|
|
//
// VERIFY.C
//
#include "sigverif.h"
//
// Find the file extension and place it in the lpFileNode->lpTypeName field
//
voidMyGetFileTypeName( LPFILENODE lpFileInfo ){ TCHAR szBuffer[MAX_PATH]; TCHAR szBuffer2[MAX_PATH]; TCHAR szExt[MAX_PATH]; LPTSTR lpExtension; ULONG BufCbSize; HRESULT hr;
//
// Initialize szBuffer to be an empty string.
//
szBuffer[0] = TEXT('\0');
//
// Walk to the end of lpFileName
//
for (lpExtension = lpFileInfo->lpFileName; *lpExtension; lpExtension++);
//
// Walk backwards until we hit a '.' and we'll use that as our extension
//
for (lpExtension--; *lpExtension && lpExtension >= lpFileInfo->lpFileName; lpExtension--) {
if (lpExtension[0] == TEXT('.')) { //
// Since the file extension is just used for display and logging purposes, if
// it is too large to fit in our local buffer then just truncate it.
//
if (SUCCEEDED(StringCchCopy(szExt, cA(szExt), lpExtension + 1))) { CharUpperBuff(szExt, lstrlen(szExt)); MyLoadString(szBuffer2, cA(szBuffer2), IDS_FILETYPE);
if (FAILED(StringCchPrintf(szBuffer, cA(szBuffer), szBuffer2, szExt))) { //
// There is no point in displaying a partial extension so
// just set szBuffer to the empty string so we show the
// generic extension.
//
szBuffer[0] = TEXT('\0'); } } } }
//
// If there's no extension, then just call this a "File".
//
if (szBuffer[0] == 0) {
MyLoadString(szBuffer, cA(szBuffer), IDS_FILE); }
BufCbSize = (lstrlen(szBuffer) + 1) * sizeof(TCHAR); lpFileInfo->lpTypeName = MALLOC(BufCbSize);
if (lpFileInfo->lpTypeName) {
hr = StringCbCopy(lpFileInfo->lpTypeName, BufCbSize, szBuffer);
if (FAILED(hr) && (hr != STRSAFE_E_INSUFFICIENT_BUFFER)) { //
// If we fail for some reason other than insufficient
// buffer, then free the string and set the pointer
// to NULL, since the string is undefined.
//
FREE(lpFileInfo->lpTypeName); lpFileInfo->lpTypeName = NULL; } }}
//
// Use SHGetFileInfo to get the icon index for the specified file.
//
voidMyGetFileInfo( LPFILENODE lpFileInfo ){ SHFILEINFO sfi; ULONG BufCbSize; HRESULT hr;
ZeroMemory(&sfi, sizeof(SHFILEINFO)); SHGetFileInfo( lpFileInfo->lpFileName, 0, &sfi, sizeof(SHFILEINFO), SHGFI_SYSICONINDEX | SHGFI_SMALLICON | SHGFI_TYPENAME);
lpFileInfo->iIcon = sfi.iIcon;
if (*sfi.szTypeName) {
BufCbSize = (lstrlen(sfi.szTypeName) + 1) * sizeof(TCHAR); lpFileInfo->lpTypeName = MALLOC(BufCbSize);
if (lpFileInfo->lpTypeName) {
hr = StringCbCopy(lpFileInfo->lpTypeName, BufCbSize, sfi.szTypeName);
if (FAILED(hr) && (hr != STRSAFE_E_INSUFFICIENT_BUFFER)) { //
// If we fail for some reason other than insufficient
// buffer, then free the string and set the pointer
// to NULL, since the string is undefined.
