Problems signing after using EV certificates

c++ / delphi package - dll injection and api hooking

Problems signing after using EV certificates

Postby kimjw0820 » Fri Mar 09, 2018 3:25 am

hello,
I used it well as a code signing certificate.
However, an EV certificate is required for sys distribution.
so I received an EV certificate for madcodehook.sys distribution.

The win32 process is fine.
However, there is a windbg error in the metro process.

Is there a workaround?

windows 10 64bit.
madchook : 3.1.12

windbg message.

--

******************************************************************
* This break indicates this binary is not signed correctly: \Device\HarddiskVolume3\Program Files (x86)\kimjw0820\x64.dll
* and does not meet the system policy.
* The binary was attempted to be loaded in the process: \Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe
* This is not a failure in CI, but a problem with the failing binary.
* Please contact the binary owner for getting the binary correctly signed.
******************************************************************
Break instruction exception - code 80000003 (first chance)
fffff800`61765aca cc int 3


******************************************************************
* This break indicates this binary is not signed correctly: \Device\HarddiskVolume3\Program Files (x86)\kimjw0820\x64.dll
* and does not meet the system policy.
* The binary was attempted to be loaded in the process: \Device\HarddiskVolume3\Windows\System32\Windows.WARP.JITService.exe
* This is not a failure in CI, but a problem with the failing binary.
* Please contact the binary owner for getting the binary correctly signed.
******************************************************************
Break instruction exception - code 80000003 (first chance)
fffff800`61765aca cc int 3
kimjw0820
 
Posts: 22
Joined: Fri Sep 11, 2015 1:54 am

Re: Problems signing after using EV certificates

Postby iconic » Fri Mar 09, 2018 3:50 pm

Edge and extensions for Edge (Pdf Reader) may expect the DLL to be signed by Microsoft in order to be correctly loaded. Maybe this is your problem?

--Iconic
iconic
 
Posts: 839
Joined: Wed Jun 08, 2005 5:08 am

Re: Problems signing after using EV certificates

Postby madshi » Mon Mar 12, 2018 10:08 am

Iconic could be right. Is your hook dll signed? Try signing it the same way you sign the driver, maybe it helps? I'm not completely sure, though.
madshi
Site Admin
 
Posts: 9774
Joined: Sun Mar 21, 2004 5:25 pm

Re: Problems signing after using EV certificates

Postby iconic » Mon Mar 12, 2018 11:02 pm

Blocking unwelcome code injection with Module Code Integrity
Starting with EdgeHTML 13, Microsoft Edge defends the user’s browsing experience by blocking injection of DLLs into the browser unless they are Windows components or signed device drivers. DLLs that are either Microsoft-signed, or WHQL-signed, will be allowed to load, and all others will be blocked. “Microsoft-signed” allows for Edge components, Windows components, and other Microsoft-supplied features to be loaded. WHQL (Windows Hardware Quality Lab) signed DLLs are device drivers for things like the webcam, some of which need to run in-process in Edge to work. For ordinary use, users should not notice any difference in Microsoft Edge.


Source: https://blogs.windows.com/msedgedev/201 ... integrity/

--Iconic
iconic
 
Posts: 839
Joined: Wed Jun 08, 2005 5:08 am

Re: Problems signing after using EV certificates

Postby madshi » Tue Mar 13, 2018 8:29 am

Good catch, thanks!
madshi
Site Admin
 
Posts: 9774
Joined: Sun Mar 21, 2004 5:25 pm

Re: Problems signing after using EV certificates

Postby kimjw0820 » Wed Mar 14, 2018 2:24 am

oh thank you!
I decided to add it to the exclude list :)
kimjw0820
 
Posts: 22
Joined: Fri Sep 11, 2015 1:54 am

Re: Problems signing after using EV certificates

Postby iconic » Wed Mar 14, 2018 9:09 pm

That's what I do too ;) *be it my own lib or Madshi's* Microsoft's Edge is a pain in the behind when it comes to this kind of stuff but I understand Microsoft's reasoning behind it after Internet Explorer (IE) was a security nightmare. Bypassing a lot of the security enhancements isn't hard however end-users could be left compromised and that's simply something I'll not ever negotiate even if it means my standard method for DLL injection is denied by it. Good call on your part

--Iconic
iconic
 
Posts: 839
Joined: Wed Jun 08, 2005 5:08 am

Re: Problems signing after using EV certificates

Postby ExPx » Wed Jun 27, 2018 1:19 pm

Hello iconic. Can you contact me.
ExPx
 
Posts: 14
Joined: Fri Oct 21, 2016 3:20 pm

Re: Problems signing after using EV certificates

Postby iconic » Sun Jul 01, 2018 3:57 pm

I prefer email correspondence. You can reach me @ bindshell <at> gmail <dot> com

--Iconic
iconic
 
Posts: 839
Joined: Wed Jun 08, 2005 5:08 am


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 4 guests