signing check compatibility update

ianpatt · Oct 20, 2024 · 23501e3 · 23501e3
1 parent 4acddaa
commit 23501e3
Show file tree

Hide file tree

Showing 4 changed files with 82 additions and 22 deletions.
diff --git a/sfse_loader/IdentifyEXE.cpp b/sfse_loader/IdentifyEXE.cpp
@@ -5,7 +5,7 @@
 #include <string>
 #include <Windows.h>
 
-static bool GetFileVersion(const char * path, VS_FIXEDFILEINFO * info, std::string * outProductName, std::string * outProductVersion)
+bool GetFileVersion(const char * path, VS_FIXEDFILEINFO * info, std::string * outProductName, std::string * outProductVersion)
 {
 	bool result = false;
 
@@ -65,7 +65,7 @@ static bool GetFileVersion(const char * path, VS_FIXEDFILEINFO * info, std::stri
 	return result;
 }
 
-static bool VersionStrToInt(const std::string & verStr, u64 * out)
+bool VersionStrToInt(const std::string & verStr, u64 * out)
 {
 	u64 result = 0;
 	int parts[4];
@@ -94,19 +94,7 @@ static bool GetFileVersionData(const char * path, u64 * out, std::string * outPr
 	if(!GetFileVersion(path, &versionInfo, outProductName, &productVersionStr))
 		return false;
 
-	_MESSAGE("dwSignature = %08X", versionInfo.dwSignature);
-	_MESSAGE("dwStrucVersion = %08X", versionInfo.dwStrucVersion);
-	_MESSAGE("dwFileVersionMS = %08X", versionInfo.dwFileVersionMS);
-	_MESSAGE("dwFileVersionLS = %08X", versionInfo.dwFileVersionLS);
-	_MESSAGE("dwProductVersionMS = %08X", versionInfo.dwProductVersionMS);
-	_MESSAGE("dwProductVersionLS = %08X", versionInfo.dwProductVersionLS);
-	_MESSAGE("dwFileFlagsMask = %08X", versionInfo.dwFileFlagsMask);
-	_MESSAGE("dwFileFlags = %08X", versionInfo.dwFileFlags);
-	_MESSAGE("dwFileOS = %08X", versionInfo.dwFileOS);
-	_MESSAGE("dwFileType = %08X", versionInfo.dwFileType);
-	_MESSAGE("dwFileSubtype = %08X", versionInfo.dwFileSubtype);
-	_MESSAGE("dwFileDateMS = %08X", versionInfo.dwFileDateMS);
-	_MESSAGE("dwFileDateLS = %08X", versionInfo.dwFileDateLS);
+	DumpVersionInfo(versionInfo);
 	_MESSAGE("productVersionStr = %s", productVersionStr.c_str());
 
 	u64 version = 0;
@@ -118,6 +106,23 @@ static bool GetFileVersionData(const char * path, u64 * out, std::string * outPr
 	return true;
 }
 
+void DumpVersionInfo(const VS_FIXEDFILEINFO & info)
+{
+	_MESSAGE("dwSignature = %08X", info.dwSignature);
+	_MESSAGE("dwStrucVersion = %08X", info.dwStrucVersion);
+	_MESSAGE("dwFileVersionMS = %08X", info.dwFileVersionMS);
+	_MESSAGE("dwFileVersionLS = %08X", info.dwFileVersionLS);
+	_MESSAGE("dwProductVersionMS = %08X", info.dwProductVersionMS);
+	_MESSAGE("dwProductVersionLS = %08X", info.dwProductVersionLS);
+	_MESSAGE("dwFileFlagsMask = %08X", info.dwFileFlagsMask);
+	_MESSAGE("dwFileFlags = %08X", info.dwFileFlags);
+	_MESSAGE("dwFileOS = %08X", info.dwFileOS);
+	_MESSAGE("dwFileType = %08X", info.dwFileType);
+	_MESSAGE("dwFileSubtype = %08X", info.dwFileSubtype);
+	_MESSAGE("dwFileDateMS = %08X", info.dwFileDateMS);
+	_MESSAGE("dwFileDateLS = %08X", info.dwFileDateLS);
+}
+
 // non-relocated image
 const IMAGE_SECTION_HEADER * GetImageSection(const u8 * base, const char * name)
 {

diff --git a/sfse_loader/IdentifyEXE.h b/sfse_loader/IdentifyEXE.h
@@ -2,6 +2,7 @@
 
