Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-06-2020, 21:34
jonwil jonwil is offline
VIP
 
Join Date: Feb 2004
Posts: 338
Rept. Given: 2
Rept. Rcvd 19 Times in 7 Posts
Thanks Given: 1
Thanks Rcvd at 43 Times in 28 Posts
jonwil Reputation: 19
Remove signature from windows DLL?

I have a 64-bit windows DLL with a digital signature. I want to remove the signature so I can modify the DLL (I know the program that uses the DLL doesn't care about the signature). Is there a tool that can remove the signature without affecting anything else in the DLL?
Reply With Quote
  #2  
Old 09-06-2020, 22:34
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 476
Rept. Given: 102
Rept. Rcvd 12 Times in 11 Posts
Thanks Given: 132
Thanks Rcvd at 167 Times in 111 Posts
bolo2002 Reputation: 12
unsigntool or delcert.exe inside,dunno if it can help.
Attached Files
File Type: zip unsign.zip (9.2 KB, 14 views)
__________________
I like this forum!
Reply With Quote
  #3  
Old 09-07-2020, 03:03
LaDidi LaDidi is offline
VIP
 
Join Date: Aug 2004
Posts: 185
Rept. Given: 2
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 17
Thanks Rcvd at 22 Times in 16 Posts
LaDidi Reputation: 11
@jonwill :
You may use CFF Explorer and reset table for signature :
* Security Table RVA
* Security Table Size
Reply With Quote
  #4  
Old 09-08-2020, 03:27
Archer's Avatar
Archer Archer is offline
retired
 
Join Date: Aug 2005
Posts: 229
Rept. Given: 1
Rept. Rcvd 46 Times in 19 Posts
Thanks Given: 2
Thanks Rcvd at 372 Times in 51 Posts
Archer Reputation: 46
Quote:
Originally Posted by LaDidi View Post
@jonwill :
You may use CFF Explorer and reset table for signature :
* Security Table RVA
* Security Table Size
You may also need to clear IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY flag in DLL Characteristics. And probably you'll want to remove overlay where signature is located.
Reply With Quote
The Following 2 Users Say Thank You to Archer For This Useful Post:
Abaddon (09-08-2020), tonyweb (09-13-2020)
  #5  
Old 09-08-2020, 14:04
LaDidi LaDidi is offline
VIP
 
Join Date: Aug 2004
Posts: 185
Rept. Given: 2
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 17
Thanks Rcvd at 22 Times in 16 Posts
LaDidi Reputation: 11
@ARCHER :
Never saw this flag.
I will check it
Reply With Quote
  #6  
Old 09-09-2020, 14:58
LaDidi LaDidi is offline
VIP
 
Join Date: Aug 2004
Posts: 185
Rept. Given: 2
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 17
Thanks Rcvd at 22 Times in 16 Posts
LaDidi Reputation: 11
@Archer :
Effectively, it exists and it's used by Windows.
Happy to learn something "new"...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 15:48.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )