add CertOpenStore hook
This commit is contained in:
parent
068e3f3963
commit
14136ac973
@ -25,6 +25,14 @@ PCCERT_CONTEXT WINAPI hook_CertFindCertificateInStore(
|
|||||||
PCCERT_CONTEXT pPrevCertContext
|
PCCERT_CONTEXT pPrevCertContext
|
||||||
);
|
);
|
||||||
|
|
||||||
|
HCERTSTORE WINAPI hook_CertOpenStore(
|
||||||
|
LPCSTR lpszStoreProvider,
|
||||||
|
DWORD dwEncodingType,
|
||||||
|
HCRYPTPROV_LEGACY hCryptProv,
|
||||||
|
DWORD dwFlags,
|
||||||
|
const void *pvPara
|
||||||
|
);
|
||||||
|
|
||||||
PCCERT_CONTEXT (WINAPI *next_CertFindCertificateInStore)(
|
PCCERT_CONTEXT (WINAPI *next_CertFindCertificateInStore)(
|
||||||
HCERTSTORE hCertStore,
|
HCERTSTORE hCertStore,
|
||||||
DWORD dwCertEncodingType,
|
DWORD dwCertEncodingType,
|
||||||
@ -34,12 +42,25 @@ PCCERT_CONTEXT (WINAPI *next_CertFindCertificateInStore)(
|
|||||||
PCCERT_CONTEXT pPrevCertContext
|
PCCERT_CONTEXT pPrevCertContext
|
||||||
);
|
);
|
||||||
|
|
||||||
|
HCERTSTORE (WINAPI *next_CertOpenStore)(
|
||||||
|
LPCSTR lpszStoreProvider,
|
||||||
|
DWORD dwEncodingType,
|
||||||
|
HCRYPTPROV_LEGACY hCryptProv,
|
||||||
|
DWORD dwFlags,
|
||||||
|
const void *pvPara
|
||||||
|
);
|
||||||
|
|
||||||
static const struct hook_symbol cert_syms[] = {
|
static const struct hook_symbol cert_syms[] = {
|
||||||
{
|
{
|
||||||
.name = "CertFindCertificateInStore",
|
.name = "CertFindCertificateInStore",
|
||||||
.patch = hook_CertFindCertificateInStore,
|
.patch = hook_CertFindCertificateInStore,
|
||||||
.link = (void **) &next_CertFindCertificateInStore,
|
.link = (void **) &next_CertFindCertificateInStore,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
.name = "CertOpenStore",
|
||||||
|
.patch = hook_CertOpenStore,
|
||||||
|
.link = (void **) &next_CertOpenStore,
|
||||||
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
HRESULT cert_hook_init(const struct cert_config *cfg)
|
HRESULT cert_hook_init(const struct cert_config *cfg)
|
||||||
@ -95,12 +116,12 @@ PCCERT_CONTEXT WINAPI hook_CertFindCertificateInStore(
|
|||||||
wcscat_s(cert_path, _countof(cert_path), (wchar_t *)pvFindPara); // use the search string as a name
|
wcscat_s(cert_path, _countof(cert_path), (wchar_t *)pvFindPara); // use the search string as a name
|
||||||
wcscat_s(cert_path, _countof(cert_path), L".cer");
|
wcscat_s(cert_path, _countof(cert_path), L".cer");
|
||||||
|
|
||||||
dprintf("Cert: Look for override cert at %S\n", cert_path);
|
//dprintf("Cert: Look for override cert at %S\n", cert_path);
|
||||||
|
|
||||||
HANDLE f = CreateFileW((LPCWSTR)cert_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
HANDLE f = CreateFileW((LPCWSTR)cert_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||||
|
|
||||||
if (f != INVALID_HANDLE_VALUE) {
|
if (f != INVALID_HANDLE_VALUE) {
|
||||||
dprintf("Cert: Read file %S\n", cert_path);
|
//dprintf("Cert: Read file %S\n", cert_path);
|
||||||
ReadFile(f, bfr, sizeof(bfr), &num_read, NULL);
|
ReadFile(f, bfr, sizeof(bfr), &num_read, NULL);
|
||||||
CloseHandle(f);
|
CloseHandle(f);
|
||||||
|
|
||||||
@ -127,3 +148,30 @@ PCCERT_CONTEXT WINAPI hook_CertFindCertificateInStore(
|
|||||||
pPrevCertContext
|
pPrevCertContext
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
HCERTSTORE WINAPI hook_CertOpenStore(
|
||||||
|
LPCSTR lpszStoreProvider,
|
||||||
|
DWORD dwEncodingType,
|
||||||
|
HCRYPTPROV_LEGACY hCryptProv,
|
||||||
|
DWORD dwFlags,
|
||||||
|
const void *pvPara)
|
||||||
|
{
|
||||||
|
if (lpszStoreProvider <= CERT_STORE_PROV_PKCS12) {
|
||||||
|
dprintf("Cert: Open store for %p -> %S (%04X)\n", lpszStoreProvider, (wchar_t *)pvPara, (int)dwFlags);
|
||||||
|
} else {
|
||||||
|
dprintf("Cert: Open store for %s\n", lpszStoreProvider);
|
||||||
|
}
|
||||||
|
|
||||||
|
HCERTSTORE ret = next_CertOpenStore(lpszStoreProvider, dwEncodingType, hCryptProv, dwFlags, pvPara);
|
||||||
|
if (ret == NULL) {
|
||||||
|
int err = GetLastError();
|
||||||
|
if (err == 0x00000005) {
|
||||||
|
ret = next_CertOpenStore(lpszStoreProvider, dwEncodingType, hCryptProv, 0x28000, pvPara); // This works without admin perms
|
||||||
|
if (ret != NULL) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
dprintf("Cert: Failed to open store %08X\n", (int)err);
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user