文件签名 exe,dll,sys

Posted ahuoheng

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了文件签名 exe,dll,sys相关的知识,希望对你有一定的参考价值。

rem exe文件签名

signtool.exe sign /s "My" /n "Beijing Cybervision Co., Ltd" /t "http://timestamp.verisign.com/scripts/timstamp.dll" "files\\ClientSetup.exe"

rem ################################

rem 对sys文件进行签名 一定要先签名,再生产cat文件,顺序不能变

rem

signtool.exe sign /ac "MSCV-VSClass3.cer" /s "My" /n "Beijing Cybervision Co., Ltd" /t "http://timestamp.verisign.com/scripts/timstamp.dll" "files\\eposf.sys"

rem ################################

rem 生成CAT文件(如果是32位驱动则把X64换成X86)

rem 

inf2cat /driver:files /os:XP_X64,Server2003_X64,Vista_X64,Server2008_X64

rem ################################

rem 对CAT文件进行签名

rem

signtool.exe sign /ac "MSCV-VSClass3.cer" /s "My" /n "Beijing Cybervision Co., Ltd" /t "http://timestamp.verisign.com/scripts/timstamp.dll" "files\\eposf.cat"

DriverVer

DriverVer   =   08/28/2000,1.0.0.10

改为 DriverVer   =   08/28/2008,1.0.0.10  驱动文件的日期不能与这个日期有冲突


Done Adding Additional Store

Successfully signed and timestamped: files\\eposfsf.sys

............................

Signability test failed.

Errors:

22.9.7: DriverVer set to incorrect date (must be postdated to 12/5/2007 for newe

st OS) in \\eposf.inf

Warnings:

None

Done Adding Additional Store

Successfully signed and timestamped: files\\eposf.cat 


signtool

Usage: signtool sign [options] <filename(s)>

Use the "sign" command to sign files using embedded signatures. Signing

protects a file from tampering, and allows users to verify the signer (you)

based on a signing certificate. The options below allow you to specify signing

parameters and to select the signing certificate you wish to use.

Certificate selection options:

/a          Select the best signing cert automatically. SignTool will find all

            valid certs that satisfy all specified conditions and select the

            one that is valid for the longest. If this option is not present,

            SignTool will expect to find only one valid signing cert.

/ac <file>  Add an additional certificate, from <file>, to the signature block.

/c <name>   Specify the Certificate Template Name (Microsoft extension) of the

            signing cert.

/f <file>   Specify the signing cert in a file. If this file is a PFX with

            a password, the password may be supplied with the "/p" option.

            If the file does not contain private keys, use the "/csp" and "/kc"

            options to specify the CSP and container name of the private key.

/i <name>   Specify the Issuer of the signing cert, or a substring.

/n <name>   Specify the Subject Name of the signing cert, or a substring.

/p <pass.>  Specify a password to use when opening the PFX file.

/r <name>   Specify the Subject Name of a Root cert that the signing cert must

            chain to.

/s <name>   Specify the Store to open when searching for the cert. The default

            is the "MY" Store.

/sm         Open a Machine store instead of a User store.

/sha1 <h>   Specify the SHA1 hash of the signing cert.

/fd         Specifies the file digest algorithm to use for creating file

            signatures. (Default is SHA1)

/u <usage>  Specify the Enhanced Key Usage that must be present in the cert.

            The parameter may be specified by OID or by string. The default

            usage is "Code Signing" (1.3.6.1.5.5.7.3.3).

/uw         Specify usage of "Windows System Component Verification"

            (1.3.6.1.4.1.311.10.3.6).

Private Key selection options:

/csp <name> Specify the CSP containing the Private Key Container.

/kc <name>  Specify the Key Container Name of the Private Key.

Signing parameter options:

/d <desc.>  Provide a description of the signed content.

/du <URL>   Provide a URL with more information about the signed content.

/t <URL>    Specify the timestamp servers URL. If this option is not present,

            the signed file will not be timestamped. A warning is generated if

            timestamping fails.

/tr <URL>   Specifies the RFC 3161 timestamp servers URL. If this option

            (or /t) is not specified, the signed file will not be timestamped.

            A warning is generated if timestamping fails.  This switch cannot

            be used with the /t switch.

/td <alg>   Used with the /tr switch to request a digest algorithm used by the

            RFC 3161 timestamp server.

Other options:

/ph         Generate page hashes for executable files if supported.

/nph        Suppress page hashes for executable files if supported.

            The default is determined by the SIGNTOOL_PAGE_HASHES

            environment variable and by the wintrust.dll version.

/q          No output on success and minimal output on failure. As always,

            SignTool returns 0 on success, 1 on failure, and 2 on warning.

/v          Print verbose success and status messages. This may also provide

            slightly more information on error.


INF2CAT

Version 2.3.0.0

Runs driver signability tests and creates the catalog(s).

INF2CAT /driver:path /os:operatingSystem1[,os2]... [/nocat] [/verbose]

        [/drm[:file1[,file2]...]]

        [/pe[:file1[,file2]...]]

        [/pageHashes[:file1][,file2]...]]

  /driver (/drv)    Indicates the path to the driver package follows.

  path              Specifies the path to the driver package.

  /os               Indicates the operating system(s) targeted by the driver

                    package follows. The targeted operating system(s) is a

                    comma separated list of the following values:

  operatingSystem1  2000  XP_X86  Server2003_X86   Vista_X86  Server2008_X86

                          XP_X64  Server2003_X64   Vista_X64  Server2008_X64

                                  Server2003_IA64             Server2008_IA64

  /nocat            Prevents the creation of the catalog(s).

  /verbose (/v)     Displays detailed console output.

  /drm              Add DRM level catalog attribute to files.  Optionally

                    followed by a list of files.

  /pe               Add PE catalog attribute to files.  Optionally

                    followed by a list of files.

  /pageHashes       Include page hashes with files.  Optionally

                    followed by a list of files.







以上是关于文件签名 exe,dll,sys的主要内容,如果未能解决你的问题,请参考以下文章

对自己编译的文件(exe/dll)进行签名的实践(Windows)

如何做插件xydii.dlld的数字签名

在 VS2010 中分析签名的 WinForm dll

Signtool.exe /dg /ds /di 选项和时间戳

EV 代码签名存在问题

PE病毒初探——向exe注入代码