Skip to content

Fixed Bad exe issue#2668

Merged
jainakanksha-msft merged 5 commits into
mainfrom
akkuFixBadExeIssue
Jul 6, 2026
Merged

Fixed Bad exe issue#2668
jainakanksha-msft merged 5 commits into
mainfrom
akkuFixBadExeIssue

Conversation

@jainakanksha-msft

Copy link
Copy Markdown
Member

This pull request addresses a critical issue with building Windows SEA executables by ensuring that any existing Authenticode signature is stripped from the copied Node.js binary before injecting the SEA blob. This prevents the production of corrupted or invalid .exe files during the build process.

Windows SEA Executable Build Fixes:

  • Introduced a new removeAuthenticodeSignature function in scripts/buildExe.js to programmatically remove any Authenticode signature from the Node.js binary before further modification.
  • Updated the build process in scripts/buildExe.js to invoke removeAuthenticodeSignature after copying the Node.js binary, ensuring the executable is in a clean state before resource injection.

Documentation:

  • Added a note in ChangeLog.md describing the fix for corrupted/bad Windows SEA .exe builds by stripping the Authenticode signature before injecting the SEA blob.

Copilot AI review requested due to automatic review settings July 6, 2026 17:39
@jainakanksha-msft jainakanksha-msft changed the title Akku fix bad exe issue Fixed Bad exe issue Jul 6, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request updates the Windows SEA executable build pipeline to avoid producing invalid/corrupted .exe outputs by stripping (or disabling) any existing Authenticode signature from the copied Node.js binary before injecting the SEA blob.

Changes:

  • Added a removeAuthenticodeSignature() helper to clear the PE security directory entry and (when possible) truncate the certificate table.
  • Updated the Windows SEA build flow to call removeAuthenticodeSignature() immediately after copying process.execPath to the release .exe.
  • Documented the fix in ChangeLog.md under “Upcoming Release”.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
scripts/buildExe.js Adds signature-stripping logic and wires it into the Windows SEA build sequence prior to rcedit and postject.
ChangeLog.md Notes the Windows SEA .exe corruption fix for the upcoming release notes.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread scripts/buildExe.js
Comment on lines +142 to +146
const bytes = fs.readFileSync(binaryPath);
const peOffset = bytes.readUInt32LE(0x3c);
const optionalHeaderStart = peOffset + 24;
const optionalHeaderMagic = bytes.readUInt16LE(optionalHeaderStart);

Comment thread scripts/buildExe.js
Comment on lines +164 to +169
if (certTableSize > 0 && certTableFileOffset + certTableSize === bytes.length) {
fs.writeFileSync(binaryPath, bytes.subarray(0, certTableFileOffset));
return;
}

fs.writeFileSync(binaryPath, bytes);
Copilot AI review requested due to automatic review settings July 6, 2026 17:59

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

Comment thread scripts/buildExe.js Outdated
Comment on lines +148 to +150
if (peOffset + 24 > bytes.length) {
throw new Error(`Invalid PE header offset ${peOffset} for file length ${bytes.length}: ${binaryPath}`);
}

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

Comment thread scripts/buildExe.js
Comment on lines +159 to +173
let dataDirectoryStart;
if (optionalHeaderMagic === 0x10b) {
dataDirectoryStart = optionalHeaderStart + 96;
} else if (optionalHeaderMagic === 0x20b) {
dataDirectoryStart = optionalHeaderStart + 112;
} else {
throw new Error(`Unsupported PE optional header magic: 0x${optionalHeaderMagic.toString(16)}`);
}

const securityDirectoryEntry = dataDirectoryStart + 8 * 4;
if (securityDirectoryEntry + 8 > bytes.length) {
throw new Error(
`PE security directory entry is out of range: offset=${securityDirectoryEntry}, fileLength=${bytes.length}`
);
}
@jainakanksha-msft jainakanksha-msft merged commit c9aa6ff into main Jul 6, 2026
42 of 43 checks passed
@jainakanksha-msft jainakanksha-msft deleted the akkuFixBadExeIssue branch July 6, 2026 18:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants