方法一、二兼容XP,三不兼容XP。
方法一:
/* * An example of file signature verification using WinTrust API * Derived from the sample vertrust.cpp in the Platform SDK * * Copyright (c) 2009 Mounir IDRASSI <[email protected]>. All rights reserved. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. * */ #ifndef UNICODE #define UNICODE #endif #ifndef _UNICODE #define _UNICODE #endif #define _WIN32_WINNT 0x0500 #define WINVER 0x0500 #include <windows.h> #include <Softpub.h> #include <Wincrypt.h> #include <tchar.h> #include <stdlib.h> #pragma comment(lib, "Crypt32.lib") #pragma comment(lib, "Wintrust.lib") LPTSTR GetCertificateDescription(PCCERT_CONTEXT pCertCtx) { DWORD dwStrType; DWORD dwCount; LPTSTR szSubjectRDN = NULL; dwStrType = CERT_X500_NAME_STR; dwCount = CertGetNameString(pCertCtx, CERT_NAME_RDN_TYPE, 0, &dwStrType, NULL, 0); if (dwCount) { szSubjectRDN = (LPTSTR) LocalAlloc(0, dwCount * sizeof(TCHAR)); CertGetNameString(pCertCtx, CERT_NAME_RDN_TYPE, 0, &dwStrType, szSubjectRDN, dwCount); } return szSubjectRDN; } int _tmain(int argc, _TCHAR* argv[]) { GUID guidAction = WINTRUST_ACTION_GENERIC_VERIFY_V2; WINTRUST_FILE_INFO sWintrustFileInfo; WINTRUST_DATA sWintrustData; HRESULT hr; if (argc != 2) { _tprintf(_T("Usage: VerifyExeSignature file_name\n")); return -1; } memset((void*)&sWintrustFileInfo, 0x00, sizeof(WINTRUST_FILE_INFO)); memset((void*)&sWintrustData, 0x00, sizeof(WINTRUST_DATA)); sWintrustFileInfo.cbStruct = sizeof(WINTRUST_FILE_INFO); sWintrustFileInfo.pcwszFilePath = argv[1]; sWintrustFileInfo.hFile = NULL; sWintrustData.cbStruct = sizeof(WINTRUST_DATA); sWintrustData.dwUIChoice = WTD_UI_NONE; sWintrustData.fdwRevocationChecks = WTD_REVOKE_NONE; sWintrustData.dwUnionChoice = WTD_CHOICE_FILE; sWintrustData.pFile = &sWintrustFileInfo; sWintrustData.dwStateAction = WTD_STATEACTION_VERIFY; hr = WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &guidAction, &sWintrustData); if (TRUST_E_NOSIGNATURE == hr) { _tprintf(_T("No signature found on the file.\n")); } else if (TRUST_E_BAD_DIGEST == hr) { _tprintf(_T("The signature of the file is invalid\n")); } else if (TRUST_E_PROVIDER_UNKNOWN == hr) { _tprintf(_T("No trust provider on this machine can verify this type of files.\n")); } else if (S_OK != hr) { _tprintf(_T("WinVerifyTrust failed with error 0x%.8X\n"), hr); } else { _tprintf(_T("File signature is OK.\n")); // retreive the signer certificate and display its information CRYPT_PROVIDER_DATA const *psProvData = NULL; CRYPT_PROVIDER_SGNR *psProvSigner = NULL; CRYPT_PROVIDER_CERT *psProvCert = NULL; FILETIME localFt; SYSTEMTIME sysTime; psProvData = WTHelperProvDataFromStateData(sWintrustData.hWVTStateData); if (psProvData) { psProvSigner = WTHelperGetProvSignerFromChain((PCRYPT_PROVIDER_DATA)psProvData, 0 , FALSE, 0); if (psProvSigner) { FileTimeToLocalFileTime(&psProvSigner->sftVerifyAsOf, &localFt); FileTimeToSystemTime(&localFt, &sysTime); _tprintf(_T("Signature Date = %.2d/%.2d/%.4d at %.2d:%2.d:%.2d\n"), sysTime.wDay, sysTime.wMonth,sysTime.wYear, sysTime.wHour,sysTime.wMinute,sysTime.wSecond); psProvCert = WTHelperGetProvCertFromChain(psProvSigner, 0); if (psProvCert) { LPTSTR szCertDesc = GetCertificateDescription(psProvCert->pCert); if (szCertDesc) { _tprintf(_T("File Signer = %s\n"), szCertDesc); LocalFree(szCertDesc); } } if (psProvSigner->csCounterSigners) { _tprintf(_T("\n")); // Timestamp information FileTimeToLocalFileTime(&psProvSigner->pasCounterSigners[0].sftVerifyAsOf, &localFt); FileTimeToSystemTime(&localFt, &sysTime); _tprintf(_T("Timestamp Date = %.2d/%.2d/%.4d at %.2d:%2.d:%.2d\n"), sysTime.wDay, sysTime.wMonth,sysTime.wYear, sysTime.wHour,sysTime.wMinute,sysTime.wSecond); psProvCert = WTHelperGetProvCertFromChain(&psProvSigner->pasCounterSigners[0], 0); if (psProvCert) { LPTSTR szCertDesc = GetCertificateDescription(psProvCert->pCert); if (szCertDesc) { _tprintf(_T("Timestamp Signer = %s\n"), szCertDesc); LocalFree(szCertDesc); } } } } } } sWintrustData.dwUIChoice = WTD_UI_NONE; sWintrustData.dwStateAction = WTD_STATEACTION_CLOSE; WinVerifyTrust((HWND)INVALID_HANDLE_VALUE, &guidAction, &sWintrustData); return 0; }
#include <windows.h>
#include <Softpub.h>
#include <wincrypt.h>
#include <wintrust.h>
#include <mscat.h>
#include <wchar.h>
#pragma comment(lib, "wintrust")
BOOLEAN IsFileDigitallySigned(PWCHAR FilePath)
{
//Author: AD, 2009
PVOID Context;
HANDLE FileHandle;
DWORD HashSize = 0;
PBYTE Buffer;
PVOID CatalogContext;
CATALOG_INFO InfoStruct;
WINTRUST_DATA WintrustStructure;
WINTRUST_CATALOG_INFO WintrustCatalogStructure;
WINTRUST_FILE_INFO WintrustFileStructure;
PWCHAR MemberTag;
BOOLEAN ReturnFlag = FALSE;
ULONG ReturnVal;
GUID ActionGuid = WINTRUST_ACTION_GENERIC_VERIFY_V2;
//Zero our structures.
memset(&InfoStruct, 0, sizeof(CATALOG_INFO));
InfoStruct.cbStruct = sizeof(CATALOG_INFO);
memset(&WintrustCatalogStructure, 0, sizeof(WINTRUST_CATALOG_INFO));
WintrustCatalogStructure.cbStruct = sizeof(WINTRUST_CATALOG_INFO);
memset(&WintrustFileStructure, 0, sizeof(WINTRUST_FILE_INFO));
WintrustFileStructure.cbStruct = sizeof(WINTRUST_FILE_INFO);
//Get a context for signature verification.
if (!CryptCATAdminAcquireContext(&Context, NULL, 0))
{
return FALSE;
}
//Open file.
FileHandle = CreateFileW(FilePath, GENERIC_READ, 7, NULL, OPEN_EXISTING, 0, NULL);
if (INVALID_HANDLE_VALUE == FileHandle)
{
CryptCATAdminReleaseContext(Context, 0);
return FALSE;
}
//Get the size we need for our hash.
CryptCATAdminCalcHashFromFileHandle(FileHandle, &HashSize, NULL, 0);
if (HashSize == 0)
{
//0-sized has means error!
CryptCATAdminReleaseContext(Context, 0);
CloseHandle(FileHandle);
return FALSE;
}
//Allocate memory.
