What is "code signed" and how can I test it?
-
- Posts: 689
- Joined: Wed Jan 05, 2022 9:29 pm
What is "code signed" and how can I test it?
I searched for Topics and found none; so this is a first topic for "code signed"
I then searched in message text and topics and found 13 matches, none of which appeared to define "code signed", so ...
Please and thank you.
I suspect that "code signed" refers to a testable certificate of some kind that guarantees that I have downloaded, or even installed, a genuine copy of the Everything.exe and its attendant suite of EXEs and DLLs.
But how would someone with an existing installation test their existing EXEs and DLLS?
Thanks, Chris
I then searched in message text and topics and found 13 matches, none of which appeared to define "code signed", so ...
Please and thank you.
I suspect that "code signed" refers to a testable certificate of some kind that guarantees that I have downloaded, or even installed, a genuine copy of the Everything.exe and its attendant suite of EXEs and DLLs.
But how would someone with an existing installation test their existing EXEs and DLLS?
Thanks, Chris
Re: What is "code signed" and how can I test it?
Right-click the exe/dll and select Properties, then click the Digital Signatures tab.ChrisGreaves wrote: ↑Wed Feb 15, 2023 6:57 pm How would someone with an existing installation test their existing EXEs and DLLS?
-
- Posts: 689
- Joined: Wed Jan 05, 2022 9:29 pm
Re: What is "code signed" and how can I test it?
Thanks Raccoon.
I can see how to display data from a digital signature, but how would someone with an existing installation test their existing EXEs and DLLS?
From my humble (but perhaps scared, doubtful, apprehensive) position as a novice user, what does the yellow-circled data tell me?
As a very-slightly above novice, I have learned that SHA256 is a technique used to create a signature, and I see that SHA256 was used to create that signature. And that "voidtools" appears to have signed the Digital Signature.
But as a seasoned manipulator of binary data (a long time ago) I am thinking "I could hijack that display by making modification to that part of the EXE that shows "voidtools" and "SHA256" and "February-05-23 9:22:4(0?)" to Windows.
I see no value that would guarantee to you or to Void that the EXE had not been cobbled in some way?
I am missing something obvious, but that display is, to me, equivalent to someone telling me "Chris, The EXE is signed", without telling me how I would truly know that it was, or wasn't, bearing the original signature.
Thanks, Chris
Re: What is "code signed" and how can I test it?
When some code -- usually an .exe or .dll file -- is signed, it can no longer be tampered with without alarmbells going off. You will get an errormessage "This program doesn't run on this PC" or something alike.
Code signing adds some checksum to the program which is checked on startup of this program.
You need a code signing certificate to, well, sign your code. This is quite expensive ( $500 per year from memory)
This also requires some personal checks (can't find the right English term) before you get one.
The price will prevents simple script-kiddies from signing their code; "professional" malwarewriters can be easily traced back due to the personal information given.
This should make signed applications extra trustworthy.
One way to check:
- Right-click the executable
- Select Properties
- See if there is a Digital Signatures tab.
This will show who signed the code.
If there is no such tab, the code is unsigned.
Another way:
- Right-click the executable
- Select Run as administrator
- The UAC (User Account Contrl) dialog will pop up.
If the application is signed it will say Verified publisher = ...
If not, it will say Publisher unknown
An ever easier way is to check the background color of the UAC header:
If it is blue, it is signed; if it is orange, it is not.
BTW: Windows 11 messed up this colorscheme: Signed= non-descript grey; Unsigned=nondescript ... brown (?)
(Now you can select NO in the UAC dialog; no need to run the application elevated)
TIP:
A quick way to start a program "As administrator" in Everything 1.5 is by pressing 'CTRL + SHIFT + ENTER' on that file.
Code signing adds some checksum to the program which is checked on startup of this program.
You need a code signing certificate to, well, sign your code. This is quite expensive ( $500 per year from memory)
This also requires some personal checks (can't find the right English term) before you get one.
The price will prevents simple script-kiddies from signing their code; "professional" malwarewriters can be easily traced back due to the personal information given.
