Validate Authenticode signature on EXE - C++ without CAPICOM

Question

I\'m writing a function for an installer DLL to verify the Authenticode signature of EXE files already installed on the system.

The function needs to:

Answer 1

If the signature is valid, its certificate chain will contain your certificate. CertGetCertificateChain will get that chain.

Answer 2

You should use CryptQueryObject.

This KB-article demonstrates the use: How To Get Information from Authenticode Signed Executables.

To the commenter that asked about how to do it without the Windows-APIs, I am not aware of any library that can do it, but the format is documented here: Windows Authenticode Portable Executable Signature Format