Verify digital signature within system32/drivers f

2019-07-25 17:13发布

I've spent all night researching this without a solution.

I'm trying to verify the digital signature of a file in the drives folder (C:\Windows\System32\drivers*.sys) pick whatever one you want. I know that the code is correct because if you move the file from that folder to C:\ the test works.

WinVerifyTrust gives error 80092003 http://pastebin.com/nLR7rvZe

CryptQueryObject gives error 80092009 http://pastebin.com/45Ra6eL4

What's the deal?

2条回答
甜甜的少女心
2楼-- · 2019-07-25 17:31

0x80092003 = CRYPT_E_FILE_ERROR = An error occurred while reading or writing to the file.

0x80092009 = CRYPT_E_NO_MATCH = No match when trying to find the object.

I'm guessing you're running on a 64-bit machine and WOW64 file system redirection is redirecting you to syswow64\drivers, which is empty. You can disable redirection with Wow64DisableWow64FsRedirection().

查看更多
看我几分像从前
3楼-- · 2019-07-25 17:39

if you right click and view properties of file can you see a digital signature? most likely your file is part of a catalogue and you need to use the catalogue API to extract the cert from cert DB and verify it.

查看更多
登录 后发表回答