Stripping an Authenticode Signature

Posted on September 12, 2008 by Jeff Fitzsimons

We needed to modify the resources of an installer and then apply an Authenticode signature. Unfortunately, it already had a signature on it, and modifying the resources of an executable with a signature results in a corrupted signature. The Microsoft signing tools cannot recover from this situation, so:

It is not possible to re-sign a file after modifying its resources.

However, it is possible to remove the existing signature, modify the binary, and then apply a new signature. There are two approaches (which almost certainly amount to the same thing):

  1. Use delcert.exe from the this XDA Forum post (note, this is not the same as the SMS Server 2003 tool ccmdelcert.exe, which deletes all SMS certificates on a machine).
  2. Write an application which calls ImageRemoveCertificate.

About Jeff Fitzsimons

Jeff Fitzsimons is a software engineer in the California Bay Area. Technical specialties include C++, Win32, and multithreading. Personal interests include rock climbing, cycling, motorcycles, and photography.
This entry was posted in Authenticode, Technology. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *