I need to verify code signatures of binaries. Microsoft Authenticode I think is the term. Is there a sane way to do this using the Windows API?
Have you looked at WinVerifyTrust ? Since it's not immediately obvious how to use it to verify the signature of a binary, you probably want to look at the sample code specifically for that.
How to find authenticode for drivers:
Disclaimer: I did not write this code.
BOOL VerifyEmbeddedSignature(LPCWSTR pwszSourceFile)
{
LONG lStatus;
GUID WintrustVerifyGuid = WINTRUST_ACTION_GENERIC_VERIFY_V2;
GUID DriverActionGuid = DRIVER_ACTION_VERIFY;
HANDLE hFile;
DWORD dwHash;
BYTE bHash[100];
HCATINFO hCatInfo;
HCATADMIN hCatAdmin;
WINTRUST_DATA wd = { 0 };
WINTRUST_FILE_INFO wfi = { 0 };
WINTRUST_CATALOG_INFO wci = { 0 };
////set up structs to verify files with cert signatures
memset(&wfi, 0, sizeof(wfi));
wfi.cbStruct = sizeof( WINTRUST_FILE_INFO );
wfi.pcwszFilePath = pwszSourceFile;
wfi.hFile = NULL;
wfi.pgKnownSubject = NULL;
memset(&wd, 0, sizeof(wd));
wd.cbStruct = sizeof( WINTRUST_DATA );
wd.dwUnionChoice = WTD_CHOICE_FILE;
wd.pFile = &wfi;
wd.dwUIChoice = WTD_UI_NONE;
wd.fdwRevocationChecks = WTD_REVOKE_NONE;
wd.dwStateAction = 0;
wd.dwProvFlags = WTD_SAFER_FLAG;
wd.hWVTStateData = NULL;
wd.pwszURLReference = NULL;
wd.pPolicyCallbackData = NULL;
wd.pSIPClientData = NULL;
wd.dwUIContext = 0;
lStatus = WinVerifyTrust( NULL, &WintrustVerifyGuid, &wd );
////if failed, try to verify using catalog files
if (lStatus != ERROR_SUCCESS)
{
//open the file
hFile = CreateFileW(pwszSourceFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE)
return FALSE;
dwHash = sizeof(bHash);
if (!CryptCATAdminCalcHashFromFileHandle(hFile, &dwHash, bHash, 0))
{
CloseHandle(hFile);
return FALSE;
}
//Create a string form of the hash (used later in pszMemberTag)
LPWSTR pszMemberTag = new WCHAR[dwHash * 2 + 1];
for ( DWORD dw = 0; dw < dwHash; ++dw )
{
wsprintfW( &pszMemberTag[dw * 2], L"%02X", bHash[dw] );
}
if (!CryptCATAdminAcquireContext(&hCatAdmin, &DriverActionGuid, 0))
{
CloseHandle(hFile);
return FALSE;
}
//find the catalog which contains the hash
hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdmin, bHash, dwHash, 0, NULL);
if ( hCatInfo )
{
CATALOG_INFO ci = { 0 };
CryptCATCatalogInfoFromContext( hCatInfo, &ci, 0 );
memset(&wci, 0, sizeof(wci));
wci.cbStruct = sizeof( WINTRUST_CATALOG_INFO );
wci.pcwszCatalogFilePath = ci.wszCatalogFile;
wci.pcwszMemberFilePath = pwszSourceFile;
wci.pcwszMemberTag = pszMemberTag;
memset(&wd, 0, sizeof(wd));
wd.cbStruct = sizeof( WINTRUST_DATA );
wd.dwUnionChoice = WTD_CHOICE_CATALOG;
wd.pCatalog = &wci;
wd.dwUIChoice = WTD_UI_NONE;
wd.fdwRevocationChecks = WTD_STATEACTION_VERIFY;
wd.dwProvFlags = 0;
wd.hWVTStateData = NULL;
wd.pwszURLReference = NULL;
wd.pPolicyCallbackData = NULL;
wd.pSIPClientData = NULL;
wd.dwUIContext = 0;
lStatus = WinVerifyTrust( NULL, &WintrustVerifyGuid, &wd );
CryptCATAdminReleaseCatalogContext( hCatAdmin, hCatInfo, 0 );
}
CryptCATAdminReleaseContext( hCatAdmin, 0 );
delete[] pszMemberTag;
CloseHandle(hFile);
}
if (lStatus != ERROR_SUCCESS)
return false;
else
return true;
}
Here is the working code to verify a file (technically any file type).
#include <stdio.h>
#include <windows.h>
#include <Softpub.h>
#include <wincrypt.h>
#include <wintrust.h>
#include <mscat.h>
#include <atlbase.h>
// Link with the Wintrust.lib file.
