Description: 开始,运行输入 sigverif
通过检查数字签名就知道是不是ms的了。
主要使用Win32API实现验证应用或驱动程
WinVerifyTrust API。如果该API被Hook有没有其他方法验证应用或驱动程序是否通过微软签名?如果仅仅是被挂钩了IAT,那么可以直接通过函数指针调用。
如果是像Detours那样用jmp改写了函数头,可以通过读取WinTrust.dll中WinVerifyTrust的实现位置,恢复函数头的机器码。
不知道使用CryptoAPI,再使用指定的Microsoft证书
是不是更好一点,不容易被欺骗
怕调api被hook的话,自己将验证的代码写出来,用openssl应该容易点。-Start, Run enter sigverif by checking the digital signature is not on the know of the ms. Win32API realize the main use of the application or driver to verify WinVerifyTrust API. If the API was Hook has no other way to verify whether the application or driver through Microsoft Signed? If merely being linked to the IAT, you can call directly through the function pointer. If it is used as the Detours as to alter the function jmp head, can be read in WinVerifyTrust Wintrust.dll realize the location, the restoration of function of the binary header. Do not know the use of CryptoAPI, and then use the specified certificate is not Microsoft a little better, not easy to be deceived by fear api tune hook, then he would write the code to verify, using openssl should be easy points. Platform: |
Size: 200704 |
Author:齐欢乐 |
Hits:
Description: CryptoAPI的Delphi头文件,补充Windows头文件的不足,让Delphi程序员可以使用Crypt组加解密函数-CryptoAPI' s Delphi header files to supplement the deficiencies in Windows header files, so that programmers can use the Crypt Group Delphi encryption and decryption functions Platform: |
Size: 270336 |
Author:wsld |
Hits: