Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Python script to find all Windows binaries with autoElevate=True (uses sigcheck obviously)
# Usage: C:\Windows\System32\
# Needs sigcheck.exe in path []
import sys
import os
import glob
import subprocess
if len(sys.argv) < 2:
print "Usage: <PATH>"
print "Ex: Usage: C:\\Windows\\System32\\"
d = sys.argv[1]
if not (d.endswith('\\')):
d = d+'\\'
exefiles = []
if os.path.isdir(d):
exefiles = glob.glob(d+'*.exe')
i = 0
for exe in exefiles:
p = subprocess.Popen(['sigcheck', '-nobanner','-m', exe],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
out, err = p.communicate()
if '<autoElevate>true</autoElevate>' in out:
print exe.strip()
i = i + 1
print "Found " + str(i) + " executables with autoElevate set to true!"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment