Signtool error signedcode sign returned error 0x800700c1

signtool.exe returned error 0x800700C1

To sign our binaries with Authenticode I am using Microsoft’s signtool. Unfortunatelly, it is not really descriptive in some error codes it returns.
In my case, I have been replacing resources in some native binaries, which were already signed. Of course, this will break existing Authenticode signature, but the signature is still there.
Signature is just one of sections in the EXE/DLL file and this section stays there, even if the file signature is invalid.

Signtool unfortunatelly cannot resign an file which is already signed and is always returning same error 0x800700C1.

SignTool Error: SignedCode::Sign returned error: 0x800700C1

This error is in fact ERROR_BAD_EXE_FORMAT.

So, I needed to remove existing signature from an binary file.
One interesting tool called delcert is already writen and works pretty nice to solve this and has source code included:
http://forum.xda-developers.com/showthread.php?p=2508061

After quick look into the C++ source, it is in fact does nothing magic. It is using Win32 API from ImageHlp library (which takes case of loading of binaries).
Interesting functions there are: ImageRemoveCertificate, which needs to be followed by MapAndLoad/UnMapAndLoad pair to clear section from PE headers.

After removing signature, signtool has no complains and signs the file nicely.

One step back to the ERROR_BAD_EXE_FORMAT error code
In your Microsoft SDK Program Files, you will probably have X86 and x64 versions of signtool (one in Program Files (x86), another in Program Files).
So depending on your binary bitness (32bit vx 64bit) you have to call proper signtool, otherwise you will get the original error.

Источник

Signtool error signedcode sign returned error 0x800700c1

I was just looking into signing our installer/uninstaller and read this wiki article: http://nsis.sourceforge.net/Signing_an_Uninstaller

Everything seemed to go well until it comes to signing the actual uninstaller:

!system: «»C:Program FilesMicrosoft SDKsWindowsv7.1Binsigntool.exe» sign /f «X:sslcodey.pfx» /p abcdef /t «http://timestamp» «C:UsersyAppDataLocalTempuninstaller.exe»»
Done Adding Additional Store

Number of errors: 1

SignTool Error: SignedCode::Sign returned error: 0x800700C1

Either the file being signed or one of the DLL specified by /j switch is not a valid Win32 application.

SignTool Error: An error occurred while attempting to sign: C:UsersyAppDataLocalTempuninstaller.exe

!system: returned 1

But there is nothing wrong with that uninstaller. I can execute it just fine (so I’m quite certain it’s a valid Win32 application).

Is the approach outlined in that article still correct?

That means «The parameter is incorrect». Try writing the uninstaller elsewhere.

I think it just resolved itself.

I won’t claim that I understand it, but I think the issue was related to switching compression on and off during the build process.
Most likely, the way I use the code from the article isn’t optimal (to say the least) and this caused problems.

I now enable whole LZMA compression at the beginning of the build process and just keep it. Even though the build takes forever 😛

It appears that if you try to sign the uninstaller belonging to a signed installer you will get the same exception..
Isn’t that strange?

I am getting the same error when I attempt to sign uninst.exe. The error persists even if I turn off compression completely.

My guess is when nullsoft installer dynamically patches the uninst.exe file, it somehow violates some non-critical rule of win32 exe format which doesn’t affect correction executation of the file. But it is not able to pass the exe format validation performed by the signtool.exe file from Microsoft Platform SDK.

Does anybody have a better idea what might go wrong?

I’ve not had any issues signing uninstall executables. How are you going about it? You need to:

1. Write a standalone script which generates the uninstaller.
2. Build it and run the built executable to generate the uninstaller.
3. Sign the generated uninstaller.
4. Bundle it in the main installer.

I wasn’t aware there was any other way so you are probably already doing this?

I didn’t attempt to create the fully automatic flow yet. I just use the original script to generate the installer, install it manually to get the file uninst.exe. Then I tried to sign the uninst.exe file manually and got this error. I do use the unicode version of the installer instead of the ansi version.

I noticed in your earlier reply saying «Try writing the uninstaller elsewhere». How does the location of the uninstaller matter in this case?

I’ve not had any issues signing uninstall executables. How are you going about it? You need to:

1. Write a standalone script which generates the uninstaller.
2. Build it and run the built executable to generate the uninstaller.
3. Sign the generated uninstaller.
4. Bundle it in the main installer.

I wasn’t aware there was any other way so you are probably already doing this?

I ran across this post from a Google search because I was having the same problem signing an uninstaller from Bitrock Install Builder. This was my solution:

1.) Build an unsigned installer
2.) Install that unsigned installer on your machine
3.) Sign the resultant uninstall.exe
4.) Package it with your distribution
5.) Build the signed installer

BitRock instructions for packaging and deploying are here if anybody is interested:
http://answers.bitrock.com/questions. ler-on-windows

This may sound like the strangest solution, but for me it worked if I did not sign the installer that wrote the uninstaller.

