About sign and Event Viewer message of 6281
Posted: Tue May 12, 2015 1:59 am
Hi..
I have question.
I had used madCHook 3.1.8,
and about signing driver and dll, it's worked well.. (worked well for hooking several API)
But very often, [security] of Event-Viewer display following message for every test machine.
Event ID : 6281
Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error
I had used following method to link sys and dll, and for signing driver.
(I used signing for dll too, and of course before madConfigDrv, first signing dll))
"madConfigDrv.exe" myDrv.sys myDrv myDll01.Dll myDll02.Dll myDll03.Dll ... -unsafeStopAllowed
"madConfigDrv.exe" myDrv64.sys myDrv myDll01.Dll myDll01-64.Dll myDll02.Dll myDll02-64.Dll myDll03.Dll ... -unsafeStopAllowed
C:\WinDDK\..\x86\Signtool sign /ph /v /ac xxx.crt /s my /n "xxx" /t http://timestamp.verisign.com/scripts/timestamp.dll myDrv.sys myDrv64.sys
** Message of [security] of Event-Viewer
for x86 : display 6281 error for dlls related madCHook (don't displayed sys file)
namely : myDll01.Dll myDll02.Dll myDll03.Dll
for x64 : display 6281 error for dlls related madCHook (don't displayed sys file)
BTW, in x64, only dislapy 64 dll (not display 32 dll)
namely : myDll01-64.Dll myDll02-64.Dll myDll03-64.Dll
But Dll/Sys is worked well
Is there any method to solve ?
I have question.
I had used madCHook 3.1.8,
and about signing driver and dll, it's worked well.. (worked well for hooking several API)
But very often, [security] of Event-Viewer display following message for every test machine.
Event ID : 6281
Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error
I had used following method to link sys and dll, and for signing driver.
(I used signing for dll too, and of course before madConfigDrv, first signing dll))
"madConfigDrv.exe" myDrv.sys myDrv myDll01.Dll myDll02.Dll myDll03.Dll ... -unsafeStopAllowed
"madConfigDrv.exe" myDrv64.sys myDrv myDll01.Dll myDll01-64.Dll myDll02.Dll myDll02-64.Dll myDll03.Dll ... -unsafeStopAllowed
C:\WinDDK\..\x86\Signtool sign /ph /v /ac xxx.crt /s my /n "xxx" /t http://timestamp.verisign.com/scripts/timestamp.dll myDrv.sys myDrv64.sys
** Message of [security] of Event-Viewer
for x86 : display 6281 error for dlls related madCHook (don't displayed sys file)
namely : myDll01.Dll myDll02.Dll myDll03.Dll
for x64 : display 6281 error for dlls related madCHook (don't displayed sys file)
BTW, in x64, only dislapy 64 dll (not display 32 dll)
namely : myDll01-64.Dll myDll02-64.Dll myDll03-64.Dll
But Dll/Sys is worked well
Is there any method to solve ?