none
Signtool fails to sign EXE files built with WinRAR and >2GB and overwrites the file with zeros RRS feed

  • Question

  • we are having problems signing EXE files built with WinRAR that are >2GB.

    The error is 

    SignTool Error: ISignedCode::Sign returned error: 0x80070057
    The parameter is incorrect.
    SignTool Error: An error occurred while attempting to sign:

    Signtool also overwrites the EXE file with Zeros 

    I have tested up to 1,6GB, 2,4GB and larger. 1,6GB works.

    Anyone have an idea why? Is it WinRAR or signtool?

    Wednesday, May 30, 2012 4:48 PM

Answers

  • Hi eiger,

    According to the MSDN Document,When signing an executable file that is larger than approximately 300 megabytes for use on a computer running Windows XP with Service Pack 2 (SP2) and later, you should use catalog signing with the MakeCat tool rather than use the SignTool tool. Depending on the available system resources of the computer on which the file is verified, some applications may not be able to verify the binary signature of a large file. For more information, see KB article 922225.

    The signtool team said this is a limitation of Windows. Microsoft Portable Executable (PE) files over 2 GB are not generally supported by Windows (not just Authenticode). Windows typically reserves only 2GB of memory for user process and 2GB for kernel. There is not room to have map in more memory for bigger PE files, even though the PE header implies this is feasible. see http://connect.microsoft.com/VisualStudio/feedback/details/519201/signtool-exe-cant-sign-big-file.

    I suggest you to decrease the size of the exe file.

    Best Regards,


    Bob Wu [MSFT]
    MSDN Community Support | Feedback to us

    Friday, June 1, 2012 9:43 AM
    Moderator
  • Thanks Bob. More testing shows you can build an EXE file >2GB <4GB that can be successfully executed (tested on Win7/64bit)  but you cannot sign it.

    • Marked as answer by PlFrqhr Friday, June 29, 2012 6:07 AM
    Friday, June 29, 2012 6:07 AM

All replies

  • Hi eiger,

    According to the MSDN Document,When signing an executable file that is larger than approximately 300 megabytes for use on a computer running Windows XP with Service Pack 2 (SP2) and later, you should use catalog signing with the MakeCat tool rather than use the SignTool tool. Depending on the available system resources of the computer on which the file is verified, some applications may not be able to verify the binary signature of a large file. For more information, see KB article 922225.

    The signtool team said this is a limitation of Windows. Microsoft Portable Executable (PE) files over 2 GB are not generally supported by Windows (not just Authenticode). Windows typically reserves only 2GB of memory for user process and 2GB for kernel. There is not room to have map in more memory for bigger PE files, even though the PE header implies this is feasible. see http://connect.microsoft.com/VisualStudio/feedback/details/519201/signtool-exe-cant-sign-big-file.

    I suggest you to decrease the size of the exe file.

    Best Regards,


    Bob Wu [MSFT]
    MSDN Community Support | Feedback to us

    Friday, June 1, 2012 9:43 AM
    Moderator
  • Thanks Bob. More testing shows you can build an EXE file >2GB <4GB that can be successfully executed (tested on Win7/64bit)  but you cannot sign it.

    • Marked as answer by PlFrqhr Friday, June 29, 2012 6:07 AM
    Friday, June 29, 2012 6:07 AM