How to Test that a Windows CodeSign Certificate Valid (unaltered file)

How can I have my XoJo App test the Windows CodeSign Certificate to know that the App has not been altered. When I CodeSign my App, its Properties Certificate status is OK. If I hex edit the App and change a single byte, the Certificate for the App now states Invalid (due to the checksum error). Still, the App loads and runs. Rather than hope a user checks the Property - Digital Signature, I need the App to test its status to either run or indicate that its been altered and refuse to run.

Sorry for the delay Larry, I’ve been taking a break from this place.

Here’s some C code that should do what you need, it should be pretty straight forward to move it over to xojo.

Example C Program: Verifying the Signature of a PE File - Win32 apps | Microsoft Docs

However if someone is in a position to edit your exe, they could just change the check on this to pass the test. If you however want to use it to check a download prior to update for example then it should be ok, but you could just md5 check that against a known value. Chicken and egg, but I’m no security expert so your mileage may vary.