0

Lets say you have a windows executable (driver or usermode app), and you want to :

  1. Verify if the digital signature is OK and file is not corrupted (same as when you go to the digital signature tab and it says the certificate is OK)

  2. Find which company signed the file. Therefore I am not talking about the root of the certificate chain (Which is the CA most of the times), I am talking about the bottom certificate in the chain, which is the company that signed the file, i want to get the name of that company.

I found two APIs, WinVerifyTrust And CertGetCertificateChain, But I'm not sure how to use them for this task, or if they can help me with this or not.

Lets say you already have the handle to the file that you want to check, and have read it in a buffer as well, how do you use these to check the certificate afterwards? The documentations are very vague.

OneAndOnly
  • 1,048
  • 1
  • 13
  • 33

1 Answers1

2

Verify if the digital signature is OK and file is not corrupted

For more details about how to Verifying the Signature of a PE File, I suggest you could refer to the example: https://learn.microsoft.com/en-us/windows/win32/seccrypto/example-c-program--verifying-the-signature-of-a-pe-file

Find which company signed the file.

I suggest you could try to use CryptQueryObject function (wincrypt.h).

For more details I suggest you could refer to the Doc:https://learn.microsoft.com/en-us/troubleshoot/windows/win32/get-information-authenticode-signed-executables

And you could refer to the Thread:Read and validate certificate from executable

Jeaninez - MSFT
  • 3,210
  • 1
  • 5
  • 20