Buffer = (PBYTE)calloc(HashSize, 1);
//Actually calculate the hash
if (!CryptCATAdminCalcHashFromFileHandle(FileHandle, &HashSize, Buffer, 0))
{
CryptCATAdminReleaseContext(Context, 0);
free(Buffer);
CloseHandle(FileHandle);
return FALSE;
}
//Convert the hash to a string.
MemberTag = (PWCHAR)calloc((HashSize * 2) + 1, sizeof(WCHAR));
for (unsigned int i = 0; i < HashSize; i++)
{
swprintf(&MemberTag[i * 2],100, L"%02X", Buffer[i]);
}
//Get catalog for our context.
CatalogContext = CryptCATAdminEnumCatalogFromHash(Context, Buffer, HashSize, 0, NULL);
if (CatalogContext)
{
//If we couldn't get information
if (!CryptCATCatalogInfoFromContext(CatalogContext, &InfoStruct, 0))
{
//Release the context and set the context to null so it gets picked up below.
CryptCATAdminReleaseCatalogContext(Context, CatalogContext, 0);
CatalogContext = NULL;
}
}
//If we have a valid context, we got our info.
//Otherwise, we attempt to verify the internal signature.
if (!CatalogContext)
{
WintrustFileStructure.cbStruct = sizeof(WINTRUST_FILE_INFO);
WintrustFileStructure.pcwszFilePath = FilePath;
WintrustFileStructure.hFile = NULL;
WintrustFileStructure.pgKnownSubject = NULL;
WintrustStructure.cbStruct = sizeof(WINTRUST_DATA);
WintrustStructure.dwUnionChoice = WTD_CHOICE_FILE;
WintrustStructure.pFile = &WintrustFileStructure;
WintrustStructure.dwUIChoice = WTD_UI_NONE;
WintrustStructure.fdwRevocationChecks = WTD_REVOKE_NONE;
WintrustStructure.dwStateAction = WTD_STATEACTION_IGNORE;
WintrustStructure.dwProvFlags = WTD_SAFER_FLAG;
WintrustStructure.hWVTStateData = NULL;
WintrustStructure.pwszURLReference = NULL;
}
else
{
//If we get here, we have catalog info! Verify it.
WintrustStructure.cbStruct = sizeof(WINTRUST_DATA);
WintrustStructure.pPolicyCallbackData = 0;
WintrustStructure.pSIPClientData = 0;
WintrustStructure.dwUIChoice = WTD_UI_NONE;
WintrustStructure.fdwRevocationChecks = WTD_REVOKE_NONE;
WintrustStructure.dwUnionChoice = WTD_CHOICE_CATALOG;
WintrustStructure.pCatalog = &WintrustCatalogStructure;
WintrustStructure.dwStateAction = WTD_STATEACTION_VERIFY;
WintrustStructure.hWVTStateData = NULL;
WintrustStructure.pwszURLReference = NULL;
WintrustStructure.dwProvFlags = 0;
WintrustStructure.dwUIContext = WTD_UICONTEXT_EXECUTE;
//Fill in catalog info structure.
WintrustCatalogStructure.cbStruct = sizeof(WINTRUST_CATALOG_INFO);
WintrustCatalogStructure.dwCatalogVersion = 0;
WintrustCatalogStructure.pcwszCatalogFilePath = InfoStruct.wszCatalogFile;
WintrustCatalogStructure.pcwszMemberTag = MemberTag;
WintrustCatalogStructure.pcwszMemberFilePath = FilePath;
WintrustCatalogStructure.hMemberFile = NULL;
}
//Call our verification function.
ReturnVal = WinVerifyTrust(0, &ActionGuid, &WintrustStructure);
//Check return.
