Page 1 of 1

Problems signing after using EV certificates

Posted: Fri Mar 09, 2018 3:25 am
by kimjw0820
hello,
I used it well as a code signing certificate.
However, an EV certificate is required for sys distribution.
so I received an EV certificate for madcodehook.sys distribution.

The win32 process is fine.
However, there is a windbg error in the metro process.

Is there a workaround?

windows 10 64bit.
madchook : 3.1.12

windbg message.

--

******************************************************************
* This break indicates this binary is not signed correctly: \Device\HarddiskVolume3\Program Files (x86)\kimjw0820\x64.dll
* and does not meet the system policy.
* The binary was attempted to be loaded in the process: \Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe
* This is not a failure in CI, but a problem with the failing binary.
* Please contact the binary owner for getting the binary correctly signed.
******************************************************************
Break instruction exception - code 80000003 (first chance)
fffff800`61765aca cc int 3


******************************************************************
* This break indicates this binary is not signed correctly: \Device\HarddiskVolume3\Program Files (x86)\kimjw0820\x64.dll
* and does not meet the system policy.
* The binary was attempted to be loaded in the process: \Device\HarddiskVolume3\Windows\System32\Windows.WARP.JITService.exe
* This is not a failure in CI, but a problem with the failing binary.
* Please contact the binary owner for getting the binary correctly signed.
******************************************************************
Break instruction exception - code 80000003 (first chance)
fffff800`61765aca cc int 3

Re: Problems signing after using EV certificates

Posted: Fri Mar 09, 2018 3:50 pm
by iconic
Edge and extensions for Edge (Pdf Reader) may expect the DLL to be signed by Microsoft in order to be correctly loaded. Maybe this is your problem?

--Iconic

Re: Problems signing after using EV certificates

Posted: Mon Mar 12, 2018 10:08 am
by madshi
Iconic could be right. Is your hook dll signed? Try signing it the same way you sign the driver, maybe it helps? I'm not completely sure, though.

Re: Problems signing after using EV certificates

Posted: Mon Mar 12, 2018 11:02 pm
by iconic
Blocking unwelcome code injection with Module Code Integrity
Starting with EdgeHTML 13, Microsoft Edge defends the user’s browsing experience by blocking injection of DLLs into the browser unless they are Windows components or signed device drivers. DLLs that are either Microsoft-signed, or WHQL-signed, will be allowed to load, and all others will be blocked. “Microsoft-signed” allows for Edge components, Windows components, and other Microsoft-supplied features to be loaded. WHQL (Windows Hardware Quality Lab) signed DLLs are device drivers for things like the webcam, some of which need to run in-process in Edge to work. For ordinary use, users should not notice any difference in Microsoft Edge.
Source: https://blogs.windows.com/msedgedev/201 ... integrity/

--Iconic

Re: Problems signing after using EV certificates

Posted: Tue Mar 13, 2018 8:29 am
by madshi
Good catch, thanks!

Re: Problems signing after using EV certificates

Posted: Wed Mar 14, 2018 2:24 am
by kimjw0820
oh thank you!
I decided to add it to the exclude list :)

Re: Problems signing after using EV certificates

Posted: Wed Mar 14, 2018 9:09 pm
by iconic
That's what I do too ;) *be it my own lib or Madshi's* Microsoft's Edge is a pain in the behind when it comes to this kind of stuff but I understand Microsoft's reasoning behind it after Internet Explorer (IE) was a security nightmare. Bypassing a lot of the security enhancements isn't hard however end-users could be left compromised and that's simply something I'll not ever negotiate even if it means my standard method for DLL injection is denied by it. Good call on your part

--Iconic

Re: Problems signing after using EV certificates

Posted: Wed Jun 27, 2018 1:19 pm
by ExPx
Hello iconic. Can you contact me.

Re: Problems signing after using EV certificates

Posted: Sun Jul 01, 2018 3:57 pm
by iconic
I prefer email correspondence. You can reach me @ bindshell <at> gmail <dot> com

--Iconic