文件名称:shuziqianming_D7
下载
别用迅雷、360浏览器下载。
如迅雷强制弹出,可右键点击选“另存为”。
失败请重下,重下不扣分。
如迅雷强制弹出,可右键点击选“另存为”。
失败请重下,重下不扣分。
介绍说明--下载内容均来自于网络,请自行研究使用
开始,运行输入 sigverif
通过检查数字签名就知道是不是ms的了。
主要使用Win32API实现验证应用或驱动程
WinVerifyTrust API。如果该API被Hook有没有其他方法验证应用或驱动程序是否通过微软签名?如果仅仅是被挂钩了IAT,那么可以直接通过函数指针调用。
如果是像Detours那样用jmp改写了函数头,可以通过读取WinTrust.dll中WinVerifyTrust的实现位置,恢复函数头的机器码。
不知道使用CryptoAPI,再使用指定的Microsoft证书
是不是更好一点,不容易被欺骗
怕调api被hook的话,自己将验证的代码写出来,用openssl应该容易点。-Start, Run enter sigverif by checking the digital signature is not on the know of the ms. Win32API realize the main use of the application or driver to verify WinVerifyTrust API. If the API was Hook has no other way to verify whether the application or driver through Microsoft Signed? If merely being linked to the IAT, you can call directly through the function pointer. If it is used as the Detours as to alter the function jmp head, can be read in WinVerifyTrust Wintrust.dll realize the location, the restoration of function of the binary header. Do not know the use of CryptoAPI, and then use the specified certificate is not Microsoft a little better, not easy to be deceived by fear api tune hook, then he would write the code to verify, using openssl should be easy points.
通过检查数字签名就知道是不是ms的了。
主要使用Win32API实现验证应用或驱动程
WinVerifyTrust API。如果该API被Hook有没有其他方法验证应用或驱动程序是否通过微软签名?如果仅仅是被挂钩了IAT,那么可以直接通过函数指针调用。
如果是像Detours那样用jmp改写了函数头,可以通过读取WinTrust.dll中WinVerifyTrust的实现位置,恢复函数头的机器码。
不知道使用CryptoAPI,再使用指定的Microsoft证书
是不是更好一点,不容易被欺骗
怕调api被hook的话,自己将验证的代码写出来,用openssl应该容易点。-Start, Run enter sigverif by checking the digital signature is not on the know of the ms. Win32API realize the main use of the application or driver to verify WinVerifyTrust API. If the API was Hook has no other way to verify whether the application or driver through Microsoft Signed? If merely being linked to the IAT, you can call directly through the function pointer. If it is used as the Detours as to alter the function jmp head, can be read in WinVerifyTrust Wintrust.dll realize the location, the restoration of function of the binary header. Do not know the use of CryptoAPI, and then use the specified certificate is not Microsoft a little better, not easy to be deceived by fear api tune hook, then he would write the code to verify, using openssl should be easy points.
相关搜索: WinVerifyTrust
数字签名
Openssl
CryptoAPI
shuziqianming_D7
signature
digital
digital
signature
delphi
IAT
HOOK
签名
delphi
api
hook
数字签名
Openssl
CryptoAPI
shuziqianming_D7
signature
digital
digital
signature
delphi
IAT
HOOK
签名
delphi
api
hook
(系统自动生成,下载前可以参看下载内容)
下载文件列表
Dir_Scan.dcu
Dir_Scan.pas
FileLoop_func.pas
File_func.dcu
Project2.cfg
Project2.dof
Project2.dpr
Project2.exe
Project2.res
Unit_main.dcu
Unit_main.ddp
Unit_main.dfm
Unit_main.pas
uSimpleTrustCheck.dcu
uSimpleTrustCheck.pas
一个中英文记录delphi实现.txt
Dir_Scan.pas
FileLoop_func.pas
File_func.dcu
Project2.cfg
Project2.dof
Project2.dpr
Project2.exe
Project2.res
Unit_main.dcu
Unit_main.ddp
Unit_main.dfm
Unit_main.pas
uSimpleTrustCheck.dcu
uSimpleTrustCheck.pas
一个中英文记录delphi实现.txt