ReturnFlag = SUCCEEDED(ReturnVal);
//Free context.
if (CatalogContext)
CryptCATAdminReleaseCatalogContext(Context, CatalogContext, 0);
//If we successfully verified, we need to free.
if (ReturnFlag)
{
WintrustStructure.dwStateAction = WTD_STATEACTION_CLOSE;
WinVerifyTrust(0, &ActionGuid, &WintrustStructure);
}
//Free memory.
free(MemberTag);
free(Buffer);
CloseHandle(FileHandle);
CryptCATAdminReleaseContext(Context, 0);
return ReturnFlag;
}
int _tmain(int argc, _TCHAR* argv[])
{
IsFileDigitallySigned(L"C:\\Windows\\System32\\svchost.exe");
}
方法三:
//验证数字签名有效性 xp下不兼容,为使xp下可用,暂不使用此代码
DWORD VerifyEmbeddedSignatures(_In_ PCWSTR FileName,
_In_ HANDLE FileHandle,
_In_ bool UseStrongSigPolicy);
DWORD VerifyCatalogSignature(_In_ HANDLE FileHandle,
_In_ bool UseStrongSigPolicy);
BOOL VerifyFileSig(char *pFileName);
//
// 以下为验证数字签名有效性 xp下不兼容,为使xp下可用,暂不使用此代码
//
BOOL CheckFileTrust2(LPCWSTR lpFileName) //传进来的必须是LPCWSTR型的,不可以是char*
{
BOOL bRet = FALSE;
WINTRUST_DATA wd = { 0 };
WINTRUST_FILE_INFO wfi = { 0 };
WINTRUST_CATALOG_INFO wci = { 0 };
CATALOG_INFO ci = { 0 };
HCATADMIN hCatAdmin = NULL;
if (!CryptCATAdminAcquireContext(&hCatAdmin, NULL, 0))
{
return FALSE;
}
HANDLE hFile = CreateFileW(lpFileName, GENERIC_READ, FILE_SHARE_READ,
NULL, OPEN_EXISTING, 0, NULL);
if (INVALID_HANDLE_VALUE == hFile)
{
CryptCATAdminReleaseContext(hCatAdmin, 0);
return FALSE;
}
DWORD dwCnt = 100;
BYTE byHash[100];
CryptCATAdminCalcHashFromFileHandle(hFile, &dwCnt, byHash, 0);
CloseHandle(hFile);
LPWSTR pszMemberTag = new WCHAR[dwCnt * 2 + 1];
for (DWORD dw = 0; dw < dwCnt; ++dw)
{
wsprintfW(&pszMemberTag[dw * 2], L"%02X", byHash[dw]);
}
HCATINFO hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdmin,
byHash, dwCnt, 0, NULL);
if (NULL == hCatInfo)
{
wfi.cbStruct = sizeof(WINTRUST_FILE_INFO);
wfi.pcwszFilePath = lpFileName;
wfi.hFile = NULL;
wfi.pgKnownSubject = NULL;
wd.cbStruct = sizeof(WINTRUST_DATA);
wd.dwUnionChoice = WTD_CHOICE_FILE;
wd.pFile = &wfi;
wd.dwUIChoice = WTD_UI_NONE;
wd.fdwRevocationChecks = WTD_REVOKE_NONE;
wd.dwStateAction = WTD_STATEACTION_IGNORE;
wd.dwProvFlags = WTD_SAFER_FLAG;
wd.hWVTStateData = NULL;
wd.pwszURLReference = NULL;
}
else
{
CryptCATCatalogInfoFromContext(hCatInfo, &ci, 0);
wci.cbStruct = sizeof(WINTRUST_CATALOG_INFO);
wci.pcwszCatalogFilePath = ci.wszCatalogFile;
wci.pcwszMemberFilePath = lpFileName;
wci.pcwszMemberTag = pszMemberTag;
wd.cbStruct = sizeof(WINTRUST_DATA);
wd.dwUnionChoice = WTD_CHOICE_CATALOG;
wd.pCatalog = &wci;
wd.dwUIChoice = WTD_UI_NONE;
wd.fdwRevocationChecks = WTD_STATEACTION_VERIFY;
wd.dwProvFlags = 0;
wd.hWVTStateData = NULL;
wd.pwszURLReference = NULL;
}
GUID action = WINTRUST_ACTION_GENERIC_VERIFY_V2;
HRESULT hr = WinVerifyTrust(NULL, &action, &wd);
bRet = SUCCEEDED(hr);
if (NULL != hCatInfo)
{
CryptCATAdminReleaseCatalogContext(hCatAdmin, hCatInfo, 0);
}
CryptCATAdminReleaseContext(hCatAdmin, 0);
delete[] pszMemberTag;
return bRet;
}
//----------------------------------------------------------------------------
//
// VerifyEmbeddedSignatures
// Verifies all embedded signatures of a file
//
//----------------------------------------------------------------------------
