vcsjones
diff --git a/‎AuthenticodeLint/AuthenticodeLint.csproj‎
Lines changed: 10 additions & 1 deletion b/‎AuthenticodeLint/AuthenticodeLint.csproj‎
Lines changed: 10 additions & 1 deletion
diff --git a/‎AuthenticodeLint/CheckEngine.cs‎
Lines changed: 7 additions & 5 deletions b/‎AuthenticodeLint/CheckEngine.cs‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎AuthenticodeLint/ConfigurationValidator.cs‎
Lines changed: 3 additions & 2 deletions b/‎AuthenticodeLint/ConfigurationValidator.cs‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎AuthenticodeLint/Graph.cs‎
Lines changed: 1 addition & 1 deletion b/‎AuthenticodeLint/Graph.cs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎AuthenticodeLint/Interop/Wintrust.cs‎
Lines changed: 110 additions & 0 deletions b/‎AuthenticodeLint/Interop/Wintrust.cs‎
Lines changed: 110 additions & 0 deletions
diff --git a/‎AuthenticodeLint/KnownGuids.cs‎
Lines changed: 9 additions & 0 deletions b/‎AuthenticodeLint/KnownGuids.cs‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎AuthenticodeLint/Program.cs‎
Lines changed: 33 additions & 11 deletions b/‎AuthenticodeLint/Program.cs‎
Lines changed: 33 additions & 11 deletions
diff --git a/‎AuthenticodeLint/PublisherInformation.cs‎
Lines changed: 4 additions & 4 deletions b/‎AuthenticodeLint/PublisherInformation.cs‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎AuthenticodeLint/Rfc3161Signature.cs‎
Lines changed: 2 additions & 1 deletion b/‎AuthenticodeLint/Rfc3161Signature.cs‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎AuthenticodeLint/Rules/IAuthenticodeRule.cs‎
Lines changed: 1 addition & 1 deletion b/‎AuthenticodeLint/Rules/IAuthenticodeRule.cs‎
Lines changed: 1 addition & 1 deletion
@@ -25,6 +25,7 @@
     <WarningLevel>4</WarningLevel>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <Prefer32Bit>false</Prefer32Bit>
+    <UseVSHostingProcess>true</UseVSHostingProcess>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
@@ -37,6 +38,9 @@
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
+  <PropertyGroup>
+    <ApplicationManifest>app.manifest</ApplicationManifest>
+  </PropertyGroup>
   <ItemGroup>
     <Reference Include="System" />
     <Reference Include="System.Core" />
@@ -56,7 +60,9 @@
     <Compile Include="Interop\Crypt32.cs" />
     <Compile Include="Interop\CryptMsgSafeHandle.cs" />
     <Compile Include="Interop\LocalBufferSafeHandle.cs" />
+    <Compile Include="Interop\Wintrust.cs" />
     <Compile Include="IRuleResultCollector.cs" />
+    <Compile Include="KnownGuids.cs" />
     <Compile Include="KnownOids.cs" />
     <Compile Include="PublisherInformation.cs" />
     <Compile Include="Rfc3161Signature.cs" />
@@ -71,6 +77,7 @@
     <Compile Include="Rules\Sha2SignatureExistsRule.cs" />
     <Compile Include="Rules\SigningCertificateDigestAlgorithmRule.cs" />
     <Compile Include="Rules\TimestampedRule.cs" />
+    <Compile Include="Rules\TrustedSignatureRule.cs" />
     <Compile Include="Signature.cs" />
     <Compile Include="SignatureExtractor.cs" />
     <Compile Include="Graph.cs" />
@@ -79,7 +86,9 @@
     <Compile Include="VerboseSignatureTextWriter.cs" />
     <Compile Include="XmlRuleResultCollector.cs" />
   </ItemGroup>
-  <ItemGroup />
+  <ItemGroup>
+    <None Include="app.manifest" />
+  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
 
