Verifying the Signature of a PE File

最新推荐文章于 2025-03-03 00:39:38 发布
最新推荐文章于 2025-03-03 00:39:38 发布
阅读量866 收藏
点赞数
分类专栏: 编程学习
本文提供了一个详细的示例,展示了如何利用WinVerifyTrust API 来验证可移植可执行文件的数字签名。通过使用WinVerifyTrust函数,可以检查文件是否由受信任的证书签名,确保其身份已被认证机构验证,以及最终用户是否信任发布者。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

微软数字签名验证:

The WinVerifyTrust API can be used to verify the signature of a portable executable file.

The following example shows how to use the WinVerifyTrust API to verify the signature of a signed portable executable file.

//-------------------------------------------------------------------
// Copyright (C) Microsoft.  All rights reserved.
// Example of verifying the embedded signature of a PE file by using 
// the WinVerifyTrust function.

#define _UNICODE 1
#define UNICODE 1

#include <tchar.h>
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <Softpub.h>
#include <wincrypt.h>
#include <wintrust.h>

// Link with the Wintrust.lib file.
#pragma comment (lib, "wintrust")

BOOL VerifyEmbeddedSignature(LPCWSTR pwszSourceFile)
{
    LONG lStatus;
    DWORD dwLastError;

    // Initialize the WINTRUST_FILE_INFO structure.

    WINTRUST_FILE_INFO FileData;
    memset(&FileData, 0, sizeof(FileData));
    FileData.cbStruct = sizeof(WINTRUST_FILE_INFO);
    FileData.pcwszFilePath = pwszSourceFile;
    FileData.hFile = NULL;
    FileData.pgKnownSubject = NULL;

    /*
    WVTPolicyGUID specifies the policy to apply on the file
    WINTRUST_ACTION_GENERIC_VERIFY_V2 policy checks:
    
    1) The certificate used to sign the file chains up to a root 
    certificate located in the trusted root certificate store. This 
    implies that the identity of the publisher has been verified by 
    a certification authority.
    
    2) In cases where user interface is displayed (which this example
    does not do), WinVerifyTrust will check for whether the  
    end entity certificate is stored in the trusted publisher store,  
    implying that the user trusts content from this publisher.
    
    3) The end entity certificate has sufficient permission to sign 
    code, as indicated by the presence of a code signing EKU or no 
    EKU.
    */

    GUID WVTPolicyGUID = WINTRUST_ACTION_GENERIC_VERIFY_V2;
    WINTRUST_DATA WinTrustData;

    // Initialize the WinVerifyTrust input data structure.

    // Default all fields to 0.
    memset(&WinTrustData, 0, sizeof(WinTrustData));

    WinTrustData.cbStruct = sizeof(WinTrustData);
    
    // Use default code signing EKU.
    WinTrustData.pPolicyCallbackData = NULL;

    // No data to pass to SIP.
    WinTrustData.pSIPClientData = NULL;

    // Disable WVT UI.
    WinTrustData.dwUIChoice = WTD_UI_NONE;

    // No revocation checking.
    WinTrustData.fdwRevocationChecks = WTD_REVOKE_NONE; 

    // Verify an embedded signature on a file.
    WinTrustData.dwUnionChoice = WTD_CHOICE_FILE;

    // Default verification.
    WinTrustData.dwStateAction = 0;

    // Not applicable for default verification of embedded signature.
    WinTrustData.hWVTStateData = NULL;

    // Not used.
    WinTrustData.pwszURLReference = NULL;

    // This is not applicable if there is no UI because it changes 
    // the UI to accommodate running applications instead of 
    // installing applications.
    WinTrustData.dwUIContext = 0;

    // Set pFile.
    WinTrustData.pFile = &FileData;

    // WinVerifyTrust verifies signatures as specified by the GUID 
    // and Wintrust_Data.
    lStatus = WinVerifyTrust(
        NULL,
        &WVTPolicyGUID,
        &WinTrustData);

    switch (lStatus) 
    {
        case ERROR_SUCCESS:
            /*
            Signed file:
                - Hash that represents the subject is trusted.

                - Trusted publisher without any verification errors.

                - UI was disabled in dwUIChoice. No publisher or 
                    time stamp chain errors.

                - UI was enabled in dwUIChoice and the user clicked 
                    "Yes" when asked to install and run the signed 
                    subject.
            */
            wprintf_s(L"The file \"%s\" is signed and the signature "
                L"was verified.\n",
                pwszSourceFile);
            break;
        
        case TRUST_E_NOSIGNATURE:
            // The file was not signed or had a signature 
            // that was not valid.

