I am using signtool to sign my files.
How to recursively search all the ocx, dll and exes in a folder and subfolder then sign them all using Command Prompt ? I want to sign only the ones developed by me and not the third party ones.
Asked
Active
Viewed 2,387 times
0
-
Normally with installers you don't sign every file in the package but include [a catalog file](http://msdn.microsoft.com/en-us/library/windows/hardware/ff537872%28v=vs.85%29.aspx) that has a hash of all the files and just sign the catalog. – Scott Chamberlain Oct 30 '13 at 01:19
2 Answers
2
The rub here is how to distinguish your binaries from third party binaries. You could create a whitelist or if you have consistently marked your binary fileversioninfo with your company name, you can take this approach:
Get-ChildItem *.* -r -inc *.dll,*.ocx,*.exe |
Where {($_ | Get-FileVersionInfo).CompanyName -match 'your-company-name'} |
Foreach {signtool sign <options> $_.Fullname}
Note: this approach uses a command (Get-FileVersionInfo) from the PowerShell Community Extensions which can be downloaded here.
Keith Hill
- 194,368
- 42
- 353
- 369
-
Thanks for the answer but, I will prefer a command which doesn't require powershell? – user2330678 Oct 30 '13 at 01:41
-
6Then why did you tag your question with PowerShell and PowerShell-v2.0? – Keith Hill Oct 30 '13 at 01:50
-
I will prefer a command which doesn't require powershell but I will use powershell command and mark your above answer as answer if it works and I don't get one without using powershell. Prefer to add another answer as I am upvoting this anyway and even the powershell command will help. – user2330678 Oct 30 '13 at 01:55
-
2
Try
@echo off FOR /f "tokens=*" %%G IN ('dir /s *.dll *.ocx *.exe') DO ( echo %%G set A= "%%G" signtool sign /f "C:\Certificates\FakeCertificate.pfx" %A%
)
Martin Prikryl
- 188,800
- 56
- 490
- 992
user2330678
- 2,221
- 14
- 43
- 67