Modify Driver INF

Discussion in 'Windows XP Setup' started by Bjoern Wolfgardt, Oct 1, 2004.

  1. Hi NG,

    I hate drivers that bring extra tools with them, like ATI Video Cards or
    some Sound Drivers. Now I want to modify the INF File to delete the Registry
    Entry. I also want to restructure the driver file layout (put all files
    execpt cat and inf to a subfolder).
    I know that I break the CAT file and the signatur than (if there is any). So
    I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe to
    sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify tells
    me that the CAT file ist signed.
    I added my ROOT Certificate to a test machine (trusted CAs store) and my
    CodeSigning Vertificate also (as trusted publisher).
    If I now try to update the Driver it is still shown as not signed. I do this
    on an installed machine at the desktop. I try to update the driver and
    select the inf file.

    I also tried it on a RIPREP Image:
    The Problem is that I have to modify the file structure and delete some reg
    keys. I have to add the drivers to a RIPREP Image. I also disabled driver
    signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
    the setupapi.log that tells me that the driver is blocked:

    [2004/09/29 16:28:15 520.92 Driver Install]
    #-019 Searching for hardware ID(s):
    pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
    #-018 Searching for compatible ID(s):
    pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pci\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
    #-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
    #I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
    C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver: "SigmaTel
    C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
    "_00011179".
    #I087 Driver node not trusted, rank changed from 0x00000001 to 0x00008001.
    #I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
    driver date: 07/17/2003.
    #-166 Device install function: DIF_SELECTBESTCOMPATDRV.
    #I063 Selected driver installs from section [_00011179] in
    "c:\drivers\stac97.inf".
    #I320 Class GUID of device remains: {4D36E96C-E325-11CE-BFC1-08002BE10318}.
    #I060 Set selected driver.
    #I058 Selected best compatible driver.
    #-166 Device install function: DIF_INSTALLDEVICEFILES.
    #I124 Doing copy-only install of
    "PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
    #-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
    #E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
    driver "SigmaTel C-Major Audio" blocked (server install). Error 0xe000022f:
    Die INF-Datei des Drittanbieters enthält keine Digitalsignaturinformationen.
    #E122 Device install failed. Error 0xe000022f: Die INF-Datei des
    Drittanbieters enthält keine Digitalsignaturinformationen.
    #E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
    Drittanbieters enthält keine Digitalsignaturinformationen.

    (Sorry for the german Log)

    As far as I have read, server install needs signed drivers. This test didn't
    had the certificates installed.

    So pls, if anyone has some hints, pls let me know.

    cu and thx in advance...
    Bjoern
     
    Bjoern Wolfgardt, Oct 1, 2004
    #1
    1. Advertisements

  2. You take a signed driver, replace the WHQL certificates with nothing more
    than a code-signing certificate, munge the hell out of the INF file, and you
    wonder what is wrong?

    --
    The personal opinion of
    Gary G. Little

    "Bjoern Wolfgardt" <> wrote in message
    news:eUmZSP%...
    > Hi NG,
    >
    > I hate drivers that bring extra tools with them, like ATI Video Cards or
    > some Sound Drivers. Now I want to modify the INF File to delete the

    Registry
    > Entry. I also want to restructure the driver file layout (put all files
    > execpt cat and inf to a subfolder).
    > I know that I break the CAT file and the signatur than (if there is any).

    So
    > I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe

    to
    > sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify

    tells
    > me that the CAT file ist signed.
    > I added my ROOT Certificate to a test machine (trusted CAs store) and my
    > CodeSigning Vertificate also (as trusted publisher).
    > If I now try to update the Driver it is still shown as not signed. I do

    this
    > on an installed machine at the desktop. I try to update the driver and
    > select the inf file.
    >
    > I also tried it on a RIPREP Image:
    > The Problem is that I have to modify the file structure and delete some

    reg
    > keys. I have to add the drivers to a RIPREP Image. I also disabled driver
    > signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
    > the setupapi.log that tells me that the driver is blocked:
    >
    > [2004/09/29 16:28:15 520.92 Driver Install]
    > #-019 Searching for hardware ID(s):
    >

    pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
    121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
    > #-018 Searching for compatible ID(s):
    >

    pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
    i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
    > #-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
    > #I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
    > C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver: "SigmaTel
    > C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
    > "_00011179".
    > #I087 Driver node not trusted, rank changed from 0x00000001 to 0x00008001.
    > #I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
    > driver date: 07/17/2003.
    > #-166 Device install function: DIF_SELECTBESTCOMPATDRV.
    > #I063 Selected driver installs from section [_00011179] in
    > "c:\drivers\stac97.inf".
    > #I320 Class GUID of device remains:

    {4D36E96C-E325-11CE-BFC1-08002BE10318}.
    > #I060 Set selected driver.
    > #I058 Selected best compatible driver.
    > #-166 Device install function: DIF_INSTALLDEVICEFILES.
    > #I124 Doing copy-only install of
    > "PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
    > #-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
    > #E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
    > driver "SigmaTel C-Major Audio" blocked (server install). Error

    0xe000022f:
    > Die INF-Datei des Drittanbieters enthält keine

    Digitalsignaturinformationen.
    > #E122 Device install failed. Error 0xe000022f: Die INF-Datei des
    > Drittanbieters enthält keine Digitalsignaturinformationen.
    > #E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
    > Drittanbieters enthält keine Digitalsignaturinformationen.
    >
    > (Sorry for the german Log)
    >
    > As far as I have read, server install needs signed drivers. This test

    didn't
    > had the certificates installed.
    >
    > So pls, if anyone has some hints, pls let me know.
    >
    > cu and thx in advance...
    > Bjoern
    >
    >
     
    Gary G. Little, Oct 1, 2004
    #2
    1. Advertisements

  3. Hi,

    I don't wonder what is going wrong. I ask if there is a way to do this. As
    far as I understand Windows 2003 has a way to do this:
    http://www.microsoft.com/whdc/driver/install/authenticode.mspx

    And btw, did I say that the driver I was testing has a WHQL certificate? The
    driver I have modified didn't have WHQL certificate.

    cu
    Bjoern

    "Gary G. Little" <> schrieb im Newsbeitrag
    news:_lk7d.375$q%...
    > You take a signed driver, replace the WHQL certificates with nothing more
    > than a code-signing certificate, munge the hell out of the INF file, and
    > you
    > wonder what is wrong?
    >
    > --
    > The personal opinion of
    > Gary G. Little
    >
    > "Bjoern Wolfgardt" <> wrote in message
    > news:eUmZSP%...
    >> Hi NG,
    >>
    >> I hate drivers that bring extra tools with them, like ATI Video Cards or
    >> some Sound Drivers. Now I want to modify the INF File to delete the

    > Registry
    >> Entry. I also want to restructure the driver file layout (put all files
    >> execpt cat and inf to a subfolder).
    >> I know that I break the CAT file and the signatur than (if there is any).

    > So
    >> I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe

    > to
    >> sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify

    > tells
    >> me that the CAT file ist signed.
    >> I added my ROOT Certificate to a test machine (trusted CAs store) and my
    >> CodeSigning Vertificate also (as trusted publisher).
    >> If I now try to update the Driver it is still shown as not signed. I do

    > this
    >> on an installed machine at the desktop. I try to update the driver and
    >> select the inf file.
    >>
    >> I also tried it on a RIPREP Image:
    >> The Problem is that I have to modify the file structure and delete some

    > reg
    >> keys. I have to add the drivers to a RIPREP Image. I also disabled driver
    >> signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
    >> the setupapi.log that tells me that the driver is blocked:
    >>
    >> [2004/09/29 16:28:15 520.92 Driver Install]
    >> #-019 Searching for hardware ID(s):
    >>

    > pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
    > 121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
    >> #-018 Searching for compatible ID(s):
    >>

    > pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
    > i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
    >> #-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
    >> #I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
    >> C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver:
    >> "SigmaTel
    >> C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
    >> "_00011179".
    >> #I087 Driver node not trusted, rank changed from 0x00000001 to
    >> 0x00008001.
    >> #I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
    >> driver date: 07/17/2003.
    >> #-166 Device install function: DIF_SELECTBESTCOMPATDRV.
    >> #I063 Selected driver installs from section [_00011179] in
    >> "c:\drivers\stac97.inf".
    >> #I320 Class GUID of device remains:

    > {4D36E96C-E325-11CE-BFC1-08002BE10318}.
    >> #I060 Set selected driver.
    >> #I058 Selected best compatible driver.
    >> #-166 Device install function: DIF_INSTALLDEVICEFILES.
    >> #I124 Doing copy-only install of
    >> "PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
    >> #-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
    >> #E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
    >> driver "SigmaTel C-Major Audio" blocked (server install). Error

    > 0xe000022f:
    >> Die INF-Datei des Drittanbieters enthält keine

    > Digitalsignaturinformationen.
    >> #E122 Device install failed. Error 0xe000022f: Die INF-Datei des
    >> Drittanbieters enthält keine Digitalsignaturinformationen.
    >> #E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
    >> Drittanbieters enthält keine Digitalsignaturinformationen.
    >>
    >> (Sorry for the german Log)
    >>
    >> As far as I have read, server install needs signed drivers. This test

    > didn't
    >> had the certificates installed.
    >>
    >> So pls, if anyone has some hints, pls let me know.
    >>
    >> cu and thx in advance...
    >> Bjoern
    >>
    >>

    >
    >
     
    Bjoern Wolfgardt, Oct 2, 2004
    #3
  4. Authenticode signatures are only applicable to Server 2003, and are not
    recognized by XP, SP1 or SP2.

    --
    The personal opinion of
    Gary G. Little

    "Bjoern Wolfgardt" <> wrote in message
    news:...
    > Hi,
    >
    > I don't wonder what is going wrong. I ask if there is a way to do this. As
    > far as I understand Windows 2003 has a way to do this:
    > http://www.microsoft.com/whdc/driver/install/authenticode.mspx
    >
    > And btw, did I say that the driver I was testing has a WHQL certificate?

    The
    > driver I have modified didn't have WHQL certificate.
    >
    > cu
    > Bjoern
    >
    > "Gary G. Little" <> schrieb im Newsbeitrag
    > news:_lk7d.375$q%...
    > > You take a signed driver, replace the WHQL certificates with nothing

    more
    > > than a code-signing certificate, munge the hell out of the INF file, and
    > > you
    > > wonder what is wrong?
    > >
    > > --
    > > The personal opinion of
    > > Gary G. Little
    > >
    > > "Bjoern Wolfgardt" <> wrote in message
    > > news:eUmZSP%...
    > >> Hi NG,
    > >>
    > >> I hate drivers that bring extra tools with them, like ATI Video Cards

    or
    > >> some Sound Drivers. Now I want to modify the INF File to delete the

    > > Registry
    > >> Entry. I also want to restructure the driver file layout (put all files
    > >> execpt cat and inf to a subfolder).
    > >> I know that I break the CAT file and the signatur than (if there is

    any).
    > > So
    > >> I used MAKECAT.exe to generate the new CAT File. I also used

    SIGNTOOL.exe
    > > to
    > >> sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify

    > > tells
    > >> me that the CAT file ist signed.
    > >> I added my ROOT Certificate to a test machine (trusted CAs store) and

    my
    > >> CodeSigning Vertificate also (as trusted publisher).
    > >> If I now try to update the Driver it is still shown as not signed. I do

    > > this
    > >> on an installed machine at the desktop. I try to update the driver and
    > >> select the inf file.
    > >>
    > >> I also tried it on a RIPREP Image:
    > >> The Problem is that I have to modify the file structure and delete some

    > > reg
    > >> keys. I have to add the drivers to a RIPREP Image. I also disabled

    driver
    > >> signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message

    in
    > >> the setupapi.log that tells me that the driver is blocked:
    > >>
    > >> [2004/09/29 16:28:15 520.92 Driver Install]
    > >> #-019 Searching for hardware ID(s):
    > >>

    > >

    pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
    > > 121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
    > >> #-018 Searching for compatible ID(s):
    > >>

    > >

    pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
    > > i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
    > >> #-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
    > >> #I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
    > >> C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver:
    > >> "SigmaTel
    > >> C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
    > >> "_00011179".
    > >> #I087 Driver node not trusted, rank changed from 0x00000001 to
    > >> 0x00008001.
    > >> #I023 Actual install section: [_00011179.NT]. Rank: 0x00008001.

    Effective
    > >> driver date: 07/17/2003.
    > >> #-166 Device install function: DIF_SELECTBESTCOMPATDRV.
    > >> #I063 Selected driver installs from section [_00011179] in
    > >> "c:\drivers\stac97.inf".
    > >> #I320 Class GUID of device remains:

    > > {4D36E96C-E325-11CE-BFC1-08002BE10318}.
    > >> #I060 Set selected driver.
    > >> #I058 Selected best compatible driver.
    > >> #-166 Device install function: DIF_INSTALLDEVICEFILES.
    > >> #I124 Doing copy-only install of
    > >> "PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
    > >> #-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
    > >> #E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf"

    for
    > >> driver "SigmaTel C-Major Audio" blocked (server install). Error

    > > 0xe000022f:
    > >> Die INF-Datei des Drittanbieters enthält keine

    > > Digitalsignaturinformationen.
    > >> #E122 Device install failed. Error 0xe000022f: Die INF-Datei des
    > >> Drittanbieters enthält keine Digitalsignaturinformationen.
    > >> #E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
    > >> Drittanbieters enthält keine Digitalsignaturinformationen.
    > >>
    > >> (Sorry for the german Log)
    > >>
    > >> As far as I have read, server install needs signed drivers. This test

    > > didn't
    > >> had the certificates installed.
    > >>
    > >> So pls, if anyone has some hints, pls let me know.
    > >>
    > >> cu and thx in advance...
    > >> Bjoern
    > >>
    > >>

    > >
    > >

    >
    >
     
    Gary G. Little, Oct 4, 2004
    #4
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kristen

    missing biosinfo.inf - Setup haults

    Kristen, Jul 9, 2003, in forum: Windows XP Setup
    Replies:
    2
    Views:
    2,489
    kristen
    Jul 9, 2003
  2. Stephan

    Can only use Sysprep.inf file once!!!!

    Stephan, Jul 11, 2003, in forum: Windows XP Setup
    Replies:
    0
    Views:
    702
    Stephan
    Jul 11, 2003
  3. Mark

    pnpscsi.inf

    Mark, Jul 22, 2003, in forum: Windows XP Setup
    Replies:
    0
    Views:
    405
  4. mkclass
    Replies:
    0
    Views:
    652
    mkclass
    Aug 5, 2003
  5. Brian
    Replies:
    0
    Views:
    192
    Brian
    Sep 30, 2003
Loading...

Share This Page