            // Get the reason for no signature.
            dwLastError = GetLastError();
            if (TRUST_E_NOSIGNATURE == dwLastError ||
                    TRUST_E_SUBJECT_FORM_UNKNOWN == dwLastError ||
                    TRUST_E_PROVIDER_UNKNOWN == dwLastError) 
            {
                // The file was not signed.
                wprintf_s(L"The file \"%s\" is not signed.\n",
                    pwszSourceFile);
            } 
            else 
            {
                // The signature was not valid or there was an error 
                // opening the file.
                wprintf_s(L"An unknown error occurred trying to "
                    L"verify the signature of the \"%s\" file.\n",
                    pwszSourceFile);
            }

            break;

        case TRUST_E_EXPLICIT_DISTRUST:
            // The hash that represents the subject or the publisher 
            // is not allowed by the admin or user.
            wprintf_s(L"The signature is present, but specifically "
                L"disallowed.\n");
            break;

        case TRUST_E_SUBJECT_NOT_TRUSTED:
            // The user clicked "No" when asked to install and run.
            wprintf_s(L"The signature is present, but not "
                L"trusted.\n");
            break;

        case CRYPT_E_SECURITY_SETTINGS:
            /*
            The hash that represents the subject or the publisher 
            was not explicitly trusted by the admin and the 
            admin policy has disabled user trust. No signature, 
            publisher or time stamp errors.
            */
            wprintf_s(L"CRYPT_E_SECURITY_SETTINGS - The hash "
                L"representing the subject or the publisher wasn't "
                L"explicitly trusted by the admin and admin policy "
                L"has disabled user trust. No signature, publisher "
                L"or timestamp errors.\n");
            break;

        default:
            // The UI was disabled in dwUIChoice or the admin policy 
            // has disabled user trust. lStatus contains the 
            // publisher or time stamp chain error.
            wprintf_s(L"Error is: 0x%x.\n",
                lStatus);
            break;
    }

    return true;
}

int _tmain(int argc, _TCHAR* argv[])
{
    if(argc > 1)
    {
        VerifyEmbeddedSignature(argv[1]);
    }

    return 0;
}


 

