SignTool Error: SignedCode::Sign returned error: 0x800700C1

rjsams · August 10, 2016, 8:18pm

While attempting to sign a packaged build of the game with a test certificate the SignTool is reporting the .exe generated as invalid. The project was packaged as “shipping” for windows 64.

The command I used to sign it was:
./signtool sign /a /v /f TheKey.pfx /p ThePassword TheTest.exe

The full error was:
SignTool Error: SignedCode::Sign returned error: 0x800700C1
%1 is not a valid Win32 application.
SignTool Error: An error occurred while attempting to sign:

I was able to build a non-UE test .exe in VS 2015 and sign it with the above command line. This means it something specific to signing a UE4 generated .exe.

In the platform guide there is no information on deploying for Windows, only other platforms.

I followed the MS documentation on SignTool

The Android options in the project include a place to specify a signing key. I could not find a Windows equivalent.

So the questions are:
1: Is there a place in settings to configure signing for Windows?
2: if not, how do you do this from the command line?

anonymous_user_bcdd396d · August 15, 2016, 8:06pm

Hi

To answer your questions:

There is not a place in the Project Settings to configure signing for Windows (or Mac.) We currently have a feature request to have this functionality added to the engine: UE-34696 (This is not currently visible to the public.)
Until then, we currently do not have support for users signing their own projects.

-.

rjsams · August 16, 2016, 7:11pm

Just to be clear, this means there is no way to build a windows game with UE4 and not have it trigger the windows smart screen warnings?

It there at least an understanding why the MS tools for this throw an error signing the .exe?

anonymous_user_bcdd396d · August 16, 2016, 8:53pm

While we’re currently looking at adding functionality to the Editor to make signing Windows apps easier, currently you just have to sign the executable yourself -which, in turn, will prevent triggering Windows smart screen warnings.

Here are some instructions on how to do it yourself:

http://stackoverflow.com/questions/252226/signing-a-windows-exe-file

rjsams · August 16, 2016, 9:00pm

Please read my full question. I WAS trying trying to sign it myself since UE4 doesn’t do this, and the windows tool reports the .exe produced by the UE4 build system as invalid. I can sign a .exe produced normally in VS 2015 with exactly the same steps.

Something the UE4 build system is doing is producing a .exe which is rejected by the windows SignTool.

anonymous_user_bcdd396d · August 16, 2016, 9:10pm

Reviewing the initial question, I see that the project was packaged as “shipping” for Windows 64 and the error is: “SignTool Error: SignedCode::Sign returned error: 0x800700C1 %1 is not a valid Win32 application.”

I would look at that first, perhaps testing with a Windows 32 build to see if you get the same error.

rjsams · August 16, 2016, 9:46pm

I just build both test x64 and x86 test binaries and signed them. The the Signtool and command line is working for both.

Just to be complete, I packaged a 32bit version and I get the exact same error.

I’ve also tried both the x64 and x86 version of the SignTool.

anonymous_user_bcdd396d · August 18, 2016, 2:44pm

Another user has been able to set up Code Signing for their own builds but they had to modify the SigningIdentity in CommandUtils.cs in order to accomplish this. So, while it can be done, we do not technically support this and will not until this functionality is officially added to the Engine.

-.

solarisx · July 10, 2017, 12:29pm

Hi , can you give more information about the modification of CommandUtils.cs please? Do I have to build the Unreal engine from source?

Anyone how is looking for a intermediate solution, without pre-requirements check, see
Why does windows signtool report packaged .exe as invalid?

Not being able to sign a project is a real issue for professional work!

Greets solarsix

Nonlin · January 8, 2021, 3:56pm

I managed to tweak commandUtils.cs to get the automation tool to sign for me but it looks like the native Epic code will sign the EXE inside the Binaries folder but the main launch EXE that also installs/checks for requirements does not get signed.

For clarity I think that is the issue people are having when they get the 0x800700C1 error, it is with the main EXE in the root of the packaged folder, not the exe inside the binaries folder of the packaged game as that gets signed with the code sign tool by microsoft.

Nonlin · January 8, 2021, 3:57pm

I did manage to get the AutomationTool to sign for me but it still doesn’t sign the EXE in the root folder of the packaged game just the EXE inside the binaries folder. For clarity which are you talking about? By any chance if you have solved your issue what did you do to solve it?

EveryGoodWork · June 25, 2021, 5:25am

SOLVED: I was able to reproduce the 0x800700C1 signtool error with the production build of both UE4 & UE5, then resolve it by using the source code builds. For some reason beyond my technical understanding, the source code version of UE produces a BootstrapPackagedGame exe that is able to be signed using the signtool. I was using a new EV Cert from Comodo and the now signed game no longer causes the Windows Defender Unknown application error!
This is my command line for signature for reference:
“C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\signtool.exe” sign /a /n “Every Good Work, Inc.” /t “http://timestamp.sectigo.com/” “C:\Projects\UE5\Jigsaw\Build\Windows\Jigsaw.exe”
Signed version of the UE5 game: Jigsaw v1.3 - updated with prerequisites installer by Peter Hammond