Jump to content
kasty

_WinTrust.au3

Recommended Posts

kasty

This script makes use of WinTrust.dll and Crypt32.dll to:

- verify the integrity of a file with its embedded signature or a given catalog (based on the work of progandy http://www.autoit.de/index.php?page=Thread&postID=68477#post68477)

- determine the serial number, owner and issuer of the certificate used by the signature (developed by Kasty, based on C++ examples from MSDN)

It allows to specify paths in any codepage (inspect .au3 file for more information).

Example 1:

$filePath = ".signed.exe"$
signed = False
If _WinVerifyTrust($filePath) = $ERROR_SUCCESS Then $signed = True
ConsoleWrite($filepath & " is correctly signed = " & $signed & @LF)
$certInfo = _GetSignatureInfo($filepath)
ConsoleWrite("Serial Number: " & $certInfo[0] & @LF)
ConsoleWrite("Owner: " & $certInfo[1] & @LF)
ConsoleWrite("Issuer: " & $certInfo[2] & @LF)

Example 2:

If _WinVerifyTrust("test.zip", "test.cat", "File1") = $ERROR_SUCCESS Then $signed = True

See other post below for more information on how to make catalogs to sign non-PE files.

Regards.

_WinTrust.au3

Edited by kasty
  • Like 1

Share this post


Link to post
Share on other sites
supersonic

kasty,

please, can you explain your modifications in detail. I can see some changes but what their are for?

Greets,

-supersonic.

Edited by supersonic

Share this post


Link to post
Share on other sites
kasty

In the first version that I posted, I added support for file paths given in arbitrary codepages (i.e. UTF-8). I also cleaned up a little, removing some redundant functions. Now I'm posting a new version that adds support for files indirectly signed via catalogs (this was not in the original code). I use it to sign ZIP files, because they are not accepted directly by SignTool. If you want to sign such a file, you would do:

1) Create a test.cdf file with the following contents:

[CatalogHeader]
Name=test.cat
PublicVersion=0x0000001
EncodingType=0x00010001
CATATTR1=0x10010001:OSAttr:2:6.0
[CatalogFiles]
File1=test.zip

2) Build a catalog with Makecat:

makecat -v test.cdf

3) Sign the catalog:

SignTool sign /n "your_certificate_name" /i "issuer_name" test.cat

4) Check the signature with AutoIt:

If _WinVerifyTrust("test.zip", "test.cat", "File1") = $ERROR_SUCCESS Then $signed = True

In addition to that, I changed the original code to return the value from the WinVerifyTrust function. This allows you to check the reason why a given file is not correctly signed.

Please find the new version in the attachment, and tell me if it works for you. I tested it in Windows 7.

_WinTrust.au3

Edited by kasty

Share this post


Link to post
Share on other sites
supersonic

kasty,

thank you. I will test your new UDF version very soon and give you feedback.

Greets,

-supersonic.

Share this post


Link to post
Share on other sites
kasty

This new version allows retrieval of information about the certificate used to sign a file (serial number, owner and issuer). Tested in Windows 7 and Windows XP SP3.

$filePath = ".\signed.exe"
$signed = False
If _WinVerifyTrust($filePath) = $ERROR_SUCCESS Then $signed = True
ConsoleWrite($filepath & " is correctly signed = " & $signed & @LF)
$certInfo = _GetSignatureInfo($filepath)
ConsoleWrite("Serial Number: " & $certInfo[0] & @LF)
ConsoleWrite("Owner: " & $certInfo[1] & @LF)
ConsoleWrite("Issuer: " & $certInfo[2] & @LF)

_WinTrust.au3

  • Like 1

Share this post


Link to post
Share on other sites
supersonic

You need 5 (or more?) posts.

Share this post


Link to post
Share on other sites
supersonic

kasty,

please, can you explain the benefit if using '_WinAPI_MultiByteToWideChar()' instead of '$wszSourceFile = DllStructCreate("wchar[" & StringLen($SourceFile)+1 & "]")' as in ProyAndy's version?

Can you give a practical example?

Greets,

-supersonic.

Edited by supersonic

Share this post


Link to post
Share on other sites
kasty

Supersonic,

as far as I know, _WinAPI_MultiByteToWideChar() performs a codepage conversion (i.e. UTF-8 to MS Unicode representation, 2 bytes per character). DllStructCreate just allocates memory for your string.

Anyway, if you feel more comfortable, use ProyAndy's original version, or modify mine. I don't think I'll update this code in some time, as it already suits my needs.

Regards.

Edited by kasty

Share this post


Link to post
Share on other sites
supersonic

kasty,

thank you again.

Your UDF works fine for me, too.

Greets,

-supersonic.

Share this post


Link to post
Share on other sites
step887

So when I compile as x86, this works with no issues

If I compile as x64, it does not work.

adding winapi get last error, I found out that calling CertFindCertificateInStore returns error c0000005 which is the code for an access violation.

I highly suspect that it has to with cert_info Structure, but I can not figure out why it does not work compiled as x64.

Any ideas?

_WinTrust (3).au3

Edited by step887

Share this post


Link to post
Share on other sites
supersonic

I'm in same trouble - a solution would be indeed really nice... :-)

Share this post


Link to post
Share on other sites
step887

I did a bit of investigation, but I am not sure where to do from here 

On 32 bit:

Code Line 306  Local $iSize = 1408 

Code lines 321-324 

DllStructGetData($CMSG_SIGNER_INFO, "Issuer_cbData") =183 

DllStructGetData($CMSG_SIGNER_INFO, "Issuer_pbData"))= 0x02DFEFA8

DllStructGetData($CMSG_SIGNER_INFO, "SerialNumber_cbData") = 16

DllStructGetData($CMSG_SIGNER_INFO, "SerialNumber_pbData") = 0x06543FA8

On 64 bit:

Local $iSize = 1568
DllStructGetData($CMSG_SIGNER_INFO, "Issuer_cbData") =0

DllStructGetData($CMSG_SIGNER_INFO, "Issuer_pbData"))= 00000000000000B7

DllStructGetData($CMSG_SIGNER_INFO, "SerialNumber_cbData") = 64509688

DllStructGetData($CMSG_SIGNER_INFO, "SerialNumber_pbData") = 0x0000000000000010

Edit

So I figure it out.. 

it had to do with $tagCERT_INFO  and $tagCMSG_SIGNER_INFO, if running under x64 it needed UINT64 instead of DWORD

So I had to remove the const and replace DWORD with UINT64 if running under x64

Attached is the change 

_WinTrust (3).au3

Edited by step887
  • Like 1

Share this post


Link to post
Share on other sites
falcontechnics

The code helped me a lot. Thanks very much for your sharing, help and information.

Share this post


Link to post
Share on other sites
mLipok

Added to AutoIt Wiki UDF List :
https://www.autoitscript.com/wiki/User_Defined_Functions

 

 


Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API Forum Rules *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library
 

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskScheduler

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2018-10-31

Share this post


Link to post
Share on other sites
argumentum
9 hours ago, mLipok said:

Added to AutoIt Wiki UDF List

This UDF called my attention, tried it. Could not run it. Found a better version at https://www.autoitscript.com/forum/topic/161553-help-with-converting-c-to-autoit-a-dllcall-failes/?do=findComment&comment=1186579

PS: OP code, worked for me, the expanded later work, is the one I found to be better at the above link.

Edited by argumentum
  • Like 3

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×