PC Review


Reply
Thread Tools Rate Thread

Modify Driver INF

 
 
Bjoern Wolfgardt
Guest
Posts: n/a
 
      1st Oct 2004
Hi NG,

I hate drivers that bring extra tools with them, like ATI Video Cards or
some Sound Drivers. Now I want to modify the INF File to delete the Registry
Entry. I also want to restructure the driver file layout (put all files
execpt cat and inf to a subfolder).
I know that I break the CAT file and the signatur than (if there is any). So
I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe to
sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify tells
me that the CAT file ist signed.
I added my ROOT Certificate to a test machine (trusted CAs store) and my
CodeSigning Vertificate also (as trusted publisher).
If I now try to update the Driver it is still shown as not signed. I do this
on an installed machine at the desktop. I try to update the driver and
select the inf file.

I also tried it on a RIPREP Image:
The Problem is that I have to modify the file structure and delete some reg
keys. I have to add the drivers to a RIPREP Image. I also disabled driver
signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
the setupapi.log that tells me that the driver is blocked:

[2004/09/29 16:28:15 520.92 Driver Install]
#-019 Searching for hardware ID(s):
pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
#-018 Searching for compatible ID(s):
pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pci\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
#-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
#I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver: "SigmaTel
C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
"_00011179".
#I087 Driver node not trusted, rank changed from 0x00000001 to 0x00008001.
#I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
driver date: 07/17/2003.
#-166 Device install function: DIF_SELECTBESTCOMPATDRV.
#I063 Selected driver installs from section [_00011179] in
"c:\drivers\stac97.inf".
#I320 Class GUID of device remains: {4D36E96C-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
#I058 Selected best compatible driver.
#-166 Device install function: DIF_INSTALLDEVICEFILES.
#I124 Doing copy-only install of
"PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
#-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
#E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
driver "SigmaTel C-Major Audio" blocked (server install). Error 0xe000022f:
Die INF-Datei des Drittanbieters enthält keine Digitalsignaturinformationen.
#E122 Device install failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.
#E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.

(Sorry for the german Log)

As far as I have read, server install needs signed drivers. This test didn't
had the certificates installed.

So pls, if anyone has some hints, pls let me know.

cu and thx in advance...
Bjoern


 
Reply With Quote
 
 
 
 
Gary G. Little
Guest
Posts: n/a
 
      1st Oct 2004
You take a signed driver, replace the WHQL certificates with nothing more
than a code-signing certificate, munge the hell out of the INF file, and you
wonder what is wrong?

--
The personal opinion of
Gary G. Little

"Bjoern Wolfgardt" <(E-Mail Removed)> wrote in message
news:eUmZSP%(E-Mail Removed)...
> Hi NG,
>
> I hate drivers that bring extra tools with them, like ATI Video Cards or
> some Sound Drivers. Now I want to modify the INF File to delete the

Registry
> Entry. I also want to restructure the driver file layout (put all files
> execpt cat and inf to a subfolder).
> I know that I break the CAT file and the signatur than (if there is any).

So
> I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe

to
> sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify

tells
> me that the CAT file ist signed.
> I added my ROOT Certificate to a test machine (trusted CAs store) and my
> CodeSigning Vertificate also (as trusted publisher).
> If I now try to update the Driver it is still shown as not signed. I do

this
> on an installed machine at the desktop. I try to update the driver and
> select the inf file.
>
> I also tried it on a RIPREP Image:
> The Problem is that I have to modify the file structure and delete some

reg
> keys. I have to add the drivers to a RIPREP Image. I also disabled driver
> signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
> the setupapi.log that tells me that the driver is blocked:
>
> [2004/09/29 16:28:15 520.92 Driver Install]
> #-019 Searching for hardware ID(s):
>

pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
> #-018 Searching for compatible ID(s):
>

pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
> #-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
> #I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
> C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver: "SigmaTel
> C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
> "_00011179".
> #I087 Driver node not trusted, rank changed from 0x00000001 to 0x00008001.
> #I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
> driver date: 07/17/2003.
> #-166 Device install function: DIF_SELECTBESTCOMPATDRV.
> #I063 Selected driver installs from section [_00011179] in
> "c:\drivers\stac97.inf".
> #I320 Class GUID of device remains:

{4D36E96C-E325-11CE-BFC1-08002BE10318}.
> #I060 Set selected driver.
> #I058 Selected best compatible driver.
> #-166 Device install function: DIF_INSTALLDEVICEFILES.
> #I124 Doing copy-only install of
> "PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
> #-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
> #E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
> driver "SigmaTel C-Major Audio" blocked (server install). Error

0xe000022f:
> Die INF-Datei des Drittanbieters enthält keine

Digitalsignaturinformationen.
> #E122 Device install failed. Error 0xe000022f: Die INF-Datei des
> Drittanbieters enthält keine Digitalsignaturinformationen.
> #E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
> Drittanbieters enthält keine Digitalsignaturinformationen.
>
> (Sorry for the german Log)
>
> As far as I have read, server install needs signed drivers. This test

didn't
> had the certificates installed.
>
> So pls, if anyone has some hints, pls let me know.
>
> cu and thx in advance...
> Bjoern
>
>



 
Reply With Quote
 
 
 
 
Bjoern Wolfgardt
Guest
Posts: n/a
 
      2nd Oct 2004
Hi,

I don't wonder what is going wrong. I ask if there is a way to do this. As
far as I understand Windows 2003 has a way to do this:
http://www.microsoft.com/whdc/driver...henticode.mspx

And btw, did I say that the driver I was testing has a WHQL certificate? The
driver I have modified didn't have WHQL certificate.

cu
Bjoern

"Gary G. Little" <(E-Mail Removed)> schrieb im Newsbeitrag
news:_lk7d.375$q%(E-Mail Removed)...
> You take a signed driver, replace the WHQL certificates with nothing more
> than a code-signing certificate, munge the hell out of the INF file, and
> you
> wonder what is wrong?
>
> --
> The personal opinion of
> Gary G. Little
>
> "Bjoern Wolfgardt" <(E-Mail Removed)> wrote in message
> news:eUmZSP%(E-Mail Removed)...
>> Hi NG,
>>
>> I hate drivers that bring extra tools with them, like ATI Video Cards or
>> some Sound Drivers. Now I want to modify the INF File to delete the

> Registry
>> Entry. I also want to restructure the driver file layout (put all files
>> execpt cat and inf to a subfolder).
>> I know that I break the CAT file and the signatur than (if there is any).

> So
>> I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe

> to
>> sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify

> tells
>> me that the CAT file ist signed.
>> I added my ROOT Certificate to a test machine (trusted CAs store) and my
>> CodeSigning Vertificate also (as trusted publisher).
>> If I now try to update the Driver it is still shown as not signed. I do

> this
>> on an installed machine at the desktop. I try to update the driver and
>> select the inf file.
>>
>> I also tried it on a RIPREP Image:
>> The Problem is that I have to modify the file structure and delete some

> reg
>> keys. I have to add the drivers to a RIPREP Image. I also disabled driver
>> signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
>> the setupapi.log that tells me that the driver is blocked:
>>
>> [2004/09/29 16:28:15 520.92 Driver Install]
>> #-019 Searching for hardware ID(s):
>>

> pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
> 121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
>> #-018 Searching for compatible ID(s):
>>

> pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
> i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
>> #-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
>> #I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
>> C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver:
>> "SigmaTel
>> C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
>> "_00011179".
>> #I087 Driver node not trusted, rank changed from 0x00000001 to
>> 0x00008001.
>> #I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
>> driver date: 07/17/2003.
>> #-166 Device install function: DIF_SELECTBESTCOMPATDRV.
>> #I063 Selected driver installs from section [_00011179] in
>> "c:\drivers\stac97.inf".
>> #I320 Class GUID of device remains:

> {4D36E96C-E325-11CE-BFC1-08002BE10318}.
>> #I060 Set selected driver.
>> #I058 Selected best compatible driver.
>> #-166 Device install function: DIF_INSTALLDEVICEFILES.
>> #I124 Doing copy-only install of
>> "PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
>> #-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
>> #E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
>> driver "SigmaTel C-Major Audio" blocked (server install). Error

> 0xe000022f:
>> Die INF-Datei des Drittanbieters enthält keine

> Digitalsignaturinformationen.
>> #E122 Device install failed. Error 0xe000022f: Die INF-Datei des
>> Drittanbieters enthält keine Digitalsignaturinformationen.
>> #E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
>> Drittanbieters enthält keine Digitalsignaturinformationen.
>>
>> (Sorry for the german Log)
>>
>> As far as I have read, server install needs signed drivers. This test

> didn't
>> had the certificates installed.
>>
>> So pls, if anyone has some hints, pls let me know.
>>
>> cu and thx in advance...
>> Bjoern
>>
>>

>
>



 
Reply With Quote
 
Gary G. Little
Guest
Posts: n/a
 
      4th Oct 2004
Authenticode signatures are only applicable to Server 2003, and are not
recognized by XP, SP1 or SP2.

--
The personal opinion of
Gary G. Little

"Bjoern Wolfgardt" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> I don't wonder what is going wrong. I ask if there is a way to do this. As
> far as I understand Windows 2003 has a way to do this:
> http://www.microsoft.com/whdc/driver...henticode.mspx
>
> And btw, did I say that the driver I was testing has a WHQL certificate?

The
> driver I have modified didn't have WHQL certificate.
>
> cu
> Bjoern
>
> "Gary G. Little" <(E-Mail Removed)> schrieb im Newsbeitrag
> news:_lk7d.375$q%(E-Mail Removed)...
> > You take a signed driver, replace the WHQL certificates with nothing

more
> > than a code-signing certificate, munge the hell out of the INF file, and
> > you
> > wonder what is wrong?
> >
> > --
> > The personal opinion of
> > Gary G. Little
> >
> > "Bjoern Wolfgardt" <(E-Mail Removed)> wrote in message
> > news:eUmZSP%(E-Mail Removed)...
> >> Hi NG,
> >>
> >> I hate drivers that bring extra tools with them, like ATI Video Cards

or
> >> some Sound Drivers. Now I want to modify the INF File to delete the

> > Registry
> >> Entry. I also want to restructure the driver file layout (put all files
> >> execpt cat and inf to a subfolder).
> >> I know that I break the CAT file and the signatur than (if there is

any).
> > So
> >> I used MAKECAT.exe to generate the new CAT File. I also used

SIGNTOOL.exe
> > to
> >> sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify

> > tells
> >> me that the CAT file ist signed.
> >> I added my ROOT Certificate to a test machine (trusted CAs store) and

my
> >> CodeSigning Vertificate also (as trusted publisher).
> >> If I now try to update the Driver it is still shown as not signed. I do

> > this
> >> on an installed machine at the desktop. I try to update the driver and
> >> select the inf file.
> >>
> >> I also tried it on a RIPREP Image:
> >> The Problem is that I have to modify the file structure and delete some

> > reg
> >> keys. I have to add the drivers to a RIPREP Image. I also disabled

driver
> >> signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message

in
> >> the setupapi.log that tells me that the driver is blocked:
> >>
> >> [2004/09/29 16:28:15 520.92 Driver Install]
> >> #-019 Searching for hardware ID(s):
> >>

> >

pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
> > 121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
> >> #-018 Searching for compatible ID(s):
> >>

> >

pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
> > i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
> >> #-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
> >> #I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
> >> C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver:
> >> "SigmaTel
> >> C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
> >> "_00011179".
> >> #I087 Driver node not trusted, rank changed from 0x00000001 to
> >> 0x00008001.
> >> #I023 Actual install section: [_00011179.NT]. Rank: 0x00008001.

Effective
> >> driver date: 07/17/2003.
> >> #-166 Device install function: DIF_SELECTBESTCOMPATDRV.
> >> #I063 Selected driver installs from section [_00011179] in
> >> "c:\drivers\stac97.inf".
> >> #I320 Class GUID of device remains:

> > {4D36E96C-E325-11CE-BFC1-08002BE10318}.
> >> #I060 Set selected driver.
> >> #I058 Selected best compatible driver.
> >> #-166 Device install function: DIF_INSTALLDEVICEFILES.
> >> #I124 Doing copy-only install of
> >> "PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
> >> #-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
> >> #E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf"

for
> >> driver "SigmaTel C-Major Audio" blocked (server install). Error

> > 0xe000022f:
> >> Die INF-Datei des Drittanbieters enthält keine

> > Digitalsignaturinformationen.
> >> #E122 Device install failed. Error 0xe000022f: Die INF-Datei des
> >> Drittanbieters enthält keine Digitalsignaturinformationen.
> >> #E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
> >> Drittanbieters enthält keine Digitalsignaturinformationen.
> >>
> >> (Sorry for the german Log)
> >>
> >> As far as I have read, server install needs signed drivers. This test

> > didn't
> >> had the certificates installed.
> >>
> >> So pls, if anyone has some hints, pls let me know.
> >>
> >> cu and thx in advance...
> >> Bjoern
> >>
> >>

> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
basicwk.inf vs. defltwk.inf vs. setup security.inf void.no.spam.com@gmail.com Microsoft Windows 2000 Security 0 26th Feb 2007 06:11 AM
Error: could not locate INF file 'C:\WINNT\INF\AU_gdi.inf'. Tim White Microsoft Windows 2000 Security 0 17th Sep 2004 06:15 PM
Error: cound not locate Inf File C:\winnt\inf\au_gdi.inf Microsoft Windows 2000 2 16th Sep 2004 08:40 PM
Error: cound not locate Inf File C:\winnt\inf\au_gdi.inf Jim Microsoft Windows 2000 Windows Updates 3 16th Sep 2004 06:45 PM
Error: cound not locate Inf File C:\winnt\inf\au_gdi.inf Microsoft Windows 2000 0 16th Sep 2004 04:00 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 09:53 PM.