| 43 | #pragma comment (lib, "wintrust") |
| 44 | |
| 45 | bool VerifyEmbeddedSignature(LPCWSTR pwszSourceFile) |
| 46 | { |
| 47 | LONG lStatus; |
| 48 | |
| 49 | // Initialize the WINTRUST_FILE_INFO structure. |
| 50 | |
| 51 | WINTRUST_FILE_INFO FileData; |
| 52 | memset(&FileData, 0, sizeof(FileData)); |
| 53 | FileData.cbStruct = sizeof(WINTRUST_FILE_INFO); |
| 54 | FileData.pcwszFilePath = pwszSourceFile; |
| 55 | FileData.hFile = NULL; |
| 56 | FileData.pgKnownSubject = NULL; |
| 57 | |
| 58 | /* |
| 59 | WVTPolicyGUID specifies the policy to apply on the file |
| 60 | WINTRUST_ACTION_GENERIC_VERIFY_V2 policy checks: |
| 61 | |
| 62 | 1) The certificate used to sign the file chains up to a root |
| 63 | certificate located in the trusted root certificate store. This |
| 64 | implies that the identity of the publisher has been verified by |
| 65 | a certification authority. |
| 66 | |
| 67 | 2) In cases where user interface is displayed (which this example |
| 68 | does not do), WinVerifyTrust will check for whether the |
| 69 | end entity certificate is stored in the trusted publisher store, |
| 70 | implying that the user trusts content from this publisher. |
| 71 | |
| 72 | 3) The end entity certificate has sufficient permission to sign |
| 73 | code, as indicated by the presence of a code signing EKU or no |
| 74 | EKU. |
| 75 | */ |
| 76 | |
| 77 | GUID WVTPolicyGUID = WINTRUST_ACTION_GENERIC_VERIFY_V2; |
| 78 | WINTRUST_DATA WinTrustData; |
| 79 | |
| 80 | // Initialize the WinVerifyTrust input data structure. |
| 81 | |
| 82 | // Default all fields to 0. |
| 83 | memset(&WinTrustData, 0, sizeof(WinTrustData)); |
| 84 | |
| 85 | WinTrustData.cbStruct = sizeof(WinTrustData); |
| 86 | |
| 87 | // Use default code signing EKU. |
| 88 | WinTrustData.pPolicyCallbackData = NULL; |
| 89 | |
| 90 | // No data to pass to SIP. |
| 91 | WinTrustData.pSIPClientData = NULL; |
| 92 | |
| 93 | // Disable WVT UI. |
| 94 | WinTrustData.dwUIChoice = WTD_UI_NONE; |
| 95 | |
| 96 | // No revocation checking. |
| 97 | WinTrustData.fdwRevocationChecks = WTD_REVOKE_NONE; |
| 98 | |
| 99 | // Verify an embedded signature on a file. |
| 100 | WinTrustData.dwUnionChoice = WTD_CHOICE_FILE; |
| 101 | |
| 102 | // Verify action. |
no outgoing calls
no test coverage detected