DWORD VerifyEmbeddedSignatures(_In_ PCWSTR FileName,
_In_ HANDLE FileHandle,
_In_ bool UseStrongSigPolicy)
{
DWORD Error = ERROR_SUCCESS;
bool WintrustCalled = false;
GUID GenericActionId = WINTRUST_ACTION_GENERIC_VERIFY_V2;
WINTRUST_DATA WintrustData = {};
WINTRUST_FILE_INFO FileInfo = {};
WINTRUST_SIGNATURE_SETTINGS SignatureSettings = {};
CERT_STRONG_SIGN_PARA StrongSigPolicy = {};
// Setup data structures for calling WinVerifyTrust
WintrustData.cbStruct = sizeof(WINTRUST_DATA);
WintrustData.dwStateAction = WTD_STATEACTION_VERIFY;
WintrustData.dwUIChoice = WTD_UI_NONE;
WintrustData.fdwRevocationChecks = WTD_REVOKE_NONE;
WintrustData.dwUnionChoice = WTD_CHOICE_FILE;
FileInfo.cbStruct = sizeof(WINTRUST_FILE_INFO_);
FileInfo.hFile = FileHandle;
FileInfo.pcwszFilePath = FileName;
WintrustData.pFile = &FileInfo;
//
// First verify the primary signature (index 0) to determine how many secondary signatures
// are present. We use WSS_VERIFY_SPECIFIC and dwIndex to do this, also setting
// WSS_GET_SECONDARY_SIG_COUNT to have the number of secondary signatures returned.
//
SignatureSettings.cbStruct = sizeof(WINTRUST_SIGNATURE_SETTINGS);
SignatureSettings.dwFlags = WSS_GET_SECONDARY_SIG_COUNT | WSS_VERIFY_SPECIFIC;
SignatureSettings.dwIndex = 0;
WintrustData.pSignatureSettings = &SignatureSettings;
if (UseStrongSigPolicy != false)
{
StrongSigPolicy.cbSize = sizeof(CERT_STRONG_SIGN_PARA);
StrongSigPolicy.dwInfoChoice = CERT_STRONG_SIGN_OID_INFO_CHOICE;
StrongSigPolicy.pszOID = szOID_CERT_STRONG_SIGN_OS_CURRENT;
WintrustData.pSignatureSettings->pCryptoPolicy = &StrongSigPolicy;
}
wprintf(L"Verifying primary signature... ");
Error = WinVerifyTrust(NULL, &GenericActionId, &WintrustData);
WintrustCalled = true;
if (Error != ERROR_SUCCESS)
{
goto Cleanup;
}
wprintf(L"Success!\n");
wprintf(L"Found %d secondary signatures\n", WintrustData.pSignatureSettings->cSecondarySigs);
// Now attempt to verify all secondary signatures that were found
for (DWORD x = 1; x <= WintrustData.pSignatureSettings->cSecondarySigs; x++)
{
wprintf(L"Verify secondary signature at index %d... ", x);
// Need to clear the previous state data from the last call to WinVerifyTrust
WintrustData.dwStateAction = WTD_STATEACTION_CLOSE;
Error = WinVerifyTrust(NULL, &GenericActionId, &WintrustData);
if (Error != ERROR_SUCCESS)
{
//No need to call WinVerifyTrust again
WintrustCalled = false;
goto Cleanup;
}
WintrustData.hWVTStateData = NULL;
// Caller must reset dwStateAction as it may have been changed during the last call
WintrustData.dwStateAction = WTD_STATEACTION_VERIFY;
WintrustData.pSignatureSettings->dwIndex = x;
Error = WinVerifyTrust(NULL, &GenericActionId, &WintrustData);
if (Error != ERROR_SUCCESS)
{
goto Cleanup;
}
wprintf(L"Success!\n");
}
Cleanup:
//
// Caller must call WinVerifyTrust with WTD_STATEACTION_CLOSE to free memory
// allocate by WinVerifyTrust
//
if (WintrustCalled != false)
{
WintrustData.dwStateAction = WTD_STATEACTION_CLOSE;
WinVerifyTrust(NULL, &GenericActionId, &WintrustData);
}
return Error;
}
//----------------------------------------------------------------------------
//
// VerifyCatalogSignature
// Looks up a file by hash in the system catalogs.
