none
Unable to sign a exe or msi file greater than 2GB using SIgnTool in Windows 2012 Server. RRS feed

  • Question

  • Unable to sign a exe or msi file greater than 2GB using signtool in Windows 2012 Server.

    Is there any limitation in the input file size.

    Thursday, September 28, 2017 6:15 PM

All replies

  • Hello SJKannan1982,

    There is a report about bug that Signtool.exe can't sign a big file. you could take reference with it.

    https://connect.microsoft.com/VisualStudio/feedback/details/519201/signtool-exe-cant-sign-big-file

    Sincerely,

    neil hu


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, September 29, 2017 10:59 AM
    Moderator
  • Hi Neil,

    The thread is from 2009, any further updates happened to signtool to address the problem.

    The statement says "Microsoft Portable Executable (PE) files over 2 GB are not generally supported by Windows (not just Authenticode). Windows typically reserves only 2GB of memory for user process and 2GB for kernel. There is not room to have map in more memory for bigger PE files, even though the PE header implies this is feasible"

    The memory limitation of 2GB for user process and 2GB for kernel is still applicable to 64 bit OS ?

    Thank you

    Friday, September 29, 2017 6:10 PM
  • Hello Kannan,

    >>The memory limitation of 2GB for user process and 2GB for kernel is still applicable to 64 bit OS?

    The terms 32-bit and 64-bit refer to the way a computer's processor (also called a CPU), handles information. The 64-bit version of Windows handles large amounts of random access memory (RAM) more effectively than a 32-bit system. For 64 bit,it is determined by random access memory,I think it's different concepts between memory for kernel and 64 bit OS and it is still applicable to 64 bit OS.

    and according to the MSDN article , you will found that when signing an executable file that is larger than approximately 300 megabytes for use on a computer running Windows XP with Service Pack 2 (SP2) and later, you should use catalog signing with the MakeCat tool rather than use the SignTool tool. Depending on the available system resources of the computer on which the file is verified, some applications may not be able to verify the binary signature of a large file. For more information, see KB article 922225.

    Sincerely,
    neil hu


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, October 6, 2017 5:20 AM
    Moderator