Skip to content

Instantly share code, notes, and snippets.

@Bak-Jin-Hyeong
Created November 26, 2019 23:59
Show Gist options
  • Save Bak-Jin-Hyeong/62464324f7bfe31532a334c6e4358c3e to your computer and use it in GitHub Desktop.
Save Bak-Jin-Hyeong/62464324f7bfe31532a334c6e4358c3e to your computer and use it in GitHub Desktop.
Verify digital signatures of executables or DLLs
function Get-RegistryValue
{
param
(
[parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] $Path,
[parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] $Value
)
if (Test-Path $Path)
{
try
{
$result = (Get-ItemProperty -Path $Path | Select-Object -ExpandProperty $Value -ErrorAction Stop)
return $result
}
catch
{
return $null
}
}
return $null;
}
function Get-SignToolPathFromDirectory
{
param
(
[parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] $Path
)
$archtexture = 'x64\\'
if (![Environment]::Is64BitProcess)
{
$archtexture = 'x86\\'
}
$found = Get-ChildItem -Path "$Path\bin" -R -Filter 'signtool.exe' | Where-Object { $_.FullName -cmatch $archtexture }
if ($found)
{
$found.FullName
}
return $null
}
function Get-SignToolPath-From-WindowsKit
{
$regKeyWow64 = "HKLM:SOFTWARE\WOW6432Node\Microsoft\Windows Kits\Installed Roots"
$regKeyNative = "HKLM:SOFTWARE\Microsoft\Windows Kits\Installed Roots"
$regKey = $null
if (Test-Path $regKeyWow64)
{
$regKey = $regKeyWow64
}
else
{
if (Test-Path $regKeyNative)
{
$regKey = $regKeyNative
}
}
if (!$regKey)
{
return $null
}
$kits = @("KitsRoot10", "KitsRoot81", "KitsRoot")
foreach ($kitValue in $kits)
{
$path = Get-RegistryValue -Path $regKey -Value $kitValue
if ($path)
{
$found = Get-SignToolPathFromDirectory -Path $path
if ($found)
{
return $found[0]
}
}
}
return $null
}
function global:Verify-DigitalSign()
{
param
(
[parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] $Path,
[parameter(Mandatory=$false)] [ValidateNotNullOrEmpty()] $SignTool
)
if (!$SignTool)
{
$SignTool = Get-SignToolPath-From-WindowsKit
}
$pinfo = New-Object System.Diagnostics.ProcessStartInfo
$pinfo.FileName = $SignTool
$pinfo.RedirectStandardError = $true
$pinfo.RedirectStandardOutput = $true
$pinfo.UseShellExecute = $false
$pinfo.Arguments = "verify /all /pa ""$Path"""
$p = New-Object System.Diagnostics.Process
$p.StartInfo = $pinfo
$p.Start() | Out-Null
$p.WaitForExit()
$stdout = $p.StandardOutput.ReadToEnd()
$stderr = $p.StandardError.ReadToEnd()
if ($p.ExitCode -eq 0)
{
# Must be dual-signed.
if ($stdout.Contains('sha1') -and $stdout.Contains('sha256'))
{
Write-Host $stdout
return $true
}
else
{
Write-Error $stdout
return $false
}
}
else
{
Write-Error $stdout
Write-Error $stderr
return $false
}
}
# $signtool = Get-SignToolPath-From-WindowsKit
# Verify-DigitalSign -Path '디지털사인 검즐할 실행파일이나 DLL'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment