[Solved] Troubles signing driver in win7

c++ / delphi package - dll injection and api hooking
Post Reply
Nash70
Posts: 14
Joined: Mon Jun 02, 2014 6:50 pm

[Solved] Troubles signing driver in win7

Post by Nash70 »

Hi everyone,

First of all congratulate you all for the great work! and sorry for my bad English.

I'm testing the driver signature HookProcessCreation example with window 7 64bit Home Premium and codehook 3.1.7.
Once configured the "configDrivers.bat" with paths, certificate name and AC "GlobalSign Root CA.crt" everything seems ok, no errors.
- The configuration madConfigDrv.exe Ok.
- The signature of the driver gives ok and can verify that it is signed on the properties.

However the dllinjector64.exe gives the error "driver loading failed"

this is the output of configDrivers:

Code: Select all

C:\projects\madCollection\madCodeHook\HookProcessCreation>configDrivers.bat
The following certificate was selected:
    Issued to: XXXXXXX
    Issued by: GlobalSign CodeSigning CA - SHA256 - G2
    Expires:   03/06/2015 18:08:56
    SHA1 hash: 32BB312209F6D042E9FB7C031F1974BF28B111BB

Done Adding Additional Store

Attempting to sign: DemoDriver32.sys
Successfully signed and timestamped: DemoDriver32.sys

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
The following certificate was selected:
    Issued to: XXXXXXX
    Issued by: GlobalSign CodeSigning CA - SHA256 - G2
    Expires:   03/06/2015 18:08:56
    SHA1 hash: 32BB312209F6D042E9FB7C031F1974BF28B111BB

Done Adding Additional Store

Attempting to sign: DemoDriver64.sys
Successfully signed and timestamped: DemoDriver64.sys

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
Last edited by Nash70 on Wed Jun 04, 2014 1:25 pm, edited 1 time in total.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Troubles signing driver in win7

Post by madshi »

Did you use the same signtool parameters as the original "configDrivers.bat" file (except replacing the certificate name with your own, of course)?

Did the original demo with the files compiled and signed by me work ok on the same PC?
Nash70
Posts: 14
Joined: Mon Jun 02, 2014 6:50 pm

Re: Troubles signing driver in win7

Post by Nash70 »

Hi madshi,

Your code runs fine -ofcourse-
And yes, i only change the name of the cert, download the mscross from http://go.microsoft.com/fwlink/?LinkId=321777 (Global sign)

The only difference I see is in ca name.
GlobalSign CodeSigning CA - SHA256 -G2 in my one and
GlobalSign CodeSigning CA -G2 in yours

this is the line in config.bat
@signtool.exe sign /ph /v /n "XXXXXXXXXXX" /ac mscross.cer /t http://timestamp.verisign.com/scripts/timestamp.dll /d "HookProcessCreation64" /du "www.madshi.net" DemoDriver64.sys

:confused:
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Troubles signing driver in win7

Post by madshi »

What happens if you use the driver that works (signed by me) and sign it another time yourself? I'm not sure but I think signtool should then replace my certificate with yours? Does the driver then still inject?
Nash70
Posts: 14
Joined: Mon Jun 02, 2014 6:50 pm

Re: Troubles signing driver in win7

Post by Nash70 »

re-signing the driver make the injection fail. I try to sign it with the tool from GlobalSign (without erros) with the same result, fail to inject.

you want test with the driver signed by me?
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Troubles signing driver in win7

Post by madshi »

I'm not sure what's going on there, but clearly there's a problem with your signing. I'm not sure which problem. I'm not really much of an expert with signing. It works for me, and usually, while some madCodeHook users have problems at first, they usually are always able to make it work somehow. Having me look at your signed driver won't do much good, because I don't really know what to look for.

Basically: If you can manage to sign *any* driver in a way that makes a x64 Microsoft OS load the driver, then it should also work for madCodeHook. The problem you're having has most probably nothing to do with madCodeHook, but simply with driver signing. You could try contacting GlobalSign support, maybe they can help. I wish there was anything I could do for you, but right now I don't know what... :sorry:
Nash70
Posts: 14
Joined: Mon Jun 02, 2014 6:50 pm

Re: Troubles signing driver in win7

Post by Nash70 »

ok thanks madshi, I'll contact globalsign support.
Nash70
Posts: 14
Joined: Mon Jun 02, 2014 6:50 pm

Re: Troubles signing driver in win7

Post by Nash70 »

solved, for the docu!

win7 does not support sha-256 :sceptic: (waiting for a patch) for kernel drivers!!!!

solution: Reissue the cert as sha-1.

now i can sign the driver!
Last edited by Nash70 on Wed Jun 04, 2014 2:09 pm, edited 1 time in total.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: [Solved] Troubles signing driver in win7

Post by madshi »

Good to know!
Post Reply