Is there a command line equivalent of Sigverif.exe?
772
The windows XP sigverif tool is useful for identifying non-signed executables, but does not seem to be amenable to scripting -- is there a command line equivalent?
-c Look for signature in the specified catalog file
-e Scan executable images only (regardless of their extension)
-h Show file hashes
-i Show catalog name and image signers
-m Dump manifest
-n Only show file version number
-q Quiet (no banner)
-r Check for certificate revocation
-s Recurse subdirectories
-u Show unsigned files only
-v Csv output
Example output:
c:\windows\system32\acledit.dll:
Verified: Signed
Signing date: 19:07 04/13/2008
Publisher: Microsoft Corporation
Description: Access Control List Editor
Product: Microsoft« Windows« Operating System
Version: 5.1.2600.0
File version: 5.1.2600.0 (xpclient.010817-1148)
I don't think there is a direct command line equivalent, but there are a couple of things that could get you close.
First, driverquery.exe has an argument/si that will tell you the signed status of the drivers. It also has an argument /fo csv that will dump the output to CSV. The weird part of using this command is that if you use the /si argument, you can't get the full path to the driver file (and if you use the /v option to get the full path, you can't get the signed status.
Second, if you want to go down the PowerShell path, you could use the Get-AuthenicodeSignature cmdlet. This one is weird because you have to pass a driver path into the cmdlet, so you need to build the driver list yourself. You can get that from WMI though, so something like this may suit your needs:
I've used sysinternals sigcheck.exe:
http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx
Sigcheck v1.66 - File version and signature viewer Copyright (C) 2004-2010 Mark Russinovich Sysinternals - www.sysinternals.com
usage: sigcheck [-a][-h][-i][-e][-n][[-s]|[-v]|[-m]][-q][-r][-u][-c catalog file]
-a Show extended version information
-c Look for signature in the specified catalog file
-e Scan executable images only (regardless of their extension)
-h Show file hashes
-i Show catalog name and image signers
-m Dump manifest
-n Only show file version number
-q Quiet (no banner)
-r Check for certificate revocation
-s Recurse subdirectories
-u Show unsigned files only
-v Csv output
Example output:
c:\windows\system32\acledit.dll:
Rob
I don't think there is a direct command line equivalent, but there are a couple of things that could get you close.
First,
driverquery.exehas an argument/sithat will tell you the signed status of the drivers. It also has an argument/fo csvthat will dump the output to CSV. The weird part of using this command is that if you use the/siargument, you can't get the full path to the driver file (and if you use the/voption to get the full path, you can't get the signed status.Second, if you want to go down the PowerShell path, you could use the
Get-AuthenicodeSignaturecmdlet. This one is weird because you have to pass a driver path into the cmdlet, so you need to build the driver list yourself. You can get that from WMI though, so something like this may suit your needs:I have not tried this myself, but I believe signtool has a command line option to verify signatures.