I have the following autorun.inf
[Autorun]
action="Blah, Inc."
open=marketing.exe
icon=blah.ico
label="Blah, Inc."
On Vista, the autorun dialog shows "Publisher not specified". How do I specify a publisher?
Bogdan is right: You need to sign your executable.
You can use SignTool from Microsoft for this. Taken from the MSDN:
SignTool tool is a command-line tool that digitally signs files, verifies signatures in files, or time stamps files. (...) The tool is installed in the \Bin folder of the Microsoft Windows Software Development Kit (SDK) installation path.
SignTool is available as part of the Windows SDK, which you can download as part of the Windows SDK for Windows Server 2008 and .NET Framework 3.5.
You specify the publisher by signing your executable file, not by writing it in the autorun.inf file.
How to do it...beats me, I'm a Java developer. Maybe someone else can tell you how.
Related
The manifest tool mt.exe is included in the Windows SDK. But the full SDK is large and includes a lot of things as shown in the screenshot. But which of these options actually includes mt.exe?
Ideally I'd like to install just the minimum to get this tool on the system.
It does say in the docs that mt "is available in the Microsoft Windows Software Development Kit (SDK)" - but thats it, without any further detail.
Choose Windows SDK for Desktop C++ x86 Apps.
Additionally, you can then grab the mt.exe binary and put it in a location of your choice, if you don't want to keep the rest of the stuff that comes with that option (say, on a build server). The mt.exe doesn't have any dependencies other than OS dlls.
If you have downloaded the ISO file of Windows SDK, grab the MSI called "Windows SDK for Windows Store Apps Tools-x86_en-us.msi" in the folder Installers
You can just extract (without installing) the content with an administrative installation:
msiexec /a "path_of_your_msi\Windows SDK for Windows Store Apps Tools-x86_en-us.msi" TARGETDIR="Full_Extract_Folder_Path" /qb
Then search mt.exe in your extract folder
I have been using SHA1 signing for many years, but from 2016, Windows is forcing developers to use SHA256.
Windows Enforcement of Authenticode Code Signing and Timestamping
By using Windows 7 SDK signtool the functions to sign SHA-256 is "unknown commands", so this signtool is obsolete as a signtool and shouldn't be used any more.
To sign with SHA256 I downloaded the Windows 8.1 SDK to get signtool.exe which got the new functions(/fd and a few others). The BAT file and signtool works on Windows 8 and 10, so I know it works, but crashes on Windows 7 when it tries to timestamp the file.
I use a bat file to sign files, which looks like this(I edited the BAT file so it doesn't show variables, full paths, company name and passwords):
Path\signtool.exe sign /f "Path\Certificate.p12" /fd sha256 /p *password* /du "URL" /tr "timestampServer?td=sha256" /td sha256 /d "Product name" "Filename"
I guess, I don't have the proper SDK to support some of the functions, but I can't find any info on the internet on how to setup this on a Windows 7. I tried to install MS Visual C++ 2015 Redistributable (x64) on my machine without solving the problem.
Seems I'm no good at reading. I'm answering my own question as others could find it hard to find, just like I did.
Windows doesn't support the signtool.exe on Windows 7 any more, so that is why old/obsolete functions like SHA-1 signing is still working, but SHA-256 time stamping is a problem. I found this on MSDN:
Quote from MSDN: Note You can only use SignTool to sign your Windows
Store app packages on Windows 8 and later or Windows Server 2012 and
later. You can't use SignTool to sign app packages on down level
operating systems such as Windows 7 or Windows Server 2008 R2.
If you want to read the whole thing then look here:
How to sign an app package using SignTool
I have purchased a certificate from http://www.ksoftware.net/ which I use to sign a .CAB file used for installation of our software on windows mobile 6.5 devices. However, even after signing the .CAB, when attempting to install the application on the device (via the CAB) the device alerts "Unknown publisher". These CAB files are downloaded from a webservice and are supposed to be installed automatically using wceload and its silent install options, but this fails since the CAB is not recognized as signed (once I have manually installed a particular CAB file, wceload will succeed for that CAB in the future).
Initially I only had the certificate set in the visual studio 2008 deployment properties, and the applications signing properties. I also tried using signtool.exe, and thereafter cabsigntool.exe to sign all the other files in the CAB too. None of these methods work. When checking the CAB's properties in Windows 7, the file does have a security certificate attached, but any attempt to install on the device gives the annoying "unknown publisher" popup box.
Is there anything I am missing? What could be causing the devices to still see the CAB files as unsigned? The signing does not seem to work with plain exe's either.
Please note I do know the security settings can be changed in order for the prompt not to come up, but I am interested in solving the security certificate problem.
I assume the root certificate of the sign is not know on the device:
Did you verify that the certs are WindowsMobile compatible?
I am making installation project (currently with installshield le that comes with VS2010).
The project contains one file - application .exe file.
and driver files.
The driver files are .inf and .sys that should be installed during the installation process.
there are different .inf and .sys for each OS platform (64/32).
How can i do it with InstallShield LE ? if you plug the usb device you will see it under Device manager and can manually set the driver, but i want to do it automatically during installation.
Thanks
Strictly speaking, ISLE doesn't support this. For a workaround:
1) Checkout how to do it in WiX:
Drivers Installation With WiX
2) Adapt the solution to be encapsulated in a WiX merge module.
3) Add the merge module to your InstallShield LE solution:
Augmenting InstallShield using Windows Installer XML - Certificates
If it's going to take you more then a couple days to figure this all out (likely) you might want to just upgrade to IS Professional Edition that has a simple wizard for building an installer that installs a driver.
We are working on a winforms app in Visual Studio 2005 and the setup project we created output both an MSI and an EXE. We aren't sure what the EXE file is used for because we are able to install without the EXE.
It's a bootstrapper that checks to make sure that the .NET Framework is installed, before launching the MSI. It's pretty handy.
I suggest using something like SFX Compiler to package the two together into one self-extracting .exe and then launch the extracted setup.exe. This way you retain the benefits of the bootstrapper, but your users only download a single thing.
Edit: also see
The official line: MSDN documentation
Some bootstrapper customization: some guy's blog post about what he did
The EXE checks if Windows Installer 3.0 is present and downloads and installs it if it's not. It's needed only for Windows 2000 or older. Windows XP and newer all have Windows Installer 3.0 out of the box.
Other prerequisites, like .NET, are checked for by the MSI itself.
I think the EXE is just a wrapper/bootstrapper for the MSI in case you don't have Window Installer. If you have the requisite Windows Installer version installed then the MSI should work fine on its own.