Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

117 lines
2.9 KiB

  1. #include <nt.h>
  2. #include <ntrtl.h>
  3. #include <nturtl.h>
  4. #include <windows.h>
  5. #include <stdio.h>
  6. #include <stdlib.h>
  7. #include <stddef.h>
  8. #include <wincrypt.h>
  9. #include <imagehlp.h>
  10. #define WIN_CERT_TYPE_STACK_DLL_SIGNATURE WIN_CERT_TYPE_TS_STACK_SIGNED
  11. BOOL UnSignFile( LPWSTR wszFile );
  12. /*****************************************************************************/
  13. void _cdecl main(int argc, char *argv[])
  14. {
  15. WCHAR szSourceFile[ MAX_PATH + 1];
  16. DWORD dwBc;
  17. if (argc != 2) {
  18. printf( "Usage: %s PE_File_Name\n", argv[0] );
  19. exit(1);
  20. }
  21. if(RtlMultiByteToUnicodeN( szSourceFile, sizeof(szSourceFile), &dwBc,
  22. argv[1], (strlen(argv[1]) + 1) ) == STATUS_SUCCESS)
  23. {
  24. if(!UnSignFile(szSourceFile)) {
  25. printf("Error removing signature!\n");
  26. exit(1);
  27. }
  28. printf("Signature removed successfully.\n");
  29. exit(0);
  30. }
  31. else
  32. {
  33. printf("RtlMultiByteToUnicode function failed.\n");
  34. }
  35. }
  36. //////////////////////////////////////////////////////////////
  37. //
  38. // Open a file in the appropriate permissions / mode for doing
  39. // our signing stuff
  40. //
  41. //////////////////////////////////////////////////////////////
  42. HANDLE OpenImageFile( LPCWSTR wszFile, DWORD dwAccess )
  43. {
  44. HANDLE hFile;
  45. if (wszFile) {
  46. hFile = CreateFile( wszFile,
  47. dwAccess,
  48. FILE_SHARE_READ,
  49. NULL,
  50. OPEN_EXISTING,
  51. FILE_ATTRIBUTE_NORMAL,
  52. NULL
  53. );
  54. return hFile;
  55. } else {
  56. return INVALID_HANDLE_VALUE;
  57. }
  58. }
  59. ///////////////////////////////////////////////////////////////////////
  60. //
  61. // Unsign Code, Data, and Resources of a PE image file
  62. //
  63. ///////////////////////////////////////////////////////////////////////
  64. BOOL
  65. UnSignFile(
  66. LPWSTR wszFile
  67. )
  68. {
  69. BOOL fResult = FALSE; // preset ERROR case
  70. HANDLE hFile;
  71. DWORD dwCertIndex;
  72. DWORD cCert;
  73. if ( !(hFile = OpenImageFile( wszFile, GENERIC_WRITE | GENERIC_READ )) ) {
  74. printf("Error %x during OpenImageFile\n", GetLastError() );
  75. goto OpenImageFileError;
  76. }
  77. // Remove any and all Stack DLL Signature Certificates from PE file
  78. while (TRUE) {
  79. cCert = 0;
  80. dwCertIndex = 0;
  81. if (!ImageEnumerateCertificates(
  82. hFile,
  83. WIN_CERT_TYPE_STACK_DLL_SIGNATURE,
  84. &cCert,
  85. &dwCertIndex,
  86. 1 // IndexCount
  87. )) {
  88. break;
  89. }
  90. if (cCert == 0) {
  91. break;
  92. }
  93. if (!ImageRemoveCertificate(hFile, dwCertIndex)) {
  94. goto ImageRemoveCertificateError;
  95. }
  96. }
  97. fResult = TRUE;
  98. ImageRemoveCertificateError:
  99. OpenImageFileError:
  100. return fResult;
  101. }