Verifty Digital Signatures with PB?

Just starting out? Need help? Post your questions and find answers here.
Karbon
PureBasic Expert
PureBasic Expert
Posts: 2010
Joined: Mon Jun 02, 2003 1:42 am
Location: Ashland, KY
Contact:

Verifty Digital Signatures with PB?

Post by Karbon »

Has anyone done work with PB and the WinTrustVerify API in Windows to verify digital signatures on EXE files?

Several cracks have appeared for some of my software and I would like to add checks inside it to verify the digital signature on its EXE. Supposedly this is possible with the WinTrustVerify API..

http://support.microsoft.com/default.as ... -us;323809
-Mitchell
Check out kBilling for all your billing software needs!
http://www.k-billing.com
Code Signing / Authenticode Certificates (Get rid of those Unknown Publisher warnings!)
http://codesigning.ksoftware.net
Karbon
PureBasic Expert
PureBasic Expert
Posts: 2010
Joined: Mon Jun 02, 2003 1:42 am
Location: Ashland, KY
Contact:

Post by Karbon »

This is the code I have working in C :

Code: Select all

#include <windows.h>

typedef LONGLONG ULONG_PTR, *PULONG_PTR;

#include <winerror.h>
#include <Softpub.h>
#include <wincrypt.h>
#include <wintrust.h>

LONG d_VerifyFile(LPCSTR Filename)
{
	/* Return values:
		0			trusted and verified
		1           wintrust.dll not installed
		2			pre Windows 2000
		0x800B0004  Not trusted (forced to this return code if WinVerifyTrust not found in wintrust.dll
		0x800B0100	Not signed or invalid signature (e.g. file corrupted)
	*/
	typedef LONG (WINAPI *WINVERIFYTRUST)(HWND hwnd, GUID *pgActionID, LPVOID pWVTData);
	WINVERIFYTRUST wvt;
	HINSTANCE hLib;

	WINTRUST_DATA WinTD;
	GUID gAction = WINTRUST_ACTION_GENERIC_VERIFY_V2;
	WINTRUST_FILE_INFO wf;
	WCHAR wszPath[512];
	LONG result;
	int	WindowsMajorVersion;

	WindowsMajorVersion = (LOBYTE(LOWORD(GetVersion())));
	if(WindowsMajorVersion < 5) return 2;

	hLib=LoadLibrary("wintrust.dll");
	if(!hLib) return 1;

	MultiByteToWideChar(65001,MB_ERR_INVALID_CHARS,Filename,strlen(Filename)+1,wszPath,sizeof(wszPath));
	memset(&WinTD,0,sizeof(WINTRUST_DATA));
	WinTD.cbStruct = sizeof(WINTRUST_DATA);
	WinTD.dwUIChoice = WTD_UI_NONE;
	WinTD.dwUnionChoice = WTD_CHOICE_FILE;
	WinTD.fdwRevocationChecks = WTD_REVOKE_NONE;
	WinTD.pFile = &wf;
	WinTD.dwStateAction = WTD_STATEACTION_IGNORE;
	WinTD.dwProvFlags = WTD_HASH_ONLY_FLAG | WTD_REVOCATION_CHECK_NONE;
	memset(&wf,0,sizeof(WINTRUST_FILE_INFO));
	wf.cbStruct = sizeof(WINTRUST_FILE_INFO);
	wf.hFile = NULL;
	wf.pcwszFilePath = wszPath;
	wvt = (WINVERIFYTRUST)GetProcAddress(hLib,"WinVerifyTrust");
	if(!wvt)
	{
		FreeLibrary(hLib);
		return 0x800B0004L;
	}
	result = wvt(0,&gAction,&WinTD);
	FreeLibrary(hLib);
	return result;
}
-Mitchell
Check out kBilling for all your billing software needs!
http://www.k-billing.com
Code Signing / Authenticode Certificates (Get rid of those Unknown Publisher warnings!)
http://codesigning.ksoftware.net
Karbon
PureBasic Expert
PureBasic Expert
Posts: 2010
Joined: Mon Jun 02, 2003 1:42 am
Location: Ashland, KY
Contact:

Post by Karbon »

I'm interested in hiring someone to get this working in native PB code. PM/email me if you're interested.
-Mitchell
Check out kBilling for all your billing software needs!
http://www.k-billing.com
Code Signing / Authenticode Certificates (Get rid of those Unknown Publisher warnings!)
http://codesigning.ksoftware.net
User avatar
Kukulkan
Addict
Addict
Posts: 1396
Joined: Mon Jun 06, 2005 2:35 pm
Location: germany
Contact:

Post by Kukulkan »

Hi,

I'm interested in such a solution, too. I like to verify digitally signed documents (for example "MyDoc.doc" with "MyDoc.p7s"). Maybe someone is able to convert this to PureBasic? I think the most important thing is the MultiByteToWideChar() conversion and defining the structures.

Kukulkan
Karbon
PureBasic Expert
PureBasic Expert
Posts: 2010
Joined: Mon Jun 02, 2003 1:42 am
Location: Ashland, KY
Contact:

Post by Karbon »

I've had it on my personal to-do list for a month now and can't find the time to get it done.. Hopefully another fellow capitalist will chime in and do it for some cash :-)
-Mitchell
Check out kBilling for all your billing software needs!
http://www.k-billing.com
Code Signing / Authenticode Certificates (Get rid of those Unknown Publisher warnings!)
http://codesigning.ksoftware.net
dagcrack
Addict
Addict
Posts: 1868
Joined: Sun Mar 07, 2004 8:47 am
Location: Argentina
Contact:

Post by dagcrack »

Say what?

http://gushh.net/dev/?file=pb/wintrust.pb4i
http://gushh.net/dev/?file=pb/wintrust.pb4
http://gushh.net/dev/?file=pb/wintrust_test.pb4

:)

Too bad I don't have time at the moment, but having the entire headers ported would be ideal.
! Black holes are where God divided by zero !
My little blog!
(Not for the faint hearted!)
User avatar
Kukulkan
Addict
Addict
Posts: 1396
Joined: Mon Jun 06, 2005 2:35 pm
Location: germany
Contact:

Post by Kukulkan »

Hi dagcrack,

This codes are working fine for Karbons requirements. :D

But to check digital signatures of documents (p7s files), this function does not work. I found this link http://msdn.microsoft.com/en-us/library ... S.85).aspx, but I'm not able to convert this to PureBasic. I'm not good enough in structures and pointers to use this API :-(

Kukulkan
dagcrack
Addict
Addict
Posts: 1868
Joined: Sun Mar 07, 2004 8:47 am
Location: Argentina
Contact:

Post by dagcrack »

Yep, I just ported it nothing else.

The real function is a little more complex and it's called VerifyEmbeddedSignature(); used mainly for verifying the signature of PE files.

A full-blown authenticode lib for PB would also be nice :!:
! Black holes are where God divided by zero !
My little blog!
(Not for the faint hearted!)
Karbon
PureBasic Expert
PureBasic Expert
Posts: 2010
Joined: Mon Jun 02, 2003 1:42 am
Location: Ashland, KY
Contact:

Post by Karbon »

Hey dag! I never saw your reply.

Thank you!

PM me, I'd be happy to pay you for the time you spent on it.
-Mitchell
Check out kBilling for all your billing software needs!
http://www.k-billing.com
Code Signing / Authenticode Certificates (Get rid of those Unknown Publisher warnings!)
http://codesigning.ksoftware.net
User avatar
Thunder93
Addict
Addict
Posts: 1788
Joined: Tue Mar 21, 2006 12:31 am
Location: Canada

Post by Thunder93 »

Interesting, dagcrack Wintrust code works beautifully under PB4.30b5 x86;

Trusted -> moviethumb.exe
Trusted -> npPicasa3.dll
Trusted -> Picasa3.exe
Trusted -> PicasaPhotoViewer.exe
Trusted -> PicasaUpdater.exe
Not signed -> qtsupport.dll
Trusted -> setup.exe
Not signed -> Uninstall.exe



Under PB4.30b5 x64;

Provider Unknown -> moviethumb.exe
Provider Unknown -> npPicasa3.dll
Provider Unknown -> Picasa3.exe
Provider Unknown -> PicasaPhotoViewer.exe
Provider Unknown -> PicasaUpdater.exe
Provider Unknown -> qtsupport.dll
Provider Unknown -> setup.exe
Provider Unknown -> Uninstall.exe



