How to sign every ocx, dll and exe file

Question

I am using signtool to sign my files.

How to recursively search all the ocx, dll and exes in a folder and subfolder then sign them all using Command Prompt ? I want to sign only the ones developed by me and not the third party ones.

Answer 1

Try @echo off FOR /f "tokens=*" %%G IN ('dir /s *.dll *.ocx *.exe') DO ( echo %%G set A= "%%G" signtool sign /f "C:\Certificates\FakeCertificate.pfx" %A% )

Answer 2

The rub here is how to distinguish your binaries from third party binaries. You could create a whitelist or if you have consistently marked your binary fileversioninfo with your company name, you can take this approach:

Get-ChildItem *.* -r -inc *.dll,*.ocx,*.exe | 
    Where {($_ | Get-FileVersionInfo).CompanyName -match 'your-company-name'} | 
    Foreach {signtool sign <options> $_.Fullname}

Note: this approach uses a command (Get-FileVersionInfo) from the PowerShell Community Extensions which can be downloaded here.