Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
isnoop
Jan 9, 2001

I used to be an admin,
but then I took an arrow
to the knee.


I'm not a Windows developer. I'm in charge of a team that manages a download server and have been given a fool's errand:

Given a pre-compiled and signed Windows application installer, bake in an arbitrary (under 20 chars) ID in a way that doesn't violate the signing of the executable. We also can't use the filename to convey metadata as the end user is likely to rename the file for their own purposes.

A few options we've bandied about:
1) Create a standalone .ini and wrap the installer and .ini into a thin executable wrapper
2) Externally overwrite a placeholder in the file properties (unsure if this will violate signing)
3) Quit and burn the building down

Will any of these work? Is there an even better solution we're overlooking?

Adbot
ADBOT LOVES YOU

tk
Dec 10, 2003



Nap Ghost

I'm think that there are portions of a file that can be manipulated after it's signed. I don't remember exactly, but this thing seems to imply that you can do it by just throwing the data onto the end of the digital signature and manipulating the size of the signature block.

nexxai
Jul 17, 2002

quack quack bjork

Fun Shoe

Question: does it need to be signed by the original producer, or can you just buy your own code-signing key and re-package the app with it?

isnoop
Jan 9, 2001

I used to be an admin,
but then I took an arrow
to the knee.


We ended up using Mono and signing the binaries on-demand. The extra metadata is injected directly into the signature's metadata section and so we don't need to futz with the binary at all.

  • Locked thread