@@ -22,20 +22,22 @@ public IReadOnlyList<IAuthenticodeRule> GetRules()
                 new TimestampedRule(),
                 new PublisherInformationPresentRule(),
                 new PublisherInformationUrlHttpsRule(),
-                new SigningCertificateDigestAlgorithmRule()
+                new SigningCertificateDigestAlgorithmRule(),
+                new TrustedSignatureRule()
             };
         }
 
-        public RuleEngineResult RunAllRules(string file, Graph<Signature> signatures, List<IRuleResultCollector> collectors, HashSet<int> suppressedRuleIDs, bool verbose)
+        public RuleEngineResult RunAllRules(string file, Graph<Signature> signatures, List<IRuleResultCollector> collectors, CheckConfiguration configuration)
         {
-
+            var verbose = configuration.Verbose;
+            var suppressedRuleIDs = configuration.SuppressErrorIDs;
             var rules = GetRules();
             var engineResult = RuleEngineResult.AllPass;
             collectors.ForEach(c => c.BeginSet(file));
             foreach(var rule in rules)
             {
                 RuleResult result;
-                var verboseWriter = verbose ? new VerboseSignatureLogger() : SignatureLoggerBase.Null;
+                var verboseWriter = verbose ? new VerboseSignatureLogger() : SignatureLogger.Null;
                 if (signatures.Items.Count == 0)
                 {
                     result = RuleResult.Fail;
@@ -49,7 +51,7 @@ public RuleEngineResult RunAllRules(string file, Graph<Signature> signatures, Li
                     }
                     else
                     {
-                        result = rule.Validate(signatures, verboseWriter);
+                        result = rule.Validate(signatures, verboseWriter, configuration, file);
                     }
                 }
                 if (result != RuleResult.Pass)
 
@@ -10,16 +10,17 @@ public class CheckConfiguration
         public string ReportPath { get; }
         public bool Quiet { get; }
         public HashSet<int> SuppressErrorIDs { get; }
-
         public bool Verbose { get; }
+        public RevocationChecking RevocationMode {get;}
 
-        public CheckConfiguration(IReadOnlyList<string> inputPaths, string reportPath, bool quiet, HashSet<int> suppressErrorIDs, bool verbose)
+        public CheckConfiguration(IReadOnlyList<string> inputPaths, string reportPath, bool quiet, HashSet<int> suppressErrorIDs, bool verbose, RevocationChecking revocationMode)
         {
             InputPaths = inputPaths;
             ReportPath = reportPath;
             Quiet = quiet;
             SuppressErrorIDs = suppressErrorIDs;
             Verbose = verbose;
+            RevocationMode = revocationMode;
         }
     }
 
 
@@ -11,7 +11,7 @@ public Graph(IReadOnlyCollection<GraphItem<T>> items)
             Items = items;
         }
 
-        public static Graph<T> Empty { get; } = new Graph<T>(new List<GraphItem<T>>());
+        public static Graph<T> Empty { get; } = new Graph<T>(System.Array.Empty<GraphItem<T>>());
 
         public IEnumerable<T> VisitAll()
         {
 
@@ -0,0 +1,110 @@
+using System;
+using System.Runtime.InteropServices;
+
+namespace AuthenticodeLint.Interop
+{
+    internal static class Wintrust
+    {
+        [method: DllImport("wintrust.dll", EntryPoint = "WinVerifyTrustEx", CallingConvention = CallingConvention.Winapi, SetLastError = false)]
+        [return: MarshalAs(UnmanagedType.I4)]
+        public static extern unsafe int WinVerifyTrustEx
+            (
+                [param: In, MarshalAs(UnmanagedType.SysInt)] IntPtr hwnd,
+                [param: In, MarshalAs(UnmanagedType.LPStruct)] Guid pgActionID,
+                [param: In] WINTRUST_DATA* pWVTData
+            );
+    }
+
+    [type: StructLayout(LayoutKind.Sequential)]
+    internal struct WINTRUST_DATA
+    {
+        public uint cbStruct;
+        public IntPtr pPolicyCallbackData;
+        public IntPtr pSIPClientData;
+        public WinTrustDataUIChoice dwUIChoice;
+        public WinTrustRevocationChecks fdwRevocationChecks;
+        public WinTrustUnionChoice dwUnionChoice;
+        public WINTRUST_DATA_UNION trustUnion;
+        public WinTrustStateAction dwStateAction;
+        public IntPtr hWVTStateData;
+        public IntPtr pwszURLReference;
+        public WinTrustProviderFlags dwProvFlags;
+        public WinTrustUIContext dwUIContext;
+        public IntPtr pSignatureSettings;
+    }
+
+    [type: StructLayout(LayoutKind.Explicit)]
+    internal unsafe struct WINTRUST_DATA_UNION
+    {
+        [field: FieldOffset(0)]
+        public WINTRUST_FILE_INFO* pFile;
+    }
+
+    [type: StructLayout(LayoutKind.Sequential)]
+    internal struct WINTRUST_FILE_INFO
+    {
+        public uint cbStruct;
+        public IntPtr pcwszFilePath;
+        public IntPtr hFile;
+        public IntPtr pgKnownSubject;
+    }
+
+
+    internal enum WinTrustDataUIChoice : uint
+    {
+        WTD_UI_ALL = 1,
+        WTD_UI_NONE = 2,
+        WTD_UI_NOBAD = 3,
+        WTD_UI_NOGOOD = 4,
+    }
+
+    internal enum WinTrustRevocationChecks : uint
+    {
+        WTD_REVOKE_NONE = 0,
+        WTD_REVOKE_WHOLECHAIN = 1
+    }
+
+    internal enum WinTrustUnionChoice : uint
+    {
+        WTD_CHOICE_FILE = 1,
+        WTD_CHOICE_CATALOG = 2,
+        WTD_CHOICE_BLOB = 3,
+        WTD_CHOICE_SIGNER = 4,
+        WTD_CHOICE_CERT = 5
+    }
+
+    internal enum WinTrustStateAction : uint
+    {
+        WTD_STATEACTION_IGNORE = 0x00000000,
+        WTD_STATEACTION_VERIFY = 0x00000001,
+        WTD_STATEACTION_CLOSE = 0x00000002,
+        WTD_STATEACTION_AUTO_CACHE = 0x00000003,
+        WTD_STATEACTION_AUTO_CACHE_FLUSH = 0x00000004,
+    }
+
+    [type: Flags]
+    internal enum WinTrustProviderFlags : uint
+    {
+        NONE = 0,
+        WTD_USE_IE4_TRUST_FLAG = 0x00000001,
+        WTD_NO_IE4_CHAIN_FLAG = 0x00000002,
+        WTD_NO_POLICY_USAGE_FLAG = 0x00000004,
+        WTD_REVOCATION_CHECK_NONE = 0x00000010,
+        WTD_REVOCATION_CHECK_END_CERT = 0x00000020,
+        WTD_REVOCATION_CHECK_CHAIN = 0x00000040,
+        WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = 0x00000080,
+        WTD_SAFER_FLAG = 0x00000100,
+        WTD_HASH_ONLY_FLAG = 0x00000200,
+        WTD_USE_DEFAULT_OSVER_CHECK = 0x00000400,
+        WTD_LIFETIME_SIGNING_FLAG = 0x00000800,
+        WTD_CACHE_ONLY_URL_RETRIEVAL = 0x00001000,
+        WTD_DISABLE_MD2_MD4 = 0x00002000,
+        WTD_MOTW = 0x00004000,
+    }
+
+    internal enum WinTrustUIContext : uint
+    {
+        WTD_UICONTEXT_EXECUTE = 0,
+        WTD_UICONTEXT_INSTALL = 1,
+    }
+}
@@ -0,0 +1,9 @@
+using System;
+
+namespace AuthenticodeLint
+{
+    internal static class KnownGuids
+    {
+        public static Guid WINTRUST_ACTION_GENERIC_VERIFY_V2 { get; } = new Guid(0xaac56b, unchecked((short)0xcd44), 0x11d0, new byte[] { 0x8c, 0xc2, 0x0, 0xc0, 0x4f, 0xc2, 0x95, 0xee });
+    }
+}
@@ -24,6 +24,7 @@ static int Main(string[] args)
             bool quiet = false;
             bool verbose = false;
             string report = null;
+            var revocation = RevocationChecking.None;
             foreach(var parameter in parsedCommandLine)
             {
                 if (parameter.Name == "in")
@@ -74,7 +75,7 @@ static int Main(string[] args)
                 {
                     if (!string.IsNullOrWhiteSpace(parameter.Value))
                     {
-                        Console.Error.WriteLine($"-{parameter.Value} does not expect a value.");
+                        Console.Error.WriteLine($"-{parameter.Name} does not expect a value.");
                         return ExitCodes.InvalidInputOrConfig;
                     }
                     quiet = true;
@@ -83,7 +84,7 @@ static int Main(string[] args)
                 {
                     if (!string.IsNullOrWhiteSpace(parameter.Value))
                     {
-                        Console.Error.WriteLine($"-{parameter.Value} does not expect a value.");
+                        Console.Error.WriteLine($"-{parameter.Name} does not expect a value.");
                         return ExitCodes.InvalidInputOrConfig;
                     }
                     verbose = true;
@@ -92,6 +93,19 @@ static int Main(string[] args)
                 {
                     report = parameter.Value;
                 }
+                else if (parameter.Name == "revocation")
+                {
+                    if (string.IsNullOrWhiteSpace(parameter.Value))
+                    {
+                        Console.Error.WriteLine($"-{parameter.Name} requires a value if specified.");
+                        return ExitCodes.InvalidInputOrConfig;
+                    }
+                    if (!Enum.TryParse(parameter.Value, true, out revocation))
+                    {
+                        Console.Error.WriteLine($"-{parameter.Value} is an unrecognized revocation mode.");
+                        return ExitCodes.InvalidInputOrConfig;
+                    }
+                }
                 else
                 {
                     Console.Error.WriteLine($"-{parameter.Name} is an unknown parameter.");
@@ -103,7 +117,7 @@ static int Main(string[] args)
                 Console.Error.WriteLine("Input is expected. See -help for usage.");
                 return ExitCodes.InvalidInputOrConfig;
             }
-            var configuration = new CheckConfiguration(inputs, report, quiet, suppress, verbose);
+            var configuration = new CheckConfiguration(inputs, report, quiet, suppress, verbose, revocation);
 
             if (!ConfigurationValidator.ValidateAndPrint(configuration, Console.Error))
             {
@@ -123,7 +137,7 @@ static int Main(string[] args)
             foreach (var file in inputs)
             {
                 var signatures = extractor.Extract(file);
-                if (CheckEngine.Instance.RunAllRules(file, signatures, collectors, suppress, verbose) != RuleEngineResult.AllPass)
+                if (CheckEngine.Instance.RunAllRules(file, signatures, collectors, configuration) != RuleEngineResult.AllPass)
                 {
                     result = ExitCodes.ChecksFailed;
                 }
@@ -138,21 +152,22 @@ static void ShowHelp()
         {
             Console.Out.WriteLine(@"Authenticode Linter
 
-Checks the authenticode signature of your binaries.
+Checks the Authenticode signature of your binaries.
 
 Usage: authlint.exe -in ""C:\path to an\executable.exe""
 
-    -in:        A path to an executable, DLL, or MSI to lint. Can be specified multiple times. Supports wildcards. Required.
-    -suppress:  A comma separated list of error IDs to ignore. All checks are run if omitted. Optional.
-    -q|quiet:   Run quietly and do not print anything to the output. Optional.
-    -report:    A path to produce an XML file as a report. Optional.
-    -verbose:   Show verbose output.
+    -in:            A path to an executable, DLL, or MSI to lint. Can be specified multiple times. Supports wildcards. Required.
+    -suppress:      A comma separated list of error IDs to ignore. All checks are run if omitted. Optional.
+    -q|quiet:       Run quietly and do not print anything to the output. Optional.
+    -report:        A path to produce an XML file as a report. Optional.
+    -verbose:       Show verbose output. Cannot be combined with -quiet.
+    -revocation:    Specify how revocation checking is done. Valid values are none, offline, online. None is the default.
 
 Exit codes:
 
     0:      All checks passed for all inputs, excluding any that were suppressed.
     1:      Invalid input or configuration was specified.
-    2:      One or more checks failed, or the file is not authenticode signed.
+    2:      One or more checks failed, or the file is not Authenticode signed.
 ");
         }
     }
@@ -164,4 +179,11 @@ internal static class ExitCodes
         public static int ChecksFailed { get; } = 2;
         public static int UnknownResults { get; } = 0xFF;
     }
+
+    public enum RevocationChecking
+    {
+        None,
+        Offline,
+        Online
+    }
 }
@@ -35,14 +35,14 @@ public PublisherInformation(AsnEncodedData data)
                     Description = info.pwszProgramName;
                     if (info.pMoreInfo != null)
                     {
-                        var moreInfo = *info.pMoreInfo;
-                        switch(moreInfo.dwLinkChoice)
+                        var moreInfo = info.pMoreInfo;
+                        switch(moreInfo->dwLinkChoice)
                         {
                             case SpcLinkChoice.SPC_URL_LINK_CHOICE:
-                                UrlLink = Marshal.PtrToStringUni(moreInfo.linkUnion.pwszUrl);
+                                UrlLink = Marshal.PtrToStringUni(moreInfo->linkUnion.pwszUrl);
                                 break;
                             case SpcLinkChoice.SPC_FILE_LINK_CHOICE:
-                                FileLink = Marshal.PtrToStringUni(moreInfo.linkUnion.pwszFile);
+                                FileLink = Marshal.PtrToStringUni(moreInfo->linkUnion.pwszFile);
                                 break;
                         }
                     }
 
@@ -10,6 +10,7 @@ public abstract class SignatureBase : IDisposable
     {
         internal CMSG_SIGNER_INFO _signerInfo;
 
+
         protected SignatureBase(AsnEncodedData data)
         {
 
@@ -61,7 +62,7 @@ public unsafe AuthenticodeSignature(AsnEncodedData data) : base(data)
                 }
                 else
                 {
-                    throw new InvalidOperationException("Failed to read authenticode signature");
+                    throw new InvalidOperationException("Failed to read Authenticode signature");
                 }
             }
         }
 
@@ -5,6 +5,6 @@ public interface IAuthenticodeRule
         int RuleId { get; }
         string ShortDescription { get; }
         string RuleName { get; }
-        RuleResult Validate(Graph<Signature> graph, SignatureLoggerBase verboseWriter);
+        RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file);
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -22,20 +22,22 @@ public IReadOnlyList<IAuthenticodeRule> GetRules()`
`22`	`22`	`new TimestampedRule(),`
`23`	`23`	`new PublisherInformationPresentRule(),`
`24`	`24`	`new PublisherInformationUrlHttpsRule(),`
`25`		`- new SigningCertificateDigestAlgorithmRule()`
	`25`	`+ new SigningCertificateDigestAlgorithmRule(),`
	`26`	`+ new TrustedSignatureRule()`
`26`	`27`	`};`
`27`	`28`	`}`
`28`	`29`
`29`		`- public RuleEngineResult RunAllRules(string file, Graph<Signature> signatures, List<IRuleResultCollector> collectors, HashSet<int> suppressedRuleIDs, bool verbose)`
	`30`	`+ public RuleEngineResult RunAllRules(string file, Graph<Signature> signatures, List<IRuleResultCollector> collectors, CheckConfiguration configuration)`
`30`	`31`	`{`
`31`		`-`
	`32`	`+ var verbose = configuration.Verbose;`
	`33`	`+ var suppressedRuleIDs = configuration.SuppressErrorIDs;`
`32`	`34`	`var rules = GetRules();`
`33`	`35`	`var engineResult = RuleEngineResult.AllPass;`
`34`	`36`	`collectors.ForEach(c => c.BeginSet(file));`
`35`	`37`	`foreach(var rule in rules)`
`36`	`38`	`{`
`37`	`39`	`RuleResult result;`
`38`		`- var verboseWriter = verbose ? new VerboseSignatureLogger() : SignatureLoggerBase.Null;`
	`40`	`+ var verboseWriter = verbose ? new VerboseSignatureLogger() : SignatureLogger.Null;`
`39`	`41`	`if (signatures.Items.Count == 0)`
`40`	`42`	`{`
`41`	`43`	`result = RuleResult.Fail;`
`@@ -49,7 +51,7 @@ public RuleEngineResult RunAllRules(string file, Graph<Signature> signatures, Li`
`49`	`51`	`}`
`50`	`52`	`else`
`51`	`53`	`{`
`52`		`- result = rule.Validate(signatures, verboseWriter);`
	`54`	`+ result = rule.Validate(signatures, verboseWriter, configuration, file);`
`53`	`55`	`}`
`54`	`56`	`}`
`55`	`57`	`if (result != RuleResult.Pass)`
Original file line number	Diff line number	Diff line change
`@@ -10,16 +10,17 @@ public class CheckConfiguration`
`10`	`10`	`public string ReportPath { get; }`
`11`	`11`	`public bool Quiet { get; }`
`12`	`12`	`public HashSet<int> SuppressErrorIDs { get; }`
`13`		`-`
`14`	`13`	`public bool Verbose { get; }`
	`14`	`+ public RevocationChecking RevocationMode {get;}`
`15`	`15`
`16`		`- public CheckConfiguration(IReadOnlyList<string> inputPaths, string reportPath, bool quiet, HashSet<int> suppressErrorIDs, bool verbose)`
	`16`	`+ public CheckConfiguration(IReadOnlyList<string> inputPaths, string reportPath, bool quiet, HashSet<int> suppressErrorIDs, bool verbose, RevocationChecking revocationMode)`
`17`	`17`	`{`
`18`	`18`	`InputPaths = inputPaths;`
`19`	`19`	`ReportPath = reportPath;`
`20`	`20`	`Quiet = quiet;`
`21`	`21`	`SuppressErrorIDs = suppressErrorIDs;`
`22`	`22`	`Verbose = verbose;`
	`23`	`+ RevocationMode = revocationMode;`
`23`	`24`	`}`
`24`	`25`	`}`
`25`	`26`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ public Graph(IReadOnlyCollection<GraphItem<T>> items)`
`11`	`11`	`Items = items;`
`12`	`12`	`}`
`13`	`13`
`14`		`- public static Graph<T> Empty { get; } = new Graph<T>(new List<GraphItem<T>>());`
	`14`	`+ public static Graph<T> Empty { get; } = new Graph<T>(System.Array.Empty<GraphItem<T>>());`
`15`	`15`
`16`	`16`	`public IEnumerable<T> VisitAll()`