//
//----------------------------------------------------------------------------
DWORD VerifyCatalogSignature(_In_ HANDLE FileHandle,
_In_ bool UseStrongSigPolicy)
{
DWORD Error = ERROR_SUCCESS;
bool Found = false;
HCATADMIN CatAdminHandle = NULL;
HCATINFO CatInfoHandle = NULL;
DWORD HashLength = 0;
PBYTE HashData = NULL;
CERT_STRONG_SIGN_PARA SigningPolicy = {};
if (UseStrongSigPolicy != false)
{
SigningPolicy.cbSize = sizeof(CERT_STRONG_SIGN_PARA);
SigningPolicy.dwInfoChoice = CERT_STRONG_SIGN_OID_INFO_CHOICE;
SigningPolicy.pszOID = szOID_CERT_STRONG_SIGN_OS_CURRENT;
if (!CryptCATAdminAcquireContext2(
&CatAdminHandle,
NULL,
BCRYPT_SHA256_ALGORITHM,
&SigningPolicy,
0))
{
Error = GetLastError();
goto Cleanup;
}
}
else
{
if (!CryptCATAdminAcquireContext2(
&CatAdminHandle,
NULL,
BCRYPT_SHA256_ALGORITHM,
NULL,
0))
{
Error = GetLastError();
goto Cleanup;
}
}
// Get size of hash to be used
if (!CryptCATAdminCalcHashFromFileHandle2(
CatAdminHandle,
FileHandle,
&HashLength,
NULL,
NULL))
{
Error = GetLastError();
goto Cleanup;
}
HashData = (PBYTE)HeapAlloc(GetProcessHeap(), 0, HashLength);
if (HashData == NULL)
{
Error = ERROR_OUTOFMEMORY;
goto Cleanup;
}
// Generate hash for a give file
if (!CryptCATAdminCalcHashFromFileHandle2(
CatAdminHandle,
FileHandle,
&HashLength,
HashData,
NULL))
{
Error = GetLastError();
goto Cleanup;
}
// Find the first catalog containing this hash
CatInfoHandle = NULL;
CatInfoHandle = CryptCATAdminEnumCatalogFromHash(
CatAdminHandle,
HashData,
HashLength,
0,
&CatInfoHandle);
while (CatInfoHandle != NULL)
{
CATALOG_INFO catalogInfo = {};
catalogInfo.cbStruct = sizeof(catalogInfo);
Found = true;
if (!CryptCATCatalogInfoFromContext(
CatInfoHandle,
&catalogInfo,
0))
{
Error = GetLastError();
break;
}
wprintf(L"Hash was found in catalog %s\n\n", catalogInfo.wszCatalogFile);
// Look for the next catalog containing the file's hash
CatInfoHandle = CryptCATAdminEnumCatalogFromHash(
CatAdminHandle,
HashData,
HashLength,
0,
&CatInfoHandle);
}
if (Found != true)
{
Error = S_FALSE;
wprintf(L"Hash was not found in any catalogs.\n");
}
Cleanup:
if (CatAdminHandle != NULL)
{
if (CatInfoHandle != NULL)
{
CryptCATAdminReleaseCatalogContext(CatAdminHandle, CatInfoHandle, 0);
}
CryptCATAdminReleaseContext(CatAdminHandle, 0);
}
if (HashData != NULL)
