Author: Dax1792
Subject: Sigcheck reports wrong file version
Posted: 15 March 2013 at 9:15am
Just some theories:
Subject: Sigcheck reports wrong file version
Posted: 15 March 2013 at 9:15am
Just some theories:
The version information is stored in binary and string form. Sigcheck uses the strings.
The API has functions which can specify whether the version information is taken from the mui file or the executable.
The hotfixes seem to update ntfs.sys but not ntfs.sys.mui .
This seems to happen with catalog signed files.
Whichever way Mark is using to get the version information, it looks like Powershell uses the same.