`17`	`17`	`{`
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ static int Main(string[] args)`
`24`	`24`	`bool quiet = false;`
`25`	`25`	`bool verbose = false;`
`26`	`26`	`string report = null;`
	`27`	`+ var revocation = RevocationChecking.None;`
`27`	`28`	`foreach(var parameter in parsedCommandLine)`
`28`	`29`	`{`
`29`	`30`	`if (parameter.Name == "in")`
`@@ -74,7 +75,7 @@ static int Main(string[] args)`
`74`	`75`	`{`
`75`	`76`	`if (!string.IsNullOrWhiteSpace(parameter.Value))`
`76`	`77`	`{`
`77`		`- Console.Error.WriteLine($"-{parameter.Value} does not expect a value.");`
	`78`	`+ Console.Error.WriteLine($"-{parameter.Name} does not expect a value.");`
`78`	`79`	`return ExitCodes.InvalidInputOrConfig;`
`79`	`80`	`}`
`80`	`81`	`quiet = true;`
`@@ -83,7 +84,7 @@ static int Main(string[] args)`
`83`	`84`	`{`
`84`	`85`	`if (!string.IsNullOrWhiteSpace(parameter.Value))`
`85`	`86`	`{`
`86`		`- Console.Error.WriteLine($"-{parameter.Value} does not expect a value.");`
	`87`	`+ Console.Error.WriteLine($"-{parameter.Name} does not expect a value.");`
`87`	`88`	`return ExitCodes.InvalidInputOrConfig;`
`88`	`89`	`}`
`89`	`90`	`verbose = true;`
`@@ -92,6 +93,19 @@ static int Main(string[] args)`
`92`	`93`	`{`
`93`	`94`	`report = parameter.Value;`
`94`	`95`	`}`
	`96`	`+ else if (parameter.Name == "revocation")`
	`97`	`+ {`
	`98`	`+ if (string.IsNullOrWhiteSpace(parameter.Value))`
	`99`	`+ {`
	`100`	`+ Console.Error.WriteLine($"-{parameter.Name} requires a value if specified.");`
	`101`	`+ return ExitCodes.InvalidInputOrConfig;`
	`102`	`+ }`
	`103`	`+ if (!Enum.TryParse(parameter.Value, true, out revocation))`
	`104`	`+ {`
	`105`	`+ Console.Error.WriteLine($"-{parameter.Value} is an unrecognized revocation mode.");`
	`106`	`+ return ExitCodes.InvalidInputOrConfig;`
	`107`	`+ }`
	`108`	`+ }`
`95`	`109`	`else`
`96`	`110`	`{`
`97`	`111`	`Console.Error.WriteLine($"-{parameter.Name} is an unknown parameter.");`
`@@ -103,7 +117,7 @@ static int Main(string[] args)`
`103`	`117`	`Console.Error.WriteLine("Input is expected. See -help for usage.");`
`104`	`118`	`return ExitCodes.InvalidInputOrConfig;`
`105`	`119`	`}`
`106`		`- var configuration = new CheckConfiguration(inputs, report, quiet, suppress, verbose);`
	`120`	`+ var configuration = new CheckConfiguration(inputs, report, quiet, suppress, verbose, revocation);`
`107`	`121`
`108`	`122`	`if (!ConfigurationValidator.ValidateAndPrint(configuration, Console.Error))`
`109`	`123`	`{`
`@@ -123,7 +137,7 @@ static int Main(string[] args)`
`123`	`137`	`foreach (var file in inputs)`
`124`	`138`	`{`
`125`	`139`	`var signatures = extractor.Extract(file);`
`126`		`- if (CheckEngine.Instance.RunAllRules(file, signatures, collectors, suppress, verbose) != RuleEngineResult.AllPass)`
	`140`	`+ if (CheckEngine.Instance.RunAllRules(file, signatures, collectors, configuration) != RuleEngineResult.AllPass)`
`127`	`141`	`{`
`128`	`142`	`result = ExitCodes.ChecksFailed;`
`129`	`143`	`}`
`@@ -138,21 +152,22 @@ static void ShowHelp()`
`138`	`152`	`{`
`139`	`153`	`Console.Out.WriteLine(@"Authenticode Linter`
`140`	`154`
`141`		`-Checks the authenticode signature of your binaries.`
	`155`	`+Checks the Authenticode signature of your binaries.`
`142`	`156`
`143`	`157`	`Usage: authlint.exe -in ""C:\path to an\executable.exe""`
`144`	`158`
`145`		`- -in: A path to an executable, DLL, or MSI to lint. Can be specified multiple times. Supports wildcards. Required.`
`146`		`- -suppress: A comma separated list of error IDs to ignore. All checks are run if omitted. Optional.`
`147`		`- -q\|quiet: Run quietly and do not print anything to the output. Optional.`
`148`		`- -report: A path to produce an XML file as a report. Optional.`
`149`		`- -verbose: Show verbose output.`
	`159`	`+ -in: A path to an executable, DLL, or MSI to lint. Can be specified multiple times. Supports wildcards. Required.`
	`160`	`+ -suppress: A comma separated list of error IDs to ignore. All checks are run if omitted. Optional.`
	`161`	`+ -q\|quiet: Run quietly and do not print anything to the output. Optional.`
	`162`	`+ -report: A path to produce an XML file as a report. Optional.`
	`163`	`+ -verbose: Show verbose output. Cannot be combined with -quiet.`
	`164`	`+ -revocation: Specify how revocation checking is done. Valid values are none, offline, online. None is the default.`
`150`	`165`
`151`	`166`	`Exit codes:`
`152`	`167`
`153`	`168`	`0: All checks passed for all inputs, excluding any that were suppressed.`
`154`	`169`	`1: Invalid input or configuration was specified.`
`155`		`- 2: One or more checks failed, or the file is not authenticode signed.`
	`170`	`+ 2: One or more checks failed, or the file is not Authenticode signed.`
`156`	`171`	`");`
`157`	`172`	`}`
`158`	`173`	`}`
`@@ -164,4 +179,11 @@ internal static class ExitCodes`
`164`	`179`	`public static int ChecksFailed { get; } = 2;`
`165`	`180`	`public static int UnknownResults { get; } = 0xFF;`
`166`	`181`	`}`
	`182`	`+`
	`183`	`+ public enum RevocationChecking`
	`184`	`+ {`
	`185`	`+ None,`
	`186`	`+ Offline,`
	`187`	`+ Online`
	`188`	`+ }`
`167`	`189`	`}`
Original file line number	Diff line number	Diff line change
`@@ -35,14 +35,14 @@ public PublisherInformation(AsnEncodedData data)`
`35`	`35`	`Description = info.pwszProgramName;`
`36`	`36`	`if (info.pMoreInfo != null)`
`37`	`37`	`{`
`38`		`- var moreInfo = *info.pMoreInfo;`
`39`		`- switch(moreInfo.dwLinkChoice)`
	`38`	`+ var moreInfo = info.pMoreInfo;`
	`39`	`+ switch(moreInfo->dwLinkChoice)`
`40`	`40`	`{`
`41`	`41`	`case SpcLinkChoice.SPC_URL_LINK_CHOICE:`
`42`		`- UrlLink = Marshal.PtrToStringUni(moreInfo.linkUnion.pwszUrl);`
	`42`	`+ UrlLink = Marshal.PtrToStringUni(moreInfo->linkUnion.pwszUrl);`
`43`	`43`	`break;`
`44`	`44`	`case SpcLinkChoice.SPC_FILE_LINK_CHOICE:`
`45`		`- FileLink = Marshal.PtrToStringUni(moreInfo.linkUnion.pwszFile);`
	`45`	`+ FileLink = Marshal.PtrToStringUni(moreInfo->linkUnion.pwszFile);`
`46`	`46`	`break;`
`47`	`47`	`}`
`48`	`48`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ public abstract class SignatureBase : IDisposable`
`10`	`10`	`{`
`11`	`11`	`internal CMSG_SIGNER_INFO _signerInfo;`
`12`	`12`
	`13`	`+`
`13`	`14`	`protected SignatureBase(AsnEncodedData data)`
`14`	`15`	`{`
`15`	`16`
`@@ -61,7 +62,7 @@ public unsafe AuthenticodeSignature(AsnEncodedData data) : base(data)`
`61`	`62`	`}`
`62`	`63`	`else`
`63`	`64`	`{`
`64`		`- throw new InvalidOperationException("Failed to read authenticode signature");`
	`65`	`+ throw new InvalidOperationException("Failed to read Authenticode signature");`
`65`	`66`	`}`
`66`	`67`	`}`
`67`	`68`	`}`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,6 @@ public interface IAuthenticodeRule`
`5`	`5`	`int RuleId { get; }`
`6`	`6`	`string ShortDescription { get; }`
`7`	`7`	`string RuleName { get; }`
`8`		`- RuleResult Validate(Graph<Signature> graph, SignatureLoggerBase verboseWriter);`
	`8`	`+ RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file);`
`9`	`9`	`}`
`10`	`10`	`}`