/* * PROJECT: Veil * FILE: Veil.h * PURPOSE: Definition for the Windows Internal API from ntdll.dll, * samlib.dll and winsta.dll * * LICENSE: Relicensed under The MIT License from The CC BY 4.0 License * * DEVELOPER: MiroKaku (50670906+MiroKaku@users.noreply.github.com) */ /* * PROJECT: https://github.com/Ido-Moshe-Github/CiDllDemo * FILE: ci.h * PURPOSE: Definition for the ci.dll API and Struct. * * LICENSE: Relicensed under The MIT License from The CC BY 4.0 License * * DEVELOPER: [Ido Moshe, Liron Zuarets] * */ #pragma once // Warnings which disabled for compiling #if _MSC_VER >= 1200 #pragma warning(push) // nonstandard extension used : nameless struct/union #pragma warning(disable:4201) // 'struct_name' : structure was padded due to __declspec(align()) #pragma warning(disable:4324) // 'enumeration': a forward declaration of an unscoped enumeration must have an // underlying type (int assumed) #pragma warning(disable:4471) #endif EXTERN_C_START #ifndef _MINCRYPT_LIB #define MINCRYPTAPI __declspec(dllimport) #else #define MINCRYPTAPI #endif // // Algorithm IDs and Flags // // ALG_ID crackers #define GET_ALG_CLASS(x) (x & (7 << 13)) #define GET_ALG_TYPE(x) (x & (15 << 9)) #define GET_ALG_SID(x) (x & (511)) // Algorithm classes // certenrolld_begin -- ALG_CLASS_* #define ALG_CLASS_ANY (0) #define ALG_CLASS_SIGNATURE (1 << 13) #define ALG_CLASS_MSG_ENCRYPT (2 << 13) #define ALG_CLASS_DATA_ENCRYPT (3 << 13) #define ALG_CLASS_HASH (4 << 13) #define ALG_CLASS_KEY_EXCHANGE (5 << 13) #define ALG_CLASS_ALL (7 << 13) // certenrolld_end // Algorithm types #define ALG_TYPE_ANY (0) #define ALG_TYPE_DSS (1 << 9) #define ALG_TYPE_RSA (2 << 9) #define ALG_TYPE_BLOCK (3 << 9) #define ALG_TYPE_STREAM (4 << 9) #define ALG_TYPE_DH (5 << 9) #define ALG_TYPE_SECURECHANNEL (6 << 9) #if (NTDDI_VERSION >= NTDDI_VISTA) #define ALG_TYPE_ECDH (7 << 9) #endif //(NTDDI_VERSION >= NTDDI_VISTA) #if (NTDDI_VERSION >= NTDDI_WIN10_RS1) #define ALG_TYPE_THIRDPARTY (8 << 9) #endif //(NTDDI_VERSION >= NTDDI_WIN10_RS1) // Generic sub-ids #define ALG_SID_ANY (0) // Generic ThirdParty sub-ids #if (NTDDI_VERSION >= NTDDI_WIN10_RS1) #define ALG_SID_THIRDPARTY_ANY (0) #endif //(NTDDI_VERSION >= NTDDI_WIN10_RS1) // Some RSA sub-ids #define ALG_SID_RSA_ANY 0 #define ALG_SID_RSA_PKCS 1 #define ALG_SID_RSA_MSATWORK 2 #define ALG_SID_RSA_ENTRUST 3 #define ALG_SID_RSA_PGP 4 // Some DSS sub-ids // #define ALG_SID_DSS_ANY 0 #define ALG_SID_DSS_PKCS 1 #define ALG_SID_DSS_DMS 2 #if (NTDDI_VERSION >= NTDDI_VISTA) #define ALG_SID_ECDSA 3 #endif //(NTDDI_VERSION >= NTDDI_VISTA) // Block cipher sub ids // DES sub_ids #define ALG_SID_DES 1 #define ALG_SID_3DES 3 #define ALG_SID_DESX 4 #define ALG_SID_IDEA 5 #define ALG_SID_CAST 6 #define ALG_SID_SAFERSK64 7 #define ALG_SID_SAFERSK128 8 #define ALG_SID_3DES_112 9 #define ALG_SID_CYLINK_MEK 12 #define ALG_SID_RC5 13 #if (NTDDI_VERSION >= NTDDI_WINXP) #define ALG_SID_AES_128 14 #define ALG_SID_AES_192 15 #define ALG_SID_AES_256 16 #define ALG_SID_AES 17 #endif //(NTDDI_VERSION >= NTDDI_WINXP) // Fortezza sub-ids #define ALG_SID_SKIPJACK 10 #define ALG_SID_TEK 11 // KP_MODE #define CRYPT_MODE_CBCI 6 // ANSI CBC Interleaved #define CRYPT_MODE_CFBP 7 // ANSI CFB Pipelined #define CRYPT_MODE_OFBP 8 // ANSI OFB Pipelined #define CRYPT_MODE_CBCOFM 9 // ANSI CBC + OF Masking #define CRYPT_MODE_CBCOFMI 10 // ANSI CBC + OFM Interleaved // RC2 sub-ids #define ALG_SID_RC2 2 // Stream cipher sub-ids #define ALG_SID_RC4 1 #define ALG_SID_SEAL 2 // Diffie-Hellman sub-ids #define ALG_SID_DH_SANDF 1 #define ALG_SID_DH_EPHEM 2 #define ALG_SID_AGREED_KEY_ANY 3 #define ALG_SID_KEA 4 #if (NTDDI_VERSION >= NTDDI_VISTA) #define ALG_SID_ECDH 5 #define ALG_SID_ECDH_EPHEM 6 #endif //(NTDDI_VERSION >= NTDDI_VISTA) // Hash sub ids #define ALG_SID_MD2 1 #define ALG_SID_MD4 2 #define ALG_SID_MD5 3 #define ALG_SID_SHA 4 #define ALG_SID_SHA1 4 #define ALG_SID_MAC 5 #define ALG_SID_RIPEMD 6 #define ALG_SID_RIPEMD160 7 #define ALG_SID_SSL3SHAMD5 8 #define ALG_SID_HMAC 9 #define ALG_SID_TLS1PRF 10 #if (NTDDI_VERSION >= NTDDI_WINXP) #define ALG_SID_HASH_REPLACE_OWF 11 #endif //(NTDDI_VERSION >= NTDDI_WINXP) #if (NTDDI_VERSION > NTDDI_WINXPSP2) #define ALG_SID_SHA_256 12 #define ALG_SID_SHA_384 13 #define ALG_SID_SHA_512 14 #endif //(NTDDI_VERSION > NTDDI_WINXPSP2) // secure channel sub ids #define ALG_SID_SSL3_MASTER 1 #define ALG_SID_SCHANNEL_MASTER_HASH 2 #define ALG_SID_SCHANNEL_MAC_KEY 3 #define ALG_SID_PCT1_MASTER 4 #define ALG_SID_SSL2_MASTER 5 #define ALG_SID_TLS1_MASTER 6 #define ALG_SID_SCHANNEL_ENC_KEY 7 #if (NTDDI_VERSION >= NTDDI_VISTA) // misc ECC sub ids #define ALG_SID_ECMQV 1 #endif //(NTDDI_VERSION >= NTDDI_VISTA) // Our silly example sub-id #define ALG_SID_EXAMPLE 80 // certenrolls_begin -- PROV_ENUMALGS_EX #ifndef ALGIDDEF #define ALGIDDEF typedef unsigned int ALG_ID; #endif // certenrolls_end // algorithm identifier definitions #define CALG_MD2 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD2) #define CALG_MD4 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD4) #define CALG_MD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5) #define CALG_SHA (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA) #define CALG_SHA1 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA1) #define CALG_MAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAC) // Deprecated. Don't use. #define CALG_RSA_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RSA_ANY) #define CALG_DSS_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DSS_ANY) #if (NTDDI_VERSION >= NTDDI_WINXP) #define CALG_NO_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_ANY | ALG_SID_ANY) #endif //(NTDDI_VERSION >= NTDDI_WINXP) #define CALG_RSA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_RSA|ALG_SID_RSA_ANY) #define CALG_DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_DES) #define CALG_3DES_112 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3DES_112) #define CALG_3DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3DES) #define CALG_DESX (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_DESX) #define CALG_RC2 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_RC2) #define CALG_RC4 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_RC4) #define CALG_SEAL (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_SEAL) #define CALG_DH_SF (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_SANDF) #define CALG_DH_EPHEM (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_EPHEM) #define CALG_AGREEDKEY_ANY (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_AGREED_KEY_ANY) #define CALG_KEA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_KEA) #define CALG_HUGHES_MD5 (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_ANY|ALG_SID_MD5) #define CALG_SKIPJACK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_SKIPJACK) #define CALG_TEK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_TEK) #define CALG_CYLINK_MEK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_CYLINK_MEK) // Deprecated. Do not use #define CALG_SSL3_SHAMD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SSL3SHAMD5) #define CALG_SSL3_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SSL3_MASTER) #define CALG_SCHANNEL_MASTER_HASH (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_MASTER_HASH) #define CALG_SCHANNEL_MAC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_MAC_KEY) #define