Jump to content

_WinTrust.au3

kasty

By kasty,
in AutoIt Example Scripts

 Share

Recommended Posts

kasty Seeker

kasty

Posted
Posted (edited)

This script makes use of WinTrust.dll and Crypt32.dll to:

- verify the integrity of a file with its embedded signature or a given catalog (based on the work of progandy http://www.autoit.de/index.php?page=Thread&postID=68477#post68477)

- determine the serial number, owner and issuer of the certificate used by the signature (developed by Kasty, based on C++ examples from MSDN)

It allows to specify paths in any codepage (inspect .au3 file for more information).

Example 1:

$filePath = ".signed.exe"$
signed = False
If _WinVerifyTrust($filePath) = $ERROR_SUCCESS Then $signed = True
ConsoleWrite($filepath & " is correctly signed = " & $signed & @LF)
$certInfo = _GetSignatureInfo($filepath)
ConsoleWrite("Serial Number: " & $certInfo[0] & @LF)
ConsoleWrite("Owner: " & $certInfo[1] & @LF)
ConsoleWrite("Issuer: " & $certInfo[2] & @LF)

Example 2:

If _WinVerifyTrust("test.zip", "test.cat", "File1") = $ERROR_SUCCESS Then $signed = True

See other post below for more information on how to make catalogs to sign non-PE files.

Regards.

_WinTrust.au3

Edited by kasty
Link to comment
Share on other sites
kasty Seeker

kasty

Posted
  • Author
Posted (edited)

In the first version that I posted, I added support for file paths given in arbitrary codepages (i.e. UTF-8). I also cleaned up a little, removing some redundant functions. Now I'm posting a new version that adds support for files indirectly signed via catalogs (this was not in the original code). I use it to sign ZIP files, because they are not accepted directly by SignTool. If you want to sign such a file, you would do:

1) Create a test.cdf file with the following contents:

[CatalogHeader]
Name=test.cat
PublicVersion=0x0000001
EncodingType=0x00010001
CATATTR1=0x10010001:OSAttr:2:6.0
[CatalogFiles]
File1=test.zip

2) Build a catalog with Makecat:

makecat -v test.cdf

3) Sign the catalog:

SignTool sign /n "your_certificate_name" /i "issuer_name" test.cat

4) Check the signature with AutoIt:

If _WinVerifyTrust("test.zip", "test.cat", "File1") = $ERROR_SUCCESS Then $signed = True

In addition to that, I changed the original code to return the value from the WinVerifyTrust function. This allows you to check the reason why a given file is not correctly signed.

Please find the new version in the attachment, and tell me if it works for you. I tested it in Windows 7.

_WinTrust.au3

Edited by kasty
Link to comment
Share on other sites
kasty Seeker

kasty

Posted
  • Author
Posted

This new version allows retrieval of information about the certificate used to sign a file (serial number, owner and issuer). Tested in Windows 7 and Windows XP SP3.

$filePath = ".\signed.exe"
$signed = False
If _WinVerifyTrust($filePath) = $ERROR_SUCCESS Then $signed = True
ConsoleWrite($filepath & " is correctly signed = " & $signed & @LF)
$certInfo = _GetSignatureInfo($filepath)
ConsoleWrite("Serial Number: " & $certInfo[0] & @LF)
ConsoleWrite("Owner: " & $certInfo[1] & @LF)
ConsoleWrite("Issuer: " & $certInfo[2] & @LF)

_WinTrust.au3

Link to comment
Share on other sites
supersonic Universalist

supersonic

Posted
Posted (edited)

kasty,

please, can you explain the benefit if using '_WinAPI_MultiByteToWideChar()' instead of '$wszSourceFile = DllStructCreate("wchar[" & StringLen($SourceFile)+1 & "]")' as in ProyAndy's version?

Can you give a practical example?

Greets,

-supersonic.

