README
¶
WinVerifyTrust-Go project
Hardened and reliable utility for verifying digital signatures in executable files (e.g .EXE, .SYS, .DLL). Implements advanced WinVerifyTrust API features as well as cryptographic ones.
Features real, native certificate extraction and validation (not superficial using only high-level Windows API calls)
Features include:
- Dual signature support (Windows 8+)
- RFC3161 timestamp verification
- Extensive security validation
- Certificate chain verification
- Multiple file processing
Options: -revocation Check certificate revocation status -verbose Show detailed certificate and timestamp information -help Show this help message
WinVerifyTrust-Go is not susceptible to the recently published CVE-2013-3900 while checking a file (As you can't expect all systems to have migitated it using registry).
I wrote it leveraging my extensive security engineering knownledge, using: https://gist.github.com/heaths/ebbca7d956f0b42bbb33193f0837e272?permalink_comment_id=5766639#gistcomment-5766639 (Gist from a Microsoft engineer) as a template, and it turned out exactly as what i commented there on their Gist. It is a mature, pentested implementation as-is, even though i seek contributors, reviews, and will strive to actively maintain this repository depending on community interest.
Due to the short nanture of this README (subject to change, if I have more time soon) it is advised to comb through the code before use, to understand its extensive set of featurues and security implementations. The only way to do this is by reading the source code at: https://github.com/Barrixar/WinVerifyTrust-Go/blob/main/WinVerifyTrust.go
I'm also happy to accept contributions to the README, I am looking for a good writer to accurately summarize the project.
Documentation
¶
Overview ¶
This program implements an advanced Windows digital signature verification tool. It leverages Windows WinTrust API functions to validate Authenticode signatures on executable files (.exe, .dll, .sys, etc.) with support for both standard verification and extended verification modes. The tool provides detailed signature information including certificate chains, timestamps, and signature algorithms.
IMPORTANT SECURITY NOTES: - This tool extracts real certificate data using Windows CryptoAPI - Uses unsafe.Pointer operations with proper validation and bounds checking - This tool is designed for Windows platforms only
SECURITY HARDENED: - Command-line argument validation (count limits, size limits, character validation) - Path traversal prevention with path validation - TOCTOU attack prevention through exclusive file access - Integer overflow protection in all pointer arithmetic operations - Memory safety measures with bounds checking and safe memory copying - Thread-safe operations with proper mutex synchronization - Resource exhaustion prevention through input validation and limits - Technically advanced error handling with security-focused responses
Features: - Dual verification modes: WinVerifyTrust and WinVerifyTrustEx - Technically advanced signature validation with certificate chain analysis - Timestamp verification and detailed certificate information - Thread-safe verification with proper Windows API compliance - Support for various executable formats (.exe, .dll, .sys, etc.)
Usage:
WinVerifyTrust [-mode=trust|trustex] [-verbose] <file1> [file2] ...
The tool requires Windows and uses official Microsoft WinTrust APIs for cryptographic signature verification.
Source Files