Upgrade to v2.1

Fix the problem that SHA256 Timetamp does not work
Hook SignerTimeStampEx2
Hook SignerTimeStampEx3

Author: Jemmy1228

HookSigntool/main.cpp

@@ -10,10 +10,14 @@ HMODULE hModCrypt32 = NULL, hModMssign32 = NULL, hModKernel32 = NULL;
 using fntCertVerifyTimeValidity = decltype(CertVerifyTimeValidity);
 using fntSignerSign = decltype(SignerSign);
 using fntSignerTimeStamp = decltype(SignerTimeStamp);
+using fntSignerTimeStampEx2 = decltype(SignerTimeStampEx2);
+using fntSignerTimeStampEx3 = decltype(SignerTimeStampEx3);
 using fntGetLocalTime = decltype(GetLocalTime);
 fntCertVerifyTimeValidity* pOldCertVerifyTimeValidity = NULL;
 fntSignerSign* pOldSignerSign = NULL;
 fntSignerTimeStamp* pOldSignerTimeStamp = NULL;
+fntSignerTimeStampEx2* pOldSignerTimeStampEx2 = NULL;
+fntSignerTimeStampEx3* pOldSignerTimeStampEx3 = NULL;
 fntGetLocalTime* pOldGetLocalTime = NULL;
 
 int year = -1, month = -1, day = -1, hour = -1, minute = -1, second = -1;
@@ -66,6 +70,33 @@ HRESULT WINAPI NewSignerTimeStamp(
 {
     return (*pOldSignerTimeStamp)(pSubjectInfo, ReplaceTimeStamp(pwszHttpTimeStamp), psRequest, pSipData);
 }
+HRESULT WINAPI NewSignerTimeStampEx2(
+    _Reserved_ DWORD               dwFlags,
+    _In_       SIGNER_SUBJECT_INFO* pSubjectInfo,
+    _In_       LPCWSTR             pwszHttpTimeStamp,
+    _In_       ALG_ID              dwAlgId,
+    _In_       PCRYPT_ATTRIBUTES   psRequest,
+    _In_       LPVOID              pSipData,
+    _Out_      SIGNER_CONTEXT** ppSignerContext
+)
+{
+    return (*pOldSignerTimeStampEx2)(dwFlags, pSubjectInfo, ReplaceTimeStamp(pwszHttpTimeStamp), dwAlgId, psRequest, pSipData, ppSignerContext);
+}
+HRESULT WINAPI NewSignerTimeStampEx3(
+    _In_       DWORD                  dwFlags,
+    _In_       DWORD                  dwIndex,
+    _In_       SIGNER_SUBJECT_INFO* pSubjectInfo,
+    _In_       PCWSTR                 pwszHttpTimeStamp,
+    _In_       PCWSTR                 pszAlgorithmOid,
+    _In_opt_   PCRYPT_ATTRIBUTES      psRequest,
+    _In_opt_   PVOID                  pSipData,
+    _Out_      SIGNER_CONTEXT** ppSignerContext,
+    _In_opt_   PCERT_STRONG_SIGN_PARA pCryptoPolicy,
+    _Reserved_ PVOID                  pReserved
+)
+{
+    return (*pOldSignerTimeStampEx3)(dwFlags, dwIndex, pSubjectInfo, ReplaceTimeStamp(pwszHttpTimeStamp), pszAlgorithmOid, psRequest, pSipData, ppSignerContext, pCryptoPolicy, pReserved);
+}
 void WINAPI NewGetLocalTime(
     LPSYSTEMTIME lpSystemTime
 )
@@ -95,25 +126,34 @@ bool HookFunctions()
     if ((pOldCertVerifyTimeValidity = (fntCertVerifyTimeValidity*)GetProcAddress(hModCrypt32, "CertVerifyTimeValidity")) == NULL
         || (pOldSignerSign = (fntSignerSign*)GetProcAddress(hModMssign32, "SignerSign")) == NULL
         || (pOldSignerTimeStamp = (fntSignerTimeStamp*)GetProcAddress(hModMssign32, "SignerTimeStamp")) == NULL
+        || (pOldSignerTimeStampEx2 = (fntSignerTimeStampEx2*)GetProcAddress(hModMssign32, "SignerTimeStampEx2")) == NULL
+        || ((pOldSignerTimeStampEx3 = (fntSignerTimeStampEx3*)GetProcAddress(hModMssign32, "SignerTimeStampEx3")) == NULL && FALSE)
+        /* SignerTimeStampEx3 does not exist in Windows 7 */
         || (pOldGetLocalTime = (fntGetLocalTime*)GetProcAddress(hModKernel32, "GetLocalTime")) == NULL)
         return false;
 
