Modify Driver INF

[Bjoern Wolfgardt]

Hi NG,

I hate drivers that bring extra tools with them, like ATI Video Cards or
some Sound Drivers. Now I want to modify the INF File to delete the Registry
Entry. I also want to restructure the driver file layout (put all files
execpt cat and inf to a subfolder).
I know that I break the CAT file and the signatur than (if there is any). So
I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe to
sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify tells
me that the CAT file ist signed.
I added my ROOT Certificate to a test machine (trusted CAs store) and my
CodeSigning Vertificate also (as trusted publisher).
If I now try to update the Driver it is still shown as not signed. I do this
on an installed machine at the desktop. I try to update the driver and
select the inf file.

I also tried it on a RIPREP Image:
The Problem is that I have to modify the file structure and delete some reg
keys. I have to add the drivers to a RIPREP Image. I also disabled driver
signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
the setupapi.log that tells me that the driver is blocked:

[2004/09/29 16:28:15 520.92 Driver Install]
#-019 Searching for hardware ID(s):
pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
#-018 Searching for compatible ID(s):
pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pci\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
#-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
#I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver: "SigmaTel
C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
"_00011179".
#I087 Driver node not trusted, rank changed from 0x00000001 to 0x00008001.
#I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
driver date: 07/17/2003.
#-166 Device install function: DIF_SELECTBESTCOMPATDRV.
#I063 Selected driver installs from section [_00011179] in
"c:\drivers\stac97.inf".
#I320 Class GUID of device remains: {4D36E96C-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
#I058 Selected best compatible driver.
#-166 Device install function: DIF_INSTALLDEVICEFILES.
#I124 Doing copy-only install of
"PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
#-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
#E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
driver "SigmaTel C-Major Audio" blocked (server install). Error 0xe000022f:
Die INF-Datei des Drittanbieters enthält keine Digitalsignaturinformationen.
#E122 Device install failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.
#E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.

(Sorry for the german Log)

As far as I have read, server install needs signed drivers. This test didn't
had the certificates installed.

So pls, if anyone has some hints, pls let me know.

cu and thx in advance...
Bjoern

 

[Gary G. Little]

You take a signed driver, replace the WHQL certificates with nothing more
than a code-signing certificate, munge the hell out of the INF file, and you
wonder what is wrong?

--
The personal opinion of
Gary G. Little

Hi NG,

I hate drivers that bring extra tools with them, like ATI Video Cards or
some Sound Drivers. Now I want to modify the INF File to delete the Registry
Entry. I also want to restructure the driver file layout (put all files
execpt cat and inf to a subfolder).
I know that I break the CAT file and the signatur than (if there is any). So
I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe to
sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify tells
me that the CAT file ist signed.
I added my ROOT Certificate to a test machine (trusted CAs store) and my
CodeSigning Vertificate also (as trusted publisher).
If I now try to update the Driver it is still shown as not signed. I do this
on an installed machine at the desktop. I try to update the driver and
select the inf file.

I also tried it on a RIPREP Image:
The Problem is that I have to modify the file structure and delete some reg
keys. I have to add the drivers to a RIPREP Image. I also disabled driver
signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
the setupapi.log that tells me that the driver is blocked:

[2004/09/29 16:28:15 520.92 Driver Install]
#-019 Searching for hardware ID(s):
pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
#-018 Searching for compatible ID(s):
pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
#-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
#I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver: "SigmaTel
C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
"_00011179".
#I087 Driver node not trusted, rank changed from 0x00000001 to 0x00008001.
#I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
driver date: 07/17/2003.
#-166 Device install function: DIF_SELECTBESTCOMPATDRV.
#I063 Selected driver installs from section [_00011179] in
"c:\drivers\stac97.inf".
#I320 Class GUID of device remains: {4D36E96C-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
#I058 Selected best compatible driver.
#-166 Device install function: DIF_INSTALLDEVICEFILES.
#I124 Doing copy-only install of
"PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
#-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
#E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
driver "SigmaTel C-Major Audio" blocked (server install). Error 0xe000022f:
Die INF-Datei des Drittanbieters enthält keine Digitalsignaturinformationen.
#E122 Device install failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.
#E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.

(Sorry for the german Log)

As far as I have read, server install needs signed drivers. This test didn't
had the certificates installed.

So pls, if anyone has some hints, pls let me know.

cu and thx in advance...
Bjoern

 

[Bjoern Wolfgardt]

Hi,

I don't wonder what is going wrong. I ask if there is a way to do this. As
far as I understand Windows 2003 has a way to do this:
http://www.microsoft.com/whdc/driver/install/authenticode.mspx

And btw, did I say that the driver I was testing has a WHQL certificate? The
driver I have modified didn't have WHQL certificate.

cu
Bjoern

You take a signed driver, replace the WHQL certificates with nothing more
than a code-signing certificate, munge the hell out of the INF file, and
you
wonder what is wrong?

--
The personal opinion of
Gary G. Little

Hi NG,

I hate drivers that bring extra tools with them, like ATI Video Cards or
some Sound Drivers. Now I want to modify the INF File to delete the Registry
Entry. I also want to restructure the driver file layout (put all files
execpt cat and inf to a subfolder).
I know that I break the CAT file and the signatur than (if there is any). So
I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe to
sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify tells
me that the CAT file ist signed.
I added my ROOT Certificate to a test machine (trusted CAs store) and my
CodeSigning Vertificate also (as trusted publisher).
If I now try to update the Driver it is still shown as not signed. I do this
on an installed machine at the desktop. I try to update the driver and
select the inf file.

I also tried it on a RIPREP Image:
The Problem is that I have to modify the file structure and delete some reg
keys. I have to add the drivers to a RIPREP Image. I also disabled driver
signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
the setupapi.log that tells me that the driver is blocked:

[2004/09/29 16:28:15 520.92 Driver Install]
#-019 Searching for hardware ID(s):
pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
#-018 Searching for compatible ID(s):
pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
#-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
#I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver:
"SigmaTel
C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
"_00011179".
#I087 Driver node not trusted, rank changed from 0x00000001 to
0x00008001.
#I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
driver date: 07/17/2003.
#-166 Device install function: DIF_SELECTBESTCOMPATDRV.
#I063 Selected driver installs from section [_00011179] in
"c:\drivers\stac97.inf".
#I320 Class GUID of device remains: {4D36E96C-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
#I058 Selected best compatible driver.
#-166 Device install function: DIF_INSTALLDEVICEFILES.
#I124 Doing copy-only install of
"PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
#-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
#E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
driver "SigmaTel C-Major Audio" blocked (server install). Error 0xe000022f:
Die INF-Datei des Drittanbieters enthält keine Digitalsignaturinformationen.
#E122 Device install failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.
#E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.

(Sorry for the german Log)

As far as I have read, server install needs signed drivers. This test didn't
had the certificates installed.

So pls, if anyone has some hints, pls let me know.

cu and thx in advance...
Bjoern

 

[Gary G. Little]

Authenticode signatures are only applicable to Server 2003, and are not
recognized by XP, SP1 or SP2.

--
The personal opinion of
Gary G. Little

Hi,

I don't wonder what is going wrong. I ask if there is a way to do this. As
far as I understand Windows 2003 has a way to do this:
http://www.microsoft.com/whdc/driver/install/authenticode.mspx

And btw, did I say that the driver I was testing has a WHQL certificate? The
driver I have modified didn't have WHQL certificate.

cu
Bjoern

You take a signed driver, replace the WHQL certificates with nothing more
than a code-signing certificate, munge the hell out of the INF file, and
you
wonder what is wrong?

--
The personal opinion of
Gary G. Little

Hi NG,

I hate drivers that bring extra tools with them, like ATI Video Cards or
some Sound Drivers. Now I want to modify the INF File to delete the Registry
Entry. I also want to restructure the driver file layout (put all files
execpt cat and inf to a subfolder).
I know that I break the CAT file and the signatur than (if there is

any).
So

I used MAKECAT.exe to generate the new CAT File. I also used

SIGNTOOL.exe
to

sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify tells
me that the CAT file ist signed.
I added my ROOT Certificate to a test machine (trusted CAs store) and my
CodeSigning Vertificate also (as trusted publisher).
If I now try to update the Driver it is still shown as not signed. I do this
on an installed machine at the desktop. I try to update the driver and
select the inf file.

I also tried it on a RIPREP Image:
The Problem is that I have to modify the file structure and delete some reg
keys. I have to add the drivers to a RIPREP Image. I also disabled driver
signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
the setupapi.log that tells me that the driver is blocked:

[2004/09/29 16:28:15 520.92 Driver Install]
#-019 Searching for hardware ID(s):

pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401

#-018 Searching for compatible ID(s):

pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401

#-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
#I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver:
"SigmaTel
C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
"_00011179".
#I087 Driver node not trusted, rank changed from 0x00000001 to
0x00008001.
#I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
driver date: 07/17/2003.
#-166 Device install function: DIF_SELECTBESTCOMPATDRV.
#I063 Selected driver installs from section [_00011179] in
"c:\drivers\stac97.inf".
#I320 Class GUID of device remains: {4D36E96C-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
#I058 Selected best compatible driver.
#-166 Device install function: DIF_INSTALLDEVICEFILES.
#I124 Doing copy-only install of
"PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
#-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
#E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
driver "SigmaTel C-Major Audio" blocked (server install). Error 0xe000022f:
Die INF-Datei des Drittanbieters enthält keine Digitalsignaturinformationen.
#E122 Device install failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.
#E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.

(Sorry for the german Log)

As far as I have read, server install needs signed drivers. This test didn't
had the certificates installed.

So pls, if anyone has some hints, pls let me know.

cu and thx in advance...
Bjoern