Signing help
Posted: Thu Jan 05, 2017 6:06 pm
I'm a long-time madshi hook user, but this is my first foray into Windows 10 and I'm not having luck trying to sign/run the DemoDriver for HookProcessCreation.
I don't expect Madshi himself to be able to answer my question, it's more for others who have previously failed.
I downloaded and tried his PrintMonitor, and it works. But me compiling/signing HooKProcessCreation does not. So it's a user problem.
To start with, I have a globalsign EV certificate with dongle and the latest 4.x code from MadShi and Delphi 10.1.
I've compiled the HookProcessCreation binaries, and followed the example "config drivers and sign everything" but am having problems with it. Signtool distributed with Win10 doesn't support the options in that batch file, eg /t so I've followed GlobalSign's web pages, but still have no success. DllInjector fails to load the device driver.
Here's my test signing with the parameters suggested by globalsign
D:\mad>"C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool" sign /ph /v /a /tr http://timestamp.globalsign.com/scripts/timestamp.dll /td SHA256 /ac n:r1cross.cer demodriver64.sys
The following certificate was selected:
Issued to: University of Waterloo
Issued by: GlobalSign Extended Validation CodeSigning CA - SHA256 - G2
Expires: Fri Feb 08 09:40:49 2019
SHA1 hash: 15DD8072F09DD489FD329DD6551A571EB8414CEC
Cross certificate chain (using machine store):
Issued to: GlobalSign Root CA
Issued by: GlobalSign Root CA
Expires: Fri Jan 28 07:00:00 2028
SHA1 hash: B1BC968BD4F49D622AA89A81F2150152A41D829C
Issued to: GlobalSign
Issued by: GlobalSign Root CA
Expires: Mon Mar 18 05:00:00 2019
SHA1 hash: 4765557AF418C68A641199146A7E556AA8242996
Issued to: GlobalSign Extended Validation CodeSigning CA - SHA256 - G2
Issued by: GlobalSign
Expires: Fri Aug 02 05:00:00 2019
SHA1 hash: 4F5EA6A9E4BA30A4575DEAD4E4E9D3B2DA66EA7B
Issued to: University of Waterloo
Issued by: GlobalSign Extended Validation CodeSigning CA - SHA256 - G2
Expires: Fri Feb 08 09:40:49 2019
SHA1 hash: 15DD8072F09DD489FD329DD6551A571EB8414CEC
Done Adding Additional Store
Successfully signed: DemoDriver64.sys
Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
I've only done SHA256 because I only need Win10 compatibility at this point. I don't see Microsoft listed anywhere in the chain, could that be the problem?
I've been trying things all day, this seemed the closest to a solution so far.
Thanks for any suggestions,
Erick
I don't expect Madshi himself to be able to answer my question, it's more for others who have previously failed.
I downloaded and tried his PrintMonitor, and it works. But me compiling/signing HooKProcessCreation does not. So it's a user problem.
To start with, I have a globalsign EV certificate with dongle and the latest 4.x code from MadShi and Delphi 10.1.
I've compiled the HookProcessCreation binaries, and followed the example "config drivers and sign everything" but am having problems with it. Signtool distributed with Win10 doesn't support the options in that batch file, eg /t so I've followed GlobalSign's web pages, but still have no success. DllInjector fails to load the device driver.
Here's my test signing with the parameters suggested by globalsign
D:\mad>"C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool" sign /ph /v /a /tr http://timestamp.globalsign.com/scripts/timestamp.dll /td SHA256 /ac n:r1cross.cer demodriver64.sys
The following certificate was selected:
Issued to: University of Waterloo
Issued by: GlobalSign Extended Validation CodeSigning CA - SHA256 - G2
Expires: Fri Feb 08 09:40:49 2019
SHA1 hash: 15DD8072F09DD489FD329DD6551A571EB8414CEC
Cross certificate chain (using machine store):
Issued to: GlobalSign Root CA
Issued by: GlobalSign Root CA
Expires: Fri Jan 28 07:00:00 2028
SHA1 hash: B1BC968BD4F49D622AA89A81F2150152A41D829C
Issued to: GlobalSign
Issued by: GlobalSign Root CA
Expires: Mon Mar 18 05:00:00 2019
SHA1 hash: 4765557AF418C68A641199146A7E556AA8242996
Issued to: GlobalSign Extended Validation CodeSigning CA - SHA256 - G2
Issued by: GlobalSign
Expires: Fri Aug 02 05:00:00 2019
SHA1 hash: 4F5EA6A9E4BA30A4575DEAD4E4E9D3B2DA66EA7B
Issued to: University of Waterloo
Issued by: GlobalSign Extended Validation CodeSigning CA - SHA256 - G2
Expires: Fri Feb 08 09:40:49 2019
SHA1 hash: 15DD8072F09DD489FD329DD6551A571EB8414CEC
Done Adding Additional Store
Successfully signed: DemoDriver64.sys
Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
I've only done SHA256 because I only need Win10 compatibility at this point. I don't see Microsoft listed anywhere in the chain, could that be the problem?
I've been trying things all day, this seemed the closest to a solution so far.
Thanks for any suggestions,
Erick