Stripping an Authenticode Signature

We needed to modify the resources of an installer and then apply an Authenticode signature. Unfortunately, it already had a signature on it, and modifying the resources of an executable with a signature results in a corrupted signature. The Microsoft signing tools cannot recover from this situation, so:

It is not possible to re-sign a file after modifying its resources.

However, it is possible to remove the existing signature, modify the binary, and then apply a new signature. There are two approaches (which almost certainly amount to the same thing):

  1. Use delcert.exe from the this XDA Forum post (note, this is not the same as the SMS Server 2003 tool ccmdelcert.exe, which deletes all SMS certificates on a machine).
  2. Write an application which calls ImageRemoveCertificate.

About Jeff Fitzsimons

Jeff Fitzsimons is a software engineer in the California Bay Area. Technical specialties include C++, Win32, and multithreading. Personal interests include rock climbing, cycling, motorcycles, and photography.
This entry was posted in Authenticode, Technology. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *