Jump to content

request code signing for PDN DLLs (makes easier to run PDN in environments with application allow listing


Go to solution Solved by Rick Brewster,

Recommended Posts

Hi,

Would it be possible the DLLs to be signed as part of the build process?

same as "C:\Program Files\paint.net\paintdotnet.exe"

 

It's more of a thing for environments that have application allow listing. Easier / more secure to use Authenticode than maintaining file hashes / allowing based on path.

 

Cheers

 

https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control

https://www.cisa.gov/uscert/sites/default/files/cdm_files/FNR_NIS_OTH_AWL_Strategic_Planning_Guide.pdf

 

Get-ChildItem -LiteralPath 'C:\Program Files\paint.net\' -File | Where-Object -FilterScript {
    $PSItem.Extension -eq '.dll'
} | Get-AuthenticodeSignature | Where-Object -FilterScript {
    $PSItem.Status -ne 'Valid'
} | Select-Object -ExpandProperty 'Path'

 

C:\Program Files\paint.net\Accessibility.dll
C:\Program Files\paint.net\CommunityToolkit.HighPerformance.dll
C:\Program Files\paint.net\ComputeSharp.Core.dll
C:\Program Files\paint.net\ComputeSharp.D2D1.dll
C:\Program Files\paint.net\Crc32.NET.dll
C:\Program Files\paint.net\DirectWriteForwarder.dll
C:\Program Files\paint.net\Interop.WIA.dll
C:\Program Files\paint.net\K4os.Compression.LZ4.dll
C:\Program Files\paint.net\Microsoft.CSharp.dll
C:\Program Files\paint.net\Microsoft.VisualBasic.Core.dll
C:\Program Files\paint.net\Microsoft.VisualBasic.dll
C:\Program Files\paint.net\Microsoft.VisualBasic.Forms.dll
C:\Program Files\paint.net\Microsoft.Win32.Primitives.dll
C:\Program Files\paint.net\Microsoft.Win32.Registry.AccessControl.dll
C:\Program Files\paint.net\Microsoft.Win32.Registry.dll
C:\Program Files\paint.net\Microsoft.Win32.SystemEvents.dll
C:\Program Files\paint.net\Mono.Cecil.dll
C:\Program Files\paint.net\Mono.Cecil.Mdb.dll
C:\Program Files\paint.net\Mono.Cecil.Pdb.dll
C:\Program Files\paint.net\Mono.Cecil.Rocks.dll
C:\Program Files\paint.net\mscorlib.dll
C:\Program Files\paint.net\netstandard.dll
C:\Program Files\paint.net\Newtonsoft.Json.dll
C:\Program Files\paint.net\PaintDotNet.Base.dll
C:\Program Files\paint.net\PaintDotNet.Collections.dll
C:\Program Files\paint.net\PaintDotNet.ComponentModel.dll
C:\Program Files\paint.net\PaintDotNet.Core.dll
C:\Program Files\paint.net\PaintDotNet.Data.dll
C:\Program Files\paint.net\paintdotnet.dll
C:\Program Files\paint.net\PaintDotNet.Effects.Core.dll
C:\Program Files\paint.net\PaintDotNet.Effects.dll
C:\Program Files\paint.net\PaintDotNet.Effects.Gpu.dll
C:\Program Files\paint.net\PaintDotNet.Effects.Legacy.dll
C:\Program Files\paint.net\PaintDotNet.Framework.dll
C:\Program Files\paint.net\PaintDotNet.Fundamentals.dll
C:\Program Files\paint.net\PaintDotNet.ObjectModel.dll
C:\Program Files\paint.net\PaintDotNet.Plugins.Compatibility.dll
C:\Program Files\paint.net\PaintDotNet.Primitives.dll
C:\Program Files\paint.net\PaintDotNet.PropertySystem.dll
C:\Program Files\paint.net\PaintDotNet.Resources.dll
C:\Program Files\paint.net\PaintDotNet.Runtime.dll
C:\Program Files\paint.net\PaintDotNet.SystemLayer.dll
C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64.dll
C:\Program Files\paint.net\PaintDotNet.Systrace.dll
C:\Program Files\paint.net\PaintDotNet.UI.dll
C:\Program Files\paint.net\PaintDotNet.Windows.Core.dll
C:\Program Files\paint.net\PaintDotNet.Windows.dll
C:\Program Files\paint.net\PaintDotNet.Windows.Framework.dll
C:\Program Files\paint.net\PhotoSauce.MagicScaler.dll
C:\Program Files\paint.net\PointerToolkit.dll
C:\Program Files\paint.net\PointerToolkit.TerraFX.Interop.Windows.dll
C:\Program Files\paint.net\PresentationCore.dll
C:\Program Files\paint.net\PresentationFramework-SystemCore.dll
C:\Program Files\paint.net\PresentationFramework-SystemData.dll
C:\Program Files\paint.net\PresentationFramework-SystemDrawing.dll
C:\Program Files\paint.net\PresentationFramework-SystemXml.dll
C:\Program Files\paint.net\PresentationFramework-SystemXmlLinq.dll
C:\Program Files\paint.net\PresentationFramework.Aero.dll
C:\Program Files\paint.net\PresentationFramework.Aero2.dll
C:\Program Files\paint.net\PresentationFramework.AeroLite.dll
C:\Program Files\paint.net\PresentationFramework.Classic.dll
C:\Program Files\paint.net\PresentationFramework.dll
C:\Program Files\paint.net\PresentationFramework.Luna.dll
C:\Program Files\paint.net\PresentationFramework.Royale.dll
C:\Program Files\paint.net\PresentationUI.dll
C:\Program Files\paint.net\ReachFramework.dll
C:\Program Files\paint.net\System.AppContext.dll
C:\Program Files\paint.net\System.Buffers.dll
C:\Program Files\paint.net\System.CodeDom.dll
C:\Program Files\paint.net\System.Collections.Concurrent.dll
C:\Program Files\paint.net\System.Collections.dll
C:\Program Files\paint.net\System.Collections.Immutable.dll
C:\Program Files\paint.net\System.Collections.NonGeneric.dll
C:\Program Files\paint.net\System.Collections.Specialized.dll
C:\Program Files\paint.net\System.ComponentModel.Annotations.dll
C:\Program Files\paint.net\System.ComponentModel.DataAnnotations.dll
C:\Program Files\paint.net\System.ComponentModel.dll
C:\Program Files\paint.net\System.ComponentModel.EventBasedAsync.dll
C:\Program Files\paint.net\System.ComponentModel.Primitives.dll
C:\Program Files\paint.net\System.ComponentModel.TypeConverter.dll
C:\Program Files\paint.net\System.Configuration.ConfigurationManager.dll
C:\Program Files\paint.net\System.Configuration.dll
C:\Program Files\paint.net\System.Console.dll
C:\Program Files\paint.net\System.Core.dll
C:\Program Files\paint.net\System.Data.Common.dll
C:\Program Files\paint.net\System.Data.DataSetExtensions.dll
C:\Program Files\paint.net\System.Data.dll
C:\Program Files\paint.net\System.Design.dll
C:\Program Files\paint.net\System.Diagnostics.Contracts.dll
C:\Program Files\paint.net\System.Diagnostics.Debug.dll
C:\Program Files\paint.net\System.Diagnostics.DiagnosticSource.dll
C:\Program Files\paint.net\System.Diagnostics.EventLog.dll
C:\Program Files\paint.net\System.Diagnostics.EventLog.Messages.dll
C:\Program Files\paint.net\System.Diagnostics.FileVersionInfo.dll
C:\Program Files\paint.net\System.Diagnostics.PerformanceCounter.dll
C:\Program Files\paint.net\System.Diagnostics.Process.dll
C:\Program Files\paint.net\System.Diagnostics.StackTrace.dll
C:\Program Files\paint.net\System.Diagnostics.TextWriterTraceListener.dll
C:\Program Files\paint.net\System.Diagnostics.Tools.dll
C:\Program Files\paint.net\System.Diagnostics.TraceSource.dll
C:\Program Files\paint.net\System.Diagnostics.Tracing.dll
C:\Program Files\paint.net\System.DirectoryServices.dll
C:\Program Files\paint.net\System.dll
C:\Program Files\paint.net\System.Drawing.Common.dll
C:\Program Files\paint.net\System.Drawing.Design.dll
C:\Program Files\paint.net\System.Drawing.dll
C:\Program Files\paint.net\System.Drawing.Primitives.dll
C:\Program Files\paint.net\System.Dynamic.Runtime.dll
C:\Program Files\paint.net\System.Formats.Asn1.dll
C:\Program Files\paint.net\System.Formats.Tar.dll
C:\Program Files\paint.net\System.Globalization.Calendars.dll
C:\Program Files\paint.net\System.Globalization.dll
C:\Program Files\paint.net\System.Globalization.Extensions.dll
C:\Program Files\paint.net\System.IO.Compression.Brotli.dll
C:\Program Files\paint.net\System.IO.Compression.dll
C:\Program Files\paint.net\System.IO.Compression.FileSystem.dll
C:\Program Files\paint.net\System.IO.Compression.ZipFile.dll
C:\Program Files\paint.net\System.IO.dll
C:\Program Files\paint.net\System.IO.FileSystem.AccessControl.dll
C:\Program Files\paint.net\System.IO.FileSystem.dll
C:\Program Files\paint.net\System.IO.FileSystem.DriveInfo.dll
C:\Program Files\paint.net\System.IO.FileSystem.Primitives.dll
C:\Program Files\paint.net\System.IO.FileSystem.Watcher.dll
C:\Program Files\paint.net\System.IO.IsolatedStorage.dll
C:\Program Files\paint.net\System.IO.MemoryMappedFiles.dll
C:\Program Files\paint.net\System.IO.Packaging.dll
C:\Program Files\paint.net\System.IO.Pipes.AccessControl.dll
C:\Program Files\paint.net\System.IO.Pipes.dll
C:\Program Files\paint.net\System.IO.UnmanagedMemoryStream.dll
C:\Program Files\paint.net\System.Linq.dll
C:\Program Files\paint.net\System.Linq.Expressions.dll
C:\Program Files\paint.net\System.Linq.Parallel.dll
C:\Program Files\paint.net\System.Linq.Queryable.dll
C:\Program Files\paint.net\System.Memory.dll
C:\Program Files\paint.net\System.Net.dll
C:\Program Files\paint.net\System.Net.Http.dll
C:\Program Files\paint.net\System.Net.Http.Json.dll
C:\Program Files\paint.net\System.Net.HttpListener.dll
C:\Program Files\paint.net\System.Net.Mail.dll
C:\Program Files\paint.net\System.Net.NameResolution.dll
C:\Program Files\paint.net\System.Net.NetworkInformation.dll
C:\Program Files\paint.net\System.Net.Ping.dll
C:\Program Files\paint.net\System.Net.Primitives.dll
C:\Program Files\paint.net\System.Net.Quic.dll
C:\Program Files\paint.net\System.Net.Requests.dll
C:\Program Files\paint.net\System.Net.Security.dll
C:\Program Files\paint.net\System.Net.ServicePoint.dll
C:\Program Files\paint.net\System.Net.Sockets.dll
C:\Program Files\paint.net\System.Net.WebClient.dll
C:\Program Files\paint.net\System.Net.WebHeaderCollection.dll
C:\Program Files\paint.net\System.Net.WebProxy.dll
C:\Program Files\paint.net\System.Net.WebSockets.Client.dll
C:\Program Files\paint.net\System.Net.WebSockets.dll
C:\Program Files\paint.net\System.Numerics.dll
C:\Program Files\paint.net\System.Numerics.Vectors.dll
C:\Program Files\paint.net\System.ObjectModel.dll
C:\Program Files\paint.net\System.Printing.dll
C:\Program Files\paint.net\System.Private.CoreLib.dll
C:\Program Files\paint.net\System.Private.DataContractSerialization.dll
C:\Program Files\paint.net\System.Private.Uri.dll
C:\Program Files\paint.net\System.Private.Xml.Linq.dll
C:\Program Files\paint.net\System.Reflection.DispatchProxy.dll
C:\Program Files\paint.net\System.Reflection.dll
C:\Program Files\paint.net\System.Reflection.Emit.dll
C:\Program Files\paint.net\System.Reflection.Emit.ILGeneration.dll
C:\Program Files\paint.net\System.Reflection.Emit.Lightweight.dll
C:\Program Files\paint.net\System.Reflection.Extensions.dll
C:\Program Files\paint.net\System.Reflection.Metadata.dll
C:\Program Files\paint.net\System.Reflection.MetadataLoadContext.dll
C:\Program Files\paint.net\System.Reflection.Primitives.dll
C:\Program Files\paint.net\System.Reflection.TypeExtensions.dll
C:\Program Files\paint.net\System.Resources.Extensions.dll
C:\Program Files\paint.net\System.Resources.Reader.dll
C:\Program Files\paint.net\System.Resources.ResourceManager.dll
C:\Program Files\paint.net\System.Resources.Writer.dll
C:\Program Files\paint.net\System.Runtime.CompilerServices.Unsafe.dll
C:\Program Files\paint.net\System.Runtime.CompilerServices.VisualC.dll
C:\Program Files\paint.net\System.Runtime.dll
C:\Program Files\paint.net\System.Runtime.Extensions.dll
C:\Program Files\paint.net\System.Runtime.Handles.dll
C:\Program Files\paint.net\System.Runtime.InteropServices.dll
C:\Program Files\paint.net\System.Runtime.InteropServices.JavaScript.dll
C:\Program Files\paint.net\System.Runtime.InteropServices.RuntimeInformation.dll
C:\Program Files\paint.net\System.Runtime.Intrinsics.dll
C:\Program Files\paint.net\System.Runtime.Loader.dll
C:\Program Files\paint.net\System.Runtime.Numerics.dll
C:\Program Files\paint.net\System.Runtime.Serialization.dll
C:\Program Files\paint.net\System.Runtime.Serialization.Formatters.dll
C:\Program Files\paint.net\System.Runtime.Serialization.Json.dll
C:\Program Files\paint.net\System.Runtime.Serialization.Primitives.dll
C:\Program Files\paint.net\System.Runtime.Serialization.Xml.dll
C:\Program Files\paint.net\System.Security.AccessControl.dll
C:\Program Files\paint.net\System.Security.Claims.dll
C:\Program Files\paint.net\System.Security.Cryptography.Algorithms.dll
C:\Program Files\paint.net\System.Security.Cryptography.Cng.dll
C:\Program Files\paint.net\System.Security.Cryptography.Csp.dll
C:\Program Files\paint.net\System.Security.Cryptography.dll
C:\Program Files\paint.net\System.Security.Cryptography.Encoding.dll
C:\Program Files\paint.net\System.Security.Cryptography.OpenSsl.dll
C:\Program Files\paint.net\System.Security.Cryptography.Pkcs.dll
C:\Program Files\paint.net\System.Security.Cryptography.Primitives.dll
C:\Program Files\paint.net\System.Security.Cryptography.ProtectedData.dll
C:\Program Files\paint.net\System.Security.Cryptography.X509Certificates.dll
C:\Program Files\paint.net\System.Security.Cryptography.Xml.dll
C:\Program Files\paint.net\System.Security.dll
C:\Program Files\paint.net\System.Security.Permissions.dll
C:\Program Files\paint.net\System.Security.Principal.dll
C:\Program Files\paint.net\System.Security.Principal.Windows.dll
C:\Program Files\paint.net\System.Security.SecureString.dll
C:\Program Files\paint.net\System.ServiceModel.Web.dll
C:\Program Files\paint.net\System.ServiceProcess.dll
C:\Program Files\paint.net\System.Text.Encoding.CodePages.dll
C:\Program Files\paint.net\System.Text.Encoding.dll
C:\Program Files\paint.net\System.Text.Encoding.Extensions.dll
C:\Program Files\paint.net\System.Text.Encodings.Web.dll
C:\Program Files\paint.net\System.Text.Json.dll
C:\Program Files\paint.net\System.Text.RegularExpressions.dll
C:\Program Files\paint.net\System.Threading.AccessControl.dll
C:\Program Files\paint.net\System.Threading.Channels.dll
C:\Program Files\paint.net\System.Threading.dll
C:\Program Files\paint.net\System.Threading.Overlapped.dll
C:\Program Files\paint.net\System.Threading.Tasks.Dataflow.dll
C:\Program Files\paint.net\System.Threading.Tasks.dll
C:\Program Files\paint.net\System.Threading.Tasks.Extensions.dll
C:\Program Files\paint.net\System.Threading.Tasks.Parallel.dll
C:\Program Files\paint.net\System.Threading.Thread.dll
C:\Program Files\paint.net\System.Threading.ThreadPool.dll
C:\Program Files\paint.net\System.Threading.Timer.dll
C:\Program Files\paint.net\System.Transactions.dll
C:\Program Files\paint.net\System.Transactions.Local.dll
C:\Program Files\paint.net\System.ValueTuple.dll
C:\Program Files\paint.net\System.Web.dll
C:\Program Files\paint.net\System.Web.HttpUtility.dll
C:\Program Files\paint.net\System.Windows.Controls.Ribbon.dll
C:\Program Files\paint.net\System.Windows.dll
C:\Program Files\paint.net\System.Windows.Extensions.dll
C:\Program Files\paint.net\System.Windows.Forms.Design.dll
C:\Program Files\paint.net\System.Windows.Forms.Design.Editors.dll
C:\Program Files\paint.net\System.Windows.Forms.dll
C:\Program Files\paint.net\System.Windows.Forms.Legacy.dll
C:\Program Files\paint.net\System.Windows.Forms.Primitives.dll
C:\Program Files\paint.net\System.Windows.Input.Manipulations.dll
C:\Program Files\paint.net\System.Windows.Presentation.dll
C:\Program Files\paint.net\System.Xaml.dll
C:\Program Files\paint.net\System.Xml.dll
C:\Program Files\paint.net\System.Xml.Linq.dll
C:\Program Files\paint.net\System.Xml.ReaderWriter.dll
C:\Program Files\paint.net\System.Xml.Serialization.dll
C:\Program Files\paint.net\System.Xml.XDocument.dll
C:\Program Files\paint.net\System.Xml.XmlDocument.dll
C:\Program Files\paint.net\System.Xml.XmlSerializer.dll
C:\Program Files\paint.net\System.Xml.XPath.dll
C:\Program Files\paint.net\System.Xml.XPath.XDocument.dll
C:\Program Files\paint.net\TerraFX.Interop.Windows.dll
C:\Program Files\paint.net\UIAutomationClient.dll
C:\Program Files\paint.net\UIAutomationClientSideProviders.dll
C:\Program Files\paint.net\UIAutomationProvider.dll
C:\Program Files\paint.net\UIAutomationTypes.dll
C:\Program Files\paint.net\WindowsBase.dll
C:\Program Files\paint.net\WindowsFormsIntegration.dll

 

Link to comment
Share on other sites

Sorry, but code signing takes a lot of time because the timestamp server forces a delay of 15 seconds between requests. It would massively inflate my build times to sign every single binary. I do sign the EXEs, and the shell extension DLLs.

 

However, if someone knows of a free timestamp server that does not have rate limiting, then that would enable this to happen.

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Link to comment
Share on other sites

arh, my apologies, that's quite the impact. Did not realise.

 

greatly appreciate you responding, surprised actually. Just transferred $20 USD / $30 AUD, been using PND for many years, should be more, sorry.

Transaction ID: 5A482066KE265925W

 

Not being pushy, no expectations. The above is long over due and unrelated this request.

 

This is mostly related to running PND in an enterprise environment, i can have chat with the boss, see if they'd be willing to pay for this as a feature request. Can't make any promises, don't know if they'll go for it.

 

I wasn't able to reproduce the rate limit issue. Are you able to share how of the signing process works in the build? Will help if i can.

 

through PowerShell, was able to sign 261 files in 68 seconds in one go, passing an array.

71 seconds when iterating.

...Not sure how valid a test this is though

 

guessing you're using visual studio / signtool

looks like signtool can take a | delimited file list, not sure if that helps

https://stackoverflow.com/questions/65985951/sign-multiple-files-with-signtool-exe

 

there's a list of free timestamp servers, might be able to divvy up across multiple servers

https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710

 

Not sure if all the DLLs change with each build. Might be able to sign on change?

 

Probably a messy bad idea, but maybe a "public release" build that signs everything, and a "non-plublic release" that doesn't?

 

If it's no worth the bother, or just rather not, that's totally cool to

 

Set-StrictMode -Version 'latest'
$ErrorActionPreference = 'stop'

#New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -Type CodeSigningCert -Subject 'test01'
$myCodeSignCert = Get-Item -LiteralPath Cert:\CurrentUser\My\A677A404C028940D31CC3EE16C7BAE6932367A61


$FilesNotSigned = Get-ChildItem -LiteralPath 'C:\temp\paint.net' -File | Where-Object -FilterScript {
    $PSItem.Extension -eq '.dll'
} | Get-AuthenticodeSignature | Where-Object -FilterScript {
    $PSItem.Status -ne 'Valid'
} | Select-Object -ExpandProperty 'Path' 


Measure-Command -Expression {
    Set-AuthenticodeSignature -TimestampServer 'http://timestamp.digicert.com' -Certificate $myCodeSignCert -FilePath $FilesNotSigned
}

#stdout

Days              : 0
Hours             : 0
Minutes           : 1
Seconds           : 8
Milliseconds      : 167
Ticks             : 681673557
TotalDays         : 0.000788974024305556
TotalHours        : 0.0189353765833333
TotalMinutes      : 1.136122595
TotalSeconds      : 68.1673557
TotalMilliseconds : 68167.3557

 

 

Measure-Command -Expression {
    $FilesNotSigned | ForEach-Object -Process {
        Set-AuthenticodeSignature -TimestampServer 'http://timestamp.digicert.com' -Certificate $myCodeSignCert -FilePath $PSItem
    }
}

Days              : 0
Hours             : 0
Minutes           : 1
Seconds           : 11
Milliseconds      : 575
Ticks             : 715756974
TotalDays         : 0.000828422423611111
TotalHours        : 0.0198821381666667
TotalMinutes      : 1.19292829
TotalSeconds      : 71.5756974
TotalMilliseconds : 71575.6974

 

Link to comment
Share on other sites

The performance issue is strictly due to the timestamp server's rate limiting -- it just refuses to sign if I don't have a 3 second delay between each request.

 

I'll try those other timestamp servers and see if I can get an improvement! The time cost is the only objection I have for doing this.

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Link to comment
Share on other sites

Looks like the DigiCert timestamp server is working very well -- not only does it not need a delay between timestamp requests, but it's fine if I do them all at once (in parallel). This is resulting in a major net improvement to build times -- from ~5 1/2 minutes down to just under 4 minutes. (and that's comparing "sign only the EXEs and shell extension DLLs" versus "sign everything"!)

 

I can't seem to get the bundled plugin's managed DLLs to sign properly, however. signtool signs it and says success, signtool verify says it's fine, but then both the PowerShell script (above) and File Explorer's Properties show it as not signed. @null54 do you have any idea what might be happening here? Are you doing anything interesting with your build that could cause this? The only thing I can think of is if you're using embedded PDBs or something

  • Like 1

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Link to comment
Share on other sites

yay! thank you!!

seriously, much appreciated. you just made a bunch of sysadmin and security types so very happy

 

not sure if this helps, looks like there's more than one method, not sure how much of a difference that makes ...i could be completely off the mark

https://learn.microsoft.com/en-us/dotnet/standard/assembly/sign-strong-name

 

do you get a different result with and without the "/ms" parameter?

sigtool.exe verify /ms

https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe

 

/ms should be the default as of Win8

 

don't think that will be it, but first thing that comes to mind. Might be able to rule out some WinVerifyTrust / CertPaddingCheck related issue at least.

 

context:
It's an old issue that recently got some attention after being exploited in the wild.

Priority got increased, might have some changes in behaviour i've missed.

https://learn.microsoft.com/en-us/security-updates/securityadvisories/2014/2915720

https://www.tenable.com/plugins/nessus/166555

 

 

Yes, those are strings that should be DWORD, Either work, but strings is what the MSFT doco uses ... yeah lol

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]   
"EnableCertPaddingCheck"="1"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config] 
"EnableCertPaddingCheck"="1"

 

 

 

Link to comment
Share on other sites

Beautiful! That works perfectly, thank you again.

 

Just out of curiosity, what was the issue with the plugin's managed DLLs; signtool saying signed yet explorer and Get-AuthenticodeSignature saying not signed?

Edited by Conan
Link to comment
Share on other sites

21 minutes ago, Conan said:

Just out of curiosity, what was the issue with the plugin's managed DLLs issue, signtool saying signed yet explorer and Get-AuthenticodeSignature saying not signed?

 

It was related to a post-build script I was using that removed the debug information section from the DLL headers.

No idea why it was causing that behavior, perhaps a checksum or something with the managed code sections was not being correctly updated when it rebuilt the headers after removing that data.

  • Thanks 1

PdnSig.png

Plugin Pack | PSFilterPdn | Content Aware Fill | G'MICPaint Shop Pro Filetype | RAW Filetype | WebP Filetype

The small increase in performance you get coding in C++ over C# is hardly enough to offset the headache of coding in the C++ language. ~BoltBait

 

Link to comment
Share on other sites

26 minutes ago, Conan said:

was the process something like this?

 

Yes, the post-build step used the Header Pack Script for CFF Explorer to remove the debug section. The script is also posted at the bottom of the following NTCore blog post, with some more detail about what it does: https://www.ntcore.com/files/richsign.htm

 

26 minutes ago, Conan said:

what was the fix?

 

 Stop using that script. 😀

PdnSig.png

Plugin Pack | PSFilterPdn | Content Aware Fill | G'MICPaint Shop Pro Filetype | RAW Filetype | WebP Filetype

The small increase in performance you get coding in C++ over C# is hardly enough to offset the headache of coding in the C++ language. ~BoltBait

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...