c++ - WinVerifyTrust error code handling -


i've been tasked determining whether particular dll third party company has been tampered with, after installation on user's system. i've never done related digital signing before. i'm trying set test on own system using winverifytrust.

{     wintrust_file_info wtfi;     wtfi.cbstruct = sizeof(wintrust_file_info);     wtfi.pcwszfilepath = text("*****.dll");     //wtfi.hfile = dllhandle;     wtfi.pgknownsubject = null;      guid wtvpolicyguid = driver_action_verify;      wintrust_data wtd;     wtd.cbstruct = sizeof(wintrust_data);     wtd.ppolicycallbackdata = null;     wtd.psipclientdata = null;     wtd.dwuichoice = wtd_ui_none;     wtd.fdwrevocationchecks = wtd_revoke_none;     wtd.dwunionchoice = wtd_choice_file;     wtd.pfile = &wtfi;     wtd.dwstateaction = wtd_stateaction_ignore;     wtd.pwszurlreference = null;     wtd.dwprovflags = wtd_revocation_check_none;     //wtd.psignaturesettings = null;            // win8 , server2012 only?      long result = winverifytrust( null, &wtvpolicyguid, &wtd);     debugf(text("validation result: 0x%08x"), result); } 

this returning 0x57. i've gathered msdn, errors come supplied trust provider. don't know trust provider or error messages can return.

  1. i've linked in wintrust.dll , wintrust.lib, presume means i'm using microsoft's "software publisher trust provider". recommended, or there better ones out there? should using 1 specific / provided software publisher product you're analyzing?
  2. softpub.h contains guid input value, not seem provide output error codes. in tracking down response code list appreciated.

thanks in advance.

edit: have since figured out library uses error codes provided winerror.h. 0x57 "error_invalid_parameter", i'm reviewing complaining about. tried switching policy guid wintrust_action_generic_verify_v2, returned error trust_e_subject_form_unknown. neither error code particularly illuminating ultimate issue is.

edit 2: ran microsoft's signtool.exe on dll in question, , got following output:

signtool error: certificate chain processed, terminated in root         certificate not trusted trust provider.  number of errors: 1 

so seems need change trust provider i'm using. after discussing software manufacturer, task being dropped in favor of approach.

according msdn seems should set

dwstateaction = wtd_stateaction_verify; 

also try setting

wtfi.hfile = null; 

or when giving file handle setting

wtfi.pcwszfilepath = null; 

(it's not quite clear me if providing hfile or not. , not set both hfile , pcwszfilepath valid values.)

another point check: if compiling windows 8 or windows server 2012 have struct member psignaturesettings , need initialize it. take care set cbstruct psignaturesettings not included or initialize psignaturesettings.


Comments

Popular posts from this blog

javascript - gulp-nodemon - nodejs restart after file change - Error: listen EADDRINUSE events.js:85 -

Fatal Python error: Py_Initialize: unable to load the file system codec. ImportError: No module named 'encodings' -

javascript - oscilloscope of speaker input stops rendering after a few seconds -