How to verify Gen application DLL is signed within Gen code
search cancel

How to verify Gen application DLL is signed within Gen code


Article ID: 273663


Updated On:




We have a Gen 8.6 Windows GUI desktop application and .exe and .dll files are created for each Window. We signed those executables using a certificate.
We now we have a requirement to verify those files are signed and that the correct dll is called, from within the application code when it is running.
Is there any way we can verify whether the dll is signed or not in the Gen code?


The user wants to add code to their Gen GUI application to check that the .exe file it was launched with (and associated .dll file) is digitally signed.
There is no built-in function in Gen action block code to do that and the user would have to write their own code as Inline Code or an External Action Block to be able to do it.
Alternatively, a Gen Window Manager application is built with both a .exe file and a .dll file where the .exe file is really just a stub file which then loads the .dll file that contains the actual Gen action block code. So the code to check for the digital signature could be added to the stub source instead.
There are several stub source files available in the directory "%Gen86%\Gen" for the Window Manager client depending on what type of DBMS, if any, the client is using e.g. for a cooperative client with no database access there is a source file STUBN.C plus STUBN.MAK for rebuilds after any changes.
Doc. references here:
Gen™ 8.6 > Implementation Toolset > Windows Implementation Toolset > Rebuilding DBMS DLLs and Executables
Gen™ 8.6 > Implementation Toolset > Windows Implementation Toolset > Rebuildable DLL and EXE Build Counts

For the signature checking process itself, Support did some web searching:
a. The GetModuleFileNameA function will return the path of the .exe file of the current process:
Gen Support did test that within the application code itself (rather than stub code) using this simple Inline Code statement where WS1.FILEPATH1 is a work set text attribute view:
GetModuleFileNameA( NULL, ##WS1.FILEPATH1##, sizeof(##WS1.FILEPATH1##) );
It returned the expected value of the WIN1.EXE file in trace:

b. To verify the signature of the .exe file and its equivalent .dll (whose name can be found by just replacing the above path of the .exe file with extension .dll), here are some options Gen Support found from Google searching:
- C code: "Example C Program: Verifying the Signature of a PE File":
 - Call a Powershell script from within the C code (with the .exe filename as input argument) and capture its output where that script uses "(Get-AuthenticodeSignature -FilePath 'FILENAME_PATH').Status":
 - Call the signtool utility from within the C code with relevant parameters ("signtool verify /pa 'FILENAME_PATH'") and capture its output: