From 14136ac973d739bbff644af7a92a4b3d1d757d1f Mon Sep 17 00:00:00 2001
From: Kevin Trocolli <pitok236@gmail.com>
Date: Sat, 17 Feb 2024 20:15:31 -0500
Subject: [PATCH] add CertOpenStore hook

---
 platform/cert.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 50 insertions(+), 2 deletions(-)

diff --git a/platform/cert.c b/platform/cert.c
index 2d10967..fdc19b7 100644
--- a/platform/cert.c
+++ b/platform/cert.c
@@ -25,6 +25,14 @@ PCCERT_CONTEXT WINAPI hook_CertFindCertificateInStore(
     PCCERT_CONTEXT pPrevCertContext
 );
 
+HCERTSTORE WINAPI hook_CertOpenStore(
+    LPCSTR            lpszStoreProvider,
+    DWORD             dwEncodingType,
+    HCRYPTPROV_LEGACY hCryptProv,
+    DWORD             dwFlags,
+    const void        *pvPara
+);
+
 PCCERT_CONTEXT (WINAPI *next_CertFindCertificateInStore)(
     HCERTSTORE     hCertStore,
     DWORD          dwCertEncodingType,
@@ -34,12 +42,25 @@ PCCERT_CONTEXT (WINAPI *next_CertFindCertificateInStore)(
     PCCERT_CONTEXT pPrevCertContext
 );
 
+HCERTSTORE (WINAPI *next_CertOpenStore)(
+    LPCSTR            lpszStoreProvider,
+    DWORD             dwEncodingType,
+    HCRYPTPROV_LEGACY hCryptProv,
+    DWORD             dwFlags,
+    const void        *pvPara
+);
+
 static const struct hook_symbol cert_syms[] = {
     {
         .name   = "CertFindCertificateInStore",
         .patch  = hook_CertFindCertificateInStore,
         .link   = (void **) &next_CertFindCertificateInStore,
     },
+    {
+        .name   = "CertOpenStore",
+        .patch  = hook_CertOpenStore,
+        .link   = (void **) &next_CertOpenStore,
+    },
 };
 
 HRESULT cert_hook_init(const struct cert_config *cfg)
@@ -95,12 +116,12 @@ PCCERT_CONTEXT WINAPI hook_CertFindCertificateInStore(
         wcscat_s(cert_path, _countof(cert_path), (wchar_t *)pvFindPara); // use the search string as a name
         wcscat_s(cert_path, _countof(cert_path), L".cer");
 
-        dprintf("Cert: Look for override cert at %S\n", cert_path);
+        //dprintf("Cert: Look for override cert at %S\n", cert_path);
 
         HANDLE f = CreateFileW((LPCWSTR)cert_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
 
         if (f != INVALID_HANDLE_VALUE) {
-            dprintf("Cert: Read file %S\n", cert_path);
+            //dprintf("Cert: Read file %S\n", cert_path);
             ReadFile(f, bfr, sizeof(bfr), &num_read, NULL);
             CloseHandle(f);
 
@@ -127,3 +148,30 @@ PCCERT_CONTEXT WINAPI hook_CertFindCertificateInStore(
         pPrevCertContext
     );
 }
+
+HCERTSTORE WINAPI hook_CertOpenStore(
+    LPCSTR            lpszStoreProvider,
+    DWORD             dwEncodingType,
+    HCRYPTPROV_LEGACY hCryptProv,
+    DWORD             dwFlags,
+    const void        *pvPara)
+{
+    if (lpszStoreProvider <= CERT_STORE_PROV_PKCS12) {
+        dprintf("Cert: Open store for %p -> %S (%04X)\n", lpszStoreProvider, (wchar_t *)pvPara, (int)dwFlags);
+    } else {
+        dprintf("Cert: Open store for %s\n", lpszStoreProvider);
+    }
+
+    HCERTSTORE ret = next_CertOpenStore(lpszStoreProvider, dwEncodingType, hCryptProv, dwFlags, pvPara);
+    if (ret == NULL) {
+        int err = GetLastError();
+        if (err == 0x00000005) {
+            ret = next_CertOpenStore(lpszStoreProvider, dwEncodingType, hCryptProv, 0x28000, pvPara); // This works without admin perms
+            if (ret != NULL) {
+                return ret;
+            }
+        }
+        dprintf("Cert: Failed to open store %08X\n", (int)err);
+    }
+    return ret;
+}