add CertOpenStore hook
This commit is contained in:
parent
068e3f3963
commit
14136ac973
@ -25,6 +25,14 @@ PCCERT_CONTEXT WINAPI hook_CertFindCertificateInStore(
|
||||
PCCERT_CONTEXT pPrevCertContext
|
||||
);
|
||||
|
||||
HCERTSTORE WINAPI hook_CertOpenStore(
|
||||
LPCSTR lpszStoreProvider,
|
||||
DWORD dwEncodingType,
|
||||
HCRYPTPROV_LEGACY hCryptProv,
|
||||
DWORD dwFlags,
|
||||
const void *pvPara
|
||||
);
|
||||
|
||||
PCCERT_CONTEXT (WINAPI *next_CertFindCertificateInStore)(
|
||||
HCERTSTORE hCertStore,
|
||||
DWORD dwCertEncodingType,
|
||||
@ -34,12 +42,25 @@ PCCERT_CONTEXT (WINAPI *next_CertFindCertificateInStore)(
|
||||
PCCERT_CONTEXT pPrevCertContext
|
||||
);
|
||||
|
||||
HCERTSTORE (WINAPI *next_CertOpenStore)(
|
||||
LPCSTR lpszStoreProvider,
|
||||
DWORD dwEncodingType,
|
||||
HCRYPTPROV_LEGACY hCryptProv,
|
||||
DWORD dwFlags,
|
||||
const void *pvPara
|
||||
);
|
||||
|
||||
static const struct hook_symbol cert_syms[] = {
|
||||
{
|
||||
.name = "CertFindCertificateInStore",
|
||||
.patch = hook_CertFindCertificateInStore,
|
||||
.link = (void **) &next_CertFindCertificateInStore,
|
||||
},
|
||||
{
|
||||
.name = "CertOpenStore",
|
||||
.patch = hook_CertOpenStore,
|
||||
.link = (void **) &next_CertOpenStore,
|
||||
},
|
||||
};
|
||||
|
||||
HRESULT cert_hook_init(const struct cert_config *cfg)
|
||||
@ -95,12 +116,12 @@ PCCERT_CONTEXT WINAPI hook_CertFindCertificateInStore(
|
||||
wcscat_s(cert_path, _countof(cert_path), (wchar_t *)pvFindPara); // use the search string as a name
|
||||
wcscat_s(cert_path, _countof(cert_path), L".cer");
|
||||
|
||||
dprintf("Cert: Look for override cert at %S\n", cert_path);
|
||||
//dprintf("Cert: Look for override cert at %S\n", cert_path);
|
||||
|
||||
HANDLE f = CreateFileW((LPCWSTR)cert_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||
|
||||
if (f != INVALID_HANDLE_VALUE) {
|
||||
dprintf("Cert: Read file %S\n", cert_path);
|
||||
//dprintf("Cert: Read file %S\n", cert_path);
|
||||
ReadFile(f, bfr, sizeof(bfr), &num_read, NULL);
|
||||
CloseHandle(f);
|
||||
|
||||
@ -127,3 +148,30 @@ PCCERT_CONTEXT WINAPI hook_CertFindCertificateInStore(
|
||||
pPrevCertContext
|
||||
);
|
||||
}
|
||||
|
||||
HCERTSTORE WINAPI hook_CertOpenStore(
|
||||
LPCSTR lpszStoreProvider,
|
||||
DWORD dwEncodingType,
|
||||
HCRYPTPROV_LEGACY hCryptProv,
|
||||
DWORD dwFlags,
|
||||
const void *pvPara)
|
||||
{
|
||||
if (lpszStoreProvider <= CERT_STORE_PROV_PKCS12) {
|
||||
dprintf("Cert: Open store for %p -> %S (%04X)\n", lpszStoreProvider, (wchar_t *)pvPara, (int)dwFlags);
|
||||
} else {
|
||||
dprintf("Cert: Open store for %s\n", lpszStoreProvider);
|
||||
}
|
||||
|
||||
HCERTSTORE ret = next_CertOpenStore(lpszStoreProvider, dwEncodingType, hCryptProv, dwFlags, pvPara);
|
||||
if (ret == NULL) {
|
||||
int err = GetLastError();
|
||||
if (err == 0x00000005) {
|
||||
ret = next_CertOpenStore(lpszStoreProvider, dwEncodingType, hCryptProv, 0x28000, pvPara); // This works without admin perms
|
||||
if (ret != NULL) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
dprintf("Cert: Failed to open store %08X\n", (int)err);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user