Results 1 to 7 of 7

Thread: [VB6] Digital signature verifier (Authenticode and WHQL)

Threaded View

  1. May 13th, 2017, 10:13 AM #1
    Dragokas
    Dragokas is offline

    Thread Starter
    Member Dragokas's Avatar
    Join Date
    Aug 2015
    Location
    Ukraine on fire (country of slaves)
    Posts
    750

    [VB6] Digital signature verifier (Authenticode and WHQL)

    ------------------
    How to start?
    Just add module 'modDigiSign.bas' to your project and look in 'Examples of using' below.
    ------------------

    Hi,
    I would like to present digital signature checker for executables and other file formats containing the code.

    Purpose:
    It is a well-tested module that allows you to verify things like:
    - is signature legitimate (without need of internet connection)
    - is driver's WHQL signature legitimate
    - is signature belongs to Microsoft
    - is signature embedded or external (signed by catalog)
    - is signature present (by checking PE structure)

    It can show info about certificates:
    - validity date (begin / end period)
    - issued by
    - issued to (signer name)
    - issued to (signer email)

    Info about signature includes:
    - short and extended description of verify results
    - hash algoritms of signature digest and certificate's signature
    - number of signatures
    - timestamp (time of signing)

    Demo project also contains code to check:
    - is file PE EXE formatted
    - is file SFC / WPF protected
    Creates a report in CSV format.

    Compatibility:
    OS: Windows 10 / 8.1 / 8 / 7 / Vista / XP / 2000, both x32 and x64 bit, include 64-bit executables and 64-bit folders.
    Hash algorithms of signature / digest: MD5, SHA1, SHA256.
    Unicode aware.
    Uses CryptoAPI, no other dependencies.

    Requirements:
    - If you are using File System Redirector in your program, make sure that it is NOT 'turned OFF' before calling functions of this module.
    It is very important! If you cannot guarantee it, to ensure compatibility, you can call my wrapper "ToggleWow64FSRedirection (true / false)" from this module instead of your function.
    - Do not use any sort of IDE emulations like 'compatiblity with XP' while running via IDE. It can take a negative effect on result of verifying.

    License:
    You can use modDigiSign.bas in your projects for free.
    Full or partial re-publication of this info, attached article (including translation), projects and sources is prohibited without the direct permission of the author (me).

    Examples of using:

    General syntax:
    Code:
    Dim SignResult As SignResult_TYPE

SignVerify [File to check], [Flags], [out_SignResult]
    1. Check is signature legitimate:
    Code:
    Dim SignResult As SignResult_TYPE

Debug.? "SignedAndVerified ? " & SignVerify("c:\path\File_to_test.exe", 0, SignResult)
    Also, look in exampes / flags / tools description in posts below.

    The latest version is always here.
    Attached Files Attached Files
    Last edited by Dragokas; Jul 6th, 2023 at 05:38 AM.
    Malware analyst, VirusNet developer, HiJackThis+ author || my CodeBank works
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width