I have been building AutoCAD OEM based applications for years now. Just recently, I stumbled upon some freak error I have not been able to resolve.
With the AutoCAD OEM platform, the Installer Wizard creates the installer for the (gargantuan) application. The application installer is started (of course) with calling the setup.exe.
With the last AutoCAD OEM versions up until AutoCAD OEM 2022, the signing of the setup.exe has been no problem at all.
Now, with the current AutoCAD OEM 2023 version, I experience that the signing of the setup.exe does not work anymore. When trying to sign the setup.exe, the error 0x800700C1 returns. This is a very generic error message, and googling after this does not bring any helpfull results.
Jens,
I once had a similar issue with that error that even “delcert” did not work on and I ended up using a tool called “CFF Explorer” that is available on Github to find a bad security directory and remove it. I also had to use it on OEM 2022 to isolate an issue with the Security Directory and remove it to sign files. Here is a screenshot of the tool and the area that was bad in OEM 2022:
I just looked at the OEM2023 setup.exe with the CFF Explorer, but there is no obvious error displayed or visible. Even if there would have been, it would just have been an interesting data point. We have a fully automated build pipeline, and having to manually edit the setup.exe with a tool is just breaking the pipeline.
I am hoping for the guys at Autodesk to come up with an solution for this.
Jens,
Completely understand.
We will be moving to and updating our automated build process for OEM 2023 in the next month. We will be sure to keep this in mind in case we run into it. If we discover anything helpful we will be sure to pass it on. If you discover anything before that that may help let us know.
Thanks,
Shawn
Jens,
We were able to automate our workflow around this issue in OEM 2023 until they come up with a solution.
We did the following:
After the OEM Install Wizard was complete we removed the “Security Directory RVA” from the Setup.exe using CFF Explorer. You can refer to our previous comment and picture above to show the area.
We then were able to sign the Setup.exe
Rather than doing a manual process each time we chose to use the above corrected and signed Setup.exe as a base that we copy and overwrite the setup.exe each time we build an installer.
This works for us because our setup does not require that the setup.exe be changed very often, if at all. Setup.exe mainly points everything to the installer. All the essential heavy lifting occurs after setup.exe is ran.
As you already noted, delcert.exe does not work with OEM 2023 Setup.exe and we ran into additional issues when we tried it. It stripped out the ICO information and removed the Run As Admin that Autodesk requires on its setup.exe’s. This did not happen in previous OEM’s and delcert.exe is still a safe option to use to sign OEM 2022 and older.
Hope this may help anyone running into this.
Shawn Golden
Microvellum
Hi,
Thanks to all for this topic, it helps me very much.
As we needed to remove manual actions, I used the LUA scripting capability of CFF Explorer.
If you also need to have a fully automated process, I share you below a part of my script file:
...
REM Initialization
set CurFolder=%~dp0
set CFFExplorer="..\..\..\CFF_Explorer\CFF Explorer.exe"
set CFFScript=%CurFolder%clean-setup.cff
set TargetFold=%CurFolder%_master\
set TargetFile=%TargetFold%setup.exe
REM Remove Security Directory from file
:RemoveSD
echo -- LUA Script to remove Security Directory from EXE file > %CFFScript%
echo filename = @"%TargetFile%" >> %CFFScript%
echo if filename == null then >> %CFFScript%
echo return >> %CFFScript%
echo end >> %CFFScript%
echo pehandle = OpenFile(filename) >> %CFFScript%
echo if pehandle == null then >> %CFFScript%
echo return >> %CFFScript%
echo end >> %CFFScript%
echo result = RemoveDataDirectory(pehandle, IMAGE_DIRECTORY_ENTRY_SECURITY) >> %CFFScript%
echo if result != true then >> %CFFScript%
echo MsgBox("Security Directory not removed!") >> %CFFScript%
echo else >> %CFFScript%
echo if SaveFile(pehandle) != true then >> %CFFScript%
echo MsgBox("Error saving file!") >> %CFFScript%
echo end >> %CFFScript%
echo end >> %CFFScript%
echo CloseHandle(pehandle) >> %CFFScript%
echo -- End >> %CFFScript%
%CFFExplorer% clean-setup.cff
REM Apply signature to file
:SignFile
%SIGNTOOL% sign /v /n "MyCertificate" /a /tr "%TIMESTAMP_URL%" /td SHA256 /fd SHA256 "%TargetFile%"
if %ERRORLEVEL% NEQ 0 goto :SignFailed
...
