Re: Digital signature check on binaries



See if this info contains any useful info or pointers to what you need:
http://www.jensign.com/hash
- Mitch

<satv73@xxxxxxxxx> wrote in message
news:1152895080.419354.173770@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Mitch,
You are right. But do you know how to scan those protected files
for dig info?

Thanks
Sathish


Mitch Gallant wrote:
Many system files are protected thru WFP (Windows File Protection) in
which
case the hash of those files are contained in a cat file which is signed.
You can use the WFP api to determine if any file is protected via WFP:
SfcIsFileProtected(..)
- Mitch

<satv73@xxxxxxxxx> wrote in message
news:1152891897.659128.183790@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have a problem. I am developing an application that checks for
digital signature [signer] on set of dll or exe files. I use
WinVerifyTrust api. This works fine for the certain files. This can
be tested with looking at file properties\signature tab through NT
explorer. But this WinVerifyTrust cannot retrieve the sig. information
on certain files [eg. c:\windows\system32\wlnotify.dll], NT explorer
file properties too fails here. [there is no signature tab for these
files.]

Can anybody help me in briefing me whats missing and what should be
done?
I am pasting peice of code that I am using here. Please let me know
what needs to be done here.

=========================================================
static GUID guidPublishedSoftware = WINTRUST_ACTION_TRUSTPROVIDER_TEST
/*| WINTRUST_ACTION_GENERIC_VERIFY_V2*/;
static WINTRUST_DATA wintrustdata;
static WINTRUST_FILE_INFO fileinfo;

if(!hinstWinTrustDll)
{
hinstWinTrustDll = LoadLibraryA("wintrust.dll");
if (NULL == hinstWinTrustDll)
{
DebugMessage("Digsig lib not working..");
goto LError;
}
pfnWinVerifyTrust =
(PFnWinVerifyTrust)GetProcAddress(hinstWinTrustDll,
"WinVerifyTrustEx");
if (NULL == pfnWinVerifyTrust)
{
goto LError;
}
}

memset(&wintrustdata, 0x00, sizeof wintrustdata);
wintrustdata.cbStruct = sizeof wintrustdata;
wintrustdata.fdwRevocationChecks = WTD_REVOKE_NONE;
wintrustdata.dwStateAction = WTD_STATEACTION_IGNORE;
wintrustdata.hWVTStateData = NULL;
wintrustdata.pwszURLReference = NULL;
wintrustdata.dwUIChoice = WTD_UI_NONE;
wintrustdata.dwProvFlags = 0;
wintrustdata.dwUnionChoice = WTD_CHOICE_FILE;
wintrustdata.pFile = &fileinfo;

memset(&fileinfo, 0x00, sizeof fileinfo);
fileinfo.cbStruct = sizeof fileinfo;
fileinfo.pcwszFilePath = pwszFilePath;
fileinfo.pgKnownSubject = NULL;
fileinfo.hFile = NULL;


hr = pfnWinVerifyTrust(0, &guidPublishedSoftware, &wintrustdata);


=========================================================
Thanks
Sathish




.



Relevant Pages

  • Re: Digital signature check on binaries
    ... But do you know how to scan those protected files ... static WINTRUST_FILE_INFO fileinfo; ... memset(&wintrustdata, 0x00, sizeof wintrustdata); ...
    (microsoft.public.platformsdk.security)
  • Re: Digital signature check on binaries
    ... My curious question is that wfp article states that wfp protects ... static WINTRUST_FILE_INFO fileinfo; ... memset(&wintrustdata, 0x00, sizeof wintrustdata); ...
    (microsoft.public.platformsdk.security)
  • WinVerifyTrust api sometimes does not work.
    ... WINTRUST_FILE_INFO fileinfo; ... static PFnWinVerifyTrust pfnWinVerifyTrust; ... goto LError; ... memset(&wintrustdata, 0x00, sizeof wintrustdata); ...
    (microsoft.public.platformsdk.security)
  • Re: WinVerifyTrust api sometimes does not work.
    ... WINTRUST_FILE_INFO fileinfo; ... static PFnWinVerifyTrust pfnWinVerifyTrust; ... goto LError; ... memset(&wintrustdata, 0x00, sizeof wintrustdata); ...
    (microsoft.public.platformsdk.security)
  • Digital signature check on binaries
    ... digital signature on set of dll or exe files. ... WinVerifyTrust api. ... static WINTRUST_FILE_INFO fileinfo; ... memset(&wintrustdata, 0x00, sizeof wintrustdata); ...
    (microsoft.public.platformsdk.security)