Signtool and Get-AuthenticodeSignature

October 9, 2007

In my previous post on checking how much signed code is on your machine I used signtool.exe to verify if a file was signed. Powershell has a built in cmdlet called Get-AuthenticodeSignature for doing just this. So why did I use signtool?

Lets try a little test on good old notepad.exe

With Signtool.exe we get:

signtool verify /pa /a c:\windows\notepad.exe
Successfully verified: c:\windows\notepad.exe

and with Get-AuthenticodeSignature we get:

(Get-AuthenticodeSignature c:\windows\notepad.exe).Status
NotSigned

So signtool thinks its signed and Get-AuthenticodeSignature doesn’t. Notepad is signed but in a slightly different way to other files. OS files in Windows use catalog files to store their digital signatures. Signtool can be made to check these catalog files, which gives us a more accurate result when we are checking the amount of signed code on a system.

Posted by pjbelfield
Filed in Powershell
Leave a Comment »

Is it signed?

October 4, 2007

Code signing is a great technology. Every software developer should be signing the code they produce. But how much of the code on your system is actually signed? Time for a little Powershell script to find out.

The easiest way to check a digital signature is with signtool.exe

$env:PATH = $env:PATH + ";C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin"
$startloc = "c:\windows"
set-location $startloc
$res = 0 
$tot = 0
get-childitem -recurse | where {$_.Extension -match "exe"} | foreach-object { 
    signtool verify /pa /a /q $_.FullName 
    if($LastExitCode -eq 0) { 
        $res = $res + 1 
        write-host -foregroundcolor:green $_.FullName 
    } 
    else 
    { 
        write-host -foregroundcolor:red $_.FullName 
    } 
    $tot = $tot + 1 
}
$pc = ($res / $tot) * 100.0
write-Host "Results" 
write-Host "Signed: " $res 
write-Host "Total: " $tot 
write-Host "Percentage Signed: " $pc

image

Running over the windows directory gives 90%, showing that virtually all the Windows system files are signed. Running over C:\Program Files gives a less impressive 13% on my machine.

Posted by pjbelfield
Filed in Powershell
Leave a Comment »

Powershell as a Calculator

September 25, 2007

I loose count of the number of times I fire up calc.exe everyday to do a quick calculation. I was about to do it earlier today while working in Powershell until I thought, hold on Powershell is .net based, if I type in a number it should treat it as an int or double, and of course it does. So there is no need to start calc.exe just type the calculation straight in:

Powershell Calculator

You couldn’t do that in cmd.exe

Posted by pjbelfield
Filed in Powershell
Leave a Comment »