I have Madshi divers which i am using for the system level injection, these drivers are not getting loaded in case of Windows 10 Anniversary or version 1607.
As per this version Microsoft signature would be required by Win10 to load kernel-mode drivers in the SECURE BOOT mode. To get that signature, you have to sign a submission using an Extended Validation (EV) Code Signing Certificate and upload your driver package to the Microsoft SysDev portal. You do not need to run or pass any Microsoft certification, logo, or compatibility tests. You just need to sign your driver appropriately, agree to some conditions, and submit your package to Microsoft via SysDev for signature. This procedure is called “attestation signing” because when you upload you declare (that is “attest”) that you’ve tested the driver, will monitor sysdev for driver problems, and will fix any issues that are reported.
I have done all the above procedure and and still my drivers are not being loaded.
madCodeHook itself doesn't really have any special requirements. If the OS is happy, then madCodeHook is happy. So if the driver doesn't load, it must be a problem with the OS not being happy with the driver file somehow, which is most likely due to the signature. It's pretty hard for me to diagnose such problems. How can we find out what exactly the OS is unhappy with?
I ran the command msinfo32 on the system and found out the following Device Guard properties...
Device Guard Required Security Properties - Base Virtualization Support,Secure Boot
Device Guard Available Security Properties - Base Virtualization Support,Secure Boot,DMA Potection,UEFI Code Readonly
Device Guard Security Services Configured - Credential Guard,Hypervisor enforced code intergity
Device Guard Security Services Running - Credential Guard,Hypervisor enforced code intergity
As i figured out that the issue is not with the signing of the drivers,so i don't seem to understand what's exactly the OS is unhappy with?
I wish I knew how to solve this problem, but I really don't. I don't really have any more information about this than you have. I think your best bet is to contact either Microsoft or your certificate provider, and ask them why the OS doesn't like the driver.
If you want to double check if the problem is specific to the madCodeHook driver or not, you can try one of the many CodeProject projects which deal with drivers, e.g. a quick google search showed me these:
https://www.codeproject.com/Articles/60 ... ce-Drivers
https://www.codeproject.com/Articles/20 ... -execution
What I can say is that there are a couple of madCodeHook users who I know have it working with Secure Boot enabled. So it seems unlikely to me that it could be a madCodeHook specific problem.
So what can be done to load the drivers if Device guard is enabled in the secure boot mode, as I double checked the signature, the issue is not with the signing.
http://madshi.net/madCollection.exe (installer 188.8.131.52)
Do you have any further detail on the HLK changes. We've been passing the HLK test with version 4.0.2 for a while now and have had Microsoft sign the driver.