How to check an Executable for Manifests and Digital Signing?

To avoid UAC prompts for applications on launch, there exists a manifest file which contains key information on the privileges. Many times, these manifest files are present along with the executable in the same directory. For example: Altair.exe will have a manifest file called Altair.exe.manifest in the same directory. There can also be cases where the manifest is embedded in the exe itself. In this case, identifying the launch condition for this exe involves a lot of research.

Here is a simple executable which will help research those launch conditions.

Sigcheck.exe is an executable from the Sysinternals team that enables you to check whether a file has been digitally signed. The -m switch allows you to view any manifest within the file. All we need to do is run this sigcheck.exe with -m switch along with the executable, the full manifest will be displayed on the command prompt window.

If the XML manifest is going to prompt an elevation then there will be a tag “requiredExecutionLevel” set to “requireAdministrator”.

You can then re-create a manifest on these 3 categories:

  • Runasinvoker
  • Runasadmin
  • Runwithleastprivilages

Its advised to use Run as Invoker for manifests (Launch condition).

Signcheck.exe can be downloaded here.

Leave a comment

Your email address will not be published.