CALG_SCHANNEL_ENC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_ENC_KEY) #define CALG_PCT1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_PCT1_MASTER) #define CALG_SSL2_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SSL2_MASTER) #define CALG_TLS1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_TLS1_MASTER) #define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_RC5) #define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC) #define CALG_TLS1PRF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_TLS1PRF) #if (NTDDI_VERSION >= NTDDI_WINXP) #define CALG_HASH_REPLACE_OWF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HASH_REPLACE_OWF) #define CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_128) #define CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_192) #define CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_256) #define CALG_AES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES) #endif //(NTDDI_VERSION >= NTDDI_WINXP) #if (NTDDI_VERSION > NTDDI_WINXPSP2) #define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256) #define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384) #define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512) #endif //(NTDDI_VERSION > NTDDI_WINXPSP2) #if (NTDDI_VERSION >= NTDDI_VISTA) #define CALG_ECDH (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_ECDH) #define CALG_ECDH_EPHEM (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ECDH | ALG_SID_ECDH_EPHEM) #define CALG_ECMQV (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ANY | ALG_SID_ECMQV) #define CALG_ECDSA (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_ECDSA) #define CALG_NULLCIPHER (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_ANY | 0) #endif //(NTDDI_VERSION >= NTDDI_VISTA) #if (NTDDI_VERSION >= NTDDI_WIN10_RS1) #define CALG_THIRDPARTY_KEY_EXCHANGE (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_THIRDPARTY | ALG_SID_THIRDPARTY_ANY) #define CALG_THIRDPARTY_SIGNATURE (ALG_CLASS_SIGNATURE | ALG_TYPE_THIRDPARTY | ALG_SID_THIRDPARTY_ANY) #define CALG_THIRDPARTY_CIPHER (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_THIRDPARTY | ALG_SID_THIRDPARTY_ANY) #define CALG_THIRDPARTY_HASH (ALG_CLASS_HASH | ALG_TYPE_THIRDPARTY | ALG_SID_THIRDPARTY_ANY) #endif //(NTDDI_VERSION >= NTDDI_WIN10_RS1) #include typedef struct _MINCRYPTOAPI_BLOB { UINT32 Size; _Field_size_bytes_(Size) UINT8* Data; } MINCRYPT_INTEGER_BLOB, * PMINCRYPT_INTEGER_BLOB, MINCRYPT_UINT_BLOB, * PMINCRYPT_UINT_BLOB, MINCRYPT_OBJID_BLOB, * PMINCRYPT_OBJID_BLOB, MINCERT_NAME_BLOB, * PMINCERT_NAME_BLOB, MINCERT_RDN_VALUE_BLOB, * PMINCERT_RDN_VALUE_BLOB, MINCERT_BLOB, * PMINCERT_BLOB, MINCRL_BLOB, * PMINCRL_BLOB, MINCRYPT_DATA_BLOB, * PMINCRYPT_DATA_BLOB, MINCRYPT_HASH_BLOB, * PMINCRYPT_HASH_BLOB, MINCRYPT_DIGEST_BLOB, * PMINCRYPT_DIGEST_BLOB, MINCRYPT_DER_BLOB, * PMINCRYPT_DER_BLOB, MINCRYPT_ATTR_BLOB, * PMINCRYPT_ATTR_BLOB; typedef struct _MINCRYPT_NAME_BLOB { _Field_size_bytes_(Size) PCHAR Data; USHORT Size; }MINCRYPT_NAME_BLOB, * PMINCRYPT_NAME_BLOB; #define MINCRYPT_MAX_HASH_LENGTH (64) #define MINCRYPT_SHA1_LENGTH (160/8) #define MINCRYPT_SHA256_LENGTH (256/8) typedef struct _MINCRYPT_CHAIN_ELEMENT { ALG_ID HashAlgId; // CALG_SHA1, CALG_SHA_256 UINT32 HashSize; // SHA1(160bit/8), SHA256(256bit/8) UINT8 Hash[MINCRYPT_MAX_HASH_LENGTH]; MINCRYPT_NAME_BLOB Subject; MINCRYPT_NAME_BLOB Issuer; MINCERT_BLOB Certificate; }MINCRYPT_CHAIN_ELEMENT, * PMINCRYPT_CHAIN_ELEMENT; typedef struct _MINCRYPT_CHAIN_INFO { UINT32 Size; MINCERT_BLOB* PublicKeys; UINT32 NumberOfPublicKeys; MINCERT_BLOB* EKUs; UINT32 NumberOfEKUs; #if (NTDDI_VERSION >= NTDDI_WIN10) PMINCRYPT_CHAIN_ELEMENT ChainElements; UINT32 NumberOfChainElement; // ASN.1 blob