C++ 验证微软数字签名
zhihu008的专栏
01-11 6555
C++ 验证微软数字签名    BOOL CheckFileTrust( LPCWSTR lpFileName ) { BOOL bRet = FALSE; WINTRUST_DATA wd = { 0 }; WINTRUST_FILE_INFO wfi = { 0 }; WINTRUST_CATALOG_INFO wci = { 0 }; CATALOG_INFO ci
Centos8安装Mysql5.7
weixin_36912391的博客
09-11 302
添加MySQL存储库 [root@iZ2zebe4i14pe986mk0b2hZ ~]# sudo dnf remove @mysql Repository epel is listed more than once in the configuration Last metadata expiration check: 0:28:09 ago on Sat 11 Sep 2021 01:49:59 PM CST. Unable to match profile in argument mysql Depe
判断程序签名是否有效
looklzg1105的专栏
08-21 1354
#include #include #include // Link with the Wintrust.lib file. #pragma comment (lib, "wintrust") BOOL VerifyEmbeddedSignature(LPCWSTR pwszSourceFile) { LONG lStatus; DWORD dwLastError;
判断文件是否签名
majiandongde的专栏
01-06 1025
#include #include #include #pragma comment(lib, "crypt32.lib") #pragma comment(lib, "Wintrust.lib") BOOL CheckFileTrust(LPCWSTR lpFileName) {         BOOL bRet = FALSE;         WINTRUST_DAT
VerifyFile验证文件签名
weixin_34109408的博客
04-17 695
摘自金山pcmanager:http://code.ijinshan.com/trac/browser/pcmanager/src/publish/communits?order=name 功能只适用于2000和xp,win7下不行。 // testst.cpp : 定义控制台应用程序的入口点。 // #include "stdafx.h" #include <Window...
检查可执行文件是否有签名
学习微软 .net 技术开发
04-08 1704
版权声明:本文为博主原创文章,转载请在显著位置标明本文出处以及作者网名,未经作者允许不得用于商业目的。 检查可执行文件是否有签名 网上大多数是C++或者C#的,做成了vb.net的。 设计窗体上增加一个按钮控件, 具体代码: Imports System.Runtime.InteropServices Public Class Form1 Private Declare ...
研究报告1
08-04
具体流程可在Example C Program: Verifying the Signature of a PE File文档中找到。 **Logon(基于启动目录和注册表)**: - **启动目录**:Windows的启动目录包括%ProgramData%\Microsoft\Windows\Start Menu\...
README
vekrio的博客
10-25 3398
stu linux学习 1:centos7查看版本信息 登陆root帐户,输入 cat /etc/redhat-release,即可显示系统版本 输入 uname -r ,可以查询内核版本 输入 df -h,可以查看各分区的使用情况。其中,从左到右各列的内容依次是: 文件系统、总大小、已使用大小、剩余大小、使用率、挂载点。 输入du -sh,则可以查...
2018年全国职业技能大赛服务器部分-样题C卷(涉及LVM、RAID、IIS、DNS主从(Windows-Centos7)、IIS-Https,FTP)
Yvresse的博客
04-24 949
此篇为2018国赛专题第三篇,现将设计到的技术以及实现分享给各位。若有不妥或者需要改善之处请联系博主。 联系方式为(VX:Yvresse_ai) 环境说明: 云平台:RG-JCOS 操作系统:Centos7 样题C卷服务网络Topo: 样题C卷系统Topo: A网卡信息及主机名: B网卡信息及主机名: [root@b ~]# ip addr 1: ...
freeswitch使用jssip集成网页电话,nginx配置https协议
weixin_43439748的博客
05-06 3118
文章目录网页集成软电话配置freeswitch开启wssnginx配置自签名https域名页面集成软电话开发 网页集成软电话 网页集成软电话需要使用https协议,页面与freeswitch平台建立websocket长连接。使用jssip库进行相关开发 生成https自签名证书 下载ssl.ca-0.1.tar.gz wget http://files.freeswitch.org/downloads/ssl.ca-0.1.tar.gz 解压ssl.ca-0.1.tar.gz tar zxfv
验证exe文件数字签名
02-02
验证exe文件数字签名,使用API。很简单的DEMO。
验证签名(章)是否有效的方法
weixin_30530523的博客
02-16 418
已知一个签名,需要校验该签名是否有效,校验步骤如下: 1.校验签名内容是否正确 2.校验签名时间是否正确 3.校验签名证书是否有效(证书是否已启用且未过期) 4.校验签名证书是否被吊销(CRL) 转载于:https://www.cnblogs.com/lin-bear/p/5193092.html...
SSL: CERTIFICATE_VERIFY_FAILED Error in Python 是什么问题?
最新发布
kcarly的专栏
03-03 1404
在最新版本的Stable Diffusion webui 版本上使用最新下载的模型时,出现了类似的错误。错误在Python中通常表示你的程序试图通过HTTPS连接到某个服务器,但Python无法验证该服务器提供的SSL证书。:这是最常见的原因,特别是在某些操作系统(如macOS)上,默认安装的Python版本可能没有包含最新的或任何的CA证书包。你可以通过安装certifi库来解决这个问题,它提供了一个最新的CA证书集合。
Verifying a Signature
仓木小子的专栏
11-25 553
 Verifying a SignatureFirstAlice:alice  Creates a keystore, alice.certs, and generates a key pair with alias alice:keytool -genkeypair -keystore alice.certs -alias aliceexport a certificat
验证文件数字签名
多媒体编程、网络编程、系统编程、网络安全编程、驱动编程
01-07 2159
工作中碰到需要判断一个PE文件是否是所确认的文件,而不是被替换过的。直接判断文件名的话有些不保险,别人只要修改下文件名,就可以以假乱真。 因而需要判断额外的信息;由于文件有数字签名,判断数字签名因而是一个比较好的方法,但是如果只是判断数字签名是否有效也不够,别人只要用自己的证书重新签名就可以了,所以需要判断证书签名者信息。 验证文件数字签名是否有效可以使用函数 WinVerif
Android应用程序签名验证过程分析
热门推荐
Roland_Sun的专栏
12-19 1万+
在前面的《Android应用程序签名过程分析》中,我大致分析了Android应用程序签名的过程,接下来我将结合源代码,分析一下Android应用程序在安装过程中对签名进行验证的过程。 我们还是用前面的例子分析,假设签名后,apk文件中多了一个META-INF目录,里面有三个文件,分别是MANIFEST.MF、CERT.SF和CERT.RSA: 通过前面的分析,我们可以知道,MANI
检测文件的数字签名
bankelei6741的博客
03-15 390
//------------------------------------------------------------------- // Copyright (c) Microsoft Corporation. All rights reserved. // Example of verifying the embedded signature of a PE file by u...
校验文件数字签名的合法性(VerifyPE)
weixin_34342992的博客
07-13 665
Authenticode®是一种数字签名格式,它是用来验证二进制软件的来源和完整性。Authenticode是基于公开密匙加密标准(PKCS) #7 来签名数据,并使用X.509证书来绑定经过数字签发的二进制程序与其软件发布者的身份的联系。这份文档包含Authenticode签名的结构和技术细节。 这份文档不讨论如何签发/处理X.509证书,如何使用Windows SDK工具来签署二进制...
zipfile.BadZipFile: File is not a zip file
04-04
- Check if the file is actually a ZIP file by verifying its extension and contents. - Try opening the file with a different ZIP file reader or software to see if the issue is with the software you are...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值