[windows上检查MS13-098是否已修复] #golang

checkWintrustConfig.go

// CheckWintrustConfig check if MS13-098 fix is not installed (KB2893294),
// Keep in mind IT COULD BE INSTALLED BUT REGISTRY KEYS ARE NOT PROPERLY SET, WHICH RENDERS THE PATCH USELESS
func CheckWintrustConfig() (bool, error) {
	var _check = false
	pSubkey1, err := syscall.UTF16PtrFromString(`\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config`)
	if err != nil {
		return false, err
	}
	pSubkey2, err := syscall.UTF16PtrFromString(`\Software\Microsoft\Cryptography\Wintrust\Config`)
	if err != nil {
		return false, err
	}
	var h windows.Handle
	if errors.Is(windows.RegOpenKeyEx(windows.HKEY_LOCAL_MACHINE, pSubkey1, 0, windows.KEY_READ, &h), windows.ERROR_SUCCESS) ||
		errors.Is(windows.RegOpenKeyEx(windows.HKEY_LOCAL_MACHINE, pSubkey2, 0, windows.KEY_READ, &h), windows.ERROR_SUCCESS) {
		var dwType uint32
		name, err := syscall.UTF16PtrFromString(`EnableCertPaddingCheck`)
		if err != nil {
			return false, err
		}
		if _nResult := windows.RegQueryValueEx(h, name, nil, &dwType, nil, nil); _nResult == windows.ERROR_SUCCESS {
			_check = true
		}
		windows.RegCloseKey(h)
	}
	return _check, nil
}