Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
I am writing a driver and I need to check the signature of a PE file in it. I know how to do it in user mode and it works fine according to http://forum.sysinternals.com/topic19247.html[^] but now I need to do the same in my driver, I can not use the headers like "wintrust.h" in my driver so I am clueless. Any suggestions on how to verify PE signatures in kernel mode?
 
Thanks
Posted 22-Dec-12 21:01pm
lilyNaz536
Comments
Abhishek Pant at 23-Dec-12 3:07am
   
c:\program files\microsoft visual studio\vc98\include\wintrust.h
http://www.codeproject.com/Messages/1219457/wintrust-h.aspx
lilyNaz at 23-Dec-12 3:10am
   
I know where wintrust is but my problem is that I cannot include wintrust.h in the driver, because it causes so many errors.
lilyNaz at 23-Dec-12 3:17am
   
Thank you for the link but I still have the same problem
Abhishek Pant at 23-Dec-12 3:29am
   
http://msdn.microsoft.com/en-us/library/windows/desktop/aa388208(v=vs.85).aspx
Abhishek Pant at 23-Dec-12 3:25am
   
post your errors too..
lilyNaz at 23-Dec-12 3:34am
   
>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(833): error C2146: syntax error : missing ';' before identifier 'dwVersion'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(833): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(833): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(835): error C2143: syntax error : missing ';' before '*'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(835): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(835): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(836): error C2146: syntax error : missing ';' before identifier 'cbOID'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(836): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(836): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(842): error C2143: syntax error : missing ';' before '*'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(842): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(842): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(843): error C2146: syntax error : missing ';' before identifier 'cbInnerString'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(843): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(843): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(844): error C2143: syntax error : missing ';' before '*'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(844): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(844): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(845): error C2146: syntax error : missing ';' before identifier 'cbOuterString'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(845): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(845): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(850): error C2146: syntax error : missing ';' before identifier 'dwUse'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(850): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(850): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(852): error C2146: syntax error : missing ';' before identifier 'cBits'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(852): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(852): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(853): error C2146: syntax error : missing ';' before identifier 'dwFlags'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(853): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(853): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(854): error C2146: s
Abhishek Pant at 23-Dec-12 3:37am
   
there are too many....!! :) First remove these errors- as I can see these "syntax error : missing ';'"
lilyNaz at 23-Dec-12 3:40am
   
These errors occur only after I add include wintrust.h and as you can see the errors are in wincrypt.h which means that there must be a conflict in my header files with the newly added ones(in here wintrust.h). As I said earlier I am writing a driver.
Richard MacCutchan at 23-Dec-12 6:04am
   
Maybe it would be better if you explained what sort of driver you are writing, and why it needs to look at a PE file.
lilyNaz at 24-Dec-12 4:51am
   
Well I am actually hooking ZwCreateSection and when a PE is going to be executed, I want to check the signature of the PE file so that I can stop unsigned PEs.
Richard MacCutchan at 24-Dec-12 5:02am
   
You could just copy the header information from wintrust.h into your own program if that is all you need. However, looking at the error messages above it looks like you are just missing a definition for DWORD and, presumably, all the other Windows specific types. Try including windows.h or winbase.h to your project.
Philippe Mori at 25-Dec-12 19:53pm
   
Are you sure that a driver is required for that and that it cannot be done with group policies and such?

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Hi,
Wintrust.h and wincrypt.h use type definitions and / or macros which are defined in or indirectly from windows.h
This means that windows.h must be included before the wincrypt and wintrust headers.
 
It seems (from the error listing you posted above) like you include hierarchy does not include windows.h before wintrust or wincrypt.
 
Just adding the window.h include line before you include wintrust/wincrypt should make it compile. It worked when I tried the specific scenarios.
 
I hope this helps.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 404
1 Sergey Alexandrovich Kryukov 387
2 Shemeemsha RA 148
3 Abdul Samad KP 125
4 CPallini 100
0 OriginalGriff 6,189
1 Sergey Alexandrovich Kryukov 5,666
2 CPallini 4,810
3 George Jonsson 3,429
4 Gihan Liyanage 2,522


Advertise | Privacy | Mobile
Web01 | 2.8.140916.1 | Last Updated 2 Jan 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100