-1

I have an executable that I would like to protect from changes to the File Version Info.

I initially thought that signing the exe with a certificate would handle this, however when you modify the File Version Info with freely available utilities, it seems that the digital signature still remains intact.

I figure the only way would be to perform some sort of checksum on the exe, however this isn't ideal as I'm concerned that this will cause problems with various post-processors (obfuscation, anti-debug, etc) that I am doing which deny access to the .exe at run-time.

Is there any other way I detect if the File Version Info has been modified in some way?

Simple Guy
  • 568
  • 5
  • 21

1 Answers1

1

The certificate is not more valid if only 1 byte of the executable changed. It seems you use Properties window of Windows Explorer and after changing the version number see the Digital Signature tab still there. This is very misleading about digital signature of executable files in Windows but not true. This tab just say the file contain certificate but nothing about validation of this certificate. In this tab click on certificate and then click on Details, now on top of the opened window you can see the cert is valid or not.

By using Windows API you can check the certificate is valid or not, maybe this topic help you in C#.

Mojtaba Tajik
  • 1,725
  • 16
  • 34
  • Thank you! I was indeed looking for the "Digital Signatures" tab on Windows and not the details which does denote that the signature is "invalid" after the change. I am using code from the link you mentioned but it looks like I'm coming across the same issue as the original poster - Verify() does not seem to pick up on this alteration and hence my code also didn't detect the invalid signature. It doesn't look like there's a pure .net solution to this. – Simple Guy Aug 25 '18 at 07:10