I want to support older Windows versions, but non updated 7 and pre 7 operating systems do not support sha256 code signing, so they cannot detect that the executable/file is properly digitally signed.

My questions are:

1. How can i check if a system has this update (KB4474419) installed, or basically check if it supports sha256, without causing false positives (for example detecting new windows 10 machines as not having the update by mistake)

2. How to install this update in the background, without user knowing, and check if installation was successful (in order to see if we should restart the machine or not, in case it was successful) ?

(I want to implement it using c/c , so native windows APIs are available to solve this)

CodePudding user response：

WUA defines interfaces and objects that are accessible from Visual Basic, Visual Basic Scripting Edition (VBScript), JScript, and from C and C .

I suggest you could try to use wuapi.h header. This header is used by Windows Update Agent API. And there are some COM interfaces that can be used from C .