So this would be the procedure:

1) Make an installer that writes the uninstaller. DO NOT SIGN THIS INSTALLER.
2) Run the installer. This creates the uninstaller.
3) Sign the uninstaller.
4) Make the installer again, this time including the signed uninstaller as a «File» operation instead of writing the uninstaller with «WriteUninstaller».
5) Sign this installer.

This is totally weird. but it worked for me. With a signed installer writing the uninstaller, I cannot sign the uninstaller. I get the 0x800700C1 error.

But if I have used an unsigned installer to write the uninstaller, then I can sign the uninstaller.

Hope this helps you guys.
BR
/Michael

Источник

Signtool error signedcode sign returned error 0x800700c1

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

I am facing an issue where antivirus of my machine is showing alert while uninstalling my application. Antivirus is saying that uninstall.exe is not signed. My installer is signed but uninstall.exe created after installation is not signed.

Please suggest that what would be the right approach to avoid this issue.

InstallBuilder

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

Unfortunately InstallBuilder does not currently allow signing uninstallers.

However, this can be easily resolved. The uninstaller binary does not contain any metadata and is simply a generic binary that can be overwritten by a signed one.

First thing is to create and install any project using your version of InstallBuilder (preferably with also the uninstall.exe windows resources such as application name being set properly), then use the created uninstaller.exe and sign it.

Next the signed uninstaller should be part of files copied by the installer, but with a different name — such as uninstall-signed.exe .

Finally the installer should replace the uninstaller in

3000 $/uninstall.exe $/uninstall-signed.exe $/uninstall-signed.exe

The code above will also delete the uninstall-signed.exe and remove it from list of files to uninstall.

The action prevents overwriting issues for cases such as antivirus or OS still keeping the uninstall.exe opened.

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

I have installed installer on system and copy uninstaller file at other location. When i am signing the uninstall.exe file with certificate, it throw an error:

SignTool Error: SignedCode::Sign returned error: 0x80070057 The parameter is incorrect. SignTool Error: An error occurred while attempting to sign: C: or or Documents or or uninstall-signed.exe

Can you please help me to signing the unsintaller.exe with digiat certificate.

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

Could you provide us which command are you using to signed the uninstaller file? Also, could you check that the uninstaller is not already signed?

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

I have used the command : signtool sign /v /ac or ‘ DigiCert.cer or ‘ /f or ‘ certificate.pfx or ‘ /p password or ‘ uninstall.exe or ‘ . Yes, i have verified that uninstaller.exe is not signed in.

Please let me know in case of any other details required.

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

Could you add the option or ‘ /d or ‘ to enable the debug? Please find below the link to the official documentation of this tool: https://msdn.microsoft.com/en-us/library/windows/desktop/aa387764(v=vs.85).aspx

You could also try to use the or ‘ osslsigncode or ‘ tool: http://sourceforge.net/projects/osslsigncode/

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

same signing problem — the uninstaller doesn’t appear to work with the microsoft signtool. has anyone from installerbuidler actually tried to run this command?

signtool sign /d /v /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f or ‘ cert.pfx or ‘ /p password or ‘ uninstall-signed.exe or ‘ Done Adding Additional Store SignTool Error: SignedCode::Sign returned error: 0x800700C1 Either the file being signed or one of the DLL specified by /j switch is not a valid Win32 application. SignTool Error: An error occurred while attempting to sign: uninstall-signed.exe

Number of errors: 1

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

figured it out by following this post — @MichaelKarnerfor — THANKS FOR THIS SOLUTION!

THE TRICK IS THE INSTALLER THAT INSTALLS THE UNINSTALLER, MUST NOT-BE-SIGNED SO YOU ARE SIGNING AN UNINSTALLER THAT CAME FROM AN INSTALLER THAT WAS NOT SIGNED.

once you get that uninstaller signed, then you can follow the plan and include it into the project as a signed uninstaller and overwrite the generated installer.

== from another forum ==

This may sound like the strangest solution, but for me it worked if I did not sign the installer that wrote the uninstaller.

So this would be the procedure:

1) Make an installer that writes the uninstaller. DO NOT SIGN THIS INSTALLER. 2) Run the installer. This creates the uninstaller. 3) Sign the uninstaller. 4) Make the installer again, this time including the signed uninstaller as a or ‘ File or ‘ operation instead of writing the uninstaller with or ‘ WriteUninstaller or ‘ . 5) Sign this installer.

This is totally weird. but it worked for me. With a signed installer writing the uninstaller, I cannot sign the uninstaller. I get the 0x800700C1 error.

But if I have used an unsigned installer to write the uninstaller, then I can sign the uninstaller.

Источник