Signtool and Get-AuthenticodeSignature
October 9, 2007
In my previous post on checking how much signed code is on your machine I used signtool.exe to verify if a file was signed. Powershell has a built in cmdlet called Get-AuthenticodeSignature for doing just this. So why did I use signtool?
Lets try a little test on good old notepad.exe
With Signtool.exe we get:
signtool verify /pa /a c:\windows\notepad.exe
Successfully verified: c:\windows\notepad.exe
and with Get-AuthenticodeSignature we get:
(Get-AuthenticodeSignature c:\windows\notepad.exe).Status
NotSigned
So signtool thinks its signed and Get-AuthenticodeSignature doesn’t. Notepad is signed but in a slightly different way to other files. OS files in Windows use catalog files to store their digital signatures. Signtool can be made to check these catalog files, which gives us a more accurate result when we are checking the amount of signed code on a system.
Is it signed?
October 4, 2007
Code signing is a great technology. Every software developer should be signing the code they produce. But how much of the code on your system is actually signed? Time for a little Powershell script to find out.
The easiest way to check a digital signature is with signtool.exe
$env:PATH = $env:PATH + ";C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin"
$startloc = "c:\windows"
set-location $startloc
$res = 0 $tot = 0
get-childitem -recurse | where {$_.Extension -match "exe"} | foreach-object { signtool verify /pa /a /q $_.FullName if($LastExitCode -eq 0) { $res = $res + 1 write-host -foregroundcolor:green $_.FullName } else { write-host -foregroundcolor:red $_.FullName } $tot = $tot + 1 }
$pc = ($res / $tot) * 100.0
write-Host "Results" write-Host "Signed: " $res write-Host "Total: " $tot write-Host "Percentage Signed: " $pc
Running over the windows directory gives 90%, showing that virtually all the Windows system files are signed. Running over C:\Program Files gives a less impressive 13% on my machine.
Powershell as a Calculator
September 25, 2007
I loose count of the number of times I fire up calc.exe everyday to do a quick calculation. I was about to do it earlier today while working in Powershell until I thought, hold on Powershell is .net based, if I type in a number it should treat it as an int or double, and of course it does. So there is no need to start calc.exe just type the calculation straight in:
You couldn’t do that in cmd.exe