Código: Seleccionar todo
;Written by Danyfirex & Dany3j
;Thanks http://forum.sysinternals.com
;10-03-2014
#include <WinAPI.au3>
Opt("MustDeclareVars", 1) ;0=no, 1=require pre-declaration
#Region Constants
Global Const $WTD_STATEACTION_CLOSE = 0x00000002
Global Const $WTD_CHOICE_FILE = 1
Global Const $WTD_CHOICE_CATALOG = 2
Global Const $WTD_UI_NONE = 2
Global Const $WTD_REVOKE_NONE = 0
Global Const $WTD_STATEACTION_IGNORE = 0
Global Const $WTD_STATEACTION_VERIFY = 1
Global Const $WTD_SAFER_FLAG = 256
#EndRegion Constants
#Region Struct
Global Const $tagWINTRUST_DATA = "dword cbStruct;ptr pPolicyCallbackData;ptr pSIPClientData;dword dwUIChoice;dword fdwRevocationChecks;dword dwUnionChoice;" & _
"dword pPointer;dword dwStateAction;handle hWVTStateData;ptr pwszURLReference;dword dwProvFlags;dword dwUIContext"
Global Const $tagWINTRUST_FILE_INFO = "dword cbStruct;ptr pcwszFilePath;handle hFile;ptr pgKnownSubject"
Global Const $tagWINTRUST_CATALOG_INFO = "dword cbStruct;dword dwCatalogVersion;ptr pcwszCatalogFilePath;ptr pcwszMemberTag;ptr pcwszMemberFilePath;dword hMemberFile"
Global Const $tagCATALOG_INFO = "dword cbStruct;byte wszCatalogFile[520]"
#EndRegion Struct
Global Const $sWinTrust = "wintrust.dll"
Global $hWinTrustDll = 0
$hWinTrustDll = DllOpen($sWinTrust)
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $hWinTrustDll = ' & $hWinTrustDll & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console
;check
SignV(@WindowsDir & "\explorer.exe")
Func SignV($sFilePath)
Local $bRet = False
Local $hCatAdmin = 0
Local $bRet = 0
Local $hFile = 0
Local $hr = 0
Local $pszMemberTag = ""
Local $iHashLen = 100
$iHashLen
Local $dw = 0
Local $hCatInfo = 0
Local $tagbyHash = "byte byHash[100]"
;Structures
Local $tbyHash = DllStructCreate($tagbyHash)
Local $tWINTRUST_DATA = DllStructCreate($tagWINTRUST_DATA)
Local $tWINTRUST_FILE_INFO = DllStructCreate($tagWINTRUST_FILE_INFO)
Local $tWINTRUST_CATALOG_INFO = DllStructCreate($tagWINTRUST_CATALOG_INFO)
Local $tCATALOG_INFO = DllStructCreate($tagCATALOG_INFO)
;Debug Structures
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $tbyHash = ' & IsDllStruct($tbyHash) & " Size= " & DllStructGetSize($tbyHash) & @CRLF) ;### Debug Console
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $tWINTRUST_DATA = ' & IsDllStruct($tWINTRUST_DATA) & " Size= " & DllStructGetSize($tWINTRUST_DATA) & @CRLF) ;### Debug Console
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $tWINTRUST_FILE_INFO = ' & IsDllStruct($tWINTRUST_FILE_INFO) & " Size= " & DllStructGetSize($tWINTRUST_FILE_INFO) & @CRLF) ;### Debug Console
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $tWINTRUST_CATALOG_INFO = ' & IsDllStruct($tWINTRUST_CATALOG_INFO) & " Size= " & DllStructGetSize($tWINTRUST_CATALOG_INFO) & @CRLF) ;### Debug Console
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $tCATALOG_INFO = ' & IsDllStruct($tCATALOG_INFO) & " Size= " & DllStructGetSize($tCATALOG_INFO) & @CRLF) ;### Debug Console
Local $Ret = DllCall($hWinTrustDll, "bool", "CryptCATAdminAcquireContext", "handle*", 0, "ptr", 0, "dword", 0)
ConsoleWrite("+ CryptCATAdminAcquireContext Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
$hCatAdmin = $Ret[1]
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $hCatAdmin = ' & ($hCatAdmin) & @TAB & '>Error code: ' & @error & @CRLF) ;### Debug Console
$hFile = _WinAPI_CreateFile($sFilePath, 2, 2, 2)
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $hFile = ' & $hFile & @TAB & '>Error code: ' & @error & @CRLF) ;### Debug Console
If $hFile = $INVALID_HANDLE_VALUE Then
$Ret = DllCall($hWinTrustDll, "bool", "CryptCATAdminReleaseContext", "handle", $hCatAdmin, "dword", 0)
ConsoleWrite("+ CryptCATAdminReleaseContext Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
ConsoleWrite("! $INVALID_HANDLE_VALUE" & ">Error code: " & @error & @CRLF)
EndIf
$Ret = DllCall($hWinTrustDll, "bool", "CryptCATAdminCalcHashFromFileHandle", "handle", $hFile, "dword*", 0, "ptr", 0, "dword", 0)
ConsoleWrite("+ CryptCATAdminCalcHashFromFileHandle Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
$iHashLen = $Ret[2]
ConsoleWrite(">> $iHashLen= " & $iHashLen & @CRLF)
$Ret = DllCall($hWinTrustDll, "bool", "CryptCATAdminCalcHashFromFileHandle", "handle", $hFile, "dword*", $iHashLen, "ptr", DllStructGetPtr($tbyHash), "dword", 0)
ConsoleWrite("+ CryptCATAdminCalcHashFromFileHandle Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
If $hFile Then _WinAPI_CloseHandle($hFile)
For $i = 1 To $iHashLen
$pszMemberTag &= Hex(DllStructGetData($tbyHash, 1, $i), 2)
Next
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $pszMemberTag = ' & $pszMemberTag & " Len= " & StringLen($pszMemberTag) & @TAB & '>Error code: ' & @error & @CRLF) ;### Debug Console
$Ret = DllCall($hWinTrustDll, "handle", "CryptCATAdminEnumCatalogFromHash", "handle", $hCatAdmin, "ptr", DllStructGetPtr($tbyHash), "dword", $iHashLen, "dword", 0, "ptr", 0)
ConsoleWrite("+ CryptCATAdminEnumCatalogFromHash Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
$hCatInfo = $Ret[0]
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $hCatInfo = ' & $hCatInfo & @TAB & '>Error code: ' & @error & @CRLF) ;### Debug Console
If $hCatInfo = 0 Then
ConsoleWrite("CryptCATAdminEnumCatalogFromHash failed, verifying embedded signature." & @CRLF)
Else
$Ret = DllCall($hWinTrustDll, "bool", "CryptCATCatalogInfoFromContext", "handle", $hCatInfo, "ptr", DllStructGetPtr($tCATALOG_INFO), "dword", 0)
ConsoleWrite("+ CryptCATCatalogInfoFromContext Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
If Not $Ret[0] Then
ConsoleWrite("CryptCATCatalogInfoFromContext failed" & @CRLF)
$Ret = DllCall($hWinTrustDll, "bool", "CryptCATAdminReleaseCatalogContext", "handle", $hCatAdmin, "handle", $hCatInfo, "dword", 0)
ConsoleWrite("+ CryptCATAdminReleaseCatalogContext Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
EndIf
ConsoleWrite("!wszCatalogFile 67 = " & DllStructGetData($tCATALOG_INFO, "wszCatalogFile", 1) & @CRLF)
Local $tFile = DllStructCreate("wchar[" & StringLen($sFilePath) + 2 & "]")
DllStructSetData($tFile, 1, $sFilePath)
Local $pFile = DllStructGetPtr($tFile)
ConsoleWrite("!tFileData = " & DllStructGetData($tFile, 1) & @CRLF)
DllStructSetData($tWINTRUST_CATALOG_INFO, "cbStruct", DllStructGetSize($tWINTRUST_CATALOG_INFO))
DllStructSetData($tWINTRUST_CATALOG_INFO, "pcwszCatalogFilePath", DllStructGetPtr($tCATALOG_INFO, "wszCatalogFile"))
ConsoleWrite("wszCatalogFile Ptr = " & DllStructGetPtr($tCATALOG_INFO, "wszCatalogFile") & @CRLF)
ConsoleWrite("pcwszCatalogFilePath Data = " & DllStructGetData($tWINTRUST_CATALOG_INFO, "pcwszCatalogFilePath") & @CRLF)
DllStructSetData($tWINTRUST_CATALOG_INFO, "pcwszMemberFilePath", $pFile)
ConsoleWrite("pcwszMemberFilePath Ptr = " & DllStructGetData($tWINTRUST_CATALOG_INFO, "pcwszMemberFilePath") & @CRLF)
Local $tpszMemberTag = DllStructCreate("wchar[" & StringLen($pszMemberTag) + 2 & "]")
DllStructSetData($tpszMemberTag, 1, $pszMemberTag)
Local $ptpszMemberTag = DllStructGetPtr($tpszMemberTag)
ConsoleWrite("!tpszMemberTag Data = " & DllStructGetData($tpszMemberTag, 1) & @CRLF)
DllStructSetData($tWINTRUST_CATALOG_INFO, "pcwszMemberTag", $ptpszMemberTag)
DllStructSetData($tWINTRUST_DATA, "cbStruct", DllStructGetSize($tWINTRUST_DATA))
DllStructSetData($tWINTRUST_DATA, "dwUnionChoice", $WTD_CHOICE_CATALOG)
DllStructSetData($tWINTRUST_DATA, "pPointer", DllStructGetPtr($tWINTRUST_CATALOG_INFO))
DllStructSetData($tWINTRUST_DATA, "dwUIChoice", $WTD_UI_NONE)
DllStructSetData($tWINTRUST_DATA, "fdwRevocationChecks", $WTD_REVOKE_NONE)
DllStructSetData($tWINTRUST_DATA, "dwStateAction", $WTD_STATEACTION_VERIFY)
DllStructSetData($tWINTRUST_DATA, "dwProvFlags", 0)
DllStructSetData($tWINTRUST_DATA, "hWVTStateData", 0)
DllStructSetData($tWINTRUST_DATA, "pwszURLReference", 0)
EndIf
Local $taction = _GUIDStruct("{00AAC56B-CD44-11D0-8CC200C04FC295EE}")
ConsoleWrite("Structura action=" & IsDllStruct($taction) & " Valor=" & Hex(DllStructGetData($taction, 1), 8) & " Error= " & @error & @CRLF)
$Ret = DllCall($hWinTrustDll, "long", "WinVerifyTrust", "long", $INVALID_HANDLE_VALUE, "ptr", DllStructGetPtr($taction), "ptr", DllStructGetPtr($tWINTRUST_DATA))
ConsoleWrite("+ WinVerifyTrust Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
ConsoleWrite("WinVerifyTrust Retorno= " & ($Ret[0]) & @CRLF)
Local $hr = $Ret[0]
If $hCatInfo <> 0 Then
$Ret = DllCall($hWinTrustDll, "long", "CryptCATAdminReleaseCatalogContext", "long", $hCatAdmin, "long", $hCatInfo, "long", 0)
ConsoleWrite("+ CryptCATAdminReleaseCatalogContext Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
EndIf
$Ret = DllCall($hWinTrustDll, "long", "CryptCATAdminReleaseContext", "int", $hCatAdmin, "long", 0)
ConsoleWrite("+ CryptCATAdminReleaseContext Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $Ret = ' & $Ret[0] & @CRLF & '>Error code: ' & @error & @CRLF)
If $hr = 0 Then
DllStructSetData($tWINTRUST_DATA, "dwStateAction", $WTD_STATEACTION_CLOSE)
$Ret = DllCall($hWinTrustDll, "long", "WinVerifyTrust", "long", $INVALID_HANDLE_VALUE, "ptr", DllStructGetPtr($taction), "ptr", DllStructGetPtr($tWINTRUST_DATA))
ConsoleWrite("+ WinVerifyTrust Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
EndIf
If $hWinTrustDll Then DllClose($hWinTrustDll)
EndFunc ;==>SignV
;Prog@ndy
Func _GUIDStruct($IID)
$IID = StringRegExpReplace($IID, "([}{])", "")
$IID = StringSplit($IID, "-")
Local $_GUID = "DWORD Data1; ushort Data2; ushort Data3; BYTE Data4[8];"
Local $GUID = DllStructCreate($_GUID)
If $IID[0] = 5 Then $IID[4] &= $IID[5]
If $IID[0] > 5 Or $IID[0] < 4 Then Return SetError(1, 0, 0)
DllStructSetData($GUID, 1, Dec($IID[1]))
DllStructSetData($GUID, 2, Dec($IID[2]))
DllStructSetData($GUID, 3, Dec($IID[3]))
DllStructSetData($GUID, 4, Binary("0x" & $IID[4]))
Return $GUID
EndFunc ;==>_GUIDStructSaludos
