archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/termsrv/tscert/tscrtadd/tscrtadd.c

299 lines
7.3 KiB
Raw Normal View History

Add source files
4 years ago
  1. #include <nt.h>
  2. #include <ntrtl.h>
  3. #include <nturtl.h>
  4. #include <windows.h>
  5. #include <stdio.h>
  6. #include <stdlib.h>
  7. #include <stddef.h>
  8. #include <wincrypt.h>
  9. #include <imagehlp.h>
  11. #ifdef IN_TERMSRV
  12. #else
  13. #define MemAlloc malloc
  14. #define MemFree free
  15. #endif
  17. #ifdef SIGN_DEBUG
  18. #define SIGN_DBGP(x) printf x
  19. #else // SIGN_DEBUG
  20. #define SIGN_DBGP(x)
  21. #endif // SIGN_DEBUG
  23. #include "../inc/privblob.h"
  25. #define WIN_CERT_TYPE_STACK_DLL_SIGNATURE WIN_CERT_TYPE_TS_STACK_SIGNED
  27. BOOL SignFile( LPWSTR wszFile );
  29. /*****************************************************************************/
  30. void _cdecl main(int argc, char *argv[])
  31. {
  33. WCHAR szSourceFile[ MAX_PATH + 1];
  34. DWORD dwBc;
  36. if (argc != 2) {
  37. printf( "Usage: %s PE_File_Name\n", argv[0] );
  38. exit(1);
  39. }
  41. if(RtlMultiByteToUnicodeN( szSourceFile, sizeof(szSourceFile), &dwBc,
  42. argv[1], (strlen(argv[1]) + 1) ) == STATUS_SUCCESS)
  43. {
  45. if( szSourceFile == NULL || !SignFile(szSourceFile) ) {
  46. printf("Error signing file!\n");
  47. exit(1);
  48. }
  50. printf("Signature added successfully.\n");
  51. exit(0);
  52. }
  53. else
  54. {
  55. printf("Error conversion from Ansi to Unicode.\n");
  56. exit(1);
  57. }
  58. }
  61. typedef struct _DIGEST_PARA {
  62. HCRYPTHASH hHash;
  63. } DIGEST_PARA, *PDIGEST_PARA;
  66. BOOL
  67. WINAPI
  68. DigestFile(
  69. DIGEST_HANDLE hDigest,
  70. PBYTE pb,
  71. DWORD cb )
  72. {
  73. PDIGEST_PARA pdp = (PDIGEST_PARA)hDigest;
  75. if (pb == (PBYTE)-1) {
  76. return( TRUE );
  77. } else {
  78. return( CryptHashData(pdp->hHash, pb, cb, 0) );
  79. }
  80. }
  83. //////////////////////////////////////////////////////////////
  84. //
  85. // Open a file in the appropriate permissions / mode for doing
  86. // our signing stuff
  87. //
  88. //////////////////////////////////////////////////////////////
  89. HANDLE OpenImageFile( LPCWSTR wszFile, DWORD dwAccess )
  90. {
  91. HANDLE hFile;
  92. if (wszFile) {
  93. hFile = CreateFile( wszFile,
  94. dwAccess,
  95. FILE_SHARE_READ,
  96. NULL,
  97. OPEN_EXISTING,
  98. FILE_ATTRIBUTE_NORMAL,
  99. NULL
  100. );
  101. return hFile;
  102. } else {
  103. return INVALID_HANDLE_VALUE;
  104. }
  105. }
  107. ///////////////////////////////////////////////////////////////////////
  108. //
  109. // Sign Code, Data, and Resources of a PE image file, and add the
  110. // signature to the file in the form of a "WIN_CERTIFICATE".
  111. //
  112. ///////////////////////////////////////////////////////////////////////
  113. BOOL
  114. SignFile(
  115. LPWSTR wszFile
  116. )
  117. {
  118. HCRYPTPROV hProv;
  119. HCRYPTKEY hPrivateKeySig = 0;
  120. BOOL fResult = FALSE; // preset ERROR case
  121. HANDLE hFile;
  122. DWORD dwErr = ERROR_SUCCESS;
  123. DWORD dwSignatureLen;
  124. DWORD dwCert;
  125. DWORD dwCertIndex;
  126. DWORD cCert;
  127. DIGEST_PARA dp;
  128. PBYTE pbSignature;
  129. LPWIN_CERTIFICATE pCertHdr;
  131. if ( !(hFile = OpenImageFile( wszFile, GENERIC_WRITE | GENERIC_READ )) ) {
  132. printf("Error %x during OpenImageFile\n", GetLastError() );
  133. goto OpenImageFileError;
  134. }
  136. if (!CryptAcquireContext(
  137. &hProv,
  138. NULL,
  139. MS_DEF_PROV,
  140. PROV_RSA_FULL,
  141. CRYPT_VERIFYCONTEXT))
  142. {
  143. SIGN_DBGP( ("Error %x during CryptAcquireContext\n", GetLastError()) );
  144. goto CryptAcquireContextError;
  145. }
  147. if (!CryptImportKey(
  148. hProv,
  149. PrivateKeySigBlob, // from #include "../inc/privblob.h"
  150. sizeof( PrivateKeySigBlob ),
  151. 0,
  152. CRYPT_EXPORTABLE,
  153. &hPrivateKeySig)) {
  154. SIGN_DBGP( ("Error %x during CryptImportKey!\n", GetLastError()) );
  155. goto CryptImportKeyError;
  156. }
  158. memset( &dp, 0, sizeof(dp));
  159. if (!CryptCreateHash(
  160. hProv,
  161. CALG_MD5,
  162. 0,
  163. 0,
  164. &dp.hHash)) {
  165. SIGN_DBGP( ("Error %x during CryptCreateHash\n", GetLastError()) );
  166. goto CryptCreateHashError;
  167. }
  169. if (!ImageGetDigestStream(
  170. hFile,
  171. 0,
  172. DigestFile,
  173. (DIGEST_HANDLE)&dp)) {
  174. SIGN_DBGP( ("Error %x during ImageGetDigestStream\n", GetLastError()) );
  175. goto ImageGetDigestStreamError;
  177. }
  179. //
  180. // Sign hash object.
