C#: How to detect tampering of authenticode signed file

I'm trying to write a C# program that verifies the digital signature of exe's. The exe's are signed with an authenticode certificate, and I want to detect tampering.

I've been able to create a SignedCms instance as described here: Get timestamp from Authenticode Signed files in .NET

I assumed SignedCms.CheckSignature would do the trick, but this method 开发者_C百科never throws an exception... Even not when I modify some bits of the exe...

I'm assuming you've scoured the .NET Framework docs and didn't find what you needed. The answer to this StackOverflow question has a link that describes how to use the native Windows CryptQueryObject function to verify a signature. So all that's left is to check out PInvoke.NET to see how to bring that function into .NET.

Could you just shell to signtool.exe /verify, and check the result?

I recently wrote a simple app which signs executables using the same method, and it works great.

Signtool on MSDN