This should make signed applications extra trustworthy.
One way to check:
- Right-click the executable
- Select Properties
- See if there is a Digital Signatures tab.
This will show who signed the code.
If there is no such tab, the code is unsigned.
Another way:
- Right-click the executable
- Select Run as administrator
- The UAC (User Account Contrl) dialog will pop up.
If the application is signed it will say Verified publisher = ...
If not, it will say Publisher unknown
An ever easier way is to check the background color of the UAC header:
If it is blue, it is signed; if it is orange, it is not.
BTW: Windows 11 messed up this colorscheme: Signed= non-descript grey; Unsigned=nondescript ... brown (?)
(Now you can select NO in the UAC dialog; no need to run the application elevated)
TIP:
A quick way to start a program "As administrator" in Everything 1.5 is by pressing 'CTRL + SHIFT + ENTER' on that file.
Re: What is "code signed" and how can I test it?
I just created a "TamperedEverything.exe".
This exe no longer has the Digital Signatures tab under Properties. and was marked as "Publisher unknown" in the UAC dialog.
BTW: The actual error message you get is "This app can't run on your PC" I was close ...
This exe no longer has the Digital Signatures tab under Properties. and was marked as "Publisher unknown" in the UAC dialog.
BTW: The actual error message you get is "This app can't run on your PC" I was close ...
Re: What is "code signed" and how can I test it?
You can test the certificate by selecting it from the list, and click the Details button.ChrisGreaves wrote: ↑Wed Feb 15, 2023 7:46 pm Thanks Raccoon.
I can see how to display data from a digital signature, but how would someone with an existing installation test their existing EXEs and DLLS?
I see no value that would guarantee to you or to Void that the EXE had not been cobbled in some way?
It should say "This digital signature is OK" if valid.
You can further click View Certificate and it should tell you more information about the certificate IF it is valid.
If the certificate is invalid, it will say "The digital signature of the object did not verify."
Valid certificate of Everything64.exe
---
And an invalid certificate of Everything64.exe that I edited in a Hex Editor.
(I changed the text string "E&xit" to "Q&uit" at offset 0x3CC7D0 of 1336a)
-
- Posts: 689
- Joined: Wed Jan 05, 2022 9:29 pm
Re: What is "code signed" and how can I test it?
Thanks for this further information. I think the $500 would not deter a professionally malicious person, but I agree it might deter bored teenagers.
Not in my case, perhaps because I continue to limp along on this Win7 laptop.- Right-click the executable
- Select Run as administrator
- The UAC (User Account Contrl) dialog will pop up.
Now this tip is worth my subscription to Voidtools forum!TIP: A quick way to start a program "As administrator" in Everything 1.5 is by pressing 'CTRL + SHIFT + ENTER' on that file.
Cheers, Chris
-
- Posts: 689
- Joined: Wed Jan 05, 2022 9:29 pm
Re: What is "code signed" and how can I test it?
Thank you Raccoon.raccoon wrote: ↑Wed Feb 15, 2023 8:30 pmYou can test the certificate by selecting it from the list, and click the Details button.ChrisGreaves wrote: ↑Wed Feb 15, 2023 7:46 pm I see no value that would guarantee to you or to Void that the EXE had not been cobbled in some way?
I was fatigued and didn't see or think to follow that "Details" and "Advanced" trail. .
Now I see lots of data that I don't understand, but at least I can see that there is data there!
Thanks again.
Chris
Re: What is "code signed" and how can I test it?
BTW, this trick also works in Windows Explorer. Ctrl+Shift+Enter or Ctrl+Shift+DoubleClick to Run As Admin.ChrisGreaves wrote: ↑Thu Feb 16, 2023 2:40 pmNow this tip is worth my subscription to Voidtools forum!
Re: What is "code signed" and how can I test it?
Not here.
It is available in the Run box ('WIN + R') and on the taskbar.
It is available in the Run box ('WIN + R') and on the taskbar.
Re: What is "code signed" and how can I test it?
I expect you must have an AutoHotkey script or Other Commander program that's overriding this hotkey for you.