I understand for the most part how signing an exe using the Microsoft signtool

Question

0

Asked: June 4, 20262026-06-04T23:18:13+00:00 2026-06-04T23:18:13+00:00

I understand for the most part how signing an exe using the Microsoft signtool

0

I understand for the most part how signing an exe using the Microsoft signtool works. I have an exe (C#) that I want to only run if the file has not been modified, and if I understand correctly, this can verify that. What I don’t understand is how to verify the file. If my code to verify the file is built inside the exe I am verifying, couldn’t one just decompile the exe, remove the code that checks the file, and re-compile it?

My understanding of code signing is essentially this:

Image credit to:
https://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html

But I don’t see how one couldn’t just take the mechanism that checks the file’s integrity out of the file entirely, and run the program after it has been modified.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-04T23:18:14+00:00

Editorial Team

2026-06-04T23:18:14+00:00Added an answer on June 4, 2026 at 11:18 pm

Yes, someone may do this, but not you are responsible to verify the code. The CLR does it automatically for dlls that have a public key token. If the public key doesn’t match the file hash, the CLR will not load the file.
Simply give your exe a strong name and you will be safe.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I understand for the most part how signing an exe using the Microsoft signtool

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply