Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Miscellaneous Utilities
  New Posts New Posts RSS Feed - SigCheck crash using -i
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

SigCheck crash using -i

 Post Reply Post Reply
Author
Message
rmetzger View Drop Down
Groupie
Groupie


Joined: 18 September 2012
Location: Sutton, MA
Status: Offline
Points: 89
Post Options Post Options   Thanks (0) Thanks(0)   Quote rmetzger Quote  Post ReplyReply Direct Link To This Post Topic: SigCheck crash using -i
    Posted: 18 September 2012 at 9:10pm
Testing Sigcheck.exe v1.80, I discovered an issue with -i parameter.

Testing on a corrupted .exe, using -i causes:

        Verified:       The digital signature of the object did not verify.
        Signing date:   2:21 PM 9/18/2012
        Counter Signer:
           ?????▀??

and a crash of Sigcheck.exe occurs.

For my test, I simply copied sigcheck.exe to corrupt.exe (so that I could easily identify it).

Using a hex editor, I changed corrupt.exe, byte offset 0x270 from 00h to FFh. This 1-byte change 'should' invalidate the signature as the file hash, etc. are no longer valid.

run the commands:
sigcheck.exe -accepteula -a -h -i -q corrupt.exe              crash occurs.
sigcheck.exe -accepteula -a -h -q corrupt.exe                 No crash.
sigcheck.exe -accepteula -a -h -i -q sigcheck.exe            No crash.

Using -i with Sigcheck.exe v1.71 does not cause this crash on corrupted .exe files.

Thanks,
Ron Metzger
Back to Top
rmetzger View Drop Down
Groupie
Groupie


Joined: 18 September 2012
Location: Sutton, MA
Status: Offline
Points: 89
Post Options Post Options   Thanks (0) Thanks(0)   Quote rmetzger Quote  Post ReplyReply Direct Link To This Post Posted: 04 October 2012 at 4:34pm
Sigcheck.exe v1.81 Corrects this problem.

Thanks Mark!

Ron Metzger
Back to Top
Gharlane View Drop Down
Groupie
Groupie


Joined: 09 February 2006
Location: United States
Status: Offline
Points: 46
Post Options Post Options   Thanks (0) Thanks(0)   Quote Gharlane Quote  Post ReplyReply Direct Link To This Post Posted: 04 October 2012 at 6:37pm
Originally posted by rmetzger rmetzger wrote:

Sigcheck.exe v1.81 Corrects this problem.

Thanks Mark!

Ron Metzger


As of a few minutes ago, the 1.81 download zip still contains version 1.80

7-Zip (a) 9.22 beta  Copyright (c) 1999-2011 Igor Pavlov  2011-04-18

Listing archive: Sigcheck180.zip

--
Path = Sigcheck180.zip
Type = zip
Physical Size = 120764

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2006-07-28 09:32:44 ....A         7005         3084  Eula.txt
2012-09-10 09:16:28 ....A       231048       117466  sigcheck.exe
------------------- ----- ------------ ------------  ------------------------
                                238053       120550  2 files, 0 folders



7-Zip (a) 9.22 beta  Copyright (c) 1999-2011 Igor Pavlov  2011-04-18

Listing archive: Sigcheck181.zip

--
Path = Sigcheck181.zip
Type = zip
Physical Size = 120764

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2006-07-28 09:32:44 ....A         7005         3084  Eula.txt
2012-09-10 09:16:28 ....A       231048       117466  sigcheck.exe
------------------- ----- ------------ ------------  ------------------------
                                238053       120550  2 files, 0 folders


Sigcheck v1.80 - File version and signature viewer
Copyright (C) 2004-2012 Mark Russinovich
Sysinternals - www.sysinternals.com

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down