Reputation: 241
Programmatically verify signed dll's C++
I have a signed dll and want to verify its signature before I use it. my application is written by C++. How can I get programmatically the dll's signature?
Upvotes: 4
Views: 6979
Answers (3)
Reputation: 69632
One of the options is CAPICOM library, which is available as 32-bit redistributable from Microsoft. The verification code can be as simple as:
CComPtr<Capicom::ISignedCode> pSignedCode;
ATLENSURE_SUCCEEDED(pSignedCode.CoCreateInstance(__uuidof(Capicom::SignedCode)));
ATLENSURE_SUCCEEDED(pSignedCode->put_FileName(CComBSTR(pszPath)));
HRESULT nVerifyResult = pSignedCode->Verify(ATL_VARIANT_FALSE);
You can also easily obtain additional information such as signer, certificate etc.
If you don't feel like using CAPICOM, MSDN suggests alternate options to SignedCode class used in code snippet above.
Upvotes: 0
Reputation: 1854
MSDN recommended way is to run SignTool which is part of CryptoAPI -
SignTool returns command-line text that states the result of the signature check. Additionally, SignTool returns an exit code of zero for successful execution, one for failed execution, and two for execution that completed with warnings.
See Using SignTool to Verify a File Signature for details.
Upvotes: 0
Reputation: 8187
You can use WinVerifyTrust function.
Dlls and PE are almost same except for 2 to 3 bytes difference in there header.
A full code example is here (also applicable to dll).
Upvotes: 6
Related Questions
- Check if a DLL is signed C++
- File Signatures: How do I make sure that a Windows DLL isn't modified?
- How to check the integrity of a signed C# DLL?
- How to programmatically verify an assembly is signed with a specific Certificate?
- How to Verify a Digital Signature of a DLL in .NET
- What is the safest way to verify loaded DLLs have valid certificates?
- How to validate a signed DLL has been signed by me?
- How can I check the digital signature of an .exe or .dll in Perl?
- Sign a dll using cmd
- Checking digital signature programmatically