDisableWow64FsRedirection = DisableWow64FsRedirection();bResult = CryptQueryObject(CERT_QUERY_OBJECT_FILE, pFilePath, CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, CERT_QUERY_FORMAT_FLAG_BINARY, 0, &dwEncoding, &dwContentType, &dwFormatType, &hStore, &hMsg, NULL);if (bDisableWow64FsRedirection){RevertWow64FsRedirection();}if (!bResult)break;}bResult = CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, NULL, &dwSignerInfo);if (!bResult)break;pSignerInfo = (PCMSG_SIGNER_INFO) new char[dwSignerInfo];if (NULL == pSignerInfo)break;ZeroMemory(pSignerInfo, dwSignerInfo);bResult = CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, (PVOID)pSignerInfo, &dwSignerInfo);if (!bResult)break;CertInfo.Issuer = pSignerInfo->Issuer;CertInfo.SerialNumber = pSignerInfo->SerialNumber;pCertContext = CertFindCertificateInStore(hStore, ENCODING, 0, CERT_FIND_SUBJECT_CERT, (PVOID)&CertInfo, NULL);if (NULL == pCertContext)break;dwData = CertGetNameString(pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, NULL, 0);if (1 >= dwData)break;pCertName = new wchar_t[dwData + 1];if (NULL == pCertName)break;ZeroMemory(pCertName, (dwData + 1) * sizeof(wchar_t));if (!(CertGetNameString(pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, pCertName, dwData)))break;} while (FALSE);SafeDeleteArraySize(pBuff);SafeDeleteArraySize(pSignerInfo);if (pCertContext != NULL) CertFreeCertificateContext(pCertContext);if (hStore != NULL) CertCloseStore(hStore, 0);if (hMsg != NULL) CryptMsgClose(hMsg);return pCertName;}//检测文件是否有签名wchar_t* GetFileCat(wchar_t* lpFileName){WINTRUST_DATA wd = { 0 };WINTRUST_FILE_INFO wfi = { 0 };WINTRUST_CATALOG_INFO wci = { 0 };CATALOG_INFO ci = { 0 };HCATADMIN hCatAdmin = NULL;HANDLE hFile = INVALID_HANDLE_VALUE;DWORD dwCnt = 0;PBYTE pbyHash = NULL;wchar_t* pszMemberTag = NULL;HCATINFO hCatInfo = NULL;HRESULT hr;static GUID action = WINTRUST_ACTION_GENERIC_VERIFY_V2;const GUID gSubsystem = DRIVER_ACTION_VERIFY;wchar_t* pCatalogFile = NULL;do{if (!CryptCATAdminAcquireContext(&hCatAdmin, &gSubsystem, 0))break;if (!RedirectionCreateFile(lpFileName, hFile))break;if (CryptCATAdminCalcHashFromFileHandle(hFile, &dwCnt, pbyHash, 0) && dwCnt > 0 && ERROR_INSUFFICIENT_BUFFER == GetLastError()){pbyHash = new BYTE[dwCnt];ZeroMemory(pbyHash, dwCnt);if (CryptCATAdminCalcHashFromFileHandle(hFile, &dwCnt, pbyHash, 0) == FALSE){CloseHandle(hFile);break;}}else{CloseHandle(hFile);break;}CloseHandle(hFile);hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdmin, pbyHash, dwCnt, 0, NULL);if (NULL == hCatInfo){wfi.cbStruct = sizeof(WINTRUST_FILE_INFO);wfi.pcwszFilePath = lpFileName;wfi.hFile = NULL;wfi.pgKnownSubject = NULL;wd.cbStruct = sizeof(WINTRUST_DATA);wd.dwUnionChoice = WTD_CHOICE_FILE;wd.pFile = &wfi;wd.dwUIChoice = WTD_UI_NONE;wd.fdwRevocationChecks = WTD_REVOKE_NONE;wd.dwStateAction = WTD_STATEACTION_IGNORE;wd.dwProvFlags = WTD_SAFER_FLAG;wd.hWVTStateData = NULL;wd.pwszURLReference = NULL;}else{if (CryptCATCatalogInfoFromContext(hCatInfo, &ci, 0)){pszMemberTag = new wchar_t[dwCnt * 2 + 1];ZeroMemory(pszMemberTag, (dwCnt * 2 + 1)*sizeof(wchar_t));for (DWORD dw = 0; dw < dwCnt; ++dw){wsprintfW(&pszMemberTag[dw * 2], L"%02X", pbyHash[dw]);}wci.cbStruct = sizeof(WINTRUST_CATALOG_INFO);wci.pcwszCatalogFilePath = ci.wszCatalogFile;wci.pcwszMemberFilePath = lpFileName;wci.pcwszMemberTag = pszMemberTag;wd.cbStruct = sizeof(WINTRUST_DATA);wd.pCatalog = &wci;wd.dwUIChoice = WTD_UI_NONE;wd.dwUnionChoice = WTD_CHOICE_CATALOG;wd.fdwRevocationChecks = WTD_STATEACTION_VERIFY;wd.dwStateAction = WTD_STATEACTION_VERIFY;wd.dwProvFlags = 0;wd.hWVTStateData = NULL;wd.pwszURLReference = NULL;}}hr = WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &action, &wd);if (SUCCEEDED(hr) || wcslen(ci.wszCatalogFile) > 0){//返回cat文件pCatalogFile = new wchar_t[MAX_PATH];ZeroMemory(pCatalogFile, MAX_PATH*sizeof(wchar_t));CopyMemory(pCatalogFile, ci.wszCatalogFile, wcslen(ci.wszCatalogFile)*sizeof(wchar_t));}if (NULL != hCatInfo){CryptCATAdminReleaseCatalogContext(hCatAdmin, hCatInfo, 0);}} while (FALSE);if (hCatAdmin){CryptCATAdminReleaseContext(hCatAdmin, 0);}SafeDeleteArraySize(pbyHash);SafeDeleteArraySize(pszMemberTag);return pCatalogFile;}//获取文件数字签名wchar_t* GetFileCertName(wchar_t* pFilePath){wchar_t* pCertName = NULL;wchar_t* pCatFilePath = NULL;//获取文件数字签名pCertName = GetCertName(pFilePath);if (pCertName == NULL){//获取文件catpCatFilePath = GetFileCat(pFilePath);if (pCatFilePath){//获取cat文件数字签名pCertName = GetCertName(pCatFilePath);}}SafeDeleteArraySize(pCatFilePath);return pCertName;}int main(void){getchar();GetFileCertName(L"C:\\Windows\\System32\\drivers\\http.sys");GetFileCertName(L"C:\\Windows\\System32\\drivers\\spsys.sys");getchar();getchar();return 0;}