Edited by supersonic
Link to comment
Share on other sites
kasty Seeker

kasty

Posted
  • Author
Posted (edited)

Supersonic,

as far as I know, _WinAPI_MultiByteToWideChar() performs a codepage conversion (i.e. UTF-8 to MS Unicode representation, 2 bytes per character). DllStructCreate just allocates memory for your string.

Anyway, if you feel more comfortable, use ProyAndy's original version, or modify mine. I don't think I'll update this code in some time, as it already suits my needs.

Regards.

Edited by kasty
Link to comment
Share on other sites
  • 2 years later...
step887 Adventurer

step887

Posted
Posted (edited)

So when I compile as x86, this works with no issues

If I compile as x64, it does not work.

adding winapi get last error, I found out that calling CertFindCertificateInStore returns error c0000005 which is the code for an access violation.

I highly suspect that it has to with cert_info Structure, but I can not figure out why it does not work compiled as x64.

Any ideas?

_WinTrust (3).au3

Edited by step887
Link to comment
Share on other sites
step887 Adventurer

step887

Posted
Posted (edited)

I did a bit of investigation, but I am not sure where to do from here 

On 32 bit:

Code Line 306  Local $iSize = 1408 

Code lines 321-324 

DllStructGetData($CMSG_SIGNER_INFO, "Issuer_cbData") =183 

DllStructGetData($CMSG_SIGNER_INFO, "Issuer_pbData"))= 0x02DFEFA8

DllStructGetData($CMSG_SIGNER_INFO, "SerialNumber_cbData") = 16

DllStructGetData($CMSG_SIGNER_INFO, "SerialNumber_pbData") = 0x06543FA8

On 64 bit:

Local $iSize = 1568
DllStructGetData($CMSG_SIGNER_INFO, "Issuer_cbData") =0

DllStructGetData($CMSG_SIGNER_INFO, "Issuer_pbData"))= 00000000000000B7

DllStructGetData($CMSG_SIGNER_INFO, "SerialNumber_cbData") = 64509688

DllStructGetData($CMSG_SIGNER_INFO, "SerialNumber_pbData") = 0x0000000000000010

Edit

So I figure it out.. 

it had to do with $tagCERT_INFO  and $tagCMSG_SIGNER_INFO, if running under x64 it needed UINT64 instead of DWORD

So I had to remove the const and replace DWORD with UINT64 if running under x64

Attached is the change 

_WinTrust (3).au3

Edited by step887
Link to comment
Share on other sites
  • 1 year later...
  • 1 year later...
mLipok Universalist

mLipok

Posted
Posted

Added to AutoIt Wiki UDF List :
https://www.autoitscript.com/wiki/User_Defined_Functions

 

 

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 *

 

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskSchedulerIE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related:How to get reference to PDF object embeded in IE * IE on Windows 11

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

I also encourage you to check awesome @trancexx code:  * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuffOnHungApp handlerAvoid "AutoIt Error" message box in unknown errors  * HTML editor

winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2023-04-24

Link to comment
Share on other sites
argumentum Universalist

argumentum

Posted
Posted (edited)
9 hours ago, mLipok said:

Added to AutoIt Wiki UDF List

This UDF called my attention, tried it. Could not run it. Found a better version at https://www.autoitscript.com/forum/topic/161553-help-with-converting-c-to-autoit-a-dllcall-failes/?do=findComment&comment=1186579

PS: OP code, worked for me, the expanded later work, is the one I found to be better at the above link.

Edited by argumentum

Follow the link to my code contribution ( and other things too ).
FAQ - Please Read Before Posting.
autoit_scripter_blue_userbar.png

Link to comment
Share on other sites
  • 2 years later...
Tupac Seeker

Tupac

Posted
Posted

Hello, everybody.

In the course of determining the certificate information of a signed file I came across this article. The _WinTrust.au3 mentioned here works very well, but only the less meaningful parameters like serial number, CN are determined. 

I have already done some tests, but so far I have not been able to determine the fingerprint of a certificate using the UDF. Is this theoretically possible via the UDF?

Thanks in advance & greetings,
Tupac

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...