DLL's - Signed or unsigned??

gracehopper · 13-02-2007 4:47pm #1

I have a cab file with about 40 odd dll's in it. does anyone know if there is a quick way to tell if they're signed or unsigned??

thanks,
Gracehopper

gracehopper · 14-02-2007 10:08am

anyone?

Martyr · 18-02-2007 7:53pm

hey gracehopper, just saw this post now..hope i'm not too late to reply.

you might want to look at ChkTrust.exe or signtool.exe for windows operating systems..not sure if they checks inside cab files, but..possibly the cab file is signed itself, check the .net framework SDK (link wouldn't work, check msdn.microsoft.com

i would like a program like this too for system forensics, looking for suspicious files on a system for example...any file that has Microsoft in its version strings, but isn't signed would be suspicious.
Process Explorer and Autoruns by sysinternals have this option, but i don't know of any programs that do it like.. say from the command line C:\IsSigned <DLL FILE HERE>

i'm sure you could do it with microsoft crypto api, if you can program a little?

this thread may help you with any code you write
another discussion about it here

sorry if i cant help any more than that at the moment.

DLL's - Signed or unsigned??

Comments