Verifty Digital Signatures with PB?

[freak]

Two things:

1) handles are also pointers. They need to have the .i type
2) every pointer sized value needs to be aligned at 8byte bounds. So extra members need to be added to ensure that.

Something like this:

Code: Select all

Structure WINTRUST_DATA
 
   cbStruct.l
   _align1.l
   *pPolicyCallbackData.l
   *pSIPClientData.l
   dwUIChoice.l
   fdwRevocationChecks.l
   dwUnionChoice.l
   _align2.l
 
   StructureUnion
      *pFile.WINTRUST_FILE_INFO
      *pCatalog.WINTRUST_CATALOG_INFO
      *pBlob.WINTRUST_BLOB_INFO
      *pSgnr.WINTRUST_SGNR_INFO
      *pCert.WINTRUST_CERT_INFO
   EndStructureUnion
 
   dwStateAction.l
   _align3.l
   hWVTStateData.i
   *pwszURLReference.l
   dwProvFlags.l
   dwUIContext.l
 
EndStructure
 
Structure WINTRUST_FILE_INFO
  cbStruct.l
  _align1.l
  *pcwszFilePath.l
  hFile.i
  *pgKnownSubject.l
EndStructure

[Pupil]

Also find this line in "wintrust.pb4" and change the type of the variable 'gAction' to .i type.

Code: Select all

Define.l gAction 			= ?WINTRUST_ACTION_GENERIC_VERIFY_V2

[Thunder93]

Wow! Almost fully functional under x64.

Trusted -> moviethumb.exe
Trusted -> npPicasa3.dll
Trusted -> Picasa3.exe
Trusted -> PicasaPhotoViewer.exe
Trusted -> PicasaUpdater.exe
-> qtsupport.dll
Trusted -> setup.exe
-> Uninstall.exe


Under x86, I'm getting (Unknown Application) - Security Warning dialog appearing upon executing

[Thunder93]

Under x64, I guess it needs to be aligned little more to fix to retrieve the Not signed ->

[Thunder93]

I changed the Wintrust constants #TRUST_E_* values with decimal values instead, and is working now fully under x64. It's not working under x86 since the structure changes, it'll bring up Windows Vista - (Unknown Application) - Security Warning dialog...

[freak]

> It's not working under x86 since the structure changes

Of course. The alignment entries are for x64 only.

[Thunder93]

Thanks freak.

Oh, is there anyway to have the alignment entries enabled only under x64? or do I have to work between the two sets of structures?

[freak]

Code: Select all

CompilerIf #PB_Compiler_Processor = #PB_Processor_x64
  ; x64 only
CompilerEndIf

I was just too lazy to add that for every alignment field

[Thunder93]

LOL!, Thanks freak! Much appreciated, for your time on this matter.

[peterb]

Hi, can someone please publish the code for Verify Digital Signatures? Links from user dagcrack are dead.

Thanks, Petr

[DoubleDutch]

+1 to publishing the code that works on x86 and x64 - on the forum - not as a link...

[jassing]

I've been trying to figure out how to check the owner/publisher/name of the signer... any ideas?

[DoubleDutch]

That would be useful.

[Kukulkan]

Is anyone having a working version of this for recent PB version and working on 32/64 bit? I really need this but I can't get the codes above to work as structures and pointers seem to be not translated very well...

[Thunder93]

Version that supports PureBasic 5.31 x86 and x64


pb-wintrust_test.pb

Code: Select all

;pb/wintrust_test.pb4 - gushh.net 
;!Author: Gustavo J. Fiorenza (aim: gushhfx)
;!Date: 15/07/2008 - Rev: 1
;!Comments: Test code for wintrust.pb4
;!License: Bananas.

XIncludeFile "wintrust.pb"

Procedure.s TrustStatus( ReturnCode.l )
  Select ReturnCode
    Case #ERROR_SUCCESS
      ProcedureReturn "Trusted"
    Case #TRUST_E_PROVIDER_UNKNOWN
      ProcedureReturn "Provider Unknown"
    Case #TRUST_E_SUBJECT_FORM_UNKNOWN
      ProcedureReturn "Form Unknown"
    Case #TRUST_E_SUBJECT_NOT_TRUSTED
      ProcedureReturn "Not Trusted"
    Case #TRUST_E_NOSIGNATURE
      ProcedureReturn "Not signed"
  EndSelect
EndProcedure

Define.s szPath	= "C:\Program Files\Internet Explorer\" ; You may wanna change this path to a valid one!
If ExamineDirectory(0, szPath, "*.*")  
  While NextDirectoryEntry(0)
    If DirectoryEntryType(0) = #PB_DirectoryEntry_File
      Define.s szFile			= DirectoryEntryName(0)
      Define.l ReturnCode 		= VerifyFile( szPath + szFile )
      Debug TrustStatus(ReturnCode) + " -> " + szFile
    EndIf
  Wend
  FinishDirectory(0)
EndIf

Define.s szFile = "C:\Program Files\Internet Explorer\iexplore.exe"
Debug #CRLF$+" ...  "+TrustStatus(VerifyFile( szFile )) + " -> " + GetFilePart(szFile)

wintrust.pb

Code: Select all

;pb/wintrust.pb4 - gushh.net 
;!Author: Gustavo J. Fiorenza (aim: gushhfx)
;!Date: 15/07/2008 - Rev: 1
;!Comments: Ported from C, unknown original author (probably Microsoft?).
;!License: Bananas.

XIncludeFile "wintrust.pbi"

; 		#CP_UTF8 						= 65001
; 		#MB_ERR_INVALID_CHARS 			= $00000008

Procedure.l VerifyFile( Filename.s )
  
  Define.l WindowsMajorVersion 	= (LOBYTE(LOWORD(GetVersion_())))
  
  If(WindowsMajorVersion < 5)
    ProcedureReturn 2;
  EndIf
  
  Define.WINTRUST_DATA 		WinTD
  Define.WINTRUST_FILE_INFO 	wf
  
  Define.i gAction 			= ?WINTRUST_ACTION_GENERIC_VERIFY_V2
  Define.s wszPath 			= Space(#MAX_PATH*2)
  
  PokeS( @wszPath, FileName, Len(FileName)+1, #PB_Unicode )  
  
  With wf
    \cbStruct 			= SizeOf(WINTRUST_FILE_INFO)
    \hFile 				= #Null
    \pcwszFilePath 			= @wszPath
  EndWith
  
  With WinTD
    \cbStruct 			= SizeOf(WINTRUST_DATA)
    \dwUIChoice 			= #WTD_UI_NONE
    \dwUnionChoice 			= #WTD_CHOICE_FILE
    \fdwRevocationChecks 		= #WTD_REVOKE_NONE
    \pFile 				= wf
    \dwStateAction 			= #WTD_STATEACTION_IGNORE
    \dwProvFlags 			= #WTD_HASH_ONLY_FLAG | #WTD_REVOCATION_CHECK_NONE
  EndWith
  
  ProcedureReturn WinVerifyTrust_( 0, gAction, WinTD )
  
EndProcedure


;###
; in the event of malfunction, replace the PokeS(); line with:
;			MultiByteToWideChar_(#CP_UTF8, #MB_ERR_INVALID_CHARS, Filename, Len(Filename)+1, wszPath, Len(wszPath))
;	Right, you'll also need to define this constants:
; 		#CP_UTF8 						= 65001
;		#MB_ERR_INVALID_CHARS 			= $00000008
;###

wintrust.pbi

Code: Select all

;pb/wintrust.pb4i - gushh.net 
;!Author: Gustavo J. Fiorenza (aim: gushhfx)
;!Date: 15/07/2008 - Rev: 1
;!Comments: header of wintrust.pb4
;!License: Bananas.

#WTD_UI_NONE 					= 2
#WTD_CHOICE_FILE 				= 1
#WTD_REVOKE_NONE 				= 0
#WTD_STATEACTION_IGNORE 			= 0
#WTD_HASH_ONLY_FLAG 				= $00000200
#WTD_REVOCATION_CHECK_NONE			= $00000010


; #ERROR_SUCCESS   = 0

#TRUST_E_PROVIDER_UNKNOWN 			= -2146762751
#TRUST_E_ACTION_UNKNOWN				= -2146762750
#TRUST_E_SUBJECT_FORM_UNKNOWN			= -2146762749
#TRUST_E_SUBJECT_NOT_TRUSTED			= -2146762748
#TRUST_E_NOSIGNATURE				= -2146762496


Macro LOWORD( word ) 	: ( word & $FFFF ) 	: EndMacro
Macro LOBYTE( byte ) 	: ( byte & $FF ) 	: EndMacro

;### Thanks Trond!
Macro GUID(name, l1, w1, w2, b1b2, brest)
  DataSection
    name:
    Data.l $l1
    Data.w $w1, $w2
    Data.b $b1b2 >> 8, $b1b2 & $FF
    Data.b $brest >> 40 & $FF
    Data.b $brest >> 32 & $FF
    Data.b $brest >> 24 & $FF
    Data.b $brest >> 16 & $FF
    Data.b $brest >> 8 & $FF
    Data.b $brest & $FF
  EndDataSection
EndMacro

GUID(WINTRUST_ACTION_GENERIC_VERIFY_V2, 00AAC56B, CD44, 11D0, 8CC2, 00C04FC295EE)

;###

Structure WINTRUST_DATA  
  cbStruct.l
  CompilerIf #PB_Compiler_Processor = #PB_Processor_x64
    _align1.l
  CompilerEndIf   
  *pPolicyCallbackData   ;.l
  *pSIPClientData        ;.l 
  dwUIChoice.l
  fdwRevocationChecks.l 
  dwUnionChoice.l
  CompilerIf #PB_Compiler_Processor = #PB_Processor_x64   
    _align2.l
  CompilerEndIf
  
  StructureUnion 
    *pFile.WINTRUST_FILE_INFO 
    *pCatalog.WINTRUST_CATALOG_INFO 
    *pBlob.WINTRUST_BLOB_INFO 
    *pSgnr.WINTRUST_SGNR_INFO 
    *pCert.WINTRUST_CERT_INFO 
  EndStructureUnion 
  
  dwStateAction.l
  CompilerIf #PB_Compiler_Processor = #PB_Processor_x64   
    _align3.l
  CompilerEndIf
  hWVTStateData.i 
  *pwszURLReference   ;.l 
  dwProvFlags.l 
  dwUIContext.l 
  
EndStructure 

Structure WINTRUST_FILE_INFO 
  cbStruct.l
  CompilerIf #PB_Compiler_Processor = #PB_Processor_x64 
    align1.l
  CompilerEndIf
  *pcwszFilePath   ;.l 
  hFile.i
  *pgKnownSubject   ;.l 
EndStructure