0

I want to support older Windows versions, but non updated 7 and pre 7 operating systems do not support sha256 code signing, so they cannot detect that the executable/file is properly digitally signed.

My questions are:

  1. How can i check if a system has this update (KB4474419) installed, or basically check if it supports sha256, without causing false positives (for example detecting new windows 10 machines as not having the update by mistake)

  2. How to install this update in the background, without user knowing, and check if installation was successful (in order to see if we should restart the machine or not, in case it was successful) ?

(I want to implement it using c/c++, so native windows APIs are available to solve this)

OneAndOnly
  • 1,048
  • 1
  • 13
  • 33
  • Windows Update Agent API: https://learn.microsoft.com/en-us/windows/win32/wua_sdk/searching--downloading--and-installing-specific-updates – Simon Mourier Sep 22 '21 at 06:51
  • @SimonMourier Is it possible to do so using windows APIs (c/c++) instead of powershell? because some systems have their powershell disabled completely and i cannot turn it back on for security reasons. – OneAndOnly Sep 22 '21 at 07:35
  • The WUA SDK is not VBScript/Powershell specific and has an C/C++ API: https://learn.microsoft.com/en-us/windows/win32/wua_sdk/windows-update-agent-object-model – Robert Sep 22 '21 at 08:13
  • 1
    Does this answer your question? [Windows Update Agent pure win32 APIs](https://stackoverflow.com/questions/12949018/windows-update-agent-pure-win32-apis) – Simon Mourier Sep 22 '21 at 08:19

1 Answers1

1

WUA defines interfaces and objects that are accessible from Visual Basic, Visual Basic Scripting Edition (VBScript), JScript, and from C and C++.

I suggest you could try to use wuapi.h header. This header is used by Windows Update Agent API. And there are some COM interfaces that can be used from C++.

IInspectable
  • 46,945
  • 8
  • 85
  • 181
Jeaninez - MSFT
  • 3,210
  • 1
  • 5
  • 20