577 occurs when calling LoadInjectionDriver in Windows 7-x64

c++ / delphi package - dll injection and api hooking
Post Reply
power888
Posts: 54
Joined: Sat May 23, 2009 8:55 am

577 occurs when calling LoadInjectionDriver in Windows 7-x64

Post by power888 »

Hi

I have use madCHook 4.1.2 version.

After I created the driver file (sys), I signed it with SHA 256 + Microsoft Sign (SHA 256), (There is no SHA 1)

In this case, error 577 occurs when calling LoadInjectionDriver in Windows 7-x64.

(For Windows 7-x64/SP1, KB4474419 and KB4490628 for SHA2 sign recognition are updated.
Therefore, no error occurs when installing other Anti-Vaccine product like as BitDefender, etc.)

On WIndows 10-x64, this driver is well loaded.

What should I do?
Please help.
madshi
Site Admin
Posts: 10528
Joined: Sun Mar 21, 2004 5:25 pm

Re: 577 occurs when calling LoadInjectionDriver in Windows 7-x64

Post by madshi »

Personally, I'm always double signing with SHA1 first, then SHA2. That seems to make both Windows 7 and Windows 10/11 happy.
power888
Posts: 54
Joined: Sat May 23, 2009 8:55 am

Re: 577 occurs when calling LoadInjectionDriver in Windows 7-x64

Post by power888 »

Hi madshi

Thank you for your reply.
But , SHA1 certification is not possible now because the SHA1 certificate is not provided by the vendor (DigiCert, GlobalSign, etc).
madshi
Site Admin
Posts: 10528
Joined: Sun Mar 21, 2004 5:25 pm

Re: 577 occurs when calling LoadInjectionDriver in Windows 7-x64

Post by madshi »

Argh, after double checking this, I found this:

https://support.globalsign.com/code-sig ... mestamping

Seems that the only way to make older OSs happy is by using an EV certificate and using the MS Dev Portal. I'd suggest that you ask GlobalSign support how to make that work exactly.

Please understand that this is general code signing issue, and not specific to madCodeHook. If you had your own kernel mode driver, you'd have the same problem. It's not madCodeHook which has such weird code signing requirements, but it's the OS itself. I wish there'd be something I could do to help, but in the end, Microsoft defines the rules... :sorry:
madshi
Site Admin
Posts: 10528
Joined: Sun Mar 21, 2004 5:25 pm

Re: 577 occurs when calling LoadInjectionDriver in Windows 7-x64

Post by madshi »

I did find this, not sure if it's helpful:

https://support.ksoftware.net/support/s ... tificates-

"We can provide new SHA-1 certificate for use specifically with legacy systems"
power888
Posts: 54
Joined: Sat May 23, 2009 8:55 am

Re: 577 occurs when calling LoadInjectionDriver in Windows 7-x64

Post by power888 »

Hi madshi

I tried it, but to no avail.
I'm using madCHook 4.1.2.

Currently, the sys file is digital signed with SHA 256 EV Sign and MS Hardware sign,
(There is no SHA1.)
madshi
Site Admin
Posts: 10528
Joined: Sun Mar 21, 2004 5:25 pm

Re: 577 occurs when calling LoadInjectionDriver in Windows 7-x64

Post by madshi »

Can you please ask GlobalSign support about that? It's really their job (and Microsoft's) to find a way to make older OSs happy. I wish I could help, but my hands are tied, unfortunately.
power888
Posts: 54
Joined: Sat May 23, 2009 8:55 am

Re: 577 occurs when calling LoadInjectionDriver in Windows 7-x64

Post by power888 »

Hi madshi.

Thank you for your support.
Yes. I think so, I will ask it GlobalSign or Microsoft
and if I get answer, I will let you know.

Thank you again
madshi
Site Admin
Posts: 10528
Joined: Sun Mar 21, 2004 5:25 pm

Re: 577 occurs when calling LoadInjectionDriver in Windows 7-x64

Post by madshi »

Thanks, that'd be great!
iconic
Site Admin
Posts: 1028
Joined: Wed Jun 08, 2005 5:08 am

Re: 577 occurs when calling LoadInjectionDriver in Windows 7-x64

Post by iconic »

power888,

Without a SHA-1 signature on your binary Windows 7 x64 will never be happy. That's the easiest way that it can be stated unfortunately :? Microsoft phased out SHA-1 for security reasons and the CA's (Cert Authorities) carried on with SHA-1 until they could not any longer. Some devs grabbed a SHA-1 cert at the last minute and had it renewed for 3 - 5 years, but only if you're one of the lucky ones to do so. It's unfortunate but we are also talking about an OS version that is rather ancient, the grandson of XP and son of Vista so Microsoft started to enforce SHA-2 as of Windows 8.

--Iconic
Post Reply