//
FREE(lpFileInfo->lpTypeName); lpFileInfo->lpTypeName = NULL; } }
} else {
MyGetFileTypeName(lpFileInfo); }}
voidGetFileVersion( LPFILENODE lpFileInfo ){ DWORD dwHandle, dwRet; UINT Length; BOOL bRet; LPVOID lpData = NULL; LPVOID lpBuffer; VS_FIXEDFILEINFO *lpInfo; TCHAR szBuffer[MAX_PATH]; TCHAR szBuffer2[MAX_PATH]; ULONG BufCbSize; HRESULT hr;
dwRet = GetFileVersionInfoSize(lpFileInfo->lpFileName, &dwHandle);
if (dwRet) {
lpData = MALLOC(dwRet + 1);
if (lpData) {
bRet = GetFileVersionInfo(lpFileInfo->lpFileName, dwHandle, dwRet, lpData);
if (bRet) {
lpBuffer = NULL; Length = 0; bRet = VerQueryValue(lpData, TEXT("\\"), &lpBuffer, &Length);
if (bRet) {
lpInfo = (VS_FIXEDFILEINFO *) lpBuffer;
MyLoadString(szBuffer2, cA(szBuffer2), IDS_VERSION);
hr = StringCchPrintf(szBuffer, cA(szBuffer), szBuffer2, HIWORD(lpInfo->dwFileVersionMS), LOWORD(lpInfo->dwFileVersionMS), HIWORD(lpInfo->dwFileVersionLS), LOWORD(lpInfo->dwFileVersionLS));
if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER)) {
BufCbSize = (lstrlen(szBuffer) + 1) * sizeof(TCHAR); lpFileInfo->lpVersion = MALLOC(BufCbSize);
if (lpFileInfo->lpVersion) {
hr = StringCbCopy(lpFileInfo->lpVersion, BufCbSize, szBuffer);
if (FAILED(hr) && (hr != STRSAFE_E_INSUFFICIENT_BUFFER)) { //
// If we fail for some reason other than insufficient
// buffer, then free the string and set the pointer
// to NULL, since the string is undefined.
//
FREE(lpFileInfo->lpVersion); lpFileInfo->lpVersion = NULL; } } } } }
FREE(lpData); } }
if (!lpFileInfo->lpVersion) {
MyLoadString(szBuffer, cA(szBuffer), IDS_NOVERSION); BufCbSize = (lstrlen(szBuffer) + 1) * sizeof(TCHAR); lpFileInfo->lpVersion = MALLOC(BufCbSize);
if (lpFileInfo->lpVersion) {
hr = StringCbCopy(lpFileInfo->lpVersion, BufCbSize, szBuffer);
if (FAILED(hr) && (hr != STRSAFE_E_INSUFFICIENT_BUFFER)) { //
// If we fail for some reason other than insufficient
// buffer, then free the string and set the pointer
// to NULL, since the string is undefined.
//
FREE(lpFileInfo->lpVersion); lpFileInfo->lpVersion = NULL; } } }}
/*************************************************************************
* Function : VerifyIsFileSigned* Purpose : Calls WinVerifyTrust with Policy Provider GUID to* verify if an individual file is signed.**************************************************************************/BOOLVerifyIsFileSigned( LPTSTR pcszMatchFile, PDRIVER_VER_INFO lpVerInfo ){ HRESULT hRes; WINTRUST_DATA WinTrustData; WINTRUST_FILE_INFO WinTrustFile; GUID gOSVerCheck = DRIVER_ACTION_VERIFY; GUID gPublishedSoftware = WINTRUST_ACTION_GENERIC_VERIFY_V2;
ZeroMemory(&WinTrustData, sizeof(WINTRUST_DATA)); WinTrustData.cbStruct = sizeof(WINTRUST_DATA); WinTrustData.dwUIChoice = WTD_UI_NONE; WinTrustData.dwUnionChoice = WTD_CHOICE_FILE; WinTrustData.dwStateAction = WTD_STATEACTION_AUTO_CACHE; WinTrustData.pFile = &WinTrustFile; WinTrustData.pPolicyCallbackData = (LPVOID)lpVerInfo; WinTrustData.dwProvFlags = WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT | WTD_CACHE_ONLY_URL_RETRIEVAL;
ZeroMemory(lpVerInfo, sizeof(DRIVER_VER_INFO)); lpVerInfo->cbStruct = sizeof(DRIVER_VER_INFO);
ZeroMemory(&WinTrustFile, sizeof(WINTRUST_FILE_INFO)); WinTrustFile.cbStruct = sizeof(WINTRUST_FILE_INFO);
WinTrustFile.pcwszFilePath = pcszMatchFile;
hRes = WinVerifyTrust(g_App.hDlg, &gOSVerCheck, &WinTrustData); if (hRes != ERROR_SUCCESS) {
hRes = WinVerifyTrust(g_App.hDlg, &gPublishedSoftware, &WinTrustData); }
//
// Free the pcSignerCertContext member of the DRIVER_VER_INFO struct
// that was allocated in our call to WinVerifyTrust.
//
if (lpVerInfo && lpVerInfo->pcSignerCertContext) {
CertFreeCertificateContext(lpVerInfo->pcSignerCertContext); lpVerInfo->pcSignerCertContext = NULL; }
return(hRes == ERROR_SUCCESS);}
//
// Given a specific LPFILENODE, verify that the file is signed or unsigned.
// Fill in all the necessary structures so the listview control can display properly.
//
BOOLVerifyFileNode( LPFILENODE lpFileNode ){ HANDLE hFile; BOOL bRet; HCATINFO hCatInfo = NULL; HCATINFO PrevCat; WINTRUST_DATA WinTrustData; WINTRUST_CATALOG_INFO WinTrustCatalogInfo; DRIVER_VER_INFO VerInfo; GUID gSubSystemDriver = DRIVER_ACTION_VERIFY; HRESULT hRes, hr; DWORD cbHash = HASH_SIZE; BYTE szHash[HASH_SIZE]; LPBYTE lpHash = szHash; CATALOG_INFO CatInfo; LPTSTR lpFilePart; TCHAR szBuffer[MAX_PATH]; static TCHAR szCurrentDirectory[MAX_PATH]; OSVERSIONINFO OsVersionInfo; ULONG BufCbSize;
//
// If this is the first item we are verifying, then initialize the static buffer.
//
if (lpFileNode == g_App.lpFileList) {
ZeroMemory(szCurrentDirectory, sizeof(szCurrentDirectory)); }
//
// Check the current directory against the one in the lpFileNode.
// We only want to call SetCurrentDirectory if the path is different.
//
if (lstrcmp(szCurrentDirectory, lpFileNode->lpDirName)) {
if (!SetCurrentDirectory(lpFileNode->lpDirName) || FAILED(StringCchCopy(szCurrentDirectory, cA(szCurrentDirectory), lpFileNode->lpDirName))) { //
// Well, if we fail to set the current directory, then the code below
// won't work since it just deals with filenames and not full paths.
//
lpFileNode->LastError = ERROR_DIRECTORY; return FALSE; } }
//
// Get the handle to the file, so we can call CryptCATAdminCalcHashFromFileHandle
//
hFile = CreateFile( lpFileNode->lpFileName, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile == INVALID_HANDLE_VALUE) {
lpFileNode->LastError = GetLastError();
return FALSE; }
//
// Initialize the hash buffer
//
ZeroMemory(lpHash, HASH_SIZE);
//
// Generate the hash from the file handle and store it in lpHash
//
if (!CryptCATAdminCalcHashFromFileHandle(hFile, &cbHash, lpHash, 0)) { //
// If we couldn't generate a hash, it might be an individually signed catalog.
// If it's a catalog, zero out lpHash and cbHash so we know there's no hash to check.
//
if (IsCatalogFile(hFile, NULL)) {
lpHash = NULL; cbHash = 0;
} else { // If it wasn't a catalog, we'll bail and this file will show up as unscanned.
CloseHandle(hFile); return FALSE; } }
//
// Close the file handle
//
CloseHandle(hFile);
//
// Now we have the file's hash. Initialize the structures that
// will be used later on in calls to WinVerifyTrust.
//
ZeroMemory(&WinTrustData, sizeof(WINTRUST_DATA)); WinTrustData.cbStruct = sizeof(WINTRUST_DATA); WinTrustData.dwUIChoice = WTD_UI_NONE; WinTrustData.dwUnionChoice = WTD_CHOICE_CATALOG; WinTrustData.dwStateAction = WTD_STATEACTION_AUTO_CACHE; WinTrustData.pPolicyCallbackData = (LPVOID)&VerInfo; WinTrustData.dwProvFlags = WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT | WTD_CACHE_ONLY_URL_RETRIEVAL;
ZeroMemory(&VerInfo, sizeof(DRIVER_VER_INFO)); VerInfo.cbStruct = sizeof(DRIVER_VER_INFO);
//
// Only validate against the current OS Version, unless the bValidateAgainstAnyOs
// parameter was TRUE. In that case we will just leave the sOSVersionXxx fields
// 0 which tells WinVerifyTrust to validate against any OS.
//
if (!lpFileNode->bValidateAgainstAnyOs) { OsVersionInfo.dwOSVersionInfoSize = sizeof(OsVersionInfo); if (GetVersionEx(&OsVersionInfo)) { VerInfo.sOSVersionLow.dwMajor = OsVersionInfo.dwMajorVersion; VerInfo.sOSVersionLow.dwMinor = OsVersionInfo.dwMinorVersion; VerInfo.sOSVersionHigh.dwMajor = OsVersionInfo.dwMajorVersion; VerInfo.sOSVersionHigh.dwMinor = OsVersionInfo.dwMinorVersion; } }
WinTrustData.pCatalog = &WinTrustCatalogInfo;
ZeroMemory(&WinTrustCatalogInfo, sizeof(WINTRUST_CATALOG_INFO)); WinTrustCatalogInfo.cbStruct = sizeof(WINTRUST_CATALOG_INFO); WinTrustCatalogInfo.pbCalculatedFileHash = lpHash; WinTrustCatalogInfo.cbCalculatedFileHash = cbHash; WinTrustCatalogInfo.pcwszMemberTag = lpFileNode->lpFileName;
//
// Now we try to find the file hash in the catalog list, via CryptCATAdminEnumCatalogFromHash
//
PrevCat = NULL;
if (g_App.hCatAdmin) { hCatInfo = CryptCATAdminEnumCatalogFromHash(g_App.hCatAdmin, lpHash, cbHash, 0, &PrevCat); } else { hCatInfo = NULL; }
//
// We want to cycle through the matching catalogs until we find one that matches both hash and member tag
//
bRet = FALSE; while (hCatInfo && !bRet) {
ZeroMemory(&CatInfo, sizeof(CATALOG_INFO)); CatInfo.cbStruct = sizeof(CATALOG_INFO);
if (CryptCATCatalogInfoFromContext(hCatInfo, &CatInfo, 0)) {
WinTrustCatalogInfo.pcwszCatalogFilePath = CatInfo.wszCatalogFile;
//
// Now verify that the file is an actual member of the catalog.
//
hRes = WinVerifyTrust(g_App.hDlg, &gSubSystemDriver, &WinTrustData);
if (hRes == ERROR_SUCCESS) { GetFullPathName(CatInfo.wszCatalogFile, cA(szBuffer), szBuffer, &lpFilePart); BufCbSize = (lstrlen(lpFilePart) + 1) * sizeof(TCHAR); lpFileNode->lpCatalog = MALLOC(BufCbSize);
if (lpFileNode->lpCatalog) {
hr = StringCbCopy(lpFileNode->lpCatalog, BufCbSize, lpFilePart);
if (FAILED(hr) && (hr != STRSAFE_E_INSUFFICIENT_BUFFER)) { //
// If we fail for some reason other than insufficient
// buffer, then free the string and set the pointer
// to NULL, since the string is undefined.
//
FREE(lpFileNode->lpCatalog); lpFileNode->lpCatalog = NULL; } }
bRet = TRUE; }
//
// Free the pcSignerCertContext member of the DRIVER_VER_INFO struct
// that was allocated in our call to WinVerifyTrust.
//
if (VerInfo.pcSignerCertContext != NULL) {
CertFreeCertificateContext(VerInfo.pcSignerCertContext); VerInfo.pcSignerCertContext = NULL; } }
if (!bRet) { //
// The hash was in this catalog, but the file wasn't a member...
// so off to the next catalog
//
PrevCat = hCatInfo; hCatInfo = CryptCATAdminEnumCatalogFromHash(g_App.hCatAdmin, lpHash, cbHash, 0, &PrevCat); } }
//
// Mark this file as having been scanned.
//
lpFileNode->bScanned = TRUE;
if (!hCatInfo) { //
// If it wasn't found in the catalogs, check if the file is individually
// signed.
//
bRet = VerifyIsFileSigned(lpFileNode->lpFileName, (PDRIVER_VER_INFO)&VerInfo);
if (bRet) { //
// If so, mark the file as being signed.
//
lpFileNode->bSigned = TRUE; }
} else { //
// The file was verified in the catalogs, so mark it as signed and free
// the catalog context.
//
lpFileNode->bSigned = TRUE; CryptCATAdminReleaseCatalogContext(g_App.hCatAdmin, hCatInfo, 0); }
if (lpFileNode->bSigned) {
BufCbSize = (lstrlen(VerInfo.wszVersion) + 1) * sizeof(TCHAR); lpFileNode->lpVersion = MALLOC(BufCbSize);
if (lpFileNode->lpVersion) {
hr = StringCbCopy(lpFileNode->lpVersion, BufCbSize, VerInfo.wszVersion);
if (FAILED(hr) && (hr != STRSAFE_E_INSUFFICIENT_BUFFER)) { //
// If we fail for some reason other than insufficient
// buffer, then free the string and set the pointer
// to NULL, since the string is undefined.
//
FREE(lpFileNode->lpVersion); lpFileNode->lpVersion = NULL; } }
BufCbSize = (lstrlen(VerInfo.wszSignedBy) + 1) * sizeof(TCHAR); lpFileNode->lpSignedBy = MALLOC(BufCbSize);
if (lpFileNode->lpSignedBy) {
hr = StringCbCopy(lpFileNode->lpSignedBy, BufCbSize, VerInfo.wszSignedBy);
if (FAILED(hr) && (hr != STRSAFE_E_INSUFFICIENT_BUFFER)) { //
// If we fail for some reason other than insufficient
// buffer, then free the string and set the pointer
// to NULL, since the string is undefined.
//
FREE(lpFileNode->lpSignedBy); lpFileNode->lpSignedBy = NULL; } } } else { //
// Get the icon (if the file isn't signed) so we can display it in the
// listview faster.
//
MyGetFileInfo(lpFileNode); }
return lpFileNode->bSigned;}
//
// This function loops through g_App.lpFileList to verify each file. We want to make this loop as tight
// as possible and keep the progress bar updating as we go. When we are done, we want to pop up a
// dialog that allows the user to choose "Details" which will give them the listview control.
//
BOOLVerifyFileList(void){ LPFILENODE lpFileNode; DWORD dwCount = 0; DWORD dwPercent = 0; DWORD dwCurrent = 0;
//
// Initialize the signed and unsigned counts
//
g_App.dwSigned = 0; g_App.dwUnsigned = 0;
//
// If we don't already have an g_App.hCatAdmin handle, acquire one.
//
if (!g_App.hCatAdmin) { CryptCATAdminAcquireContext(&g_App.hCatAdmin, NULL, 0); }
//
// Start looping through each file and update the progress bar if we cross
// a percentage boundary.
//
for (lpFileNode=g_App.lpFileList;lpFileNode && !g_App.bStopScan;lpFileNode=lpFileNode->next,dwCount++) { //
// Figure out the current percentage and update if it has increased.
//
dwPercent = (dwCount * 100) / g_App.dwFiles;
if (dwPercent > dwCurrent) {
dwCurrent = dwPercent; SendMessage(GetDlgItem(g_App.hDlg, IDC_PROGRESS), PBM_SETPOS, (WPARAM) dwCurrent, (LPARAM) 0); }
//
// Verify the file node if it hasn't already been scanned.
//
if (!lpFileNode->bScanned) {
VerifyFileNode(lpFileNode); }
//
// In case something went wrong, make sure the version information gets
// filled in.
//
if (!lpFileNode->lpVersion) {
GetFileVersion(lpFileNode); }
if (lpFileNode->bScanned) { //
// If the file was signed, increment the g_App.dwSigned or
// g_App.dwUnsigned counter.
//
if (lpFileNode->bSigned) {
g_App.dwSigned++;
} else {
g_App.dwUnsigned++; } } }
//
// If we had an g_App.hCatAdmin, free it and set it to zero so we can
// acquire a new one in the future.
//
if (g_App.hCatAdmin) {
CryptCATAdminReleaseContext(g_App.hCatAdmin,0); g_App.hCatAdmin = NULL; }
if (!g_App.bStopScan && !g_App.bAutomatedScan) { //
// If the user never clicked STOP, then make sure the progress bar hits
// 100%
//
if (!g_App.bStopScan) {
SendMessage(GetDlgItem(g_App.hDlg, IDC_PROGRESS), PBM_SETPOS, (WPARAM) 100, (LPARAM) 0); }
if (!g_App.dwUnsigned) { //
// If there weren't any unsigned files, then we want to tell the
// user that everything is dandy!
//
if (g_App.dwSigned) {
MyMessageBoxId(IDS_ALLSIGNED);
} else {
MyMessageBoxId(IDS_NOPROBLEMS); }
} else { // Show the user the results by going directly to IDD_RESULTS
//
DialogBox(g_App.hInstance, MAKEINTRESOURCE(IDD_RESULTS), g_App.hDlg, ListView_DlgProc); } }
return TRUE;}
|
