Jump to content

Digital Code Signing Your Script


ptrex
 Share

Recommended Posts

Link to comment
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Sorry, I should have given you the error message. Unfortunately, the COM error is in German but freely translated it would look like this:

windescription: no provider was set for the memory or the object.

err.number is: 80020009

By the way, is it correct that the following (first) line is equal to "" ?

$oSigner = ""

; Use a valid certificat
Edited by Automania
Link to comment
Share on other sites

Thanks for the reply. I have now fixed the issue.

For some reason, the line to create the certificate from posting #8 created a file which I couldn't sign with although I installed it (the error mentioned above).

So instead I tried the line from the website you linked in posting #9:

makecert -r -pe -n "CN=Your Name" -b 01/01/2000 -e 01/01/2099 -eku 1.3.6.1.5.5.7.3.3 -ss My

and this works perfectly. Great script! Thanks a lot! :(

Link to comment
Share on other sites

  • 2 weeks later...

Auto sign your script after compiling.

Add this line AutoIt3Wrapper_GUI directive with first parameter your compiled script name and second parameter your certificate name.

#AutoIt3Wrapper_Run_After=SignMe.exe /"Your compiled script name here" /"Your certificate name here"

Save this as SignMe.au3 and compile it.

It must be at same dir as the compiled exe to be signed.

If $cmdline[0] = 2 Then
    For $i = 1 To $cmdline[0]
        Switch $cmdline[$i]
            Case $cmdline[1]
                $ScripName = StringTrimLeft($cmdline[1], 1)
;~              MsgBox(0, '', $ScripName)
                ConsoleWrite($ScripName & @CRLF)
                If StringRight($ScripName, 4) <> '.exe' Then $ScripName = $ScripName & '.exe'

;~              If FileExists($ScripName) Then
;~                  MsgBox(0, '', $ScripName)
;~                  ConsoleWrite($ScripName & @CRLF)
;~              Else
                If Not FileExists($ScripName) Then
                    MsgBox(0, '', $ScripName & ' does not exist.')
                    Exit 2
                EndIf
            Case $cmdline[2]
                $CertName = StringTrimLeft($cmdline[2], 1)
;~              MsgBox(0, '', $CertName)
                ConsoleWrite($CertName & @CRLF)
        EndSwitch
    Next
Else
    MsgBox(0, '', '2 Params are needed')
    Exit 1
EndIf

; Initialize error handler
$oMyError = ObjEvent("AutoIt.Error", "MyErrFunc")
$Script = @ScriptDir & "\" & $ScripName

; --------------------------------- Sign it ----------------------------------
$oSigner = ObjCreate("Scripting.Signer")
$oSigner.SignFile($Script, $CertName)

$oSigner = ""
; Use a valid certificat
; you can do this by going to a server that has a certificate service running.
; And than export a certificate that is OK for Signing Code.
; Then import this on the client.
;This is custom error handler

Func MyErrFunc()
    $HexNumber = Hex($oMyError.number, 8)
    MsgBox(0, "AutoItCOM Test", "We intercepted a COM Error !" & @CRLF & @CRLF & _
            "err.description is: " & @TAB & $oMyError.description & @CRLF & _
            "err.windescription:" & @TAB & $oMyError.windescription & @CRLF & _
            "err.number is: " & @TAB & $HexNumber & @CRLF & _
            "err.lastdllerror is: " & @TAB & $oMyError.lastdllerror & @CRLF & _
            "err.scriptline is: " & @TAB & $oMyError.scriptline & @CRLF & _
            "err.source is: " & @TAB & $oMyError.source & @CRLF & _
            "err.helpfile is: " & @TAB & $oMyError.helpfile & @CRLF & _
            "err.helpcontext is: " & @TAB & $oMyError.helpcontext _
            )
    SetError(1)
EndFunc   ;==>MyErrFunc
Link to comment
Share on other sites

  • 5 months later...

I spent many hours following the instructions in this post to make a certficate, sign my .au3 scripts (via conversion to .exe) and having my computer trusting my newly signed programs.

I noticed that no one here was willing to post all of the nessecary programs. Only 4 of the five programs were posted. We were missing signtool.exe. No one wants to download the microsoft SDK just for signtool.exe. The internet itself doesn't seem to contain signtool.exe, atleast not microsoft's (the one we need) so I have decided to make a KIT which includes all of the files in POST 9 and signtool.exe and it's needed capicom.dll file.

If we follow the instructions in post 9, and we download signGUI and we download signtool.exe and all the programs needed to make a certificate, all we must do is install the PVK and the certifcate after we create it, and sign our .exe

1. DOWNLOAD SIGNGUI

2. DOWNLOAD ALL NECESSARY FILES

3. FOLLOW THESE INSTRUCTIONS to make ur certificate

4. install the .pvk file and the .cer file

5. load signgui and sign your .exe's!

Woot hope this consoldation helps. I ripped signtool.exe from the SDK!

Link to comment
Share on other sites

  • 7 months later...
  • 4 years later...

I know this post is old but wanted to give back in case someone like me Googles for this type of solution in the future.

The scripting guys did a great piece of signing scripts.  I originally just did it for a powershell script I was working on but after trying to sign my AutoIT script I tried running it against my compiled .exe and it worked flawlessly.  It is very easy to do assuming you have PKI setup in your environment.

http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/17/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-1-of-2.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/17/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2.aspx

After you have requested the certificate as documented, you simply need to run 2 powershell commands to sign your code.

$cert=(dir cert:currentuser\my\ -CodeSigningCert)
Set-AuthenticodeSignature c:\temp\myfile.exe $cert -TimeStampServer http://timestamp.comodoca.com/authenticode

 

Link to comment
Share on other sites

  • 4 years later...

I re-write an example which is located here:

 

 

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 *

 

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskSchedulerIE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related:How to get reference to PDF object embeded in IE * IE on Windows 11

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

I also encourage you to check awesome @trancexx code:  * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuffOnHungApp handlerAvoid "AutoIt Error" message box in unknown errors  * HTML editor

winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2023-04-24

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...