我正在尝试使用该WinVerifyTrust功能来验证 msi 的签名。
虽然这适用于文件系统上的文件,但我无法让它与内存 blob 一起使用。
我的示例显示问题的基础是微软的示例程序
BOOL VerifyEmbeddedSignature(LPCWSTR pwszSourceFile)
{
std::basic_ifstream<BYTE> file(pwszSourceFile, std::ios::binary);
std::vector<BYTE> data((std::istreambuf_iterator<BYTE>(file)),std::istreambuf_iterator<BYTE>());
LONG lStatus;
/*
// this works
WINTRUST_FILE_INFO FileData;
memset(&FileData, 0, sizeof(FileData));
FileData.cbStruct = sizeof(WINTRUST_FILE_INFO);
FileData.pcwszFilePath = pwszSourceFile;
FileData.hFile = NULL;
FileData.pgKnownSubject = NULL;
*/
WINTRUST_BLOB_INFO FileData{};
memset(&FileData, 0, sizeof(FileData));
FileData.cbStruct = sizeof(WINTRUST_BLOB_INFO);
FileData.gSubject = WIN_TRUST_SUBJTYPE_RAW_FILE;
FileData.cbMemObject = static_cast<DWORD>(data.size());
FileData.pbMemObject = data.data();
GUID WVTPolicyGUID = WINTRUST_ACTION_GENERIC_VERIFY_V2;
WINTRUST_DATA WinTrustData;
memset(&WinTrustData, 0, sizeof(WinTrustData));
WinTrustData.cbStruct = sizeof(WinTrustData);
WinTrustData.pPolicyCallbackData = NULL;
WinTrustData.pSIPClientData = NULL;
WinTrustData.dwUIChoice = WTD_UI_NONE;
WinTrustData.fdwRevocationChecks = WTD_REVOKE_NONE;
//WinTrustData.dwUnionChoice = WTD_CHOICE_FILE; -- works
WinTrustData.dwUnionChoice = WTD_CHOICE_BLOB;
WinTrustData.dwStateAction = WTD_STATEACTION_VERIFY;
WinTrustData.hWVTStateData = NULL;
WinTrustData.pwszURLReference = NULL;
WinTrustData.dwUIContext = 0;
WinTrustData.pBlob = &FileData;
//WinTrustData.pFile = &FileData; -- works
lStatus = WinVerifyTrust(
NULL,
&WVTPolicyGUID,
&WinTrustData);
WinTrustData.dwStateAction = WTD_STATEACTION_CLOSE;
WinVerifyTrust(
NULL,
&WVTPolicyGUID,
&WinTrustData);
return lStatus == ERROR_SUCCESS;
}
在上面的例子中使用了WINTRUST_FILE_INFO作品,但WINTRUST_BLOB_INFO没有。我使用内存 blob 得到的错误始终是TRUST_E_PROVIDER_UNKNOWN.
我认为问题可能是WIN_TRUST_SUBJTYPE_RAW_FILE主题类型,但我不知道应该将哪个用于 msi 文件。我想知道是否可以使用 msi 文件的内存 blob 进行符号检查。