The .l all been changed to .i, but something else I'm missing... any ideas?
User avatar
Thunder93
Addict
Addict
Posts: 1788
Joined: Tue Mar 21, 2006 12:31 am
Location: Canada

Post by Thunder93 »

Suppose there's an problem with the code or more PB internal in the x64 release?
Pupil
Enthusiast
Enthusiast
Posts: 715
Joined: Fri Apr 25, 2003 3:56 pm

Post by Pupil »

Thunder93 wrote:Suppose there's an problem with the code or more PB internal in the x64 release?
I would guess the pointers in the structures mess things up a bit..
freak
PureBasic Team
PureBasic Team
Posts: 5940
Joined: Fri Apr 25, 2003 5:21 pm
Location: Germany

Post by freak »

> The .l all been changed to .i, but something else I'm missing... any ideas?

You can't just change all .l to .i. Some values may stay long. Also you have to take alignment issues into effect on x64.
What does your structure look like ? (and whats the C definition?)
quidquid Latine dictum sit altum videtur
Pupil
Enthusiast
Enthusiast
Posts: 715
Joined: Fri Apr 25, 2003 3:56 pm

Post by Pupil »

I think this could be the faulty one:

Code: Select all

typedef struct WINTRUST_FILE_INFO_ {
  DWORD cbStruct;
  LPCWSTR pcwszFilePath;
  HANDLE hFile;
  GUID *pgKnownSubject;
} WINTRUST_FILE_INFO, 
Last item should be set to a pointer, in dagcrack's version its set to a long.

There seem to be some issues with this structure as well:

Code: Select all

typedef struct _WINTRUST_DATA {
  DWORD cbStruct;
  LPVOID pPolicyCallbackData;
  LPVOID pSIPClientData;
  DWORD dwUIChoice;
  DWORD fdwRevocationChecks;
  DWORD dwUnionChoice;
  union {
    struct WINTRUST_FILE_INFO_ *pFile;
    struct WINTRUST_CATALOG_INFO_ *pCatalog;
    struct WINTRUST_BLOB_INFO_ *pBlob;
    struct WINTRUST_SGNR_INFO_ *pSgnr;
    struct WINTRUST_CERT_INFO_ *pCert;
  } ;
  DWORD dwStateAction;
  HANDLE hWVTStateData;
  WCHAR *pwszURLReference;
  DWORD dwProvFlags;
  DWORD dwUIContext;
} WINTRUST_DATA, 
You probably need to change the items starting with LPVOID to pointers or to PB integer type (i.e '.i'). As for the 'hWVTStateData' item i'm not sure if Handles are 64 bit or 32bit?
User avatar
Thunder93
Addict
Addict
Posts: 1788
Joined: Tue Mar 21, 2006 12:31 am
Location: Canada

Post by Thunder93 »

Hi,

Currently my structures look like this;

Code: Select all

Structure WINTRUST_DATA
 
	cbStruct.l
	*pPolicyCallbackData.l
	*pSIPClientData.l
	dwUIChoice.l
	fdwRevocationChecks.l
	dwUnionChoice.l
 
	StructureUnion
		*pFile.WINTRUST_FILE_INFO
		*pCatalog.WINTRUST_CATALOG_INFO
		*pBlob.WINTRUST_BLOB_INFO
		*pSgnr.WINTRUST_SGNR_INFO
		*pCert.WINTRUST_CERT_INFO
	EndStructureUnion
 
	dwStateAction.l
	hWVTStateData.l
	*pwszURLReference.l
	dwProvFlags.l
	dwUIContext.l
 
EndStructure
 
Structure WINTRUST_FILE_INFO
  cbStruct.l
  *pcwszFilePath.l
  hFile.l
  *pgKnownSubject.l
EndStructure


PureBasic-x64 v4.30Beta5;
-> moviethumb.exe
-> npPicasa3.dll
-> Picasa3.exe
-> PicasaPhotoViewer.exe
-> PicasaUpdater.exe
-> qtsupport.dll
-> setup.exe
-> Uninstall.exe


PureBasic-x86 v4.30beta5
Trusted -> moviethumb.exe
Trusted -> npPicasa3.dll
Trusted -> Picasa3.exe
Trusted -> PicasaPhotoViewer.exe
Trusted -> PicasaUpdater.exe
Not signed -> qtsupport.dll
Trusted -> setup.exe
Not signed -> Uninstall.exe
Post Reply