of authenticated attributes - spcSpOpusInfo, contentType, etc. MINCRYPT_ATTR_BLOB AuthenticodeAttributes; // UINT8 Hash[32]; #endif // NTDDI_VERSION >= NTDDI_WIN10 /* memory layout */ // EKUs[NumberOfEKUs] // PublicKeys[NumberOfPublicKeys] // AuthenticodeAttributes.Data[AuthenticodeAttributes.Size] // ChainElements[NumberOfChainElement] }MINCRYPT_CHAIN_INFO, * PMINCRYPT_CHAIN_INFO; typedef struct _MINCRYPT_POLICY_INFO { UINT32 Size; UINT32 VerificationStatus; UINT32 PolicyBits; MINCRYPT_CHAIN_INFO* ChainInfo; LARGE_INTEGER RevocationTime; // When was the certificate revoked (if applicable) #if (NTDDI_VERSION >= NTDDI_WIN10) LARGE_INTEGER NotBefore; // The certificate is not valid before this time LARGE_INTEGER NotAfter; // The certificate is not valid after this time #endif // NTDDI_VERSION >= NTDDI_WIN10 }MINCRYPT_POLICY_INFO, PMINCRYPT_POLICY_INFO; #include /** * Resets a PolicyInfo struct - frees the dynamically allocated buffer in PolicyInfo (ChainInfo) if not null. * Zeros the entire PolicyInfo struct. * * @param PolicyInfo - the struct to reset. * * @return the struct which was reset. */ _IRQL_requires_max_(PASSIVE_LEVEL) EXTERN_C PVOID NTAPI CiFreePolicyInfo( _Inout_ MINCRYPT_POLICY_INFO* PolicyInfo ); /** * Win7SP1-Win8.1 only (KB3033929 installed). Use CiValidateFileObject on Win10! * * Given a file digest and signature of a file, verify the signature and provide information regarding * the certificates that was used for signing (the entire certificate chain) * * @param Hash - buffer containing the digest * * @param HashSize - size of the digest, e.g. 0x14(160bit) for SHA1, 0x20(256bit) for SHA256 * * @param HashAlgId - digest algorithm identifier, e.g. CALG_SHA1(0x8004), CALG_SHA_256(0x800C) * * @param SecurityDirectory - pointer to the start of the security directory * * @param SizeOfSecurityDirectory - size the security directory * * @param PolicyInfo[out] - PolicyInfo containing information about the signer certificate chain * * @param SigningTime[out] - when the file was signed (FILETIME format) * * @param TimeStampPolicyInfo[out] - PolicyInfo containing information about the timestamping authority (TSA) certificate chain * * @return STATUS_SUCCESS if the file digest in the signature matches the given digest and the signer cetificate is verified. * Various error values otherwise, for example: * STATUS_INVALID_IMAGE_HASH - the digest does not match the digest in the signature * STATUS_IMAGE_CERT_REVOKED - the certificate used for signing the file is revoked * STATUS_IMAGE_CERT_EXPIRED - the certificate used for signing the file has expired */ _IRQL_requires_max_(PASSIVE_LEVEL) EXTERN_C NTSTATUS NTAPI CiCheckSignedFile( _In_ PVOID Hash, _In_ UINT32 HashSize, _In_ ALG_ID HashAlgId, _In_ PVOID SecurityDirectory, _In_ UINT32 SizeOfSecurityDirectory, _Out_ MINCRYPT_POLICY_INFO* PolicyInfo, _Out_ LARGE_INTEGER* SigningTime, _Out_ MINCRYPT_POLICY_INFO* TimeStampPolicyInfo ); /** * Win7SP1-Win8.1 only (KB3033929 installed). Use CiValidateFileObject on Win10! * * Checks if the SHA-1 message digest is contained within a verified system catalog * * @note must be attached to the PsInitialSystemProcess first! * * @param Hash - buffer containing the digest * * @param HashSize - size of the digest, e.g. 0x14(160bit) for SHA1, 0x20(256bit) for SHA256 * * @param HashAlgId - digest algorithm identifier, e.g. CALG_SHA1(0x8004), CALG_SHA_256(0x800C) * * @param IsReloadCatalogs - is reload catalogs cache. * * @param Always0 - this is for IsReloadCatalogs, Always0 != 0 ? 16 : 24; * * @param Always2007F - unknown, always 0x2007F, maybe a mask. * * @param PolicyInfo[out] - PolicyInfo containing information about the signer certificate chain. * * @param CatalogName[out option] - catalog file name. * * @param SigningTime[out] - when the file was signed (FILETIME format) * * @param TimeStampPolicyInfo[out] - PolicyInfo containing information about the timestamping authority (TSA) certificate chain. * * @return STATUS_SUCCESS if the file digest in the signature matches the given digest and the signer cetificate is verified. * Various error values otherwise, for example: * STATUS_INVALID_IMAGE_HASH - the digest does not match the digest in the signature * STATUS_IMAGE_CERT_REVOKED - the certificate used for signing the file is revoked * STATUS_IMAGE_CERT_EXPIRED - the certificate used for signing the file has expired */ _IRQL_requires_max_(PASSIVE_LEVEL) EXTERN_C NTSTATUS NTAPI CiVerifyHashInCatalog( _In_ PVOID Hash, _In_ UINT32 HashSize, _In_ ALG_ID HashAlgId, _In_ BOOLEAN IsReloadCatalogs, _In_ UINT32 Always0, _In_ UINT32 Always2007F, _Out_ MINCRYPT_POLICY_INFO* PolicyInfo, _Out_opt_ UNICODE_STRING* CatalogName, _Out_ LARGE_INTEGER* SigningTime, _Out_ MINCRYPT_POLICY_INFO* TimeStampPolicyInfo ); #if (NTDDI_VERSION >= NTDDI_WIN10) typedef _IRQL_requires_same_ _Function_class_(MINCRYPT_ALLOCATE_ROUTINE) __drv_allocatesMem(Mem) PVOID NTAPI MINCRYPT_ALLOCATE_ROUTINE( _In_ SIZE_T ByteSize ); typedef MINCRYPT_ALLOCATE_ROUTINE* PMINCRYPT_ALLOCATE_ROUTINE; /** * Parse the publisher name from the certificate * * @param Certificate - &PolicyInfo.ChainInfo->ChainElements[x].Certificate * * @param AllocateRoutine - used to allocate PublisherName buffer. * * @param PublisherName[out] - publisher name. * * @return buffer length. */ EXTERN_C NTSTATUS NTAPI CiGetCertPublisherName( _In_ MINCERT_BLOB* Certificate, _In_ PMINCRYPT_ALLOCATE_ROUTINE AllocateRoutine, _Out_ PUNICODE_STRING PublisherName ); EXTERN_C VOID NTAPI CiSetTrustedOriginClaimId( _In_ UINT32 ClaimId ); /** * Given a file object, verify the signature and provide information regarding * the certificates that was used for signing (the entire certificate chain) * * @param FileObject - FileObject of the PE in question * * @param Unkonwn1 - unknown, 0 is a valid value. (Unkonwn1 and Unkonwn2 together calculate the minimum support algorithm) * * @param Unkonwn2 - unknown, 0 is a valid value. (^ the words above refer to 'CipGetHashAlgorithmForLegacyScenario') * * @param PolicyInfo[out] - PolicyInfo containing information about the signer certificate chain. * * @param TimeStampPolicyInfo[out] - PolicyInfo containing information about the timestamping authority (TSA) certificate chain. * * @param SigningTime[out] - when the file was signed (FILETIME format) * * @param Hash - buffer containing the digest * * @param HashSize - size of the digest, e.g. 0x14(160bit) for SHA1, 0x20(256bit) for SHA256 * * @param HashAlgId - digest algorithm identifier, e.g. CALG_SHA1(0x8004), CALG_SHA_256(0x800C) * * @return STATUS_SUCCESS if the file digest in the signature matches the given digest and the signer cetificate is verified. * Various error values otherwise, for example: * STATUS_INVALID_IMAGE_HASH - the digest does not match the digest in the signature * STATUS_IMAGE_CERT_REVOKED - the certificate used for signing the file is revoked * STATUS_IMAGE_CERT_EXPIRED - the certificate used for signing the file has expired */ _IRQL_requires_max_(PASSIVE_LEVEL) EXTERN_C NTSTATUS NTAPI CiValidateFileObject( _In_ FILE_OBJECT* FileObject, _In_opt_ UINT32 Unkonwn1, _In_opt_ UINT32 Unkonwn2, _Out_ MINCRYPT_POLICY_INFO* PolicyInfo, _Out_ MINCRYPT_POLICY_INFO* TimeStampPolicyInfo, _Out_ LARGE_INTEGER* SigningTime, _Out_ UINT8* Hash, _Inout_ UINT32* HashSize, _Out_ ALG_ID* HashAlgId ); #endif // NTDDI_VERSION >= NTDDI_WIN10 EXTERN_C_END #if _MSC_VER >= 1200 #pragma warning(pop) #endif