     if (DetourTransactionBegin() != NO_ERROR
         || DetourAttach(&(PVOID&)pOldCertVerifyTimeValidity, NewCertVerifyTimeValidity) != NO_ERROR
         || DetourAttach(&(PVOID&)pOldSignerSign, NewSignerSign) != NO_ERROR
         || DetourAttach(&(PVOID&)pOldSignerTimeStamp, NewSignerTimeStamp) != NO_ERROR
+        || DetourAttach(&(PVOID&)pOldSignerTimeStampEx2, NewSignerTimeStampEx2) != NO_ERROR
+        || (pOldSignerTimeStampEx3 != NULL ? DetourAttach(&(PVOID&)pOldSignerTimeStampEx3, NewSignerTimeStampEx3) != NO_ERROR : FALSE)
+        /* SignerTimeStampEx3 does not exist in Windows 7 */
         || DetourAttach(&(PVOID&)pOldGetLocalTime, NewGetLocalTime) != NO_ERROR
         || DetourTransactionCommit() != NO_ERROR)
         return false;
+
     return true;
 }
 bool ParseConfig(LPWSTR lpCommandLineConfig, LPWSTR lpCommandLineTimestamp)
 {
     LPWSTR buf = new WCHAR[260];
     memset(buf, 0, sizeof(WCHAR) * 260);
+
     if (_wgetcwd(buf, 260) == NULL)
         return false;
     wcscat(buf, L"\\");
+
     if (lpCommandLineConfig) {
         if ((wcschr(lpCommandLineConfig, L':') - lpCommandLineConfig) == 1) {
             memset(buf, 0, sizeof(WCHAR) * 260);
@@ -138,6 +178,7 @@ bool ParseConfig(LPWSTR lpCommandLineConfig, LPWSTR lpCommandLineTimestamp)
         wsprintfW(lpTimestamp, lpCommandLineTimestamp);
     else
         GetPrivateProfileStringW(L"Timestamp", L"Timestamp", NULL, lpTimestamp, 20, buf);
+    
     return true;
 }
 BOOL WINAPI DllMain(
@@ -160,11 +201,15 @@ BOOL WINAPI DllMain(
             if (!wcscmp(szArglist[i], L"-ts"))
                 its = i + 1;
         }
+
         if (!ParseConfig(iconfig >= 0 ? szArglist[iconfig] : NULL, its >= 0 ? szArglist[its] : NULL))
             MessageBoxW(NULL, L"配置初始化失败，请检查hook.ini和命令行参数！", L"初始化失败", MB_ICONERROR);
+        
         LocalFree(szArglist);
+
         if (!HookFunctions())
             MessageBoxW(NULL, L"出现错误，无法Hook指定的函数\r\n请关闭程序重试！", L"Hook失败", MB_ICONERROR);
+        
         MessageBoxW(NULL, lpTimestamp, L"自定义时间戳为", MB_OK);
     }
     return 1;

HookSigntool/mssign32.h

@@ -13,6 +13,11 @@ typedef struct _SIGNER_BLOB_INFO {
     BYTE* pbBlob;
     LPCWSTR pwszDisplayName;
 } SIGNER_BLOB_INFO, * PSIGNER_BLOB_INFO;
+typedef struct _SIGNER_CONTEXT {
+    DWORD cbSize;
+    DWORD cbBlob;
+    BYTE* pbBlob;
+} SIGNER_CONTEXT, * PSIGNER_CONTEXT;
 
 typedef struct _SIGNER_CERT_STORE_INFO {
     DWORD          cbSize;
@@ -91,3 +96,24 @@ HRESULT WINAPI SignerTimeStamp(
     _In_opt_ PCRYPT_ATTRIBUTES   psRequest,
     _In_opt_ LPVOID              pSipData
 );
+HRESULT WINAPI SignerTimeStampEx2(
+    _Reserved_ DWORD               dwFlags,
+    _In_       SIGNER_SUBJECT_INFO* pSubjectInfo,
+    _In_       LPCWSTR             pwszHttpTimeStamp,
+    _In_       ALG_ID              dwAlgId,
+    _In_       PCRYPT_ATTRIBUTES   psRequest,
+    _In_       LPVOID              pSipData,
+    _Out_      SIGNER_CONTEXT** ppSignerContext
+);
+HRESULT WINAPI SignerTimeStampEx3(
+    _In_       DWORD                  dwFlags,
+    _In_       DWORD                  dwIndex,
+    _In_       SIGNER_SUBJECT_INFO* pSubjectInfo,
+    _In_       PCWSTR                 pwszHttpTimeStamp,
+    _In_       PCWSTR                 pszAlgorithmOid,
+    _In_opt_   PCRYPT_ATTRIBUTES      psRequest,
+    _In_opt_   PVOID                  pSipData,
+    _Out_      SIGNER_CONTEXT** ppSignerContext,
+    _In_opt_   PCERT_STRONG_SIGN_PARA pCryptoPolicy,
+    _Reserved_ PVOID                  pReserved
+);

README.md

@@ -6,11 +6,13 @@
 
 ## 原理
 编译出的`HookSigntool.dll`通过微软的Detours库Hook了签名工具的函数调用以达到目的
-总共Hook了4个函数：
+总共Hook了6个函数：
 1. [crypt32.dll!CertVerifyTimeValidity](https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifytimevalidity) 返回值改为0，让签名工具误以为所有证书都在有效期内，以便在不修改系统时间的情况下用过期证书签名。
 2. [mssign32!SignerSign](https://docs.microsoft.com/en-us/windows/win32/seccrypto/signersign) 传入参数 pwszHttpTimeStamp 修改为自建时间戳地址（自建时间戳接受地址中设定的时间，用以伪造签名）
 3. [mssign32!SignerTimeStamp](https://docs.microsoft.com/en-us/windows/win32/seccrypto/signertimestamp) 同上
-4. [kernel32.dll!GetLocalTime](https://docs.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-getlocaltime) 返回值根据配置文件修改，对于程序功能无影响。
+4. [mssign32!SignerTimeStampEx2](https://docs.microsoft.com/zh-cn/windows/win32/seccrypto/signertimestampex2) 同上
+5. [mssign32!SignerTimeStampEx3](https://docs.microsoft.com/zh-cn/windows/win32/seccrypto/signertimestampex3) 同上 （此函数在 Windows 7 上不存在）
+6. [kernel32.dll!GetLocalTime](https://docs.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-getlocaltime) 返回值根据配置文件修改，对于程序功能无影响。
 
 ## 用法
 这个`dll`有两种设置方法，一种是`ini`文件，另一种是命令行参数