[Tip] Use SigVerif.exe to test UpdatePack Un/Signed files

Questions about Update Pack making? Ask here.
Post Reply
User avatar
ricktendo64
Posts: 3213
Joined: Mon May 22, 2006 12:27 am
Location: Honduras

[Tip] Use SigVerif.exe to test UpdatePack Un/Signed files

Post by ricktendo64 » Fri Oct 23, 2009 7:31 pm

Hey guys, you may already know what I am about to tell you but just messing around I found a neat util that could help us updatepack makers test our packs integrity further (along with setuperr.log, sfc /scannow, qfecheck) you can use the sigverif.exe tool in system32

Image

You can have it scan all the default system files, you can expand that to do a *.* search of the entire C:\ drive but what I recommend is after you install your test in a vpc instead of scanning all files to see if any of yours are unsigned you can just scan your extracted updatepack files (inside the test environment to test against installed cats) to see if you missed any or if MS screwed up (like in the case of KB963093 the cat is useless)

Here are my results, I was able to find allot of missing sigs, even a few that have built in sig that were broken and needed to be refreshed

http://www.mediafire.com/?cknkmnyz2do

Luck
Last edited by ricktendo64 on Sun Oct 25, 2009 3:05 pm, edited 1 time in total.

User avatar
yumeyao
Moderator
Posts: 1718
Joined: Sun Aug 27, 2006 9:24 pm
Location: Taiyuan, Shanxi, PR China

Post by yumeyao » Sun Oct 25, 2009 4:56 am

indeed, useful trick. It's extremely useful in the case i want to find which .cat file signs wic.dll. You know, I did that by adding all catalogs then removing them one by one to see removing which one breaks it's signature.

thanks.
Image
My work list(Hosted by dumpydooby)

User avatar
ricktendo64
Posts: 3213
Joined: Mon May 22, 2006 12:27 am
Location: Honduras

Post by ricktendo64 » Sun Oct 25, 2009 3:07 pm

I was also surprised to find that KB959540 and KB971320 cats really did need to be added, I thought it was engugh to use only the cats in the asms folder (they only sign the .manifest file)

User avatar
5eraph
Site Admin
Posts: 4616
Joined: Tue Jul 05, 2005 9:38 pm
Location: Riverview, MI USA

Post by 5eraph » Sun Oct 25, 2009 3:15 pm

Nice tip, ricktendo64. :)

I'll keep this in mind for the next round of updates.

User avatar
ricktendo64
Posts: 3213
Joined: Mon May 22, 2006 12:27 am
Location: Honduras

Post by ricktendo64 » Sun Oct 25, 2009 5:31 pm

BTW yumeyao before I took the sha1 checksum then I would check inside the cat and see if its listed (does now work for .sys files for some odd reason)

User avatar
5eraph
Site Admin
Posts: 4616
Joined: Tue Jul 05, 2005 9:38 pm
Location: Riverview, MI USA

Post by 5eraph » Wed Jan 25, 2012 11:34 pm

SigVerif.exe in Win7 is useless. And the XP version can't write the log file under Win7. :(

Is there another method of determining which installed CAT file protects a given file in Win7?

Post Reply