16

I'm writing a function for an installer DLL to verify the Authenticode signature of EXE files already installed on the system.

The function needs to:

A) verify that the signature is valid.
B) verify that the signer is our organization.

Because this is in an installer, and because this needs to run on older Win2k installations, I don't want to rely on CAPICOM.dll, as it may not be on the target system.

The WinVerifyTrust API works great to solve (A).

I need to find a way to compare a known certificate (or properties therein) to the one that signed the EXE in question.

Brian Gillespie
  • 3,213
  • 5
  • 27
  • 37
  • +1... if anyone can come up with a library that'll do it even on a non-Windows platform I'll be happy. I'd like to be able to check an .EXE is Microsoft-signed from inside Linux. – bobince Nov 19 '08 at 13:12
  • 3
    @bobince, Mono has both the **signcode** and **chktrust** tools that works (if you install the required root certificates) on every platform that Mono supports (S390x if you like ;-) – poupou Oct 15 '11 at 20:36

2 Answers2

25

You should use CryptQueryObject.

This KB-article demonstrates the use: How To Get Information from Authenticode Signed Executables.

To the commenter that asked about how to do it without the Windows-APIs, I am not aware of any library that can do it, but the format is documented here: Windows Authenticode Portable Executable Signature Format

dee-see
  • 23,668
  • 5
  • 58
  • 91
Rasmus Faber
  • 48,631
  • 24
  • 141
  • 189
0

If the signature is valid, its certificate chain will contain your certificate. CertGetCertificateChain will get that chain.

MSalters
  • 173,980
  • 10
  • 155
  • 350
  • 1
    Do you mean that the WINTRUST_DATA structure contains the certificate? Or perhaps CertGetCertificateChain can be used on a file directly - I just can't figure out how. I must be missing something obvious. Thanks in advance for more details. – Brian Gillespie Nov 20 '08 at 23:38