-
Notifications
You must be signed in to change notification settings - Fork 18
Command Line Options
The Authenticode Lint tool is a command line utility that uses command line options to define its behavior, inputs, and outputs.
The command line arguments are structured such that an arguments name always begins with a single dash, -, followed by its name. A command line argument may have a value. A value is specified by placing one or more white space marks after the name. An argument may or may not require a value depending on which argument it is.
-name1 [value1] -name2 [value2]
Values may be enclosed in quotes if the value contains white space.
-name "some value"
Without the quotes, it would be interpreted as an incorrect command line argument because a parameter name would be expected immediately after "some". Quotes inside of quoted values can be escaped with a backslash \ character. For example:
-name "some \"quoted\" value"
Backslashes themselves can be escaped with another backslash while immediately preceding a quote so that \\" is interpreted as \".
The order which arguments are specified does not matter.
If zero command line arguments are specified, the behavior is exactly identical as specifying -help.
Prints the usage of the command line to standard out. Note that the exit code when specifying -help is the value for "invalid input" rather than success. This is to prevent automated tooling from interpreting the result as success (0) if the automated tool mistakenly passes zero command line arguments.
Any other command line arguments specified are ignored if -help is specified.
This command line argument does not require any value and any value specified will be ignored.
A list of comma separated Rule IDs to ignore. If a rule ID is suppressed, the rule is not run, however the rule will still appear in any output as "skipped" rather than not appearing at all.
Rule IDs are specified as the value to the command line argument. If no value is specified, it is treated as invalid input.
Example:
-suppress 10000,10001,10010
No spaces should appear between the IDs. If an ID is specified that is invalid, such as an ID that does not map to a rule, it is treated as invalid input.
Duplicate IDs are ignored.
Prevents printing to stdout. Note that invalid input or configuration is written to stderr and -quiet does not affect stderr. That is, if the command line specified is done in such as way that would prevent the checks from running, such as an invalid rule ID for -suppress, the errors are still written to stderr.
Using -q is a synonym for -quiet.
This argument must not be specified with a value. Specifying a value will be treated as invalid input.
An argument with a value to the binary to run the lint checks on. The value follows the quoting rules as specified above. For example:
-in "C:\path to an\executable.exe"
or
-in C:\quotes\not\required\if\no\spaces.exe
The value may also support a Windows-style wildcard pattern in the file name:
-in "C:\filestocheck\*.exe"
If the file name is not a wild card pattern, that it is treated as a literal file and it is expected to exist on-disk.
If the file name is a wild card pattern, at least one file must match the pattern or it will be treated as Invalid Input.
The -in argument can be specified multiple times.
There is no explicit guarantee which order the files are processed if more than one is specified.
Extracts information from the signed file back to the file system. The value specifies the directory where the information will be extracted.
This is useful when combined with the -verbose option. Each directory under the specified extraction directory is the name of the file being linted. Under that directory is the hash of the signature as displayed in the verbose output.
If a command line argument is specified with an unknown name it is treated as invalid input. The value for the argument is ignored for unknowns.
authlint.exe -in "C:\my path\tool.exe"
authlint.exe -in "C:\my path\tool.exe" -suppress 10001 -q
authlint.exe -help
authlint.exe -in "C:\my path\tool.exe" -verbose -extract "C:\outputPath"