#pragma comment (lib, "wintrust")
BOOL VerifySignature(LPCSTR path) //We will receive the char* filepath not wchar*
{
USES_CONVERSION;
LPCWSTR pwszSourceFile = A2W(path); //We convert the char* to wchar*
LONG lStatus;
GUID WintrustVerifyGuid = WINTRUST_ACTION_GENERIC_VERIFY_V2;
GUID DriverActionGuid = DRIVER_ACTION_VERIFY;
HANDLE hFile;
DWORD dwHash;
BYTE bHash[100];
HCATINFO hCatInfo;
HCATADMIN hCatAdmin;
WINTRUST_DATA wd = { 0 };
WINTRUST_FILE_INFO wfi = { 0 };
WINTRUST_CATALOG_INFO wci = { 0 };
////set up structs to verify files with cert signatures
wfi.cbStruct = sizeof(WINTRUST_FILE_INFO);
wfi.pcwszFilePath = pwszSourceFile;
wfi.hFile = NULL;
wfi.pgKnownSubject = NULL;
wd.cbStruct = sizeof(WINTRUST_DATA);
wd.pPolicyCallbackData = NULL;
wd.pSIPClientData = NULL;
wd.dwUIChoice = WTD_UI_NONE;
wd.fdwRevocationChecks = WTD_REVOKE_NONE;
wd.dwUnionChoice = WTD_CHOICE_FILE;
wd.pFile = &wfi;
wd.dwStateAction = WTD_STATEACTION_VERIFY;
wd.hWVTStateData = NULL;
wd.pwszURLReference = NULL;
wd.dwProvFlags |= WTD_CACHE_ONLY_URL_RETRIEVAL;
wd.dwUIContext = 0;
wd.pSignatureSettings = 0;
lStatus = WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd);
wd.dwStateAction = WTD_STATEACTION_CLOSE;
WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd); //close hWVTStateData
////if failed, try to verify using catalog files
if (lStatus != ERROR_SUCCESS)
{
//open the file
hFile = CreateFileW(pwszSourceFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE)
return FALSE;
dwHash = sizeof(bHash);
if (!CryptCATAdminCalcHashFromFileHandle(hFile, &dwHash, bHash, 0))
{
CloseHandle(hFile);
return FALSE;
}
//Create a string form of the hash (used later in pszMemberTag)
LPWSTR pszMemberTag = new WCHAR[dwHash * 2 + 1];
for (DWORD dw = 0; dw < dwHash; ++dw)
{
wsprintfW(&pszMemberTag[dw * 2], L"%02X", bHash[dw]);
}
if (!CryptCATAdminAcquireContext(&hCatAdmin, &DriverActionGuid, 0))
{
CloseHandle(hFile);
return FALSE;
}
//find the catalog which contains the hash
hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdmin, bHash, dwHash, 0, NULL);
if (hCatInfo)
{
CATALOG_INFO ci = { 0 };
CryptCATCatalogInfoFromContext(hCatInfo, &ci, 0);
memset(&wci, 0, sizeof(wci));
wci.cbStruct = sizeof(WINTRUST_CATALOG_INFO);
wci.pcwszCatalogFilePath = ci.wszCatalogFile;
wci.pcwszMemberFilePath = pwszSourceFile;
wci.hMemberFile = hFile;
wci.pcwszMemberTag = pszMemberTag;
wci.pbCalculatedFileHash = bHash;
wci.cbCalculatedFileHash = dwHash;
wci.hCatAdmin = hCatAdmin;
memset(&wd, 0, sizeof(wd));
wd.cbStruct = sizeof(WINTRUST_DATA);
wd.pPolicyCallbackData = NULL;
wd.pSIPClientData = NULL;
wd.dwUIChoice = WTD_UI_NONE;
wd.fdwRevocationChecks = WTD_REVOKE_NONE;
wd.dwUnionChoice = WTD_CHOICE_CATALOG;
wd.pCatalog = &wci;
wd.dwStateAction = WTD_STATEACTION_VERIFY;
wd.hWVTStateData = NULL;
wd.pwszURLReference = NULL;
wd.dwProvFlags |= WTD_CACHE_ONLY_URL_RETRIEVAL;
wd.dwUIContext = 0;
wd.pSignatureSettings = 0;
lStatus = WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd);
wd.dwStateAction = WTD_STATEACTION_CLOSE;
WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &WintrustVerifyGuid, &wd); //close hWVTStateData
CryptCATAdminReleaseCatalogContext(hCatAdmin, hCatInfo, 0);
}
CryptCATAdminReleaseContext(hCatAdmin, 0);
delete[] pszMemberTag;
CloseHandle(hFile);
}
return (lStatus == ERROR_SUCCESS);
}
int main(int argc, char *argv[])
{
if (VerifySignature(argv[1]))
printf("Verified file signature\n");
else
printf("Could not verify file signature\n");
return 0;
}
Related
The following code creates a window with a opengl rendering context.
Everything works fine, but somehow the window close event doesn't correlate to the wm_delete_window atom.
static int
hnd_connect_to_xcb
(
hnd_linux_window_t *_window
)
{
_window->renderer.display = XOpenDisplay((char *)NULL);
if (!hnd_assert(_window->renderer.display != NULL, "Could not open display"))
return HND_NK;
_window->renderer.default_screen = DefaultScreen(_window->renderer.display);
_window->connection = XGetXCBConnection(_window->renderer.display);
if (!hnd_assert(_window->connection != NULL, "Could not connect to X display"))
return HND_NK;
XSetEventQueueOwner(_window->renderer.display, XCBOwnsEventQueue);
/* Get screen data */
xcb_screen_iterator_t screen_iterator = xcb_setup_roots_iterator(xcb_get_setup(_window->connection));
for (int i = _window->renderer.default_screen; i > 0; --i)
xcb_screen_next(&screen_iterator);
_window->screen_data = screen_iterator.data;
if (!hnd_set_fb_configs(&_window->renderer))
return HND_NK;
return HND_OK;
}
static void
hnd_set_window_properties
(
hnd_linux_window_t *_window
)
{
/* Set title */
xcb_intern_atom_cookie_t utf8_string_cookie =
hnd_create_intern_atom_cookie(_window->connection, HND_NK, "UTF8_STRING");
_window->utf8_string = hnd_create_intern_atom_reply(_window->connection, utf8_string_cookie);
xcb_intern_atom_cookie_t wm_name_cookie =
hnd_create_intern_atom_cookie(_window->connection, HND_NK, "WM_NAME");
_window->wm_name = hnd_create_intern_atom_reply(_window->connection, wm_name_cookie);
xcb_change_property(_window->connection,
XCB_PROP_MODE_REPLACE,
_window->id,
_window->wm_name->atom,
_window->utf8_string->atom,
8,
strlen(_window->title),
_window->title);
/* Add listener for close event */
xcb_intern_atom_cookie_t wm_protocols_cookie =
hnd_create_intern_atom_cookie(_window->connection, HND_OK, "WM_PROTOCOLS");
_window->wm_protocols = hnd_create_intern_atom_reply(_window->connection, wm_protocols_cookie);
xcb_intern_atom_cookie_t wm_delete_cookie =
hnd_create_intern_atom_cookie(_window->connection, HND_NK, "WM_DELETE_WINDOW");
_window->wm_delete_window = hnd_create_intern_atom_reply(_window->connection, wm_delete_cookie);
xcb_change_property(_window->connection,
XCB_PROP_MODE_REPLACE,
_window->id,
_window->wm_protocols->atom,
XCB_ATOM_ATOM,
32,
1,
&_window->wm_delete_window->atom);
}
hnd_linux_window_t *
hnd_create_window
(
const char *_title,
unsigned int _left,
unsigned int _top,
unsigned int _width,
unsigned int _height,
unsigned int _decoration
)
{
hnd_linux_window_t *new_window = malloc(sizeof(hnd_linux_window_t));
if (!hnd_assert(new_window != NULL, NULL))
return NULL;
if (!hnd_connect_to_xcb(new_window))
return NULL;
new_window->title = (char *)_title;
new_window->left = _left;
new_window->top = _top;
new_window->width = _width;
new_window->height = _height;
new_window->running = HND_OK;
if (!hnd_init_renderer(&new_window->renderer))
{
hnd_destroy_window(new_window);
return NULL;
}
new_window->colormap_id = xcb_generate_id(new_window->connection);
xcb_create_colormap(new_window->connection,
XCB_COLORMAP_ALLOC_NONE,
new_window->colormap_id,
new_window->screen_data->root,
new_window->renderer.visual_id);
new_window->value_mask = XCB_CW_EVENT_MASK | XCB_CW_COLORMAP;
new_window->event_mask = XCB_EVENT_MASK_EXPOSURE |
XCB_EVENT_MASK_BUTTON_PRESS |
XCB_EVENT_MASK_BUTTON_RELEASE |
XCB_EVENT_MASK_POINTER_MOTION |
XCB_EVENT_MASK_BUTTON_MOTION |
XCB_EVENT_MASK_ENTER_WINDOW |
XCB_EVENT_MASK_LEAVE_WINDOW |
XCB_EVENT_MASK_KEY_PRESS |
XCB_EVENT_MASK_KEY_RELEASE;
new_window->value_list[0] = new_window->event_mask;
new_window->value_list[1] = new_window->colormap_id;
/* Create window */
new_window->id = xcb_generate_id(new_window->connection);
xcb_create_window(new_window->connection,
XCB_COPY_FROM_PARENT,
new_window->id,
new_window->screen_data->root,
new_window->left,
new_window->top,
new_window->width,
new_window->height,
0,
XCB_WINDOW_CLASS_INPUT_OUTPUT,
new_window->renderer.visual_id,
new_window->value_mask,
new_window->value_list);
hnd_set_window_properties(new_window);
hnd_set_window_decoration(new_window, _decoration);
xcb_map_window(new_window->connection, new_window->id);
xcb_flush(new_window->connection);
/* Finish opengl binding */
new_window->renderer.gl_window = glXCreateWindow(new_window->renderer.display,
new_window->renderer.current_fb_config,
new_window->id,
0);
if (!hnd_assert(new_window->renderer.gl_window, "Could not create OpenGL window"))
{
hnd_destroy_window(new_window);
return NULL;
}
if (!hnd_assert(glXMakeContextCurrent(new_window->renderer.display,
new_window->renderer.gl_window,
new_window->renderer.gl_window,
new_window->renderer.gl_context),
"Could not set OpenGL current rendering context"))
{
hnd_destroy_window(new_window);
return NULL;
}
hnd_print_debug(HND_LOG, HND_CREATED("OpenGL context"), HND_SUCCESS);
hnd_print_debug(HND_LOG, HND_CREATED("window"), HND_SUCCESS);
return new_window;
}
void
hnd_destroy_window
(
hnd_linux_window_t *_window
)
{
if (!hnd_assert(_window != NULL, HND_SYNTAX))
return;
hnd_end_renderer(&_window->renderer);
xcb_free_colormap(_window->connection, _window->colormap_id);
hnd_print_debug(HND_LOG, HND_ENDED("window"), HND_SUCCESS);
}
void
hnd_poll_events
(
hnd_linux_window_t *_window,
hnd_event_t *_event
)
{
if (!hnd_assert(_window != NULL, HND_SYNTAX))
return;
if (!hnd_assert(_event != NULL, HND_SYNTAX))
return;
_event->xcb_event = xcb_poll_for_event(_window->connection);
if (!_event->xcb_event)
return;
switch (_event->xcb_event->response_type & 0x7f)
{
case XCB_EXPOSE:
xcb_flush(_window->connection);
break;
case XCB_KEY_PRESS:
hnd_queue_key_event(_event->pressed_keys, _event->xcb_event);
break;
case XCB_KEY_RELEASE:
hnd_queue_key_event(_event->released_keys, _event->xcb_event);
break;
case XCB_CLIENT_MESSAGE:
{
xcb_client_message_event_t *temp_client_message_event = (xcb_client_message_event_t *)_event;
if (temp_client_message_event->data.data32[0] == _window->wm_delete_window->atom)
_window->running = HND_NK;
} break;
default:
break;
}
}
Most of the renderer functions won't help much, besides these two helpers that create the atoms:
xcb_intern_atom_cookie_t
hnd_create_intern_atom_cookie
(
xcb_connection_t *_connection,
unsigned int _exists,
const char *_string
)
{
return xcb_intern_atom(_connection, _exists, strlen(_string), _string);
}
xcb_intern_atom_reply_t *
hnd_create_intern_atom_reply
(
xcb_connection_t *_connection,
xcb_intern_atom_cookie_t _cookie
)
{
xcb_intern_atom_reply_t *new_atom_reply = xcb_intern_atom_reply(_connection, _cookie, NULL);
if (!hnd_assert(new_atom_reply != NULL, "Could not create atom"))
return NULL;
return new_atom_reply;
}
And yes, I'm including external files. Everything compiles correctly.
The problem is basically a typo:
_event->xcb_event = xcb_poll_for_event(_window->connection);
[...]
switch (_event->xcb_event->response_type & 0x7f)
{
[...]
case XCB_CLIENT_MESSAGE:
{
xcb_client_message_event_t *temp_client_message_event = (xcb_client_message_event_t *)_event;
You are saving the event in _event->xcb_event. But you are casting _event to xcb_client_message_event_t*. You should be casting _event->xcb_event.
So, that last line should be:
xcb_client_message_event_t *temp_client_message_event = (xcb_client_message_event_t *)_event->xcb_event;
(Hello Everyone) I have some problem with strtok_s. I wrote this code(x64).
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
BOOL TestMD5(CONST WCHAR* MD5_DATABASE_FILE)
{
HANDLE hFile = INVALID_HANDLE_VALUE;
DWORD FileSize = 0;
DWORD dwReaded = 0;
PBYTE pData = NULL;
BOOL bRead = FALSE;
PCHAR token_string = NULL;
PCHAR context = NULL;
CONST PCHAR delimeter = "\r\n";
hFile = CreateFileW(
MD5_DATABASE_FILE,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
);
if (hFile == INVALID_HANDLE_VALUE)
{
wprintf(L"Can't open md5 database file: ");
return FALSE;
}
FileSize = GetFileSize(hFile, NULL);
if (FileSize == 0 || FileSize == INVALID_FILE_SIZE)
{
CloseHandle(hFile);
return FALSE;
}
pData = (PBYTE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (SIZE_T)FileSize);
if (pData == NULL)
{
CloseHandle(hFile);
return FALSE;
}
bRead = ReadFile(hFile, pData, FileSize, &dwReaded, NULL);
if (bRead != TRUE || dwReaded != FileSize)
{
HeapFree(GetProcessHeap(), 0, pData);
CloseHandle(hFile);
return FALSE;
}
token_string = (PCHAR)strtok_s(pData, delimeter, &context);
if (token_string == NULL)
{
HeapFree(GetProcessHeap(), 0, pData);
CloseHandle(hFile);
return FALSE;
}
do {
printf("%s\n", token_string);
} while (token_string = (PCHAR)strtok_s(NULL, delimeter, &context));
HeapFree(GetProcessHeap(), 0, pData);
CloseHandle(hFile);
return TRUE;
}
int main(void)
{
WCHAR* MD5_DATABASE_FILE = L"c:\\md5.txt";
TestMD5(MD5_DATABASE_FILE);
}
When I run exe this gives me a incorrect data. Content of md5.txt (DC288E0B39EA16B4E9455F82FF265A67:1213:TestDBG + (\r\n)
output:
D:\repos\TestWindbg\x64\Debug>TestWindbg.exe
DC288E0B39EA16B4E9455F82FF265A67:1213:TestDBG
áááááááááááááááá
I open exe in windbg and I saw while(token_string) is not NULL after first time. But is must?
WinDbg image : "https://i.ibb.co/60nHk5S/Untitled.png"
What is problem? Thanks for reading
Jeffrey Shao - MSFT :Thank you for reply but this is not solution(but I changed my code PBYTE TO PCHAR). The problem is that strtok_s is a string function for this reason you must add NULL byte after buff. Like HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,(SIZE_T)FileSize + 1) #1 for NULL character . HeapAlloc alloc buff size:FileSize and +1 For Null...
Thanks for blabb and Daniel Sęk:
I just change some types of pData and token_string.
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
BOOL TestMD5(CONST WCHAR* MD5_DATABASE_FILE)
{
HANDLE hFile = INVALID_HANDLE_VALUE;
DWORD FileSize = 0;
DWORD dwReaded = 0;
char* pData = NULL;
BOOL bRead = FALSE;
char* token_string = NULL;
PCHAR context = NULL;
CONST PCHAR delimeter = "\r\n";
hFile = CreateFileW(
MD5_DATABASE_FILE,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
);
if (hFile == INVALID_HANDLE_VALUE)
{
wprintf(L"Can't open md5 database file: ");
return FALSE;
}
FileSize = GetFileSize(hFile, NULL);
if (FileSize == 0 || FileSize == INVALID_FILE_SIZE)
{
CloseHandle(hFile);
return FALSE;
}
pData = (char*)HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,(SIZE_T)FileSize + 1);
if (pData == NULL)
{
CloseHandle(hFile);
return FALSE;
}
bRead = ReadFile(hFile, pData, FileSize, &dwReaded, NULL);
if (bRead != TRUE || dwReaded != FileSize)
{
HeapFree(GetProcessHeap(), 0, pData);
CloseHandle(hFile);
return FALSE;
}
token_string = strtok_s(pData, delimeter, &context);
if (token_string == NULL)
{
HeapFree(GetProcessHeap(), 0, pData);
CloseHandle(hFile);
return FALSE;
}
do {
printf("%s\n", token_string);
} while (token_string = strtok_s(NULL, delimeter, &context));
HeapFree(GetProcessHeap(), 0, pData);
CloseHandle(hFile);
return TRUE;
}
int main(void)
{
WCHAR* MD5_DATABASE_FILE = L"c:\\md5.txt";
TestMD5(MD5_DATABASE_FILE);
}
Output:
DC288E0B39EA16B4E9455F82FF265A67:1213:TestDBG + (\r\n)
PURPOSE
I'm trying to make a function which will create a given sub key in the HKCU registry hive, or open the sub key if it already exists, then return TRUE.
NOTES
Let RegSidPath represent a fully qualified HKCU registry path with an user SID appended to it such as \\Registry\\User\\S-1-5-20-xxxxxx-xxxxxx-xxxxxxxx-1050
Let KeyToCreate represent a specific registry path such as \\Software\\MyCompany\\MySoftware\\MySubKey
CODE
I have the following function:
BOOL CreateHKCUKey(PWCHAR RegSidPath, PWCHAR KeyToCreate) {
UNICODE_STRING uString;
RtlInitUnicodeString(&uString, RegSidPath);
OBJECT_ATTRIBUTES ObjAttributes;
InitializeObjectAttributes(&ObjAttributes, &uString, OBJ_CASE_INSENSITIVE, 0, 0);
HANDLE BaseKeyHandle = NULL;
NTSTATUS Status = NtOpenKey(&BaseKeyHandle, KEY_CREATE_SUB_KEY, &ObjAttributes);
if (NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND) {
UNICODE_STRING KeyString = { 0 };
do {
PWCHAR NextSubKey = StrStrW((KeyString.Length == 0 ? KeyToCreate : KeyString.Buffer) + 1, L"\\");
DWORD CurrentKeyLength = lstrlenW(KeyToCreate) - lstrlenW(NextSubKey);
PWCHAR CurrentSubKey = PWCHAR(GlobalAlloc(GPTR, CurrentKeyLength + sizeof(WCHAR)));
if (CurrentSubKey != ERROR) {
memcpy(CurrentSubKey, KeyToCreate, CurrentKeyLength * sizeof(WCHAR));
CurrentSubKey[CurrentKeyLength] = UNICODE_NULL;
RtlInitUnicodeString(&KeyString, CurrentSubKey);
OBJECT_ATTRIBUTES KeyAttributes;
InitializeObjectAttributes(&KeyAttributes, &KeyString, OBJ_CASE_INSENSITIVE, &BaseKeyHandle, 0);
HANDLE CurrentHiveEntry = NULL;
Status = NtOpenKey(&CurrentHiveEntry, KEY_CREATE_SUB_KEY, &KeyAttributes);
if (RtlNtStatusToDosError(Status) == ERROR_BAD_PATHNAME) {
InitializeObjectAttributes(&KeyAttributes, &KeyString, OBJ_CASE_INSENSITIVE, &CurrentHiveEntry, 0);
DWORD DefaultDisposition;
Status = NtCreateKey(&CurrentHiveEntry, KEY_CREATE_SUB_KEY, &KeyAttributes, 0, NULL, REG_OPTION_NON_VOLATILE, &DefaultDisposition);
if (NT_SUCCESS(Status)) {
if (StrCmpNW(KeyString.Buffer + uString.Length, KeyString.Buffer, lstrlenW(KeyToCreate) == 0))
return TRUE;
else continue;
} else break;
} else break;
BaseKeyHandle = CurrentHiveEntry;
}
} while (TRUE);
}
NtClose(BaseKeyHandle);
return FALSE;
}
PROBLEM
Whenever the code gets to this part of the function
Status = NtOpenKey(&CurrentHiveEntry, KEY_CREATE_SUB_KEY, &KeyAttributes);
if (RtlNtStatusToDosError(Status) == ERROR_BAD_PATHNAME) {
The return value is always ERROR_BAD_PATHNAME (161) even if the current sub key already exists.
QUESTION
What is the reason, and what am I doing wrong? Is there anything that I've done which is not correct, and how can I fix it?
NTSTATUS CreateKey(PHANDLE KeyHandle, ACCESS_MASK DesiredAccess, PWCHAR RegSidPath, PWCHAR KeyToCreate, PULONG Disposition)
{
UNICODE_STRING ObjectName;
RtlInitUnicodeString(&ObjectName, RegSidPath);
OBJECT_ATTRIBUTES oa = { sizeof(oa), 0, &ObjectName ,OBJ_CASE_INSENSITIVE };
NTSTATUS status = ZwOpenKey(&oa.RootDirectory, KEY_CREATE_SUB_KEY, &oa);
if (0 <= status)
{
ObjectName.Buffer = KeyToCreate;
do
{
ACCESS_MASK Access;
if (KeyToCreate = wcschr(++ObjectName.Buffer, '\\'))
{
ObjectName.Length = (USHORT)RtlPointerToOffset(ObjectName.Buffer, KeyToCreate);
Access = KEY_CREATE_SUB_KEY;
}
else
{
ObjectName.Length = (USHORT)wcslen(ObjectName.Buffer) * sizeof(WCHAR);
Access = DesiredAccess;
}
ObjectName.MaximumLength = ObjectName.Length;
status = ZwCreateKey(KeyHandle, Access, &oa, 0, 0, 0, Disposition);
NtClose(oa.RootDirectory);
oa.RootDirectory = *KeyHandle;
} while (0 <= status && (ObjectName.Buffer = KeyToCreate));
}
return status;
}
and use as
HANDLE hKey;
NTSTATUS status = CreateKey(&hKey, KEY_ALL_ACCESS,
L"\\REGISTRY\\USER\\S-***",
L"\\Software\\MyCompany\\MySoftware\\MySubKey", 0);
Unless you are writing a driver, use RegCreateKeyEx() instead. It handles all the logic of creating intermediate keys for you if they don't already exist. 1 function call, no looping needed.
HKEY hKey;
DWORD dwDisposition;
LONG lRet = RegCreateKeyExW(HKEY_USERS, L"S-1-5-20-xxxxxx-xxxxxx-xxxxxxxx-1050\\Software\\MyCompany\\MySoftware\\MySubKey", 0, NULL, REG_OPTION_NON_VOLATILE, samDesired, NULL, &hKey, &dwDisposition);
if (lRet == 0)
{
...
RegCloseKey(hKey);
}
However, to access the HKEY_CURRENT_USER hive of a specific user, the preferred solution is to use RegOpenCurrentUser() or LoadUserProfile() instead of accessing HKEY_USERS directly:
// impersonate the desired user first, then...
HKEY hRootKey;
LONG lRet = RegOpenCurrentUser(samDesired, &hRootKey);
if (lRet == 0)
{
HKEY hKey;
DWORD dwDisposition;
lRet = RegCreateKeyExW(hRootKey, L"Software\\MyCompany\\MySoftware\\MySubKey", 0, NULL, REG_OPTION_NON_VOLATILE, samDesired, NULL, &hKey, &dwDisposition);
if (lRet == 0)
{
...
RegCloseKey(hKey);
}
RegCloseKey(hRootKey);
}
// stop impersonating...
// obtain token to desired user first, then...
PROFILEINFO profile = {0};
profile.dwSize = sizeof(profile);
profile.dwFlags = PI_NOUI;
if (LoadUserProfile(hToken, &profile))
{
HKEY hKey;
DWORD dwDisposition;
LONG lRet = RegCreateKeyExW((HKEY)profile.hProfile, L"Software\\MyCompany\\MySoftware\\MySubKey", 0, NULL, REG_OPTION_NON_VOLATILE, samDesired, NULL, &hKey, &dwDisposition);
if (lRet == 0)
{
...
RegCloseKey(hKey);
}
UnloadUserProfile(hToken, profile.hProfile);
}
// release token ...
I am using a generic write and read operations using the serial communication with R-232 connector to an external device.
For specific write operations, the readFile returns the data.
But for one command, it returns 0 bytes and GetLastError() returns 0.
I am using the application on a windows PDA.
Below is the code used:
long port = jport;
long baudrate = jbaudrate;
int cmd_length = env->GetStringLength(jcmd);
const jchar* cmd = env->GetStringChars(jcmd, 0);
zCommand = new char[cmd_length+1];
for (int j=0;j<cmd_length;j++)
zCommand[j] = (char)cmd[j];
zCommand[cmd_length]='\r';
env->ReleaseStringChars(jcmd,cmd);
WCHAR comPort[6];
wsprintf(comPort, L"COM%d:", port);
LPCTSTR pcCommPort = LPCTSTR( comPort );
hCom = CreateFile( pcCommPort,
GENERIC_READ | GENERIC_WRITE,
0, // exclusive-access
NULL, // default security attributes
OPEN_EXISTING,
0, // not overlapped I/O
NULL
);
if (hCom == INVALID_HANDLE_VALUE)
{
throw_executeCommand(env,"java/lang/Exception","INVALID_HANDLE_VALUE");
return env->NewStringUTF("");
}
//Clear all input output buffer
PurgeComm(hCom, PURGE_RXCLEAR | PURGE_TXCLEAR);
//Configure DCB
DCB PortDCB;
// Initialize the DCBlength member.
PortDCB.DCBlength = sizeof (DCB);
// Get the default port setting information.
GetCommState (hCom, &PortDCB);
// Change the DCB structure settings.
PortDCB.BaudRate = baudrate; // Zera specified baud
PortDCB.ByteSize = 8;
PortDCB.StopBits = TWOSTOPBITS;
PortDCB.Parity = PARITY_NONE;
PortDCB.fDtrControl = DTR_CONTROL_ENABLE;
PortDCB.fRtsControl = RTS_CONTROL_ENABLE | (RTS_CONTROL_TOGGLE ^ RTS_CONTROL_HANDSHAKE );
PortDCB.fAbortOnError = FALSE;
//Set Com Timeouts
COMMTIMEOUTS commTimeouts;
if(!GetCommTimeouts(hCom, &commTimeouts))
{
throw_executeCommand(env,"java/lang/Exception","Exception GetCommTimeouts");
return env->NewStringUTF("");
}
commTimeouts.ReadIntervalTimeout = 50;
commTimeouts.ReadTotalTimeoutMultiplier = 10;
commTimeouts.ReadTotalTimeoutConstant = 50;
commTimeouts.WriteTotalTimeoutConstant = 50;
commTimeouts.WriteTotalTimeoutMultiplier = 10;
if(!SetCommTimeouts(hCom, &commTimeouts))
{
throw_executeCommand(env,"java/lang/Exception","Exception SetCommTimeouts");
return env->NewStringUTF("");
}
if (!SetCommState (hCom, &PortDCB))
{
throw_executeCommand(env,"java/lang/Exception","Exception SetCommState");
return env->NewStringUTF("");
}
unsigned long numBytesWritten;
unsigned long numBytesRead;
BOOL bWriteResult;
bWriteResult = WriteFile(hCom,zCommand, sizeof (zCommand),&numBytesWritten,NULL);
if (!bWriteResult)
{
throw_executeCommand(env,"java/lang/Exception","Exception WriteFile");
return env->NewStringUTF("");
}
//Time to read
string result="";
BOOL bReadResult; //AAV,ARC,AGR1
char sBuffer[128];
BOOL datafound;
numBytesRead = 0;
while(true)
{
bReadResult = ReadFile(hCom, &sBuffer, 128, &numBytesRead, NULL);
if (numBytesRead > 0)
{
for (int i=0;i<(int)numBytesRead;i++)
{
datafound = TRUE;
if (sBuffer[i]=='\r')
{
result += '\n';
}else
{
result += sBuffer[i];
}
}
}
else
{
break;
}
}
if (datafound)
{
if (hCom != INVALID_HANDLE_VALUE)
{
cleanup_executeCommand();
return env->NewStringUTF(result.c_str());
}
}
cleanup_executeCommand();
throw_executeCommand(env,"java/lang/Exception","err");
return env->NewStringUTF("");
I need to write a C program for Windows that receives a certificate from network (in PEM format) and validates its signature with a certificate chain file (which is already presented in the application's folder).
Writing such an application is pretty easy and strait forward with openssl library but seems a little complicated with the Windows Crypto API.
Here is what I've tried so far:
First I thought I can create a HCERTSTORE using the certificate-chain file:
HCERTSTORE hFileStoreHandle = CertOpenStore(
CERT_STORE_PROV_FILENAME,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, NULL,
(CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG),
L"certificate-chain.pem.cert");
Then I figured I can iterate through the store and get PCCERT_CONTEXT struct of certificates:
PCCERT_CONTEXT CAfileContext = NULL;
while(CAfileContext = CertEnumCertificatesInStore(
hCertStore,
CAfileContext)) {
//start verification here
}
I don't know if I am on the right track or not but I'm facing two major problems here.
First is I don't know how to get the received certificate from buffer and convert it to a proper struct in order to validate its signature with certificate-chain file.
Second is I don't know how to verify a certificate signature using the CA chain file.
I'll appreciate all the suggestions and helps.
Here is the sample code for you, hopefully it can help you.
HRESULT hr = E_FAIL;
DWORD dwError = 0;
PCCERT_CONTEXT pCert = NULL;
HCERTSTORE hCertStore = CertOpenStore(
CERT_STORE_PROV_FILENAME,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
NULL,
(CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG),
L"certificate-chain.pem.cert");
do
{
if ((pCert = CertEnumCertificatesInStore(hCertStore, pCert)) == NULL)
break;
PCCERT_CONTEXT pcIssuer = NULL;
PCCERT_CONTEXT pcSubject = CertDuplicateCertificateContext(pCert);
for (; NULL != pcSubject;)
{
DWORD dwFlags = 0;
BOOL bret = TRUE;
hr = S_OK;
pcIssuer = CertGetIssuerCertificateFromStore(
hCertStore, pcSubject, NULL, &dwFlags);
if (pcIssuer == NULL)
{
dwError = GetLastError();
if (CRYPT_E_SELF_SIGNED != dwError)
{
hr = E_FAIL;
break;
}
else
{
if ((bret = CertCompareCertificateName(
X509_ASN_ENCODING,
&pcSubject->pCertInfo->Subject,
&pcSubject->pCertInfo->Issuer)) == FALSE)
{
hr = E_FAIL;
break;
}
}
}
HCRYPTPROV hprov = NULL;
bret = CryptAcquireContext(
&hprov, nullptr, nullptr, PROV_RSA_FULL,
CRYPT_SILENT | CRYPT_VERIFYCONTEXT | CRYPT_NEWKEYSET);
if (FALSE == bret)
{
dwError = GetLastError();
if (NTE_EXISTS == dwError)
bret = CryptAcquireContext(
&hprov, nullptr, nullptr, PROV_RSA_FULL,
CRYPT_SILENT | CRYPT_VERIFYCONTEXT);
if (FALSE == bret)
{
hr = E_FAIL;
break;
}
}
if ((bret = CryptVerifyCertificateSignatureEx(
hprov, X509_ASN_ENCODING,
CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT,
(void*)pcSubject,
CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT,
(void*)(pcIssuer == nullptr ? pcSubject : pcIssuer),
0, nullptr)) == FALSE)
{
hr = E_FAIL;
break;
}
if (nullptr == pcIssuer)
{
CERT_PUBLIC_KEY_INFO msCert;
msCert.Algorithm =
pcSubject->pCertInfo->SubjectPublicKeyInfo.Algorithm;
msCert.PublicKey.cbData =
sizeof(PETRUSTED_ROOTCERT_PUBKEY);
msCert.PublicKey.pbData =
const_cast<LPBYTE>(PETRUSTED_ROOTCERT_PUBKEY);
msCert.PublicKey.cUnusedBits =
pcSubject->pCertInfo->SubjectPublicKeyInfo.PublicKey.cUnusedBits;
if (FALSE == CertComparePublicKeyInfo(
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
&pcSubject->pCertInfo->SubjectPublicKeyInfo, &msCert))
{
hr = E_FAIL;
break;
}
}
bret = CryptReleaseContext(hprov, 0);
hprov = NULL;
CertFreeCertificateContext(pcSubject);
pcSubject = pcIssuer;
pcIssuer = NULL;
}
if (pcIssuer != NULL)
CertFreeCertificateContext(pcIssuer);
if (pcSubject != NULL)
CertFreeCertificateContext(pcSubject);
if (FAILED(hr))
{
CertFreeCertificateContext(pCert);
break;
}
} while (pCert != NULL);
CertCloseStore(hCertStore, 0);
if (FAILED(hr))
wprintf(L"Failed to verify X509 certification.\n");
else
wprintf(L"Successfully verify X509 certification.\n");