diff --git a/HookSigntool/main.cpp b/HookSigntool/main.cpp index ec3a3b4..f36cfe0 100644 --- a/HookSigntool/main.cpp +++ b/HookSigntool/main.cpp @@ -10,10 +10,14 @@ HMODULE hModCrypt32 = NULL, hModMssign32 = NULL, hModKernel32 = NULL; using fntCertVerifyTimeValidity = decltype(CertVerifyTimeValidity); using fntSignerSign = decltype(SignerSign); using fntSignerTimeStamp = decltype(SignerTimeStamp); +using fntSignerTimeStampEx2 = decltype(SignerTimeStampEx2); +using fntSignerTimeStampEx3 = decltype(SignerTimeStampEx3); using fntGetLocalTime = decltype(GetLocalTime); fntCertVerifyTimeValidity* pOldCertVerifyTimeValidity = NULL; fntSignerSign* pOldSignerSign = NULL; fntSignerTimeStamp* pOldSignerTimeStamp = NULL; +fntSignerTimeStampEx2* pOldSignerTimeStampEx2 = NULL; +fntSignerTimeStampEx3* pOldSignerTimeStampEx3 = NULL; fntGetLocalTime* pOldGetLocalTime = NULL; int year = -1, month = -1, day = -1, hour = -1, minute = -1, second = -1; @@ -66,6 +70,33 @@ HRESULT WINAPI NewSignerTimeStamp( { return (*pOldSignerTimeStamp)(pSubjectInfo, ReplaceTimeStamp(pwszHttpTimeStamp), psRequest, pSipData); } +HRESULT WINAPI NewSignerTimeStampEx2( + _Reserved_ DWORD dwFlags, + _In_ SIGNER_SUBJECT_INFO* pSubjectInfo, + _In_ LPCWSTR pwszHttpTimeStamp, + _In_ ALG_ID dwAlgId, + _In_ PCRYPT_ATTRIBUTES psRequest, + _In_ LPVOID pSipData, + _Out_ SIGNER_CONTEXT** ppSignerContext +) +{ + return (*pOldSignerTimeStampEx2)(dwFlags, pSubjectInfo, ReplaceTimeStamp(pwszHttpTimeStamp), dwAlgId, psRequest, pSipData, ppSignerContext); +} +HRESULT WINAPI NewSignerTimeStampEx3( + _In_ DWORD dwFlags, + _In_ DWORD dwIndex, + _In_ SIGNER_SUBJECT_INFO* pSubjectInfo, + _In_ PCWSTR pwszHttpTimeStamp, + _In_ PCWSTR pszAlgorithmOid, + _In_opt_ PCRYPT_ATTRIBUTES psRequest, + _In_opt_ PVOID pSipData, + _Out_ SIGNER_CONTEXT** ppSignerContext, + _In_opt_ PCERT_STRONG_SIGN_PARA pCryptoPolicy, + _Reserved_ PVOID pReserved +) +{ + return (*pOldSignerTimeStampEx3)(dwFlags, dwIndex, pSubjectInfo, ReplaceTimeStamp(pwszHttpTimeStamp), pszAlgorithmOid, psRequest, pSipData, ppSignerContext, pCryptoPolicy, pReserved); +} void WINAPI NewGetLocalTime( LPSYSTEMTIME lpSystemTime ) @@ -95,6 +126,9 @@ bool HookFunctions() if ((pOldCertVerifyTimeValidity = (fntCertVerifyTimeValidity*)GetProcAddress(hModCrypt32, "CertVerifyTimeValidity")) == NULL || (pOldSignerSign = (fntSignerSign*)GetProcAddress(hModMssign32, "SignerSign")) == NULL || (pOldSignerTimeStamp = (fntSignerTimeStamp*)GetProcAddress(hModMssign32, "SignerTimeStamp")) == NULL + || (pOldSignerTimeStampEx2 = (fntSignerTimeStampEx2*)GetProcAddress(hModMssign32, "SignerTimeStampEx2")) == NULL + || ((pOldSignerTimeStampEx3 = (fntSignerTimeStampEx3*)GetProcAddress(hModMssign32, "SignerTimeStampEx3")) == NULL && FALSE) + /* SignerTimeStampEx3 does not exist in Windows 7 */ || (pOldGetLocalTime = (fntGetLocalTime*)GetProcAddress(hModKernel32, "GetLocalTime")) == NULL) return false; @@ -102,18 +136,24 @@ bool HookFunctions() || DetourAttach(&(PVOID&)pOldCertVerifyTimeValidity, NewCertVerifyTimeValidity) != NO_ERROR || DetourAttach(&(PVOID&)pOldSignerSign, NewSignerSign) != NO_ERROR || DetourAttach(&(PVOID&)pOldSignerTimeStamp, NewSignerTimeStamp) != NO_ERROR + || DetourAttach(&(PVOID&)pOldSignerTimeStampEx2, NewSignerTimeStampEx2) != NO_ERROR + || (pOldSignerTimeStampEx3 != NULL ? DetourAttach(&(PVOID&)pOldSignerTimeStampEx3, NewSignerTimeStampEx3) != NO_ERROR : FALSE) + /* SignerTimeStampEx3 does not exist in Windows 7 */ || DetourAttach(&(PVOID&)pOldGetLocalTime, NewGetLocalTime) != NO_ERROR || DetourTransactionCommit() != NO_ERROR) return false; + return true; } bool ParseConfig(LPWSTR lpCommandLineConfig, LPWSTR lpCommandLineTimestamp) { LPWSTR buf = new WCHAR[260]; memset(buf, 0, sizeof(WCHAR) * 260); + if (_wgetcwd(buf, 260) == NULL) return false; wcscat(buf, L"\\"); + if (lpCommandLineConfig) { if ((wcschr(lpCommandLineConfig, L':') - lpCommandLineConfig) == 1) { memset(buf, 0, sizeof(WCHAR) * 260); @@ -138,6 +178,7 @@ bool ParseConfig(LPWSTR lpCommandLineConfig, LPWSTR lpCommandLineTimestamp) wsprintfW(lpTimestamp, lpCommandLineTimestamp); else GetPrivateProfileStringW(L"Timestamp", L"Timestamp", NULL, lpTimestamp, 20, buf); + return true; } BOOL WINAPI DllMain( @@ -160,11 +201,15 @@ BOOL WINAPI DllMain( if (!wcscmp(szArglist[i], L"-ts")) its = i + 1; } + if (!ParseConfig(iconfig >= 0 ? szArglist[iconfig] : NULL, its >= 0 ? szArglist[its] : NULL)) MessageBoxW(NULL, L"配置初始化失败,请检查hook.ini和命令行参数!", L"初始化失败", MB_ICONERROR); + LocalFree(szArglist); + if (!HookFunctions()) MessageBoxW(NULL, L"出现错误,无法Hook指定的函数\r\n请关闭程序重试!", L"Hook失败", MB_ICONERROR); + MessageBoxW(NULL, lpTimestamp, L"自定义时间戳为", MB_OK); } return 1; diff --git a/HookSigntool/mssign32.h b/HookSigntool/mssign32.h index 9b157d2..65787cc 100644 --- a/HookSigntool/mssign32.h +++ b/HookSigntool/mssign32.h @@ -13,6 +13,11 @@ typedef struct _SIGNER_BLOB_INFO { BYTE* pbBlob; LPCWSTR pwszDisplayName; } SIGNER_BLOB_INFO, * PSIGNER_BLOB_INFO; +typedef struct _SIGNER_CONTEXT { + DWORD cbSize; + DWORD cbBlob; + BYTE* pbBlob; +} SIGNER_CONTEXT, * PSIGNER_CONTEXT; typedef struct _SIGNER_CERT_STORE_INFO { DWORD cbSize; @@ -91,3 +96,24 @@ HRESULT WINAPI SignerTimeStamp( _In_opt_ PCRYPT_ATTRIBUTES psRequest, _In_opt_ LPVOID pSipData ); +HRESULT WINAPI SignerTimeStampEx2( + _Reserved_ DWORD dwFlags, + _In_ SIGNER_SUBJECT_INFO* pSubjectInfo, + _In_ LPCWSTR pwszHttpTimeStamp, + _In_ ALG_ID dwAlgId, + _In_ PCRYPT_ATTRIBUTES psRequest, + _In_ LPVOID pSipData, + _Out_ SIGNER_CONTEXT** ppSignerContext +); +HRESULT WINAPI SignerTimeStampEx3( + _In_ DWORD dwFlags, + _In_ DWORD dwIndex, + _In_ SIGNER_SUBJECT_INFO* pSubjectInfo, + _In_ PCWSTR pwszHttpTimeStamp, + _In_ PCWSTR pszAlgorithmOid, + _In_opt_ PCRYPT_ATTRIBUTES psRequest, + _In_opt_ PVOID pSipData, + _Out_ SIGNER_CONTEXT** ppSignerContext, + _In_opt_ PCERT_STRONG_SIGN_PARA pCryptoPolicy, + _Reserved_ PVOID pReserved +); diff --git a/README.md b/README.md index 6076431..f4363a6 100644 --- a/README.md +++ b/README.md @@ -6,11 +6,13 @@ ## 鍘熺悊 缂栬瘧鍑虹殑`HookSigntool.dll`閫氳繃寰蒋鐨凞etours搴揌ook浜嗙鍚嶅伐鍏风殑鍑芥暟璋冪敤浠ヨ揪鍒扮洰鐨 -鎬诲叡Hook浜4涓嚱鏁帮細 +鎬诲叡Hook浜6涓嚱鏁帮細 1. [crypt32.dll!CertVerifyTimeValidity](https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifytimevalidity) 杩斿洖鍊兼敼涓0锛岃绛惧悕宸ュ叿璇互涓烘墍鏈夎瘉涔﹂兘鍦ㄦ湁鏁堟湡鍐咃紝浠ヤ究鍦ㄤ笉淇敼绯荤粺鏃堕棿鐨勬儏鍐典笅鐢ㄨ繃鏈熻瘉涔︾鍚嶃 2. [mssign32!SignerSign](https://docs.microsoft.com/en-us/windows/win32/seccrypto/signersign) 浼犲叆鍙傛暟 pwszHttpTimeStamp 淇敼涓鸿嚜寤烘椂闂存埑鍦板潃锛堣嚜寤烘椂闂存埑鎺ュ彈鍦板潃涓瀹氱殑鏃堕棿锛岀敤浠ヤ吉閫犵鍚嶏級 3. [mssign32!SignerTimeStamp](https://docs.microsoft.com/en-us/windows/win32/seccrypto/signertimestamp) 鍚屼笂 -4. [kernel32.dll!GetLocalTime](https://docs.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-getlocaltime) 杩斿洖鍊兼牴鎹厤缃枃浠朵慨鏀癸紝瀵逛簬绋嬪簭鍔熻兘鏃犲奖鍝嶃 +4. [mssign32!SignerTimeStampEx2](https://docs.microsoft.com/zh-cn/windows/win32/seccrypto/signertimestampex2) 鍚屼笂 +5. [mssign32!SignerTimeStampEx3](https://docs.microsoft.com/zh-cn/windows/win32/seccrypto/signertimestampex3) 鍚屼笂 锛堟鍑芥暟鍦 Windows 7 涓婁笉瀛樺湪锛 +6. [kernel32.dll!GetLocalTime](https://docs.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-getlocaltime) 杩斿洖鍊兼牴鎹厤缃枃浠朵慨鏀癸紝瀵逛簬绋嬪簭鍔熻兘鏃犲奖鍝嶃 ## 鐢ㄦ硶 杩欎釜`dll`鏈変袱绉嶈缃柟娉曪紝涓绉嶆槸`ini`鏂囦欢锛屽彟涓绉嶆槸鍛戒护琛屽弬鏁