简介
CryptSIPRetrieveSubjectGuid根据文件类型检索SubjectGUID, 用于 CryptSIPLoad。
提示
如果检索失败可以使用通用的 CRYPT_SUBJTYPE_FLAT_IMAGE;
GUID为{DE351A42-8E59-11D0-8C47-00C04FC295EE}
代码
program CryptSIPRetrieveSubjectGuid; {$APPTYPE CONSOLE} uses Windows, SysUtils; /// /////////////////////////////////////////////////////////////////////////// // // CryptSIPRetrieveSubjectGuid (defined in crypt32.dll) // ---------------------------------------------------------------------------- // looks at the file's "Magic Number" and tries to determine which // SIP's object ID is right for the file type. // // Returns: // TRUE: No fatal errors // FALSE: Errors occured. See GetLastError() // function _CryptSIPRetrieveSubjectGuid( FileName: LPCWSTR; // wide file name hFileIn: THandle; // or handle of open file pgSubject: PGUID // defined SIP's GUID ): BOOL; stdcall; external 'crypt32.dll' name 'CryptSIPRetrieveSubjectGuid'; var SubjectGuid: TGUID; begin if ParamCount < 1 then begin WriteLn('1. 检索文件 "Magic Number"'); WriteLn('2. Created 2011/12/19 by Hou'); WriteLn('3. Command: App <filename>'); Exit; end; if not _CryptSIPRetrieveSubjectGuid(PWChar(WideString(ParamStr(ParamCount))), 0, @SubjectGuid) then begin WriteLn('Retrieve Fail!'); Exit; end; WriteLn(GUIDToString(SubjectGuid)); end.
附录:
const // 根据Win2k泄漏的部分源码 mscdfapi.cpp + OllyICE makecat.exe获得(2011/12/20 by Hou) // http://mikolajapp.appspot.com/uuid/query?q=%7Bc689aaba-8e78-11d0-8c47-00c04fc295ee%7D CRYPT_SUBJTYPE_PE_IMAGE: TGUID = '{C689AAB8-8E78-11D0-8C47-00C04FC295EE}'; CRYPT_SUBJTYPE_JAVACLASS_IMAGE: TGUID = '{C689AAB9-8E78-11D0-8C47-00C04FC295EE}'; CRYPT_SUBJTYPE_CABINET_IMAGE: TGUID = '{C689AABA-8E78-11D0-8C47-00C04FC295EE}'; CRYPT_SUBJTYPE_FLAT_IMAGE: TGUID = '{DE351A42-8E59-11D0-8C47-00C04FC295EE}'; CRYPT_SUBJTYPE_CATALOG_IMAGE: TGUID = '{DE351A43-8E59-11D0-8C47-00C04FC295EE}'; CRYPT_SUBJTYPE_CTL_IMAGE: TGUID = '{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}';