gpt4 book ai didi

signtool - WinVerifyTrust 函数需要很长时间才能执行

转载 作者:行者123 更新时间:2023-12-02 08:04:41 56 4
gpt4 key购买 nike

我在windows 10 pro上使用windows WinVerifyTrust函数来验证dll签名。当我第一次激活此函数时,该函数需要4秒来执行并返回第一个dll的验证状态。对于其他正在进行的 dll,该函数返回速度很快。

任何人都可以帮助我了解延迟的可能原因吗?

需要 4 秒的调用是这个调用:

  lStatus = WinVerifyTrust(
NULL,
&WVTPolicyGUID,
&WinTrustData);

我正在使用的包装函数如下所示:

#define _UNICODE 1
#define UNICODE 1

#include <tchar.h>
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <Softpub.h>
#include <wincrypt.h>
#include <wintrust.h>

// Link with the Wintrust.lib file.
#pragma comment (lib, "wintrust")

BOOL VerifyEmbeddedSignature(LPCWSTR pwszSourceFile)
{
LONG lStatus;
DWORD dwLastError;

// Initialize the WINTRUST_FILE_INFO structure.

WINTRUST_FILE_INFO FileData;
memset(&FileData, 0, sizeof(FileData));
FileData.cbStruct = sizeof(WINTRUST_FILE_INFO);
FileData.pcwszFilePath = pwszSourceFile;
FileData.hFile = NULL;
FileData.pgKnownSubject = NULL;


GUID WVTPolicyGUID = WINTRUST_ACTION_GENERIC_VERIFY_V2;
WINTRUST_DATA WinTrustData;

// Initialize the WinVerifyTrust input data structure.

// Default all fields to 0.
memset(&WinTrustData, 0, sizeof(WinTrustData));

WinTrustData.cbStruct = sizeof(WinTrustData);

// Use default code signing EKU.
WinTrustData.pPolicyCallbackData = NULL;

// No data to pass to SIP.
WinTrustData.pSIPClientData = NULL;

// Disable WVT UI.
WinTrustData.dwUIChoice = WTD_UI_NONE;

// No revocation checking.
WinTrustData.fdwRevocationChecks = WTD_REVOKE_NONE;

// Verify an embedded signature on a file.
WinTrustData.dwUnionChoice = WTD_CHOICE_FILE;

// Verify action.
WinTrustData.dwStateAction = WTD_STATEACTION_VERIFY;

// Verification sets this value.
WinTrustData.hWVTStateData = NULL;

// Not used.
WinTrustData.pwszURLReference = NULL;

// This is not applicable if there is no UI because it changes
// the UI to accommodate running applications instead of
// installing applications.
WinTrustData.dwUIContext = 0;

// Set pFile.
WinTrustData.pFile = &FileData;

// WinVerifyTrust verifies signatures as specified by the GUID
// and Wintrust_Data.
lStatus = WinVerifyTrust(
NULL,
&WVTPolicyGUID,
&WinTrustData);

switch (lStatus)
{
case ERROR_SUCCESS:
/*
Signed file:
- Hash that represents the subject is trusted.

- Trusted publisher without any verification errors.

- UI was disabled in dwUIChoice. No publisher or
time stamp chain errors.

- UI was enabled in dwUIChoice and the user clicked
"Yes" when asked to install and run the signed
subject.
*/
wprintf_s(L"The file \"%s\" is signed and the signature "
L"was verified.\n",
pwszSourceFile);
break;

case TRUST_E_NOSIGNATURE:
// The file was not signed or had a signature
// that was not valid.

// Get the reason for no signature.
dwLastError = GetLastError();
if (TRUST_E_NOSIGNATURE == dwLastError ||
TRUST_E_SUBJECT_FORM_UNKNOWN == dwLastError ||
TRUST_E_PROVIDER_UNKNOWN == dwLastError)
{
// The file was not signed.
wprintf_s(L"The file \"%s\" is not signed.\n",
pwszSourceFile);
}
else
{
// The signature was not valid or there was an error
// opening the file.
wprintf_s(L"An unknown error occurred trying to "
L"verify the signature of the \"%s\" file.\n",
pwszSourceFile);
}

break;

case TRUST_E_EXPLICIT_DISTRUST:
// The hash that represents the subject or the publisher
// is not allowed by the admin or user.
wprintf_s(L"The signature is present, but specifically "
L"disallowed.\n");
break;

case TRUST_E_SUBJECT_NOT_TRUSTED:
// The user clicked "No" when asked to install and run.
wprintf_s(L"The signature is present, but not "
L"trusted.\n");
break;

case CRYPT_E_SECURITY_SETTINGS:

wprintf_s(L"CRYPT_E_SECURITY_SETTINGS - The hash "
L"representing the subject or the publisher wasn't "
L"explicitly trusted by the admin and admin policy "
L"has disabled user trust. No signature, publisher "
L"or timestamp errors.\n");
break;

default:

wprintf_s(L"Error is: 0x%x.\n",
lStatus);
break;
}

// Any hWVTStateData must be released by a call with close.
WinTrustData.dwStateAction = WTD_STATEACTION_CLOSE;

lStatus = WinVerifyTrust(
NULL,
&WVTPolicyGUID,
&WinTrustData);

return true;
}

最佳答案

请参阅MSDN documentation on WinVerifyTrust ,看来您还需要阻止检索撤销列表:

// Use only the local cache for revocation checks. Prevents revocation checks over the network. 
WinTrustData.dwProvFlags = WTD_CACHE_ONLY_URL_RETRIEVAL;

关于signtool - WinVerifyTrust 函数需要很长时间才能执行,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46033461/

56 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com