Microsoft KB Archive/165021

= SAMPLE: VFiles.exe Calls WinVerifyTrust and Authenticates Files =

PSS ID Number: 165021

Article Last Modified on 4/21/2003

-

The information in this article applies to:


 * Microsoft Internet Explorer (Programming) 3.0
 * Microsoft Internet Explorer (Programming) 4.0
 * Microsoft Internet Explorer (Programming) 4.01
 * Microsoft Internet Explorer (Programming) 5

-



This article was previously published under Q165021



SUMMARY
VFiles.exe is a sample that demonstrates how to programmatically authenticate files using the WinVerifyTrust function. This allows a programmer to verify whether a file is signed and allows a user to trust or not trust the signing authority.



MORE INFORMATION
The following file is available for download from the Microsoft Download Center:

VFiles.exe

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. This sample is written with visual C++ 4.2b and requires the supporting MFC DLLs.

If you do not want to install and run the sample, the following function is all that you really need to illustrate how to call the WinVerifyTrust function. If you are not using MFC, you need to substitute several small details (CString, method of obtaining file name, etc.) with code appropriate to your framework. #include  // Needed for CONVERSION macros.

void CGetHttpFileView::OnGitAndVerify {      USES_CONVERSION;

CString message;

typedef HRESULT (WINAPI *WINVERIFYTRUST) (HWND hwnd, GUID *ActionID, LPVOID ActionData);

#define WINTRUST "wintrust.dll"

WINVERIFYTRUST pwvt = NULL; HINSTANCE hinst;

// Load wintrust.dll and locate the WinVerifyTrust function.

if(hinst = LoadLibrary(WINTRUST)) pwvt = (WINVERIFYTRUST)GetProcAddress(hinst,  _T("WinVerifyTrust")); else return;

if(NULL == pwvt) {          FreeLibrary(hinst); return; }

// Get the name of the file (m_strHttpFile) to test from the dialog // box. UpdateData(TRUE);

TCHAR lpFileName[MAX_PATH];

m_ctlStatusEdit.SetWindowText(_T("Loading File"));

// It would make sense to put a Cancel button on the form to abort // long downloads. In fact, URLDownloadToCacheFile is a blocking // call so the button would be dead until the download is complete.

// It is not necessary to use URLDownloadToCacheFile to      // download the file.

HRESULT hr = URLDownloadToCacheFile(NULL, m_strHttpFile,        lpFileName, MAX_PATH, 0, m_pBindStatusCallback);

if(FAILED(hr)) {          message.Format("Failed to Locate file.  Error: %X", hr); m_ctlStatusEdit.SetWindowText(message); FreeLibrary(hinst); return; }

// Now verify the file.

// For now, it is necessary to define this. #define WIN_SPUB_ACTION_PUBLISHED_SOFTWARE_NOBADUI        { 0xc6b2e8d0, 0xe005, 0x11cf,            { 0xa1, 0x34, 0x0, 0xc0, 0x4f, 0xd7, 0xbf, 0x43 } }

GUID PublishedSoftware = WIN_SPUB_ACTION_PUBLISHED_SOFTWARE; GUID PublishedSoftwareNoBadUI = WIN_SPUB_ACTION_PUBLISHED_SOFTWARE_NOBADUI;

// See winbase.h for available Subject Type Identifiers. GUID SubjectPeImage = WIN_TRUST_SUBJTYPE_PE_IMAGE; GUID SubjectCAB     = WIN_TRUST_SUBJTYPE_CABINET; GUID SubjectJava   = WIN_TRUST_SUBJTYPE_JAVA_CLASS;

GUID * ActionGUID;

if(0 == m_nUIOnBadVerification) ActionGUID = &PublishedSoftware; else ActionGUID = &PublishedSoftwareNoBadUI;

WIN_TRUST_SUBJECT_FILE Subject;

Subject.lpPath = T2OLE(lpFileName); // If hFile is set to the value INVALID_HANDLE_VALUE (defined in      // WINBASE.H), then the trust provider will open the subject using // the lpPath field. Subject.hFile = INVALID_HANDLE_VALUE;

// For now, WIN_TRUST_ACTDATA_SUBJECT_ONLY is not used. WIN_TRUST_ACTDATA_CONTEXT_WITH_SUBJECT ActionData;

ActionData.Subject = &Subject; ActionData.hClientToken = NULL;

switch(m_nFileType) {      case 0: ActionData.SubjectType = &SubjectPeImage; break; case 1: ActionData.SubjectType = &SubjectJava; break; case 2: ActionData.SubjectType = &SubjectCAB; }

hr = pwvt( 0, ActionGUID, &ActionData);

// hr will tell you if the user accepted the certificate. // return codes include S_OK (user accepted), // TRUST_E_NOSIGNATURE (no certificate at all -- includes test      // certificates!), etc.

message.Format("WinVerifyTrust Returned Error: %X", hr); m_ctlStatusEdit.SetWindowText(message);

FreeLibrary(hinst); return; } (c) Microsoft Corporation Robert Duke, All Rights Reserved. Contributions by 1996, Microsoft Corporation.

Additional query words: VFiles URLDownloadToCacheFile WIN_SPUB_ACTION_PUBLISHED_SOFTWARE_NOBADUI wintrust.dll

Keywords: kbcode kbDownload kbFAQ kbfile kbinfo kbProgramming kbSample KB165021

Technology: kbAudDeveloper kbIEsearch kbSDKIE300 kbSDKIE400 kbSDKIE401 kbSDKIE500 kbSDKIESearch kbZNotKeyword

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.