Announcement

Collapse
No announcement yet.

vpatch.exe signing

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • vpatch.exe signing

    Hi,

    Is it possible to sign the extracted executable 'vpatch.exe'? It's causing AV software to complain,

    Thanks

  • #2
    There is a tab in the Build Settings dialog for code signing:

    Click image for larger version

Name:	image.png
Views:	10
Size:	38.0 KB
ID:	309289

    Ulrich

    Comment


    • #3
      Thanks Ulrich, is that the vpatch.exe file that the patch executable extracts during execution?

      When a generated a patch exe file runs (which we sign anyway), it extracts a commonly named file 'vpatch.exe' which isn't signed.

      Comment


      • #4
        Letting Visual Patch sign, using these settings, will sign both the patch runtime and the patch file. You will see two signing operations (or four, if you double sign each with SHA-256 and SHA-1), for example:

        Code:
        (...)
        Excluding global script files for build configuration...
        Including global script files...
        > Script file included: D:\Program Files\x86\Indigo Rose\Visual Patch 3.0\Includes\Scripts\_Global_Functions.lua
        Inserting patch manifest...
        Code signing patch runtime...
        > Signing with SHA-256...
        > Signing command: "D:\OneDrive\Consulting\signtool\6.3.9600\signtool.exe" sign /f "D:\OneDrive\Consulting\sample.pfx" /p "****" /fd sha256 /tr "http://timestamp.comodoca.com/?td=sha256" /td sha256 /d "Sample patch" /du "http://www.mindquake.com.br" "C:\Users\ULRICH~1\AppData\Local\Temp\ir_tmp_rtm.tmp"
        Done Adding Additional Store
        (...)
        Compressing files
        Creating patch configuration file...
        Creating patch executable
        Code signing patch file...
        > Signing with SHA-256...
        > Signing command: "D:\OneDrive\Consulting\signtool\6.3.9600\signtool.exe" sign /f "D:\OneDrive\Consulting\sample.pfx" /p "****" /fd sha256 /tr "http://timestamp.comodoca.com/?td=sha256" /td sha256 /d "Sample patch" /du "http://www.mindquake.com.br" "D:\Ulrich Peters\OneDrive\Documents\My Patches\sample-patch.exe"
        Done Adding Additional Store
        (...)
        Ulrich

        Comment


        • #5
          Thanks Ulrich, that helps a lot!

          Comment


          • #6
            We use a cmd to remote sign on a signing server that uses a SHA-256 USB hardware security module (dongle)

            \RemoteSign.cmd "<FILENAME>"

            It's not clear from the help file how to configure this. Is it possible? Many thanks for your help

            Comment


            • #7
              If you use an EV cert on a token, you will need to use a batch file to call the signtool with arguments. I posted this approach in the Setup Factory forum, but the same can be done for Visual Patch.
              Please see here: https://forums.indigorose.com/forum/...023#post304023

              Ulrich

              Comment


              • #8
                Thanks Ulrich, that's setup now and we're testing.

                Comment

                Working...
                X