Resources | Resources |



Signature checking for dynamic modules

All dynamic modules must pass a signature check before information contained within them may be accessed by a caller, this includes any information in the MIF. The first time a caller requests information that resides in a particular module's MIF, a signature check is performed. Later, if the module file is to be loaded, another check takes place on the MOD. If either of these checks fail, the module is removed from the module database. A module that has been removed no longer shows up when calling QueryClass, GetSysRscs, etc. and its handle is not given out. If a caller already knows the handle of the removed module, the caller can access that module's information directly using the handle. This is done so that callers can inquire about what was in the removed module to perform their own cleanup.

Static hashes are an alternative to a signature file that allow hashes of dynamic modules to be compiled into OS Services and used to verify the modules.

For more information on digital signatures, see Code Authorization on Brew MP through Digital Signing in on the Brew MP website.