如何解决为什么“CryptCATAdminEnumCatalogFromHash”为非交互式用户返回 ERROR_NOT_FOUND (1062?)?
对于交互式用户和管理员用户与非交互式用户的相同文件,following code 的行为不同。对于管理员来说似乎总是成功,但对于非管理员来说,只有当他们将代码作为交互式登录会话、shell 等的一部分执行时,才会限制默认用户。当相同的受限默认用户是例如用于在例如之后由任务调度程序执行任务系统引导。此外,我not the only one遇到了这个问题。
/*
* Enumerate catalog information that matches the hash.
*/
uint32_t iCat = 0;
HCATINFO hCatInfoPrev = NULL;
do
{
/* Get the next match. */
HCATINFO hCatInfo = g_pfnCryptCATAdminEnumCatalogFromHash(hCatAdmin,abHash,cbHash,&hCatInfoPrev);
if (!hCatInfo)
{
if (!fFreshContext)
{
SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> %u; iCat=%#x)\n",RtlGetLastWin32Error(),iCat));
if (hCatInfoPrev != NULL)
g_pfnCryptCATAdminReleaseCatalogContext(hCatAdmin,hCatInfoPrev,0 /*dwFlags*/);
g_pfnCryptCATAdminReleaseContext(hCatAdmin,0 /*dwFlags*/);
goto l_fresh_context;
}
ULONG ulErr = RtlGetLastWin32Error();
fNoSignedCatalogFound = ulErr == ERROR_NOT_FOUND && fNoSignedCatalogFound != 0;
if (iCat == 0)
SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (%u)\n",ulErr));
else if (iCat == 0)
SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed %u\n",ulErr));
break;
}
fNoSignedCatalogFound = 0;
Assert(hCatInfoPrev == NULL);
hCatInfoPrev = hCatInfo;
/*
* Call WinVerifyTrust.
*/
[...]
iCat++;
} while (rc == VERR_LDRVI_NOT_SIGNED && iCat < 128);
这是验证成功时日志的样子:
supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000930 pwszName=\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001433810
supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001433810
supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=592E7D18568150098B2F131AD72F2156D1CA3A58
以下是验证失败时的同一个文件:
supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000808 pwszName=\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000019efab0
supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019efab0
supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=592E7D18568150098B2F131AD72F2156D1CA3A58
supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1062; iCat=0x0)
supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000019ef030
supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019ef030
supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=592E7D18568150098B2F131AD72F2156D1CA3A58
supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1062)
supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000019eef70
supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019eef70
supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=668C2310EFB19B6732352E1B4C6B047E3037FC14D9878DA0CC690CFA6D37CE20
supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1062; iCat=0x0)
supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000019efab0
supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000019efab0
supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=668C2310EFB19B6732352E1B4C6B047E3037FC14D9878DA0CC690CFA6D37CE20
supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1062)
supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
如您所见,文件的计算摘要等在两种情况下都是相同的:
supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=592E7D18568150098B2F131AD72F2156D1CA3A58
对比
supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=592E7D18568150098B2F131AD72F2156D1CA3A58
所以它确实是同一个文件,并证明了签名信息在 Windows 目录中完全可用。似乎由于某种原因,它没有为受限用户找到/枚举,因此记录了以下错误:
supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1062; iCat=0x0)
supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1062)
根据MSDN,1062
可能如下:
ERROR_SERVICE_NOT_ACTIVE
1062 (0x426)
The service has not been started.
您知道在受限的非交互式用户和被调用的 enumeration function 的上下文中不活动的服务可能是什么吗?关于此问题的根本原因还有其他想法吗?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。