2.0.4

fix authenticode hash missing pad bytes (in some cases)
hfiref0x · Feb 23, 2024 · 610a123 · 610a123
1 parent 964d19d
commit 610a123
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 26 deletions.
diff --git a/Source/CHANGELOG.txt b/Source/CHANGELOG.txt
@@ -3,6 +3,7 @@ win11 23h2 compatibility
 win11+ 24h2 compatibility improvements
 fix tooltip flickering for drivers list
 fix log ui highlight glitch
+fix authenticode hash missing pad bytes (in some cases)
 driver list tooltip now include information if the given driver is registered as filter (admin priv. required)
 
 v2.0.3

diff --git a/Source/WinObjEx64/hash.c b/Source/WinObjEx64/hash.c
@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2021 - 2022
+*  (C) COPYRIGHT AUTHORS, 2021 - 2024
 *
 *  TITLE:       HASH.C
 *
-*  VERSION:     2.00
+*  VERSION:     2.04
 *
-*  DATE:        19 Jun 2022
+*  DATE:        22 Feb 2024
 *
 * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
 * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -143,35 +143,42 @@ VOID DestroyHashContext(
     HeapFree(heapHandle, 0, Context);
 }
 
+#define DEFAULT_ALIGN_BYTES 8
+
 /*
-* HashpAddPaddingForPage
+* HashpAddPad
 *
 * Purpose:
 *
-* Calculate hash for page padding
+* Calculate hash for pad bytes
 *
 */
-NTSTATUS HashpAddPaddingForPage(
-    _In_ ULONG Offset,
-    _In_ ULONG PageSize,
-    _In_ PCNG_CTX HashContext
-)
+NTSTATUS HashpAddPad(
+    _In_ ULONG PaddingSize,
+    _In_ PCNG_CTX HashContext)
 {
     NTSTATUS ntStatus = STATUS_SUCCESS;
-    PVOID pvPadding;
-    ULONG cbInput;
+    ULONG cbPad = PaddingSize, i;
+    UCHAR pbInput[DEFAULT_ALIGN_BYTES] = { 0, 0, 0, 0, 0, 0, 0, 0 };
 
-    if (Offset < PageSize) {
+    if (cbPad >= DEFAULT_ALIGN_BYTES) {
 
-        cbInput = PageSize - Offset;
-        pvPadding = (PVOID)supHeapAlloc(PageSize);
-        if (pvPadding) {
+        i = (cbPad >> 3);
+        do {
 
             ntStatus = BCryptHashData(HashContext->HashHandle,
-                (PUCHAR)pvPadding, cbInput, 0);
+                (PUCHAR)pbInput, DEFAULT_ALIGN_BYTES, 0);
 
-            supHeapFree(pvPadding);
-        }
+            cbPad -= DEFAULT_ALIGN_BYTES;
+            --i;
+
+        } while (i);
+
+    }
+
+    if (cbPad) {
+        ntStatus = BCryptHashData(HashContext->HashHandle,
+            (PUCHAR)pbInput, cbPad, 0);
     }
 
     return ntStatus;
@@ -376,12 +383,11 @@ BOOLEAN CalculateFirstPageHash(
             offset += 1;
         }
 
-        ntStatus = HashpAddPaddingForPage(offset,
-            PageSize,
-            HashContext);
-
-        if (!NT_SUCCESS(ntStatus))
-            return FALSE;
+        if (offset < PageSize) {
+            ntStatus = HashpAddPad(PageSize - offset, HashContext);
+            if (!NT_SUCCESS(ntStatus))
+                return FALSE;
+        }
 
         ntStatus = BCryptFinishHash(HashContext->HashHandle,
             (PUCHAR)HashContext->Hash,
@@ -411,7 +417,7 @@ BOOLEAN CalculateAuthenticodeHash(
 )
 {
     NTSTATUS ntStatus = STATUS_INVALID_IMAGE_FORMAT;
-    ULONG securityOffset, checksumOffset, cbInput;
+    ULONG securityOffset, checksumOffset, cbInput, sz, cbPad;
     ULONG fileOffset = 0;
     PVOID imageBase;
     PIMAGE_DATA_DIRECTORY dataDirectory;
@@ -461,6 +467,15 @@ BOOLEAN CalculateAuthenticodeHash(
 
                 if (NT_SUCCESS(ntStatus)) {
 
+                    sz = (cbInput % DEFAULT_ALIGN_BYTES);
+                    if (sz) {
+
+                        cbPad = (DEFAULT_ALIGN_BYTES - sz);
+                        ntStatus = HashpAddPad(cbPad, HashContext);
+                        if (!NT_SUCCESS(ntStatus))
+                            return FALSE;
+                    }
+
                     ntStatus = BCryptFinishHash(HashContext->HashHandle,
                         (PUCHAR)HashContext->Hash,
                         HashContext->HashSize,