Sign uninstall.exe after installation

Comments

7 comments

  • Avatar
    wojciechka

    Unfortunately InstallBuilder does not currently allow signing uninstallers.

    However, this can be easily resolved. The uninstaller binary does not contain any metadata and is simply a generic binary that can be overwritten by a signed one.

    First thing is to create and install any project using your version of InstallBuilder (preferably with also the uninstall.exe windows resources such as application name being set properly), then use the created uninstaller.exe and sign it.

    Next the signed uninstaller should be part of files copied by the installer, but with a different name - such as uninstall-signed.exe.

    Finally the installer should replace the uninstaller in <postUninstallerCreationActionList>. For example:

    <postUninstallerCreationActionList> <wait> <ms>3000</ms> </wait> <copyFile> <destination>${installdir}/uninstall.exe</destination> <origin>${installdir}/uninstall-signed.exe</origin> </copyFile> <removeFilesFromUninstaller> <files>${installdir}/uninstall-signed.exe</files> </removeFilesFromUninstaller> <deleteFile> <path>${installdir}/uninstall-signed.exe</path> </deleteFile> </postUninstallerCreationActionList>

    The code above will also delete the uninstall-signed.exe and remove it from list of files to uninstall.

    The <wait> action prevents overwriting issues for cases such as antivirus or OS still keeping the uninstall.exe opened.

  • Avatar
    Rishu

    Hi,

    I have installed installer on system and copy uninstaller file at other location. When i am signing the uninstall.exe file with certificate, it throw an error:

    SignTool Error: SignedCode::Sign returned error: 0x80070057 The parameter is incorrect. SignTool Error: An error occurred while attempting to sign: C:\Documents\uninstall-signed.exe

    Can you please help me to signing the unsintaller.exe with digiat certificate.

    Regards, Rishu

  • Avatar
    jesus

    Hi Rishu,

    Could you provide us which command are you using to signed the uninstaller file? Also, could you check that the uninstaller is not already signed?

  • Avatar
    Rishu

    I have used the command : signtool sign /v /ac "DigiCert.cer" /f "certificate.pfx" /p password "uninstall.exe". Yes, i have verified that uninstaller.exe is not signed in.

    Please let me know in case of any other details required.

  • Avatar
    alejandror

    Could you add the option "/d" to enable the debug? Please find below the link to the official documentation of this tool: https://msdn.microsoft.com/en-us/library/windows/desktop/aa387764(v=vs.85).aspx

    You could also try to use the "osslsigncode" tool: http://sourceforge.net/projects/osslsigncode/

  • Avatar
    codeForFun

    same signing problem - the uninstaller doesn't appear to work with the microsoft signtool. has anyone from installerbuidler actually tried to run this command?

    signtool sign /d /v /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f "cert.pfx" /p password "uninstall-signed.exe" Done Adding Additional Store SignTool Error: SignedCode::Sign returned error: 0x800700C1 Either the file being signed or one of the DLL specified by /j switch is not a valid Win32 application. SignTool Error: An error occurred while attempting to sign: uninstall-signed.exe

    Number of errors: 1

  • Avatar
    codeForFun

    figured it out by following this post -- @MichaelKarnerfor -- THANKS FOR THIS SOLUTION!

    THE TRICK IS THE INSTALLER THAT INSTALLS THE UNINSTALLER, MUST NOT-BE-SIGNED SO YOU ARE SIGNING AN UNINSTALLER THAT CAME FROM AN INSTALLER THAT WAS NOT SIGNED...

    once you get that uninstaller signed, then you can follow the plan and include it into the project as a signed uninstaller and overwrite the generated installer...

    see below

    == from another forum ==

    http://forums.winamp.com/showthread.php?t=344726

    Hi guys.

    This may sound like the strangest solution, but for me it worked if I did not sign the installer that wrote the uninstaller.

    So this would be the procedure:

    1) Make an installer that writes the uninstaller. DO NOT SIGN THIS INSTALLER. 2) Run the installer. This creates the uninstaller. 3) Sign the uninstaller. 4) Make the installer again, this time including the signed uninstaller as a "File" operation instead of writing the uninstaller with "WriteUninstaller". 5) Sign this installer.

    This is totally weird... but it worked for me. With a signed installer writing the uninstaller, I cannot sign the uninstaller. I get the 0x800700C1 error.

    But if I have used an unsigned installer to write the uninstaller, then I can sign the uninstaller.

    Hope this helps you guys. BR /Michael

Please sign in to leave a comment.