Type a page name and press Enter. You'll jump to the page if it exists, or you can create it if it doesn't.
To create a page in a module other than wintrust, prefix the name with the module name and a period.
#region WinTrust structures
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
class WinTrustFileInfo
{
UInt32 StructSize = (UInt32)Marshal.SizeOf(typeof(WinTrustFileInfo));
IntPtr pszFilePath; // required, file name to be verified
IntPtr hFile = IntPtr.Zero; // optional, open handle to FilePath
IntPtr pgKnownSubject = IntPtr.Zero; // optional, subject type if it is known
enum WinVerifyTrustResult : uint
{
Success = 0,
ProviderUnknown = 0x800b0001, // Trust provider is not recognized on this system
ActionUnknown = 0x800b0002, // Trust provider does not support the specified action
SubjectFormUnknown = 0x800b0003, // Trust provider does not support the form specified for the subject
SubjectNotTrusted = 0x800b0004, // Subject failed the specified verification action
FileNotSigned = 0x800B0100, // TRUST_E_NOSIGNATURE - File was not signed
SubjectExplicitlyDistrusted = 0x800B0111, // Signer's certificate is in the Untrusted Publishers store
SignatureOrFileCorrupt = 0x80096010, // TRUST_E_BAD_DIGEST - file was probably corrupt
SubjectCertExpired = 0x800B0101, // CERT_E_EXPIRED - Signer's certificate was expired
SubjectCertificateRevoked = 0x800B010C, // CERT_E_REVOKED Subject's certificate was revoked
UntrustedRoot = 0x800B0109 // CERT_E_UNTRUSTEDROOT - A certification chain processed correctly but terminated in a root certificate that is not trusted by the trust provider.
}
sealed class WinTrust
{
private static readonly IntPtr INVALID_HANDLE_VALUE = new IntPtr(-1);
// GUID of the action to perform
private const string WINTRUST_ACTION_GENERIC_VERIFY_V2 = "{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}";
I noted that under some cicumstances the destructors are called too early and memory is corrupted, therefore WinVerifyTrust returning FileNotSigned even if the file was actually signed. I recommend replacing the destructors with Dispose() and calling dispose at the end of VerifyEmbeddedSignature().
Notes:
[Michael Zarlenga] First, thank you so much for this code! You saved me a lot of work and time. I also experienced corrupted memory issues (access violation exceptions). The problem is, as soon as you exit the WinTrustData constructor, WinTrustFileInfo can be destroyed, before (or even during) the call into WinVerifyTrust. To explicitly call .Dispose() on WinTrustFileInfo from WinTrustData, you need the object reference held in a scope external to the constructor but then sizeof WinTrustData will be wrong. Long story short, I solved that by instantiating a WinTrustFileInfo object myself and passing that to the WinTrustData constructor to use. I implemented .Dispose on both WinTrustData and WinTrustFileInfo and called them both, myself, after the call to WinVerifyTrust completed:
try
{
// specify the WinVerifyTrust function/action that we want
Guid action = new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2);
// instantiate our WinTrustFileInfo and WinTrustData data structures
winTrustFileInfo = new WinTrustFileInfo(filename);
winTrustData = new WinTrustData(filename, winTrustFileInfo);
// call into WinVerifyTrust
return WinVerifyTrust(INVALID_HANDLE_VALUE, action, winTrustData);
}
finally
{
// free the locally-held unmanaged memory in the data structures
if (winTrustFileInfo != null) winTrustFileInfo.Dispose();
if (winTrustData != null) winTrustData.Dispose();
}
}
...
Tips & Tricks:
static public bool CheckFile(string filename)
{
// check digital signature
bool ret = WinTrust.VerifyEmbeddedSignature(filename);
// do some other checks - for example verify the subject
X509Certificate2 cert = new X509Certificate2(filename);
return ret && cert.Verify() && cert.Subject == <CN=you, O=you,....>;
}
Sample Code:
System.Console.WriteLine("Signature is OK: {0}", WinTrust.VerifyEmbeddedSignature(fileName));
TODO - a short description
3/10/2021 7:11:52 PM - -172.58.29.135
P/Invoke wintrust.WinVerifyTrust() function to check f.e. executable file AuthentiCode digital signature
5/9/2019 9:28:22 AM - Alexander Borup-195.99.213.226
P/Invoke wintrust.WinVerifyTrust() function to check f.e. executable file AuthentiCode digital signature
5/9/2019 9:28:22 AM - Alexander Borup-195.99.213.226
P/Invoke wintrust.WinVerifyTrust() function to check f.e. executable file AuthentiCode digital signature
5/9/2019 9:28:22 AM - Alexander Borup-195.99.213.226
Please edit this page!
Do you have...
helpful tips or sample code to share for using this API in managed code?
corrections to the existing content?
variations of the signature you want to share?
additional languages you want to include?
Select "Edit This Page" on the right hand toolbar and edit it! Or add new pages containing supporting types needed for this API (structures, delegates, and more).