 #include "sfse_common/Types.h"
 #include <string>
+#include <Windows.h>
 
 enum
 {
@@ -28,3 +29,7 @@ struct ProcHookInfo
 };
 
 bool IdentifyEXE(const char * procName, bool isEditor, std::string * dllSuffix, ProcHookInfo * hookInfo);
+
+bool GetFileVersion(const char * path, VS_FIXEDFILEINFO * info, std::string * outProductName, std::string * outProductVersion);
+void DumpVersionInfo(const VS_FIXEDFILEINFO & info);
+bool VersionStrToInt(const std::string & verStr, u64 * out);
diff --git a/sfse_loader/SigCheck.cpp b/sfse_loader/SigCheck.cpp
@@ -50,14 +50,16 @@ bool FileCertVerifier::verify(const WCHAR * path)
 	winTrustData.dwUnionChoice = WTD_CHOICE_FILE;
 	winTrustData.pFile = &fileInfo;
 	winTrustData.dwStateAction = WTD_STATEACTION_VERIFY;
-	winTrustData.dwProvFlags = WTD_SAFER_FLAG | WTD_DISABLE_MD2_MD4;	// 'safer' mode, disallow old algorithms
+	winTrustData.dwProvFlags = 0;
 
 	GUID authenticodeVerify = WINTRUST_ACTION_GENERIC_VERIFY_V2;
 
 	// validation status is stored in these result codes
 	m_trustResult = WinVerifyTrust(nullptr, &authenticodeVerify, &winTrustData);
 	m_trustError = GetLastError();
 
+	_MESSAGE("WinVerifyTrust: %08X %08X %S", m_trustResult, m_trustError, path);
+
 	// dispose hWVTStateData
 	winTrustData.dwStateAction = WTD_STATEACTION_CLOSE;
 	WinVerifyTrust(nullptr, &authenticodeVerify, &winTrustData);
@@ -203,14 +205,24 @@ bool CheckDLLSignature(const std::string & dllPath)
 	{
 		DWORD error = GetLastError();
 
-		_ERROR("error converting DLL path to wide characters (%08X)", error);
+		_ERROR("error converting DLL path to wide characters (count) (%08X)", error);
 		return false;
 	}
 
 	std::vector <WCHAR> dllPathWide;
 	dllPathWide.resize(numWideChars);
 
-	MultiByteToWideChar(CP_ACP, MB_ERR_INVALID_CHARS, dllPath.data(), (int)dllPath.size(), dllPathWide.data(), (int)dllPathWide.size());
+	numWideChars = MultiByteToWideChar(CP_ACP, MB_ERR_INVALID_CHARS, dllPath.data(), (int)dllPath.size(), dllPathWide.data(), (int)dllPathWide.size());
+	if(!numWideChars)
+	{
+		DWORD error = GetLastError();
+
+		_ERROR("error converting DLL path to wide characters (convert) (%08X)", error);
+		return false;
+	}
+
+	// null terminator
+	dllPathWide.push_back(0);
 
 	FileCertVerifier dllVerifier;
 	if(!dllVerifier.verify(dllPathWide.data()))

diff --git a/sfse_loader/main.cpp b/sfse_loader/main.cpp
@@ -229,10 +229,48 @@ int main(int argc, char ** argv)
 
 		if(!dllOK)
 		{
-			PrintLoaderError(
-				"Bad SFSE DLL (%s).\n"
-				"Do not rename files; it will not magically make anything work.\n"
-				"%08X %08X", dllPath.c_str(), procHookInfo.packedVersion, dllVersion);
+			bool preSigning = false;
+
+			VS_FIXEDFILEINFO info;
+			std::string productName;
+			std::string productVersion;
+
+			if(GetFileVersion(dllPath.c_str(), &info, &productName, &productVersion))
+			{
+				_MESSAGE("SFSE DLL version");
+				DumpVersionInfo(info);
+				_MESSAGE("productName = %s", productName.c_str());
+				_MESSAGE("productVersion = %s", productVersion.c_str());
+
+				u64 fullVersion = (u64(info.dwFileVersionMS) << 32) | info.dwFileVersionLS;
+				u64 kFirstSignedVersion = 0x000000000002000E;
+
+				if(fullVersion < kFirstSignedVersion)
+					preSigning = true;
+			}
+			else
+			{
+				_MESSAGE("couldn't get file version info");
+			}
+
+			if(preSigning)
+			{
+				PrintLoaderError(
+					"Old SFSE DLL (%s).\n"
+					"Please make sure that you have replaced all files with their new versions.\n"
+					"DLL version (%s) EXE version (%d.%d.%d)",
+					dllPath.c_str(),
+					productVersion.c_str(),
+					SFSE_VERSION_INTEGER, SFSE_VERSION_INTEGER_MINOR, SFSE_VERSION_INTEGER_BETA);
+			}
+			else
+			{
+				PrintLoaderError(
+					"Bad SFSE DLL (%s).\n"
+					"Do not rename files; it will not magically make anything work.\n"
+					"%08X %08X", dllPath.c_str(), procHookInfo.packedVersion, dllVersion);
+			}
+
 			return 1;
 		}
 	}