calchash.exe和chckhash.exe计算pe文件hash值的两个实用小工具
第一部分:
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5.CAT t部分内容
B B D 0 2 2 2 1 A A 6 5 5 6 2 8 F 4 9 5 F 6 C D 3 0 3 9 0 8 B B E 0 0 F 9 5 9 5
第二部分:
D:\>calchash.exe pidgen.dll
BB D0 22 21 AA 65 56 28 F4 95 F6 CD 30 39 08 BB E0 0F 95 95
第三部分:
D:\>chckhash.exe pidgen.dll
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5.CAT contains pidgen.dll
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\SP3.CAT contains pidgen.dll
第四部分:main函数主要调用了一个CryptCATAdminCalcHashFromFileHandle函数
D:\srv03rtm\ds\security\cryptoapi\pkitrust\tools\calchash\calchash.cpp
extern "C" int __cdecl wmain(int argc, WCHAR **wargv)
{
int cMember;
cWArgv_ *pArgs;
BOOL fFailed;
CRYPTCATCDF *pCDF;
CRYPTCATMEMBER *pMember;
LPWSTR pwszMemberTag;
CRYPTCATATTRIBUTE *pAttr;
BOOL fContinueOnError;
BYTE pbHash[40];
DWORD cbHash = sizeof(pbHash);
HANDLE hFile;
LPSTR psz;
pCDF = NULL;
if (!(pArgs = new cWArgv_((HINSTANCE)GetModuleHandle(NULL), &fFailed)))
{
goto MemoryError;
}
if (fFailed)
{
goto MemoryError;
}
pArgs->AddUsageText(IDS_USAGETEXT_USAGE, IDS_USAGETEXT_OPTIONS,
IDS_USAGETEXT_OPTPARAM, IDS_USAGETEXT_FILENAME, IDS_USAGETEXT_OPTPARAM);
pArgs->Add2List(IDS_PARAM_HELP, IDS_PARAMTEXT_HELP, WARGV_VALUETYPE_BOOL, (void *)FALSE);
pArgs->Fill(argc, wargv);
if (!(pArgs->Fill(argc, wargv)) ||
(pArgs->GetValue(IDS_PARAM_HELP)))
{
wprintf(L"%s", gszUsage);
goto NeededHelp;
}
if (!(pwszFile = pArgs->GetFileName()))
{
wprintf(L"%s",gszUsage);
goto ParamError;
}
pPrint = new PrintfU_;
SetLastError(0);
if ((hFile = CreateFileU(pwszFile,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL)) == INVALID_HANDLE_VALUE)
{
wprintf(L"Cannot open file - GLE = %lx\n", GetLastError());
goto CATCloseError;
}
if (!CryptCATAdminCalcHashFromFileHandle(hFile,
&cbHash,
pbHash,
0))
{
goto CATCloseError;
}