{
HeapFree(GetProcessHeap(), 0, HashData);
}
return Error;
}
BOOL VerifyFileSig(char *pFileName)
{
bool UseStrongSigPolicy = false;
WCHAR FilePathW[MAX_PATH] = { 0 }; //把char型的路径转换成wchar,CheckFileTrust必须传入wchar
if (str::MByteToWChar(pFileName, FilePathW, MAX_PATH))
{
if (CheckFileTrust2(FilePathW))
{
return TRUE;
}
HANDLE FileHandle = CreateFileW(FilePathW,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
0,
NULL);
if (FileHandle == INVALID_HANDLE_VALUE)
{
return FALSE;
}
HRESULT hr = VerifyCatalogSignature(FileHandle, UseStrongSigPolicy);
if (SUCCEEDED(hr))
{
hr = VerifyEmbeddedSignatures(FilePathW, FileHandle, UseStrongSigPolicy);
CloseHandle(FileHandle);
return SUCCEEDED(hr);// ? FALSE : TRUE;
}
else
{
CloseHandle(FileHandle);
return TRUE;
}
}
return FALSE;
}
//int __cdecl wmain(_In_ unsigned int argc, _In_reads_(argc) PCWSTR wargv[])
//{
// DWORD Error = ERROR_SUCCESS;
// HANDLE FileHandle = INVALID_HANDLE_VALUE;
// DWORD ArgStart = 1;
// bool UseStrongSigPolicy = false;
//
// if (argc < 3 || argc > 4)
// {
// PrintUsage(wargv[0]);
// Error = ERROR_INVALID_PARAMETER;
// goto Cleanup;
// }
//
// if (_wcsicmp(wargv[ArgStart], L"-p") == 0)
// {
// UseStrongSigPolicy = true;
// ArgStart++;
// }
//
// if (ArgStart + 1 >= argc)
// {
// PrintUsage(wargv[0]);
// Error = ERROR_INVALID_PARAMETER;
// goto Cleanup;
// }
//
// if ((wcslen(wargv[ArgStart]) != 2) ||
// ((_wcsicmp(wargv[ArgStart], L"-c") != 0) &&
// (_wcsicmp(wargv[ArgStart], L"-e") != 0)))
// {
// PrintUsage(wargv[0]);
// Error = ERROR_INVALID_PARAMETER;
// goto Cleanup;
// }
//
// FileHandle = CreateFileW(wargv[ArgStart + 1],
// GENERIC_READ,
// FILE_SHARE_READ,
// NULL,
// OPEN_EXISTING,
// 0,
// NULL);
// if (FileHandle == INVALID_HANDLE_VALUE)
// {
// Error = GetLastError();
// PrintError(Error);
// goto Cleanup;
// }
//
// if (_wcsicmp(wargv[ArgStart], L"-c") == 0)
// {
// Error = VerifyCatalogSignature(FileHandle, UseStrongSigPolicy);
// }
// else if (_wcsicmp(wargv[ArgStart], L"-e") == 0)
// {
// Error = VerifyEmbeddedSignatures(wargv[ArgStart + 1], FileHandle, UseStrongSigPolicy);
// }
// else
// {
// PrintUsage(wargv[0]);
// Error = ERROR_INVALID_PARAMETER;
// }
//
//Cleanup:
// if (FileHandle != INVALID_HANDLE_VALUE)
// {
// CloseHandle(FileHandle);
// }
//
// return Error;
//}