There is a program processhacker in it there is such a section. This section displays information about the process of whether there is a certificate or not. Access to this section gives regardless of rights (admin / non-admin). How would so on c # get this line with info about the certificate too ??? enter image description here

  • The processes do not have signatures and certificates, they have files - Vladimir Martyanov
  • @ Vladimir Martian ok I will know. How about checking the file signature? - XXX

1 answer 1

For the file, the easiest way is probably to connect the System.Management.Automation nuget package, and use the PowerShell command:

using System.Management.Automation; 
 static bool VerifyAuthenticodeSignature(string path) { string fullPath = Path.GetFullPath(path); if (!File.Exists(fullPath)) throw new FileNotFoundException("Cannot find target file", fullPath); using (var ps = PowerShell.Create()) { ps.AddCommand("Get-AuthenticodeSignature", true); ps.AddParameter("LiteralPath", fullPath); var results = ps.Invoke(); var signature = (Signature)results.Single().BaseObject; return (signature.Status == SignatureStatus.Valid); } }

(code borrowed here and revised).

To get the organization that signed the file, you can peek into the properties of the certificate.

 var issuer = signature.SignerCertificate.IssuerName; var properties = issuer.Format(multiLine: true) .Split(new[] {"\r\n" }, StringSplitOptions.RemoveEmptyEntries) .Select(line => line.Split(new[] {'=' }, 2)) .ToDictionary(parts => parts[0], parts => parts[1]); properties.TryGetValue("O", out var organization);

Unfortunately, I did not find the code that parses the X500DistinguishedName into an object structure, but it is possible that this bike seems to work. In my example, the organization issued the "Microsoft Corporation" .

For processes, you need to find the file from which the process was launched, and check it in the same way.

(However, I am not an expert on security issues, so I could be wrong.)

  • Thank. I will try - XXX
  • @SlivinburgskayaDich: Please! I would be glad if it helps. - VladD
  • one
    @SlivinburgskayaDich: nuget-package will connect the dll to your project, and it will be copied to the output directory, like other dependent DLLs. - VladD
  • one
    @SlivinburgskayaDich: Just right-click on the project, and select Manage NuGet packages from the menu ... - VladD
  • one
    That is, the nuget-package is not for the computer, it is for the project. Nuget is just a dependency manager, by the way. - VladD