Página 1 de 1

Wintrust Verificar Firma Digital

Publicado: 30 Nov 2014, 19:00
por Dany
Un ejemplo que hice con mi hermano hace tiempo. para verificar la firma digital de un archivo.

Código: Seleccionar todo

;Written by Danyfirex & Dany3j
;Thanks http://forum.sysinternals.com
;10-03-2014

#include <WinAPI.au3>


Opt("MustDeclareVars", 1) ;0=no, 1=require pre-declaration

#Region Constants
Global Const $WTD_STATEACTION_CLOSE = 0x00000002
Global Const $WTD_CHOICE_FILE = 1
Global Const $WTD_CHOICE_CATALOG = 2
Global Const $WTD_UI_NONE = 2
Global Const $WTD_REVOKE_NONE = 0
Global Const $WTD_STATEACTION_IGNORE = 0
Global Const $WTD_STATEACTION_VERIFY = 1
Global Const $WTD_SAFER_FLAG = 256
#EndRegion Constants



#Region Struct
Global Const $tagWINTRUST_DATA = "dword cbStruct;ptr pPolicyCallbackData;ptr pSIPClientData;dword dwUIChoice;dword fdwRevocationChecks;dword dwUnionChoice;" & _
        "dword pPointer;dword dwStateAction;handle hWVTStateData;ptr pwszURLReference;dword dwProvFlags;dword dwUIContext"

Global Const $tagWINTRUST_FILE_INFO = "dword cbStruct;ptr pcwszFilePath;handle hFile;ptr pgKnownSubject"

Global Const $tagWINTRUST_CATALOG_INFO = "dword cbStruct;dword dwCatalogVersion;ptr pcwszCatalogFilePath;ptr pcwszMemberTag;ptr pcwszMemberFilePath;dword hMemberFile"

Global Const $tagCATALOG_INFO = "dword cbStruct;byte wszCatalogFile[520]"
#EndRegion Struct




Global Const $sWinTrust = "wintrust.dll"
Global $hWinTrustDll = 0


$hWinTrustDll = DllOpen($sWinTrust)
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $hWinTrustDll = ' & $hWinTrustDll & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console


;check
SignV(@WindowsDir & "\explorer.exe")




Func SignV($sFilePath)


    Local $bRet = False
    Local $hCatAdmin = 0
    Local $bRet = 0
    Local $hFile = 0
    Local $hr = 0
    Local $pszMemberTag = ""
    Local $iHashLen = 100
    $iHashLen
    Local $dw = 0
    Local $hCatInfo = 0
    Local $tagbyHash = "byte byHash[100]"
    ;Structures
    Local $tbyHash = DllStructCreate($tagbyHash)
    Local $tWINTRUST_DATA = DllStructCreate($tagWINTRUST_DATA)
    Local $tWINTRUST_FILE_INFO = DllStructCreate($tagWINTRUST_FILE_INFO)
    Local $tWINTRUST_CATALOG_INFO = DllStructCreate($tagWINTRUST_CATALOG_INFO)
    Local $tCATALOG_INFO = DllStructCreate($tagCATALOG_INFO)


    ;Debug Structures
    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $tbyHash = ' & IsDllStruct($tbyHash) & " Size= " & DllStructGetSize($tbyHash) & @CRLF) ;### Debug Console

    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $tWINTRUST_DATA = ' & IsDllStruct($tWINTRUST_DATA) & " Size= " & DllStructGetSize($tWINTRUST_DATA) & @CRLF) ;### Debug Console

    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $tWINTRUST_FILE_INFO = ' & IsDllStruct($tWINTRUST_FILE_INFO) & " Size= " & DllStructGetSize($tWINTRUST_FILE_INFO) & @CRLF) ;### Debug Console

    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $tWINTRUST_CATALOG_INFO = ' & IsDllStruct($tWINTRUST_CATALOG_INFO) & " Size= " & DllStructGetSize($tWINTRUST_CATALOG_INFO) & @CRLF) ;### Debug Console

    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') :  $tCATALOG_INFO = ' & IsDllStruct($tCATALOG_INFO) & " Size= " & DllStructGetSize($tCATALOG_INFO) & @CRLF) ;### Debug Console




    Local $Ret = DllCall($hWinTrustDll, "bool", "CryptCATAdminAcquireContext", "handle*", 0, "ptr", 0, "dword", 0)
    ConsoleWrite("+ CryptCATAdminAcquireContext Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
    $hCatAdmin = $Ret[1]

    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $hCatAdmin = ' & ($hCatAdmin) & @TAB & '>Error code: ' & @error & @CRLF) ;### Debug Console




    $hFile = _WinAPI_CreateFile($sFilePath, 2, 2, 2)
    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $hFile = ' & $hFile & @TAB & '>Error code: ' & @error & @CRLF) ;### Debug Console

    If $hFile = $INVALID_HANDLE_VALUE Then
        $Ret = DllCall($hWinTrustDll, "bool", "CryptCATAdminReleaseContext", "handle", $hCatAdmin, "dword", 0)
        ConsoleWrite("+ CryptCATAdminReleaseContext Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
        ConsoleWrite("! $INVALID_HANDLE_VALUE" & ">Error code: " & @error & @CRLF)
    EndIf








    $Ret = DllCall($hWinTrustDll, "bool", "CryptCATAdminCalcHashFromFileHandle", "handle", $hFile, "dword*", 0, "ptr", 0, "dword", 0)
    ConsoleWrite("+ CryptCATAdminCalcHashFromFileHandle Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
    $iHashLen = $Ret[2]
    ConsoleWrite(">> $iHashLen= " & $iHashLen & @CRLF)



    $Ret = DllCall($hWinTrustDll, "bool", "CryptCATAdminCalcHashFromFileHandle", "handle", $hFile, "dword*", $iHashLen, "ptr", DllStructGetPtr($tbyHash), "dword", 0)
    ConsoleWrite("+ CryptCATAdminCalcHashFromFileHandle Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)




    If $hFile Then _WinAPI_CloseHandle($hFile)


    For $i = 1 To $iHashLen
        $pszMemberTag &= Hex(DllStructGetData($tbyHash, 1, $i), 2)
    Next
    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $pszMemberTag = ' & $pszMemberTag & " Len= " & StringLen($pszMemberTag) & @TAB & '>Error code: ' & @error & @CRLF) ;### Debug Console


    $Ret = DllCall($hWinTrustDll, "handle", "CryptCATAdminEnumCatalogFromHash", "handle", $hCatAdmin, "ptr", DllStructGetPtr($tbyHash), "dword", $iHashLen, "dword", 0, "ptr", 0)
    ConsoleWrite("+ CryptCATAdminEnumCatalogFromHash Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)
    $hCatInfo = $Ret[0]
    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $hCatInfo = ' & $hCatInfo & @TAB & '>Error code: ' & @error & @CRLF) ;### Debug Console


    If $hCatInfo = 0 Then
        ConsoleWrite("CryptCATAdminEnumCatalogFromHash failed, verifying embedded signature." & @CRLF)

    Else

        $Ret = DllCall($hWinTrustDll, "bool", "CryptCATCatalogInfoFromContext", "handle", $hCatInfo, "ptr", DllStructGetPtr($tCATALOG_INFO), "dword", 0)
        ConsoleWrite("+ CryptCATCatalogInfoFromContext Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)

        If Not $Ret[0] Then
            ConsoleWrite("CryptCATCatalogInfoFromContext failed" & @CRLF)
            $Ret = DllCall($hWinTrustDll, "bool", "CryptCATAdminReleaseCatalogContext", "handle", $hCatAdmin, "handle", $hCatInfo, "dword", 0)
            ConsoleWrite("+ CryptCATAdminReleaseCatalogContext Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)

        EndIf



        ConsoleWrite("!wszCatalogFile 67 = " & DllStructGetData($tCATALOG_INFO, "wszCatalogFile", 1) & @CRLF)
        Local $tFile = DllStructCreate("wchar[" & StringLen($sFilePath) + 2 & "]")
        DllStructSetData($tFile, 1, $sFilePath)
        Local $pFile = DllStructGetPtr($tFile)
        ConsoleWrite("!tFileData = " & DllStructGetData($tFile, 1) & @CRLF)

        DllStructSetData($tWINTRUST_CATALOG_INFO, "cbStruct", DllStructGetSize($tWINTRUST_CATALOG_INFO))
        DllStructSetData($tWINTRUST_CATALOG_INFO, "pcwszCatalogFilePath", DllStructGetPtr($tCATALOG_INFO, "wszCatalogFile"))
        ConsoleWrite("wszCatalogFile Ptr = " & DllStructGetPtr($tCATALOG_INFO, "wszCatalogFile") & @CRLF)



        ConsoleWrite("pcwszCatalogFilePath Data = " & DllStructGetData($tWINTRUST_CATALOG_INFO, "pcwszCatalogFilePath") & @CRLF)

        DllStructSetData($tWINTRUST_CATALOG_INFO, "pcwszMemberFilePath", $pFile)
        ConsoleWrite("pcwszMemberFilePath Ptr = " & DllStructGetData($tWINTRUST_CATALOG_INFO, "pcwszMemberFilePath") & @CRLF)


        Local $tpszMemberTag = DllStructCreate("wchar[" & StringLen($pszMemberTag) + 2 & "]")
        DllStructSetData($tpszMemberTag, 1, $pszMemberTag)
        Local $ptpszMemberTag = DllStructGetPtr($tpszMemberTag)
        ConsoleWrite("!tpszMemberTag  Data = " & DllStructGetData($tpszMemberTag, 1) & @CRLF)

        DllStructSetData($tWINTRUST_CATALOG_INFO, "pcwszMemberTag", $ptpszMemberTag)


        DllStructSetData($tWINTRUST_DATA, "cbStruct", DllStructGetSize($tWINTRUST_DATA))
        DllStructSetData($tWINTRUST_DATA, "dwUnionChoice", $WTD_CHOICE_CATALOG)
        DllStructSetData($tWINTRUST_DATA, "pPointer", DllStructGetPtr($tWINTRUST_CATALOG_INFO))
        DllStructSetData($tWINTRUST_DATA, "dwUIChoice", $WTD_UI_NONE)
        DllStructSetData($tWINTRUST_DATA, "fdwRevocationChecks", $WTD_REVOKE_NONE)
        DllStructSetData($tWINTRUST_DATA, "dwStateAction", $WTD_STATEACTION_VERIFY)
        DllStructSetData($tWINTRUST_DATA, "dwProvFlags", 0)
        DllStructSetData($tWINTRUST_DATA, "hWVTStateData", 0)
        DllStructSetData($tWINTRUST_DATA, "pwszURLReference", 0)

    EndIf


    Local $taction = _GUIDStruct("{00AAC56B-CD44-11D0-8CC200C04FC295EE}")
    ConsoleWrite("Structura action=" & IsDllStruct($taction) & " Valor=" & Hex(DllStructGetData($taction, 1), 8) & " Error= " & @error & @CRLF)


    $Ret = DllCall($hWinTrustDll, "long", "WinVerifyTrust", "long", $INVALID_HANDLE_VALUE, "ptr", DllStructGetPtr($taction), "ptr", DllStructGetPtr($tWINTRUST_DATA))
    ConsoleWrite("+ WinVerifyTrust Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)

    ConsoleWrite("WinVerifyTrust Retorno= " & ($Ret[0]) & @CRLF)

    Local $hr = $Ret[0]


    If $hCatInfo <> 0 Then
        $Ret = DllCall($hWinTrustDll, "long", "CryptCATAdminReleaseCatalogContext", "long", $hCatAdmin, "long", $hCatInfo, "long", 0)
        ConsoleWrite("+ CryptCATAdminReleaseCatalogContext Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)

    EndIf


    $Ret = DllCall($hWinTrustDll, "long", "CryptCATAdminReleaseContext", "int", $hCatAdmin, "long", 0)
    ConsoleWrite("+ CryptCATAdminReleaseContext Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)

    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $Ret = ' & $Ret[0] & @CRLF & '>Error code: ' & @error & @CRLF)

    If $hr = 0 Then
        DllStructSetData($tWINTRUST_DATA, "dwStateAction", $WTD_STATEACTION_CLOSE)

        $Ret = DllCall($hWinTrustDll, "long", "WinVerifyTrust", "long", $INVALID_HANDLE_VALUE, "ptr", DllStructGetPtr($taction), "ptr", DllStructGetPtr($tWINTRUST_DATA))
        ConsoleWrite("+ WinVerifyTrust Ret= " & $Ret[0] & @TAB & '>Error code: ' & @error & @CRLF)

    EndIf



    If $hWinTrustDll Then DllClose($hWinTrustDll)

EndFunc   ;==>SignV



;Prog@ndy
Func _GUIDStruct($IID)
    $IID = StringRegExpReplace($IID, "([}{])", "")
    $IID = StringSplit($IID, "-")
    Local $_GUID = "DWORD Data1;  ushort Data2;  ushort Data3;  BYTE Data4[8];"
    Local $GUID = DllStructCreate($_GUID)
    If $IID[0] = 5 Then $IID[4] &= $IID[5]
    If $IID[0] > 5 Or $IID[0] < 4 Then Return SetError(1, 0, 0)
    DllStructSetData($GUID, 1, Dec($IID[1]))
    DllStructSetData($GUID, 2, Dec($IID[2]))
    DllStructSetData($GUID, 3, Dec($IID[3]))
    DllStructSetData($GUID, 4, Binary("0x" & $IID[4]))
    Return $GUID
EndFunc   ;==>_GUIDStruct

Saludos