Skip to content

Instantly share code, notes, and snippets.

@webframp

webframp/CIPolicyParser.ps1

Forked from mattifestation/CIPolicyParser.ps1
Created December 7, 2016 16:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save webframp/37859c4f4e85acad1a039c7b288a66b8 to your computer and use it in GitHub Desktop.
Save webframp/37859c4f4e85acad1a039c7b288a66b8 to your computer and use it in GitHub Desktop.
Download ZIP
Functions to recover information from binary Device Guard Code Integrity policies.
Raw
CIPolicyParser.ps1
function ConvertTo-CIPolicy {
<#
.SYNOPSIS
Converts a binary file that contains a Code Integrity policy into XML format.
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
.DESCRIPTION
ConvertTo-CIPolicy converts a binary file that contains a Code Integrity policy into XML format. This function is used to audit deployed Code Integrity policies for which the original XML is not present. It can also be used to compare deployed rules against a reference XML file.
Note: the process of converting an XML file to a binary policy is lossy. ID, Name, and FriendlyName attributes are all lost in the process. ConvertTo-CIPolicy auto-generates ID and Name properties when necessary.
ConvertTo-CIPolicy supports both signed and unsigned policies.
.PARAMETER BinaryFilePath
Specifies the path of the binary policy file that this cmdlet converts. Deployed binary policy files are located in %SystemRoot%\System32\CodeIntegrity\SIPolicy.p7b.
.PARAMETER XmlFilePath
Specifies the path for the output converted policy XML file.
.EXAMPLE
ConvertTo-CIPolicy -BinaryFilePath C:\Windows\System32\CodeIntegrity\SIPolicy.p7b -XmlFilePath recovered_policy.xml
.OUTPUTS
System.IO.FileInfo
Outputs a recovered Code Integrity policy XML file.
#>
[CmdletBinding(SupportsShouldProcess)]
[OutputType([System.IO.FileInfo])]
param (
[Parameter(Position = 0, Mandatory)]
[String]
[ValidateScript({ [IO.File]::Exists((Resolve-Path $_).Path) })]
$BinaryFilePath,
[Parameter(Position = 1, Mandatory)]
[String]
[ValidateNotNullOrEmpty()]
$XmlFilePath
)
Set-StrictMode -Version Latest
$CorruptPolicyErr = 'The CI policy may be corrupt.'
$HeaderLengthMax = 0x44
$HeaderSignature = 0x02
$GuidLength = 0x10
# Generated code that enables CI policy XML serialization.
$TypeDef = @'
using System.Xml.Serialization;
namespace CodeIntegrity {
[System.FlagsAttribute()]
public enum PolicyRules {
AllowedPrereleaseSigners = 0x00000001,
AllowedKitsSigners = 0x00000002,
EnabledUMCI = 0x00000004,
EnabledBootMenuProtection = 0x00000008,
AllowedUMCIDebugOptions = 0x00000010,
EnabledUMCICacheDataVolumes = 0x00000020,
AllowedSeQuerySigningPolicyExtension = 0x00000040,
RequiredWHQL = 0x00000080,
EnabledFilterEditedBootOptions = 0x00000100,
DisabledUMCIUSN0Protection = 0x00000200,
DisabledWinloadDebuggingModeMenu = 0x00000400,
EnabledStrongCryptoForCodeIntegrity = 0x00000800,
AllowedNonMicrosoftUEFIApplicationsForBitLocker = 0x00001000,
EnabledAlwaysUsePolicy = 0x00002000,
EnabledUMCITrustUSN0 = 0x00004000,
DisabledUMCIDebugOptionsTCBLowering = 0x00008000,
EnabledAuditMode = 0x00010000,
DisabledFlightSigning = 0x00020000,
EnabledInheritDefaultPolicy = 0x00040000,
EnabledUnsignedSystemIntegrityPolicy = 0x00080000,
AllowedDebugPolicyAugmented = 0x00100000,
RequiredEVSigners = 0x00200000,
EnabledBootAuditOnFailure = 0x00400000,
EnabledAdvancedBootOptionsMenu = 0x00800000,
DisabledScriptEnforcement = 0x01000000,
RequiredEnforceStoreApplications = 0x02000000,
EnabledSecureSettingPolicy = 0x04000000
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class Setting {
private SettingValueType valueField;
private string providerField;
private string keyField;
private string valueNameField;
public SettingValueType Value {
get {
return this.valueField;
}
set {
this.valueField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string Provider {
get {
return this.providerField;
}
set {
this.providerField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string Key {
get {
return this.keyField;
}
set {
this.keyField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string ValueName {
get {
return this.valueNameField;
}
set {
this.valueNameField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(Namespace="urn:schemas-microsoft-com:sipolicy")]
public partial class SettingValueType {
private object itemField;
[System.Xml.Serialization.XmlElementAttribute("Binary", typeof(byte[]), DataType="hexBinary")]
[System.Xml.Serialization.XmlElementAttribute("Boolean", typeof(bool))]
[System.Xml.Serialization.XmlElementAttribute("DWord", typeof(uint))]
[System.Xml.Serialization.XmlElementAttribute("String", typeof(string))]
public object Item {
get {
return this.itemField;
}
set {
this.itemField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(Namespace="urn:schemas-microsoft-com:sipolicy")]
public partial class RuleType {
private OptionType itemField;
[System.Xml.Serialization.XmlElementAttribute("Option")]
public OptionType Item {
get {
return this.itemField;
}
set {
this.itemField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Xml.Serialization.XmlTypeAttribute(Namespace="urn:schemas-microsoft-com:sipolicy")]
public enum OptionType {
[System.Xml.Serialization.XmlEnumAttribute("Allowed:Prerelease Signers")]
AllowedPrereleaseSigners,
[System.Xml.Serialization.XmlEnumAttribute("Allowed:Kits Signers")]
AllowedKitsSigners,
[System.Xml.Serialization.XmlEnumAttribute("Enabled:UMCI")]
EnabledUMCI,
[System.Xml.Serialization.XmlEnumAttribute("Enabled:Boot Menu Protection")]
EnabledBootMenuProtection,
[System.Xml.Serialization.XmlEnumAttribute("Allowed:UMCI Debug Options")]
AllowedUMCIDebugOptions,
[System.Xml.Serialization.XmlEnumAttribute("Enabled:UMCI Cache Data Volumes")]
EnabledUMCICacheDataVolumes,
[System.Xml.Serialization.XmlEnumAttribute("Allowed:SeQuerySigningPolicy Extension")]
AllowedSeQuerySigningPolicyExtension,
[System.Xml.Serialization.XmlEnumAttribute("Required:WHQL")]
RequiredWHQL,
[System.Xml.Serialization.XmlEnumAttribute("Enabled:Filter Edited Boot Options")]
EnabledFilterEditedBootOptions,
[System.Xml.Serialization.XmlEnumAttribute("Disabled:UMCI USN 0 Protection")]
DisabledUMCIUSN0Protection,
[System.Xml.Serialization.XmlEnumAttribute("Disabled:Winload Debugging Mode Menu")]
DisabledWinloadDebuggingModeMenu,
[System.Xml.Serialization.XmlEnumAttribute("Enabled:Strong Crypto For Code Integrity")]
EnabledStrongCryptoForCodeIntegrity,
[System.Xml.Serialization.XmlEnumAttribute("Allowed:Non-Microsoft UEFI Applications For BitLocker")]
AllowedNonMicrosoftUEFIApplicationsForBitLocker,
[System.Xml.Serialization.XmlEnumAttribute("Enabled:Always Use Policy")]
EnabledAlwaysUsePolicy,
[System.Xml.Serialization.XmlEnumAttribute("Enabled:UMCI Trust USN 0")]
EnabledUMCITrustUSN0,
[System.Xml.Serialization.XmlEnumAttribute("Disabled:UMCI Debug Options TCB Lowering")]
DisabledUMCIDebugOptionsTCBLowering,
[System.Xml.Serialization.XmlEnumAttribute("Enabled:Audit Mode")]
EnabledAuditMode,
[System.Xml.Serialization.XmlEnumAttribute("Disabled:Flight Signing")]
DisabledFlightSigning,
[System.Xml.Serialization.XmlEnumAttribute("Enabled:Inherit Default Policy")]
EnabledInheritDefaultPolicy,
[System.Xml.Serialization.XmlEnumAttribute("Enabled:Unsigned System Integrity Policy")]
EnabledUnsignedSystemIntegrityPolicy,
[System.Xml.Serialization.XmlEnumAttribute("Allowed:Debug Policy Augmented")]
AllowedDebugPolicyAugmented,
[System.Xml.Serialization.XmlEnumAttribute("Required:EV Signers")]
RequiredEVSigners,
[System.Xml.Serialization.XmlEnumAttribute("Enabled:Boot Audit On Failure")]
EnabledBootAuditOnFailure,
[System.Xml.Serialization.XmlEnumAttribute("Enabled:Advanced Boot Options Menu")]
EnabledAdvancedBootOptionsMenu,
[System.Xml.Serialization.XmlEnumAttribute("Disabled:Script Enforcement")]
DisabledScriptEnforcement,
[System.Xml.Serialization.XmlEnumAttribute("Required:Enforce Store Applications")]
RequiredEnforceStoreApplications,
[System.Xml.Serialization.XmlEnumAttribute("Enabled:Secure Setting Policy")]
EnabledSecureSettingPolicy,
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class Settings {
private Setting[] itemsField;
[System.Xml.Serialization.XmlElementAttribute("Setting")]
public Setting[] Items {
get {
return this.itemsField;
}
set {
this.itemsField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class CertEKU {
private string idField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string ID {
get {
return this.idField;
}
set {
this.idField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class CertOemID {
private string valueField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string Value {
get {
return this.valueField;
}
set {
this.valueField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class CertPublisher {
private string valueField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string Value {
get {
return this.valueField;
}
set {
this.valueField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class CertIssuer {
private string valueField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string Value {
get {
return this.valueField;
}
set {
this.valueField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class CertRoot {
private CertEnumType typeField;
private byte[] valueField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public CertEnumType Type {
get {
return this.typeField;
}
set {
this.typeField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute(DataType="hexBinary")]
public byte[] Value {
get {
return this.valueField;
}
set {
this.valueField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Xml.Serialization.XmlTypeAttribute(Namespace="urn:schemas-microsoft-com:sipolicy")]
public enum CertEnumType {
TBS,
Wellknown,
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class ProductSigners {
private AllowedSigners allowedSignersField;
private DeniedSigners deniedSignersField;
private FileRulesRef fileRulesRefField;
public AllowedSigners AllowedSigners {
get {
return this.allowedSignersField;
}
set {
this.allowedSignersField = value;
}
}
public DeniedSigners DeniedSigners {
get {
return this.deniedSignersField;
}
set {
this.deniedSignersField = value;
}
}
public FileRulesRef FileRulesRef {
get {
return this.fileRulesRefField;
}
set {
this.fileRulesRefField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class AllowedSigners {
private AllowedSigner[] allowedSignerField;
private string workaroundField;
[System.Xml.Serialization.XmlElementAttribute("AllowedSigner")]
public AllowedSigner[] AllowedSigner {
get {
return this.allowedSignerField;
}
set {
this.allowedSignerField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string Workaround {
get {
return this.workaroundField;
}
set {
this.workaroundField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class AllowedSigner {
private ExceptDenyRule[] exceptDenyRuleField;
private string signerIdField;
[System.Xml.Serialization.XmlElementAttribute("ExceptDenyRule")]
public ExceptDenyRule[] ExceptDenyRule {
get {
return this.exceptDenyRuleField;
}
set {
this.exceptDenyRuleField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string SignerId {
get {
return this.signerIdField;
}
set {
this.signerIdField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class ExceptDenyRule {
private string denyRuleIDField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string DenyRuleID {
get {
return this.denyRuleIDField;
}
set {
this.denyRuleIDField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class DeniedSigners {
private DeniedSigner[] deniedSignerField;
private string workaroundField;
[System.Xml.Serialization.XmlElementAttribute("DeniedSigner")]
public DeniedSigner[] DeniedSigner {
get {
return this.deniedSignerField;
}
set {
this.deniedSignerField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string Workaround {
get {
return this.workaroundField;
}
set {
this.workaroundField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class DeniedSigner {
private ExceptAllowRule[] exceptAllowRuleField;
private string signerIdField;
[System.Xml.Serialization.XmlElementAttribute("ExceptAllowRule")]
public ExceptAllowRule[] ExceptAllowRule {
get {
return this.exceptAllowRuleField;
}
set {
this.exceptAllowRuleField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string SignerId {
get {
return this.signerIdField;
}
set {
this.signerIdField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class ExceptAllowRule {
private string allowRuleIDField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string AllowRuleID {
get {
return this.allowRuleIDField;
}
set {
this.allowRuleIDField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class FileRulesRef {
private FileRuleRef[] fileRuleRefField;
private string workaroundField;
[System.Xml.Serialization.XmlElementAttribute("FileRuleRef")]
public FileRuleRef[] FileRuleRef {
get {
return this.fileRuleRefField;
}
set {
this.fileRuleRefField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string Workaround {
get {
return this.workaroundField;
}
set {
this.workaroundField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class FileRuleRef {
private string ruleIDField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string RuleID {
get {
return this.ruleIDField;
}
set {
this.ruleIDField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class TestSigners {
private AllowedSigners allowedSignersField;
private DeniedSigners deniedSignersField;
private FileRulesRef fileRulesRefField;
public AllowedSigners AllowedSigners {
get {
return this.allowedSignersField;
}
set {
this.allowedSignersField = value;
}
}
public DeniedSigners DeniedSigners {
get {
return this.deniedSignersField;
}
set {
this.deniedSignersField = value;
}
}
public FileRulesRef FileRulesRef {
get {
return this.fileRulesRefField;
