JeffMill · July 26, 2023 20:15
diff --git a/Get-Signatures.ps1 b/Get-Signatures.ps1
 # .\Get-Signatures.ps1 |  Export-Csv -Path output.csv -NoTypeInformation

 function Split-X500 {
    Param([string]$X500)

    $dict = @{}
    $X500 -split ', ' | ForEach-Object { 
        $item = $_.Split('=')
        $dict[$item[0]] = $item[1]
    }
    $dict
 }

 function Get-Signer {
    Param([string]$Path)

    $sig = Get-AuthenticodeSignature -FilePath $Path
    $cert = $sig.SignerCertificate
    [PSCustomObject]@{
        Path = $Path
        Status = $sig.Status
        # e.g. 'CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
        Subject = (Split-X500 -X500 $cert.Subject)['CN']
        # e.g. 'CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
        Issuer = (Split-X500 -X500 $cert.Issuer)['CN']
    }
 }

 Get-ChildItem "$env:WINDIR" -File -Recurse -Include '*.dll','*.exe' -ErrorAction Continue | ForEach-Object {
    Get-Signer -Path $_.FullName
 }
	# .\Get-Signatures.ps1 \| Export-Csv -Path output.csv -NoTypeInformation

	function Split-X500 {
	Param([string]$X500)

	$dict = @{}
	$X500 -split ', ' \| ForEach-Object {
	$item = $_.Split('=')
	$dict[$item[0]] = $item[1]
	}
	$dict
	}

	function Get-Signer {
	Param([string]$Path)

	$sig = Get-AuthenticodeSignature -FilePath $Path
	$cert = $sig.SignerCertificate
	[PSCustomObject]@{
	Path = $Path
	Status = $sig.Status
	# e.g. 'CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
	Subject = (Split-X500 -X500 $cert.Subject)['CN']
	# e.g. 'CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
	Issuer = (Split-X500 -X500 $cert.Issuer)['CN']
	}
	}

	Get-ChildItem "$env:WINDIR" -File -Recurse -Include '.dll','.exe' -ErrorAction Continue \| ForEach-Object {
	Get-Signer -Path $_.FullName
	}