  181. //
  183. // Determine size of signature.
  184. dwSignatureLen = 0;
  185. if(!CryptSignHash(
  186. dp.hHash,
  187. AT_SIGNATURE,
  188. NULL,
  189. 0,
  190. NULL,
  191. &dwSignatureLen)) {
  192. SIGN_DBGP( ("Error %x during CryptSignHash 1! SigLen = %d\n",
  193. GetLastError(),
  194. dwSignatureLen) );
  195. goto CryptSignHash1Error;
  196. }
  198. // Allocate memory for 'pbSignature'.
  199. if((pbSignature = MemAlloc(dwSignatureLen)) == NULL) {
  200. SIGN_DBGP( ("Out of memory Sig!\n") );
  201. goto SigAllocError;
  202. }
  204. // Sign hash object (with signature key).
  205. if(!CryptSignHash(
  206. dp.hHash,
  207. AT_SIGNATURE,
  208. NULL,
  209. 0,
  210. pbSignature,
  211. &dwSignatureLen)) {
  212. SIGN_DBGP( ("Error %x during CryptSignHash 2!\n", GetLastError()) );
  213. goto CryptSignHash2Error;
  214. }
  216. SIGN_DBGP( ("Signature length = %d\n", dwSignatureLen) );
  217. dwCert = offsetof( WIN_CERTIFICATE, bCertificate ) + dwSignatureLen;
  218. if (NULL == (pCertHdr = (LPWIN_CERTIFICATE) MemAlloc(dwCert))) {
  219. SIGN_DBGP( ("Out of memory Cert!\n") );
  220. goto CertAllocError;
  221. }
  223. // Put the signature and key into the WIN_CERTIFICATE structure
  224. pCertHdr->dwLength = dwCert;
  225. pCertHdr->wRevision = WIN_CERT_REVISION_1_0;
  226. pCertHdr->wCertificateType = WIN_CERT_TYPE_STACK_DLL_SIGNATURE;
  227. memcpy( &pCertHdr->bCertificate[0], pbSignature, dwSignatureLen );
  229. {
  230. unsigned int cnt=0;
  231. while ( cnt < dwSignatureLen ) {
  232. int i;
  233. for ( i=0; (i < 16) && (cnt < dwSignatureLen); cnt++,i++) {
  234. SIGN_DBGP( ("%02x ", pCertHdr->bCertificate[cnt]) );
  235. }
  236. SIGN_DBGP( ("\n") );
  237. }
  238. }
  240. // Remove any and all Stack DLL Signature Certificates from PE file
  241. while (TRUE) {
  242. cCert = 0;
  243. dwCertIndex = 0;
  244. if (!ImageEnumerateCertificates(
  245. hFile,
  246. WIN_CERT_TYPE_STACK_DLL_SIGNATURE,
  247. &cCert,
  248. &dwCertIndex,
  249. 1 // IndexCount
  250. )) {
  251. break;
  252. }
  253. if (cCert == 0) {
  254. break;
  255. }
  256. if (!ImageRemoveCertificate(hFile, dwCertIndex)) {
  257. SIGN_DBGP( ("Error %x during ImageRemoveCertificate\n",
  258. GetLastError()) );
  259. goto ImageRemoveCertificateError;
  260. }
  261. }
  263. if (!ImageAddCertificate(
  264. hFile,
  265. pCertHdr,
  266. &dwCertIndex)) {
  267. SIGN_DBGP( ("Error %x during ImageAddCertificate\n", GetLastError()) );
  268. goto ImageAddCertificateError;
  269. }
  271. fResult = TRUE;
  273. ImageAddCertificateError:
  274. ImageRemoveCertificateError:
  275. MemFree( pCertHdr );
  277. CertAllocError:
  278. CryptSignHash2Error:
  279. MemFree( pbSignature );
  281. SigAllocError:
  282. CryptSignHash1Error:
  283. ImageGetDigestStreamError:
  284. CryptDestroyHash( dp.hHash );
  286. CryptCreateHashError:
  287. CryptDestroyKey(hPrivateKeySig);
  289. CryptImportKeyError:
  290. dwErr = GetLastError();
  291. CryptReleaseContext( hProv, 0 );
  292. SetLastError( dwErr );
  294. CryptAcquireContextError:
  295. CloseHandle( hFile );
  297. OpenImageFileError:
  298. return fResult;
  299. }