}
set {
this.fileRulesRefField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class TestSigningSigners {
private AllowedSigners allowedSignersField;
private DeniedSigners deniedSignersField;
private FileRulesRef fileRulesRefField;
public AllowedSigners AllowedSigners {
get {
return this.allowedSignersField;
}
set {
this.allowedSignersField = value;
}
}
public DeniedSigners DeniedSigners {
get {
return this.deniedSignersField;
}
set {
this.deniedSignersField = value;
}
}
public FileRulesRef FileRulesRef {
get {
return this.fileRulesRefField;
}
set {
this.fileRulesRefField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class FileAttribRef {
private string ruleIDField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string RuleID {
get {
return this.ruleIDField;
}
set {
this.ruleIDField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class EKUs {
private EKU[] itemsField;
[System.Xml.Serialization.XmlElementAttribute("EKU")]
public EKU[] Items {
get {
return this.itemsField;
}
set {
this.itemsField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class EKU {
private string idField;
private byte[] valueField;
private string friendlyNameField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string ID {
get {
return this.idField;
}
set {
this.idField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute(DataType="hexBinary")]
public byte[] Value {
get {
return this.valueField;
}
set {
this.valueField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string FriendlyName {
get {
return this.friendlyNameField;
}
set {
this.friendlyNameField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class FileRules {
private object[] itemsField;
[System.Xml.Serialization.XmlElementAttribute("Allow", typeof(CodeIntegrity.Allow))]
[System.Xml.Serialization.XmlElementAttribute("Deny", typeof(CodeIntegrity.Deny))]
[System.Xml.Serialization.XmlElementAttribute("FileAttrib", typeof(CodeIntegrity.FileAttrib))]
public object[] Items {
get {
return this.itemsField;
}
set {
this.itemsField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class Allow {
private string idField;
private string friendlyNameField;
private string fileNameField;
private string minimumFileVersionField;
private byte[] hashField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string ID {
get {
return this.idField;
}
set {
this.idField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string FriendlyName {
get {
return this.friendlyNameField;
}
set {
this.friendlyNameField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string FileName {
get {
return this.fileNameField;
}
set {
this.fileNameField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string MinimumFileVersion {
get {
return this.minimumFileVersionField;
}
set {
this.minimumFileVersionField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute(DataType="hexBinary")]
public byte[] Hash {
get {
return this.hashField;
}
set {
this.hashField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class Deny {
private string idField;
private string friendlyNameField;
private string fileNameField;
private string minimumFileVersionField;
private byte[] hashField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string ID {
get {
return this.idField;
}
set {
this.idField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string FriendlyName {
get {
return this.friendlyNameField;
}
set {
this.friendlyNameField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string FileName {
get {
return this.fileNameField;
}
set {
this.fileNameField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string MinimumFileVersion {
get {
return this.minimumFileVersionField;
}
set {
this.minimumFileVersionField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute(DataType="hexBinary")]
public byte[] Hash {
get {
return this.hashField;
}
set {
this.hashField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class FileAttrib {
private string idField;
private string friendlyNameField;
private string fileNameField;
private string minimumFileVersionField;
private byte[] hashField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string ID {
get {
return this.idField;
}
set {
this.idField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string FriendlyName {
get {
return this.friendlyNameField;
}
set {
this.friendlyNameField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string FileName {
get {
return this.fileNameField;
}
set {
this.fileNameField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string MinimumFileVersion {
get {
return this.minimumFileVersionField;
}
set {
this.minimumFileVersionField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute(DataType="hexBinary")]
public byte[] Hash {
get {
return this.hashField;
}
set {
this.hashField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class UpdatePolicySigner {
private string signerIdField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string SignerId {
get {
return this.signerIdField;
}
set {
this.signerIdField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class UpdatePolicySigners {
private UpdatePolicySigner[] itemsField;
[System.Xml.Serialization.XmlElementAttribute("UpdatePolicySigner")]
public UpdatePolicySigner[] Items {
get {
return this.itemsField;
}
set {
this.itemsField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class CiSigner {
private string signerIdField;
[System.Xml.Serialization.XmlAttributeAttribute()]
public string SignerId {
get {
return this.signerIdField;
}
set {
this.signerIdField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class CiSigners {
private CiSigner[] itemsField;
[System.Xml.Serialization.XmlElementAttribute("CiSigner")]
public CiSigner[] Items {
get {
return this.itemsField;
}
set {
this.itemsField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class Signers {
private Signer[] itemsField;
[System.Xml.Serialization.XmlElementAttribute("Signer")]
public Signer[] Items {
get {
return this.itemsField;
}
set {
this.itemsField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class Signer {
private CertRoot certRootField;
private CertEKU[] certEKUField;
private CertIssuer certIssuerField;
private CertPublisher certPublisherField;
private CertOemID certOemIDField;
private FileAttribRef[] fileAttribRefField;
private string nameField;
private string idField;
public CertRoot CertRoot {
get {
return this.certRootField;
}
set {
this.certRootField = value;
}
}
[System.Xml.Serialization.XmlElementAttribute("CertEKU")]
public CertEKU[] CertEKU {
get {
return this.certEKUField;
}
set {
this.certEKUField = value;
}
}
public CertIssuer CertIssuer {
get {
return this.certIssuerField;
}
set {
this.certIssuerField = value;
}
}
public CertPublisher CertPublisher {
get {
return this.certPublisherField;
}
set {
this.certPublisherField = value;
}
}
public CertOemID CertOemID {
get {
return this.certOemIDField;
}
set {
this.certOemIDField = value;
}
}
[System.Xml.Serialization.XmlElementAttribute("FileAttribRef")]
public FileAttribRef[] FileAttribRef {
get {
return this.fileAttribRefField;
}
set {
this.fileAttribRefField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string Name {
get {
return this.nameField;
}
set {
this.nameField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string ID {
get {
return this.idField;
}
set {
this.idField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class SigningScenarios {
private SigningScenario[] itemsField;
[System.Xml.Serialization.XmlElementAttribute("SigningScenario")]
public SigningScenario[] Items {
get {
return this.itemsField;
}
set {
this.itemsField = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class SigningScenario {
private ProductSigners productSignersField;
private TestSigners testSignersField;
private TestSigningSigners testSigningSignersField;
private string idField;
private string friendlyNameField;
private byte valueField;
private string inheritedScenariosField;
private ushort minimumHashAlgorithmField;
private bool minimumHashAlgorithmFieldSpecified;
public ProductSigners ProductSigners {
get {
return this.productSignersField;
}
set {
this.productSignersField = value;
}
}
public TestSigners TestSigners {
get {
return this.testSignersField;
}
set {
this.testSignersField = value;
}
}
public TestSigningSigners TestSigningSigners {
get {
return this.testSigningSignersField;
}
set {
this.testSigningSignersField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string ID {
get {
return this.idField;
}
set {
this.idField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string FriendlyName {
get {
return this.friendlyNameField;
}
set {
this.friendlyNameField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public byte Value {
get {
return this.valueField;
}
set {
this.valueField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public string InheritedScenarios {
get {
return this.inheritedScenariosField;
}
set {
this.inheritedScenariosField = value;
}
}
[System.Xml.Serialization.XmlAttributeAttribute()]
public ushort MinimumHashAlgorithm {
get {
return this.minimumHashAlgorithmField;
}
set {
this.minimumHashAlgorithmField = value;
}
}
[System.Xml.Serialization.XmlIgnoreAttribute()]
public bool MinimumHashAlgorithmSpecified {
get {
return this.minimumHashAlgorithmFieldSpecified;
}
set {
this.minimumHashAlgorithmFieldSpecified = value;
}
}
}
[System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.6.81.0")]
[System.SerializableAttribute()]
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="urn:schemas-microsoft-com:sipolicy")]
[System.Xml.Serialization.XmlRootAttribute(Namespace="urn:schemas-microsoft-com:sipolicy", IsNullable=false)]
public partial class SiPolicy {
private string versionExField;
private string policyTypeIDField;
private string platformIDField;
private RuleType[] rulesField;
private EKU[] eKUsField;
private object[] fileRulesField;
private Signer[] signersField;
private SigningScenario[] signingScenariosField;
private UpdatePolicySigner[] updatePolicySignersField;
private CiSigner[] ciSignersField;
private uint hvciOptionsField;
private bool hvciOptionsFieldSpecified;
private Setting[] settingsField;
public string VersionEx {
get {
return this.versionExField;
}
set {
this.versionExField = value;
}
}
public string PolicyTypeID {
get {
return this.policyTypeIDField;
}
set {
this.policyTypeIDField = value;
}
}
public string PlatformID {
get {
return this.platformIDField;
}
set {
this.platformIDField = value;
}
}
[System.Xml.Serialization.XmlArrayItemAttribute("Rule", IsNullable=false)]
public RuleType[] Rules {
get {
return this.rulesField;
}
set {
this.rulesField = value;
}
}
[System.Xml.Serialization.XmlArrayItemAttribute("EKU", IsNullable=false)]
public EKU[] EKUs {
get {
return this.eKUsField;
}
set {
this.eKUsField = value;
}
}
[System.Xml.Serialization.XmlArrayItemAttribute("Allow", typeof(Allow), IsNullable=false)]
[System.Xml.Serialization.XmlArrayItemAttribute("Deny", typeof(Deny), IsNullable=false)]
[System.Xml.Serialization.XmlArrayItemAttribute("FileAttrib", typeof(FileAttrib), IsNullable=false)]
public object[] FileRules {
get {
return this.fileRulesField;
}
set {
this.fileRulesField = value;
}
}
[System.Xml.Serialization.XmlArrayItemAttribute("Signer", IsNullable=false)]
public Signer[] Signers {
get {
return this.signersField;
}
set {
this.signersField = value;
}
}
[System.Xml.Serialization.XmlArrayItemAttribute("SigningScenario", IsNullable=false)]
public SigningScenario[] SigningScenarios {
get {
return this.signingScenariosField;
}
set {
this.signingScenariosField = value;
}
}
[System.Xml.Serialization.XmlArrayItemAttribute("UpdatePolicySigner", IsNullable=false)]
public UpdatePolicySigner[] UpdatePolicySigners {
get {
return this.updatePolicySignersField;
}
set {
this.updatePolicySignersField = value;
}
}
[System.Xml.Serialization.XmlArrayItemAttribute("CiSigner", IsNullable=false)]
public CiSigner[] CiSigners {
get {
return this.ciSignersField;
}
set {
this.ciSignersField = value;
}
}
public uint HvciOptions {
get {
return this.hvciOptionsField;
}
set {
this.hvciOptionsField = value;
}
}
[System.Xml.Serialization.XmlIgnoreAttribute()]
public bool HvciOptionsSpecified {
get {
return this.hvciOptionsFieldSpecified;
}
set {
this.hvciOptionsFieldSpecified = value;
}
}
[System.Xml.Serialization.XmlArrayItemAttribute("Setting", IsNullable=false)]
public Setting[] Settings {
get {
return this.settingsField;
}
set {
this.settingsField = value;
}
}
}
}
'@
if (-not ('CodeIntegrity.SIPolicy' -as [Type])) {
Add-Type -TypeDefinition $TypeDef -ReferencedAssemblies 'System.Xml'
}
function ConvertTo-Oid {
<#
.SYNOPSIS
Decodes a DER encoded ASN.1 object identifier (OID)
.DESCRIPTION
ConvertTo-Oid decodes a DER encoded ASN.1 object identifier (OID). This can be used as a helper function for binary certificate parsers.
.PARAMETER EncodedOIDBytes
Specifies the bytes of an absolute (starts with 6), encoded OID.
.EXAMPLE
ConvertTo-Oid -EncodedOIDBytes @(0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0A, 0x03, 0x05)
.OUTPUTS
System.Security.Cryptography.Oid
ConvertTo-Oid outputs an OID object representing the decoded OID.
#>
[OutputType([System.Security.Cryptography.Oid])]
param (
[Parameter(Mandatory = $True, Position = 0)]
[Byte[]]
[ValidateNotNullOrEmpty()]
$EncodedOIDBytes
)
# This only handles absolute encoded OIDs - those that start with 6.
# [Security.Cryptography.CryptoConfig]::EncodeOID only handles absolute OIDs.
# This article describes the OID encoding/decoding process:
# https://msdn.microsoft.com/en-us/library/windows/desktop/bb540809(v=vs.85).aspx
if (($EncodedOIDBytes.Length -lt 2) -or ($EncodedOIDBytes[0] -ne 6) -or ($EncodedOIDBytes[1] -ne ($EncodedOIDBytes.Length - 2))) {
throw 'Invalid encoded EKU OID value.'
}
$OIDComponents = New-Object -TypeName 'System.Collections.Generic.List[Int]'
$SecondComponent = $EncodedOIDBytes[2] % 40
$FirstComponent = ($EncodedOIDBytes[2] - $SecondComponent) / 40
$OIDComponents.Add($FirstComponent)
$OIDComponents.Add($SecondComponent)
$i = 3
while ($i -lt $EncodedOIDBytes.Length) {
if (-not ($EncodedOIDBytes[$i] -band 0x80)) {
# It is just singlebyte encoded
$OIDComponents.Add($EncodedOIDBytes[$i])
$i++
} else {
# It is either two or three byte encoded
$Byte1 = ($EncodedOIDBytes[$i] -shl 1) -shr 1 # Strip the high bit
$Byte2 = $EncodedOIDBytes[$i+1]
if ($Byte2 -band 0x80) {
# three byte encoded
$Byte3 = $EncodedOIDBytes[$i+2]
$i += 3
$Byte2 = $Byte2 -band 0x7F
if ($Byte2 -band 1) { $Byte3 = $Byte3 -bor 0x80 }
if ($Byte1 -band 1) { $Byte2 = $Byte2 -bor 0x80 }
$Byte2 = $Byte2 -shr 1
$Byte1 = $Byte1 -shr 1
if ($Byte2 -band 1) { $Byte2 = $Byte2 -bor 0x80 }
$Byte1 = $Byte1 -shr 1
$OIDComponents.Add([BitConverter]::ToInt32(@($Byte3, $Byte2, $Byte1, 0), 0))
} else {
# two byte encoded
$i +=2
# "Shift" the low bit from the high byte to the high bit of the low byte
if ($Byte1 -band 1) { $Byte2 -bor 0x80 }
$Byte1 = $Byte1 -shr 1
$OIDComponents.Add([BitConverter]::ToInt16(@($Byte2, $Byte1), 0))
}
}
}
[Security.Cryptography.Oid] ($OIDComponents -join '.')
}
# Helper function to read strings from the binary
function Get-BinaryString {
[OutputType('String')]
param (
[Parameter(Mandatory)]
[IO.BinaryReader]
[ValidateNotNullOrEmpty()]
$BinaryReader
)
$StringLength = $BinaryReader.ReadUInt32()
if ($StringLength) {
$PaddingBytes = 4 - $StringLength % 4 -band 3
$StringBytes = $BinaryReader.ReadBytes($StringLength)
$null = $BinaryReader.ReadBytes($PaddingBytes)
[Text.Encoding]::Unicode.GetString($StringBytes)
}
$null = $BinaryReader.ReadInt32()
}
# Obtain the full path to the policy file if a relative path was provided.
$BinPath = Resolve-Path $BinaryFilePath
$XmlPathDir = Split-Path -Path $XmlFilePath -Parent
$XmlPathFile = Split-Path -Path $XmlFilePath -Leaf
if (-not $XmlPathDir) {
$XmlPathDir = $PWD
}
$ResolvedDir = Resolve-Path -Path $XmlPathDir
if (-not [System.IO.Directory]::Exists($ResolvedDir.Path)) {
throw "Cannot find path '$ResolvedDir' because it does not exist."
return
}
$FullXmlPath = Join-Path -Path $ResolvedDir -ChildPath $XmlPathFile
try {
$CIPolicyBytes = [IO.File]::ReadAllBytes($BinPath.Path)
$MemoryStream = New-Object -TypeName IO.MemoryStream -ArgumentList @(,$CIPolicyBytes)
$BinaryReader = New-Object -TypeName System.IO.BinaryReader -ArgumentList $MemoryStream, ([Text.Encoding]::Unicode)
} catch {
throw $_
return
}
try {
$ContentType = [Security.Cryptography.Pkcs.ContentInfo]::GetContentType($CIPolicyBytes)
} catch {
$ContentType = $null
}
$CIPolicyContentIndex = 0
# Check for PKCS#7 ASN.1 SignedData type
if ($ContentType -and ($ContentType.Value = '1.2.840.113549.1.7.2')) {
# CIPolicy is signed
$SequenceLengthWidth = [BitConverter]::ToUInt16($CIPolicyBytes, 0)
switch ($SequenceLengthWidth) {
0x8230 {
$CIPolicyContentIndex = 0x42
}
0x8330 {
$CIPolicyContentIndex = 0x48
}
}
$null = $BinaryReader.BaseStream.Seek($CIPolicyContentIndex, [IO.SeekOrigin]::Begin)
}
$SIPolicy = New-Object -TypeName CodeIntegrity.SIPolicy
try {
# Validate binary CI policy header
$Signature = $BinaryReader.ReadInt32()
if ($Signature -ne $HeaderSignature) {
throw "$BinPath has an invalid binary CI policy header value: 0x$($Signature.ToString('X8')). This file is likely not a binary CI policy."
return
}
[Byte[]] $PolicyTypeIDBytes = $BinaryReader.ReadBytes($GuidLength)
$PolicyTypeID = [Guid] $PolicyTypeIDBytes
$SIPolicy.PolicyTypeID = "{$($PolicyTypeID.ToString().ToUpper())}"
[Byte[]] $PlatformIDBytes = $BinaryReader.ReadBytes($GuidLength)
$PlatformID = [Guid] $PlatformIDBytes
$SIPolicy.PlatformID = "{$($PlatformID.ToString().ToUpper())}"
$OptionFlags = $BinaryReader.ReadInt32()
# Validate that the high bit is set - i.e. mask it off with 0x80000000
if ($OptionFlags -band ([Int32]::MinValue) -ne [Int32]::MinValue) {
throw "Invalid policy options flag. $CorruptPolicyErr"
return
}
# Obtain the policy rules but first remove the high bit -
# i.e. anding it with 0x7FFFFFFF first
$PolicyRules = [CodeIntegrity.PolicyRules] ($OptionFlags -band ([Int32]::MaxValue))
$PolicyRulesArray = $PolicyRules -split ', '
$Rules = New-Object -TypeName CodeIntegrity.RuleType[]($PolicyRulesArray.Length)
for ($i = 0; $i -lt $Rules.Length; $i++) {
$RuleType = New-Object -TypeName CodeIntegrity.RuleType -Property @{ Item = $PolicyRulesArray[$i] }
$Rules[$i] = $RuleType
}
$SIPolicy.Rules = $Rules
$EKURuleEntryCount = $BinaryReader.ReadInt32()
$FileRuleEntryCount = $BinaryReader.ReadInt32()
$SignerRuleEntryCount = $BinaryReader.ReadInt32()
$SignerScenarioEntryCount = $BinaryReader.ReadInt32()
$Revis = $BinaryReader.ReadInt16()
$Build = $BinaryReader.ReadInt16()
$Minor = $BinaryReader.ReadInt16()
$Major = $BinaryReader.ReadInt16()
$PolicyVersion = New-Object -TypeName Version -ArgumentList $Major, $Minor, $Build, $Revis
$SIPolicy.VersionEx = $PolicyVersion
# Validate that the fixed header length was written to the end of the header
$HeaderLength = $BinaryReader.ReadInt32()
if ($HeaderLength -ne ($HeaderLengthMax - 4)) {
throw "$BinPath has an invalid header footer: 0x$($HeaderLength.ToString('X8')). $CorruptPolicyErr"
}
if ($EKURuleEntryCount) {
$EKUArray = New-Object -TypeName CodeIntegrity.EKU[]($EKURuleEntryCount)
for ($i = 0; $i -lt $EKURuleEntryCount; $i++) {
# Length of the encoded EKU OID value
$EkuValueLen = $BinaryReader.ReadUInt32()
# Length of the encoded EKU OID value padded out to 4 bytes
$PaddingBytes = 4 - $EkuValueLen % 4 -band 3
$EKUValueBytes = $BinaryReader.ReadBytes($EkuValueLen)
$null = $BinaryReader.ReadBytes($PaddingBytes)
$EKUValueBytesCopy = $EKUValueBytes
$EKUValueBytesCopy[0] = 6
$OID = ConvertTo-Oid -EncodedOIDBytes $EKUValueBytesCopy
$Properties = @{
Value = $EKUValueBytes
ID = "ID_EKU_E_$(($i + 1).ToString('X4'))"
}
# Reconstruct the original FriendlyName that would have been lost
# in the process of converting to binary form.
if ($OID) {
if ($OID.FriendlyName) {
$Properties['FriendlyName'] = $OID.FriendlyName
} elseif ($OID.Value) {
$Properties['FriendlyName'] = $OID.Value
}
}
$EKUArray[$i] = New-Object -TypeName CodeIntegrity.EKU -Property $Properties
}
$SIPolicy.EKUs = $EKUArray
}
if ($FileRuleEntryCount) {
# The XMl serializer won't validate unless
# I use a generic collection vs. a System.Object[].
$FileRulesArray = New-Object -TypeName 'System.Collections.Generic.List[Object]'
for ($i = 0; $i -lt $FileRuleEntryCount; $i++) {
$FileRuleTypeValue = $BinaryReader.ReadInt32()
switch ($FileRuleTypeValue) {
0 {
$TypeName = 'CodeIntegrity.Deny'
$ID = "ID_DENY_D_$(($i + 1).ToString('X4'))"
}
1 {
$TypeName = 'CodeIntegrity.Allow'
$ID = "ID_ALLOW_A_$(($i + 1).ToString('X4'))"
}
2 {
$TypeName = 'CodeIntegrity.FileAttrib'
$ID = "ID_FILEATTRIB_F_$(($i + 1).ToString('X4'))"
}
default { throw "Invalid file rule type: 0x$($FileRuleTypeValue.ToString('X8'))" }
}
$FileRule = New-Object -TypeName $TypeName -Property @{ ID = $ID }
$FileName = Get-BinaryString -BinaryReader $BinaryReader
if ($FileName) {
$FileRule.FileName = $FileName
}
$Revis = $BinaryReader.ReadInt16()
$Build = $BinaryReader.ReadInt16()
$Minor = $BinaryReader.ReadInt16()
$Major = $BinaryReader.ReadInt16()
$MinimumVersion = New-Object -TypeName Version -ArgumentList $Major, $Minor, $Build, $Revis
if ($MinimumVersion -ne '0.0.0.0') {
$FileRule.MinimumFileVersion = $MinimumVersion
}
$HashLen = $BinaryReader.ReadUInt32()
if ($HashLen) {
$PaddingBytes = 4 - $HashLen % 4 -band 3
$HashBytes = $BinaryReader.ReadBytes($HashLen)
$null = $BinaryReader.ReadBytes($PaddingBytes)
$FileRule.Hash = $HashBytes
}
$FileRulesArray.Add($FileRule)
}
$SIPolicy.FileRules = $FileRulesArray
}
if ($SignerRuleEntryCount) {
$SignersArray = New-Object -TypeName CodeIntegrity.Signer[]($SignerRuleEntryCount)
for ($i = 0; $i -lt $SignerRuleEntryCount; $i++) {
$CertRootTypeValue = $BinaryReader.ReadInt32()
$Signer = New-Object -TypeName CodeIntegrity.Signer -Property @{
ID = "ID_SIGNER_S_$(($i + 1).ToString('X4'))"
Name = "Signer $($i + 1)"
}
switch ($CertRootTypeValue) {
0 { $CertRootType = [CodeIntegrity.CertEnumType] 'TBS' } # TBS - To Be Signed
1 { $CertRootType = [CodeIntegrity.CertEnumType] 'WellKnown' }
default { throw "Invalid certificate root type: 0x$($CertRooTypeValue.ToString('X8'))" }
}
if ($CertRootType -eq 'TBS') {
$CertRootLength = $BinaryReader.ReadUInt32()
if ($CertRootLength) {
$PaddingBytes = 4 - $CertRootLength % 4 -band 3
# This is a hash of the ToBeSigned data blob.
# The hashing algorithm used is dictated by the algorithm specified in the certificate.
[Byte[]] $CertRootBytes = $BinaryReader.ReadBytes($CertRootLength)
$null = $BinaryReader.ReadBytes($PaddingBytes)
}
} else {
# WellKnown type
# I'd like to know what these map to. I assume there's a mapped list of common
# Microsoft root certificates.
# It doesn't appear as though the ConfigCI cmdlets can generate a well known root type.
[Byte[]] $CertRootBytes = @(($BinaryReader.ReadUInt32() -band 0xFF))
}
$CertRootObject = New-Object -TypeName CodeIntegrity.CertRoot -Property @{ Type = $CertRootType; Value = $CertRootBytes }
$Signer.CertRoot = $CertRootObject
$CertEKULength = $BinaryReader.ReadUInt32()
if ($CertEKULength) {
$CertEKUArray = New-Object -TypeName CodeIntegrity.CertEKU[]($CertEKULength)
for ($j = 0; $j -lt $CertEKULength; $j++) {
$EKUIndex = $BinaryReader.ReadUInt32()
$CertEKUArray[$j] = New-Object -TypeName CodeIntegrity.CertEKU -Property @{ ID = $SIPolicy.EKUs[$EKUIndex].ID }
}
$Signer.CertEKU = $CertEKUArray
}
$CertIssuer = Get-BinaryString -BinaryReader $BinaryReader
if ($CertIssuer) {
$Signer.CertIssuer = New-Object -TypeName CodeIntegrity.CertIssuer -Property @{ Value = $CertIssuer }
}
$CertPublisher = Get-BinaryString -BinaryReader $BinaryReader
if ($CertPublisher) {
$Signer.CertPublisher = New-Object -TypeName CodeIntegrity.CertPublisher -Property @{ Value = $CertPublisher }
}
$CertOemID = Get-BinaryString -BinaryReader $BinaryReader
if ($CertOemID) {
$Signer.CertOemID = New-Object -TypeName CodeIntegrity.CertOemID -Property @{ Value = $CertOemID }
}
$FileAttribRefLength = $BinaryReader.ReadUInt32()
if ($FileAttribRefLength) {
$FileAttribRefArray = New-Object -TypeName CodeIntegrity.FileAttribRef[]($FileAttribRefLength)
for ($j = 0; $j -lt $FileAttribRefLength; $j++) {
$FileAttribRefIndex = $BinaryReader.ReadUInt32()
$FileAttribRefArray[$j] = New-Object -TypeName CodeIntegrity.FileAttribRef -Property @{ RuleID = $SIPolicy.FileRules[$FileAttribRefIndex].ID }
}
$Signer.FileAttribRef = $FileAttribRefArray
}
$SignersArray[$i] = $Signer
}
$SIPolicy.Signers = $SignersArray
}
$UpdatePolicySignersLength = $BinaryReader.ReadUInt32()
if ($UpdatePolicySignersLength) {
$UpdatePolicySigners = New-Object -TypeName CodeIntegrity.UpdatePolicySigner[]($UpdatePolicySignersLength)
for ($i = 0; $i -lt $UpdatePolicySignersLength; $i++) {
$UpdatePolicySignersIndex = $BinaryReader.ReadUInt32()
$UpdatePolicySigners[$i] = New-Object -TypeName CodeIntegrity.UpdatePolicySigner -Property @{ SignerId = $SIPolicy.Signers[$UpdatePolicySignersIndex].ID }
}
$SIPolicy.UpdatePolicySigners = $UpdatePolicySigners
}
$CISignersLength = $BinaryReader.ReadUInt32()
if ($CISignersLength) {
$CISigners = New-Object -TypeName CodeIntegrity.CiSigner[]($CISignersLength)
for ($i = 0; $i -lt $CISignersLength; $i++) {
$CISignersIndex = $BinaryReader.ReadUInt32()
$CISigners[$i] = New-Object -TypeName CodeIntegrity.CiSigner -Property @{ SignerId = $SIPolicy.Signers[$CISignersIndex].ID }
}
$SIPolicy.CiSigners = $CISigners
}
if ($SignerScenarioEntryCount) {
$SignerScenarioArray = New-Object -TypeName CodeIntegrity.SigningScenario[]($SignerScenarioEntryCount)
for ($i = 0; $i -lt $SignerScenarioEntryCount; $i++) {
[Byte] $SigningScenarioValue = $BinaryReader.ReadUInt32() -band 0xFF
$DriverSigningScenarioCount = 1
$WindowsSigningScenarioCount = 0
switch ($SigningScenarioValue) {
131 {
$ID = "ID_SIGNINGSCENARIO_DRIVERS_$($DriverSigningScenarioCount.ToString('X'))"
$DriverSigningScenarioCount++
}
12 {
$ID = 'ID_SIGNINGSCENARIO_WINDOWS'
# It is unlikely that there would ever be more than one windows
# (i.e. user mode) signing scenario but handle it just in case.
if ($WindowsSigningScenarioCount) {
$ID += "_$(($WindowsSigningScenarioCount + 1).ToString('X'))"
}
$WindowsSigningScenarioCount++
}
default {
# It is unlikely that there would ever be a value other than
# 131 or 12 but account for it anyway.
$ID = "ID_SIGNINGSCENARIO_S_$(($i + 1).ToString('X4'))"
}
}
$SigningScenario = New-Object -TypeName CodeIntegrity.SigningScenario -Property @{ ID = $ID; Value = $SigningScenarioValue }
# The ability to inherit from another signing scenario is not formally documented
# other than in the SIPolicy schema.
$InheritedScenarios = $null
$InheritedScenarioLength = $BinaryReader.ReadUInt32()
if ($InheritedScenarioLength) {
$InheritedScenarios = New-Object UInt32[]($InheritedScenarioLength)
for ($j = 0; $j -lt $InheritedScenarioLength; $j++) {
$InheritedScenarios[$j] = $BinaryReader.ReadUInt32()
}
# To-do: Make sure I resolve the indices later on!
$InheritedScenariosString = $InheritedScenarios -join ','
$SigningScenario.InheritedScenarios = $InheritedScenariosString
}
[UInt16] $MinimumHashValueValue = $BinaryReader.ReadUInt32() -band [UInt16]::MaxValue
# 0x800C refers to the absense of a minimum hash algorithm.
if ($MinimumHashValueValue -ne 0x800C) {
$MinimumHashValue = $MinimumHashValueValue
$SigningScenario.MinimumHashAlgorithmSpecified = $True
$SigningScenario.MinimumHashAlgorithm = $MinimumHashValue
} else {
$SigningScenario.MinimumHashAlgorithmSpecified = $False
}
# Loop over product signers, test signers, and test signing signers
1..3 | ForEach-Object {
$AllowedSignersCount = $BinaryReader.ReadUInt32()
$AllowSignersObject = $null
if ($AllowedSignersCount) {
$AllowSignersObject = New-Object -TypeName CodeIntegrity.AllowedSigners
$AllowSignerArray = New-Object -TypeName CodeIntegrity.AllowedSigner[]($AllowedSignersCount)
for ($j = 0; $j -lt $AllowedSignersCount; $j++) {
$AllowedSignerIndex = $BinaryReader.ReadUInt32()
$ExceptDenyRuleLength = $BinaryReader.ReadUInt32()
$ExceptDenyRulesArray = $null
if ($ExceptDenyRuleLength) {
$ExceptDenyRulesArray = New-Object -TypeName CodeIntegrity.ExceptDenyRule[]($ExceptDenyRuleLength)
for ($k = 0; $k -lt $ExceptDenyRuleLength; $k++) {
$ExceptDenyRuleIndex = $BinaryReader.ReadUInt32()
$ExceptDenyRulesArray[$k] = New-Object -TypeName CodeIntegrity.ExceptDenyRule -Property @{ DenyRuleID = $SIPolicy.FileRules[$ExceptDenyRuleIndex].ID }
}
}
$AllowSignerArray[$j] = New-Object -TypeName CodeIntegrity.AllowedSigner -Property @{ SignerId = $SIPolicy.Signers[$AllowedSignerIndex].ID }
$AllowSignerArray[$j].ExceptDenyRule = $ExceptDenyRulesArray
}
$AllowSignersObject.AllowedSigner = $AllowSignerArray
}
$DeniedSignersCount = $BinaryReader.ReadUInt32()
$DeniedSignersObject = $null
if ($DeniedSignersCount) {
$DeniedSignersObject = New-Object -TypeName CodeIntegrity.DeniedSigners
$DeniedSignerArray = New-Object -TypeName CodeIntegrity.DeniedSigner[]($DeniedSignersCount)
for ($j = 0; $j -lt $DeniedSignersCount; $j++) {
$DeniedSignerIndex = $BinaryReader.ReadUInt32()
$ExceptAllowRuleLength = $BinaryReader.ReadUInt32()
$ExceptAllowRulesArray = $null
if ($ExceptAllowRuleLength) {
$ExceptAllowRulesArray = New-Object -TypeName CodeIntegrity.ExceptAllowRule[]($ExceptAllowRuleLength)
for ($k = 0; $k -lt $ExceptAllowRuleLength; $k++) {
$ExceptAllowRuleIndex = $BinaryReader.ReadUInt32()
$ExceptAllowRulesArray[$k] = New-Object -TypeName CodeIntegrity.ExceptAllowRule -Property @{ AllowRuleID = $SIPolicy.FileRules[$ExceptAllowRuleIndex].ID }
}
}
$DeniedSignerArray[$j] = New-Object -TypeName CodeIntegrity.DeniedSigner -Property @{ SignerId = $SIPolicy.Signers[$DeniedSignerIndex].ID }
$DeniedSignerArray[$j].ExceptAllowRule = $ExceptAllowRulesArray
}
$DeniedSignersObject.DeniedSigner = $DeniedSignerArray
}
$FileRulesRefCount = $BinaryReader.ReadUInt32()
$FileRulesRefObject = $null
if ($FileRulesRefCount) {
$FileRulesRefObject = New-Object -TypeName CodeIntegrity.FileRulesRef
$FileRuleRefArray = New-Object -TypeName CodeIntegrity.FileRuleRef[]($FileRulesRefCount)
for ($j = 0; $j -lt $FileRulesRefCount; $j++) {
$FileRulesRefIndex = $BinaryReader.ReadUInt32()
$FileRuleRefArray[$j] = New-Object -TypeName CodeIntegrity.FileRuleRef -Property @{ RuleID = $SIPolicy.FileRules[$FileRulesRefIndex].ID }
}
$FileRulesRefObject.FileRuleRef = $FileRuleRefArray
}
$NullSigner = $False
# Don't populate the relevant object if it wasn't present in the binary.
# Even setting a property to null in an object that can be serialized
# with XML can result in the creation of empty XML element/attributes.
if (($AllowedSignersCount -eq 0) -and ($DeniedSignersCount -eq 0) -and ($FileRulesRefCount -eq 0)) {
$NullSigner = $True
}
switch ($_) {
1 { # Product signers
if (-not $NullSigner) {
$ProductSigner = New-Object -TypeName CodeIntegrity.ProductSigners
if ($AllowSignersObject) { $ProductSigner.AllowedSigners = $AllowSignersObject }
if ($DeniedSignersObject) { $ProductSigner.DeniedSigners = $DeniedSignersObject }
if ($FileRulesRefObject) { $ProductSigner.FileRulesRef = $FileRulesRefObject }
$SigningScenario.ProductSigners = $ProductSigner
}
}
2 { # Test signers
if (-not $NullSigner) {
$TestSigner = New-Object -TypeName CodeIntegrity.TestSigners
if ($AllowSignersObject) { $TestSigner.AllowedSigners = $AllowSignersObject }
if ($DeniedSignersObject) { $TestSigner.DeniedSigners = $DeniedSignersObject }
if ($FileRulesRefObject) { $TestSigner.FileRulesRef = $FileRulesRefObject }
$SigningScenario.TestSigners = $TestSigner
}
}
3 { # Test signing signers
if (-not $NullSigner) {
$TestSigningSigner = New-Object -TypeName CodeIntegrity.TestSigningSigners
if ($AllowSignersObject) { $TestSigningSigner.AllowedSigners = $AllowSignersObject }
if ($DeniedSignersObject) { $TestSigningSigner.DeniedSigners = $DeniedSignersObject }
if ($FileRulesRefObject) { $TestSigningSigner.FileRulesRef = $FileRulesRefObject }
$SigningScenario.TestSigningSigners = $TestSigningSigner
}
}
}
}
$SignerScenarioArray[$i] = $SigningScenario
}
# Resolve inherited scenario IDs now that they've all been parsed.
for ($i = 0; $i -lt $SignerScenarioEntryCount; $i++) {
if ($SignerScenarioArray[$i].InheritedScenarios) {
[Int[]] $ScenarioIndices = $SignerScenarioArray[$i].InheritedScenarios -split ','
$SignerScenarioArray[$i].InheritedScenarios = ($ScenarioIndices | ForEach-Object { $SignerScenarioArray[$_].ID }) -join ','
}
}
$SIPolicy.SigningScenarios = $SignerScenarioArray
}
# Maybe I could parse this out
$HVCIOptions = $BinaryReader.ReadUInt32()
if ($HVCIOptions) {
$SIPolicy.HvciOptions = $HVCIOptions
$SIPolicy.HvciOptionsSpecified = $True
} else {
$SIPolicy.HvciOptionsSpecified = $False
}
# To-do parse out "settings" values. I'd like to find
# out what these are but they're not documented anywhere.
$null = $BinaryReader.ReadUInt32()
} catch {
$BinaryReader.Close()
$MemoryStream.Close()
throw $_
return
}
$BinaryReader.Close()
$MemoryStream.Close()
$XmlOutputSuccess = $False
try {
$XmlTextWriter = New-Object -TypeName Xml.XmlTextWriter -ArgumentList $FullXmlPath, $null
$XmlTextWriter.Formatting = 'Indented'
$XmlSerializer = New-Object -TypeName Xml.Serialization.XmlSerializer -ArgumentList ([CodeIntegrity.SIPolicy])
$XmlSerializer.Serialize($XmlTextWriter, $SIPolicy)
$XmlTextWriter.Close()
$XmlOutputSuccess = $True
} catch {
throw $_
return
}
if ($XmlOutputSuccess) {
Get-Item -Path $FullXmlPath
}
}
function Get-CIBinaryPolicyCertificate {
<#
.SYNOPSIS
Extracts the signer information from a signed, binary code integrity policy.
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
.DESCRIPTION
Get-CIBinaryPolicyCertificate obtains signer information from a signed, binary code integrity policy. This function was developed as the result of Get-AuthenticodeSignature not supporting signed, binary code integrity policies. Signed policies are represented as PKCS#7 ASN.1 SignedData (szOID_RSA_signedData - 1.2.840.113549.1.7.2).
.PARAMETER BinaryFilePath
Specifies the path of a signed, binary code interity policy. Deployed binary policy files are located in %SystemRoot%\System32\CodeIntegrity\SIPolicy.p7b.
.EXAMPLE
Get-CIBinaryPolicyCertificate -BinaryFilePath C:\Windows\System32\CodeIntegrity\SIPolicy.p7b
.OUTPUTS
System.Security.Cryptography.X509Certificates.X509Certificate2
If the binary code integrity is signed, Get-CIBinaryPolicyCertificate will output a X509Certificate2 object.
#>
[CmdletBinding()]
[OutputType([System.Security.Cryptography.X509Certificates.X509Certificate2])]
param (
[Parameter(Position = 0, Mandatory)]
[String]
[ValidateScript({ [IO.File]::Exists((Resolve-Path $_).Path) })]
$BinaryFilePath
)
# Obtain the full path to the policy file if a relative path was provided.
$BinPath = Resolve-Path $BinaryFilePath
try {
New-Object -TypeName Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $BinPath
} catch {
throw "$BinPath is not a signed binary code integrity policy."
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment