Verify whether an executable is signed or not (signtool used to sign that exe)
-
30-09-2019 - |
Question
In my application I need to verify whether it's signed or not. If it's signed continue the execution and exit the application if not. The signtool will be used to sign the application. Is there any C# code to do that?
Solution
Here is a utility method that does it:
var signed = IsSigned(@"c:\windows\explorer.exe");
...
public static bool IsSigned(string filePath)
{
if (filePath == null)
throw new ArgumentNullException(nameof(filePath));
var file = new WINTRUST_FILE_INFO();
file.cbStruct = Marshal.SizeOf(typeof(WINTRUST_FILE_INFO));
file.pcwszFilePath = filePath;
var data = new WINTRUST_DATA();
data.cbStruct = Marshal.SizeOf(typeof(WINTRUST_DATA));
data.dwUIChoice = WTD_UI_NONE;
data.dwUnionChoice = WTD_CHOICE_FILE;
data.fdwRevocationChecks = WTD_REVOKE_NONE;
data.pFile = Marshal.AllocHGlobal(file.cbStruct);
Marshal.StructureToPtr(file, data.pFile, false);
int hr;
try
{
hr = WinVerifyTrust(INVALID_HANDLE_VALUE, WINTRUST_ACTION_GENERIC_VERIFY_V2, ref data);
}
finally
{
Marshal.FreeHGlobal(data.pFile);
}
return hr == 0;
}
[StructLayoutAttribute(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
private struct WINTRUST_FILE_INFO
{
public int cbStruct;
public string pcwszFilePath;
public IntPtr hFile;
public IntPtr pgKnownSubject;
}
[StructLayoutAttribute(LayoutKind.Sequential)]
private struct WINTRUST_DATA
{
public int cbStruct;
public IntPtr pPolicyCallbackData;
public IntPtr pSIPClientData;
public int dwUIChoice;
public int fdwRevocationChecks;
public int dwUnionChoice;
public IntPtr pFile;
public int dwStateAction;
public IntPtr hWVTStateData;
public IntPtr pwszURLReference;
public int dwProvFlags;
public int dwUIContext;
public IntPtr pSignatureSettings;
}
private const int WTD_UI_NONE = 2;
private const int WTD_REVOKE_NONE = 0;
private const int WTD_CHOICE_FILE = 1;
private static readonly IntPtr INVALID_HANDLE_VALUE = new IntPtr(-1);
private static readonly Guid WINTRUST_ACTION_GENERIC_VERIFY_V2 = new Guid("{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}");
[DllImport("wintrust.dll")]
private static extern int WinVerifyTrust(IntPtr hwnd, [MarshalAs(UnmanagedType.LPStruct)] Guid pgActionID, ref WINTRUST_DATA pWVTData);
OTHER TIPS
private bool IsAssemblySigned()
{
var assembly = Assembly.GetAssembly(GetType());
var assemblyName = assembly.GetName();
var key = assemblyName.GetPublicKey();
return key.Length > 0;
}
I would suggest you use the 'CryptUIWizDigitalSign' API. This link can be used as a reference.
Try
Dim objCertificate As New Security.Cryptography.X509Certificates.X509Certificate2(Security.Cryptography.X509Certificates.X509Certificate.CreateFromSignedFile(strFile))
Return True
Catch ex As Exception
Return False
End Try
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow