简介
CryptSIPRetrieveSubjectGuid根据文件类型检索SubjectGUID, 用于 CryptSIPLoad。
提示
如果检索失败可以使用通用的 CRYPT_SUBJTYPE_FLAT_IMAGE;
GUID为{DE351A42-8E59-11D0-8C47-00C04FC295EE}
代码
program CryptSIPRetrieveSubjectGuid;
{$APPTYPE CONSOLE}
uses
Windows, SysUtils;
/// ///////////////////////////////////////////////////////////////////////////
//
// CryptSIPRetrieveSubjectGuid (defined in crypt32.dll)
// ----------------------------------------------------------------------------
// looks at the file's "Magic Number" and tries to determine which
// SIP's object ID is right for the file type.
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
function _CryptSIPRetrieveSubjectGuid(
FileName: LPCWSTR; // wide file name
hFileIn: THandle; // or handle of open file
pgSubject: PGUID // defined SIP's GUID
): BOOL; stdcall; external 'crypt32.dll' name 'CryptSIPRetrieveSubjectGuid';
var
SubjectGuid: TGUID;
begin
if ParamCount < 1 then
begin
WriteLn('1. 检索文件 "Magic Number"');
WriteLn('2. Created 2011/12/19 by Hou');
WriteLn('3. Command: App <filename>');
Exit;
end;
if not _CryptSIPRetrieveSubjectGuid(PWChar(WideString(ParamStr(ParamCount))),
0,
@SubjectGuid) then
begin
WriteLn('Retrieve Fail!');
Exit;
end;
WriteLn(GUIDToString(SubjectGuid));
end.
附录:
const
// 根据Win2k泄漏的部分源码 mscdfapi.cpp + OllyICE makecat.exe获得(2011/12/20 by Hou)
// http://mikolajapp.appspot.com/uuid/query?q=%7Bc689aaba-8e78-11d0-8c47-00c04fc295ee%7D
CRYPT_SUBJTYPE_PE_IMAGE:
TGUID = '{C689AAB8-8E78-11D0-8C47-00C04FC295EE}';
CRYPT_SUBJTYPE_JAVACLASS_IMAGE:
TGUID = '{C689AAB9-8E78-11D0-8C47-00C04FC295EE}';
CRYPT_SUBJTYPE_CABINET_IMAGE:
TGUID = '{C689AABA-8E78-11D0-8C47-00C04FC295EE}';
CRYPT_SUBJTYPE_FLAT_IMAGE:
TGUID = '{DE351A42-8E59-11D0-8C47-00C04FC295EE}';
CRYPT_SUBJTYPE_CATALOG_IMAGE:
TGUID = '{DE351A43-8E59-11D0-8C47-00C04FC295EE}';
CRYPT_SUBJTYPE_CTL_IMAGE:
TGUID = '{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}';