LoadInjectionDriver returns 577
LoadInjectionDriver returns 577
Hello,
This issue is not about MadCodeHook, but I really need help.
I cannot successfully load driver with LoadInjectionDriver on Win7 64.
I copied "renameme32.sys" and "renameme64.sys" and signed by following command with my GlobalSign Certificate(SHA256 only).
signtool sign /v /ac "GlobalSign Root CA R3.crt" /a /n "common name" /tr http://rfc3161timestamp.globalsign.com/advanced /td sha256 MyDriver32.sys
signtool sign /v /ac "GlobalSign Root CA R3.crt" /a /n "common name" /tr http://rfc3161timestamp.globalsign.com/advanced /td sha256 MyDriver64.sys
# common name was changed to mine
To verify the files with "signtool verify /kp" and "/pa" showed no error.
What should I check to sign correctly ?
PrintMomnitor works fine on same machine. But once I signed with my certificate, it didn't work.
Regards,
Nobuo Miwa
This issue is not about MadCodeHook, but I really need help.
I cannot successfully load driver with LoadInjectionDriver on Win7 64.
I copied "renameme32.sys" and "renameme64.sys" and signed by following command with my GlobalSign Certificate(SHA256 only).
signtool sign /v /ac "GlobalSign Root CA R3.crt" /a /n "common name" /tr http://rfc3161timestamp.globalsign.com/advanced /td sha256 MyDriver32.sys
signtool sign /v /ac "GlobalSign Root CA R3.crt" /a /n "common name" /tr http://rfc3161timestamp.globalsign.com/advanced /td sha256 MyDriver64.sys
# common name was changed to mine
To verify the files with "signtool verify /kp" and "/pa" showed no error.
What should I check to sign correctly ?
PrintMomnitor works fine on same machine. But once I signed with my certificate, it didn't work.
Regards,
Nobuo Miwa
Re: LoadInjectionDriver returns 577
Doesn't Windows 7 need a hotfix to support SHA256 signatures? I'm not sure right now. Does your driver load fine in Windows 8.1 and 10?
Personally, I'm dual signing, first with SHA1, afterwards with SHA256. You can see how I'm doing that in the "configDrivers.bat" shipping with the latest PrintMonitor demo.
I also vaguely remember that I had trouble getting SHA256 to work at all. IIRC, I had contacted GlobalSign customer support about that a couple years back and they sent me some root certificate I had to install to make it work. But it's so long ago that I don't remember the details. You could try asking GlobalSign customer support about it.
Personally, I'm dual signing, first with SHA1, afterwards with SHA256. You can see how I'm doing that in the "configDrivers.bat" shipping with the latest PrintMonitor demo.
I also vaguely remember that I had trouble getting SHA256 to work at all. IIRC, I had contacted GlobalSign customer support about that a couple years back and they sent me some root certificate I had to install to make it work. But it's so long ago that I don't remember the details. You could try asking GlobalSign customer support about it.
Re: LoadInjectionDriver returns 577
Hi,
I talked with GlobalSign, but they said "Collect signed" only.
Could you give me the information of which Windows API returns 577 ?
Is it StartService() ?
Any hint welcome.
I talked with GlobalSign, but they said "Collect signed" only.
Could you give me the information of which Windows API returns 577 ?
Is it StartService() ?
Any hint welcome.
Re: LoadInjectionDriver returns 577
Not sure what "collect signed" means.
It's usually the NtLoadDriver API which fails, when you call LoadInjectionDriver. Or CreateService or maybe StartService when you call InstallInjectionDriver.
It's usually the NtLoadDriver API which fails, when you call LoadInjectionDriver. Or CreateService or maybe StartService when you call InstallInjectionDriver.
Re: LoadInjectionDriver returns 577
Yes, Windows 7 SP1 update KB2949927 hotfix is what would be required to support SHA-256 however I'm not 100% certain that Microsoft ever corrected the issue because after releasing it they realized it was botched (creating serious issues) and then recommended users NOT to install it or use the rollback OS feature. What a mess!Doesn't Windows 7 need a hotfix to support SHA256 signatures
--Iconic
Re: LoadInjectionDriver returns 577
Yes, what a mess! But I think dual signing with both SHA1 + SHA256 should work around the issue nicely, shouldn't it?
Re: LoadInjectionDriver returns 577
Yes, definitely should. For those who don't have a SHA-1 cert however, it's a different story for them
--Iconic
--Iconic