Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Windows 7 driver signing problem

Niki_HopfiNiki_Hopfi Member Posts: 6
Hey guys, I've some problems with signing a driver for Windows 7.

I just have a simple mini-filter driver and tried to sign it with a certificate from Comodo.
The driver installs and runs without any problems on Windows 8 to Windows 10, only Windows 7 reports an error, when trying to install it.

I cross-signed the driver as shown below:

signtool.exe sign /v /p password /ac "C:\comodorsacertificationauthority_kmod.crt" /f "C:\cert.pfx"
/tr http://timestamp.comodoca.com/rfc3161 "C:\Users\name\desktop\drv.sys"
The following certificate was selected:
Issued to: xxx xxxxx
Issued by: COMODO RSA Code Signing CA
Expires: Mon Oct 31 01:59:59 2016
SHA1 hash: *hash here*

Cross certificate chain (using machine store):
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 15:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

Issued to: COMODO RSA Certification Authority
Issued by: Microsoft Code Verification Root
Expires: Mon Apr 12 00:16:20 2021
SHA1 hash: 106870659C069F248C8C0A05ACD871CABEB3CC38

Issued to: COMODO RSA Code Signing CA
Issued by: COMODO RSA Certification Authority
Expires: Tue May 09 01:59:59 2028
SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47

Issued to: xxx xxxxx
Issued by: COMODO RSA Code Signing CA
Expires: Mon Oct 31 01:59:59 2016
SHA1 hash: *hash here*

Done Adding Additional Store
Successfully signed and timestamped: C:\Users\name\desktop\drv.sys

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0

C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin>fltmc load drv

Error: 0x80070241

Could not translate error code. Code: 0x80070241, Reason:
7a

Obviously, I run the cmd prompt with admin rights.
In the windows event log (code integrity) I get the following errors: (translated from german)
The image of the file (drv.sys) could not be validated, because the record of image hashes could not be found on the system.

Any ideas on what I'm doing wrong? I already spent days on figuring out what I'm doing wrong, without success. :/

I would appreciate any kind of help. Thanks!

Comments

  • Are the appriorate COMODO root certificates installed on Win 7 ?

    Christiaan

    ----- Original Message -----
    From: <[email protected]>
    To: "Windows System Software Devs Interest List" <[email protected]>
    Sent: Sunday, August 21, 2016 6:02 PM
    Subject: [ntdev] Windows 7 driver signing problem


    > Hey guys, I've some problems with signing a driver for Windows 7.
    >
    > I just have a simple mini-filter driver and tried to sign it with a certificate from Comodo.
    > The driver installs and runs without any problems on Windows 8 to Windows 10, only Windows 7 reports an error, when trying to
    > install it.
    >
    > I cross-signed the driver as shown below:
    >
    > signtool.exe sign /v /p password /ac "C:\comodorsacertificationauthority_kmod.crt" /f "C:\cert.pfx"
    > /tr http://timestamp.comodoca.com/rfc3161 "C:\Users\name\desktop\drv.sys"
    > The following certificate was selected:
    > Issued to: xxx xxxxx
    > Issued by: COMODO RSA Code Signing CA
    > Expires: Mon Oct 31 01:59:59 2016
    > SHA1 hash: *hash here*
    >
    > Cross certificate chain (using machine store):
    > Issued to: Microsoft Code Verification Root
    > Issued by: Microsoft Code Verification Root
    > Expires: Sat Nov 01 15:54:03 2025
    > SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
    >
    > Issued to: COMODO RSA Certification Authority
    > Issued by: Microsoft Code Verification Root
    > Expires: Mon Apr 12 00:16:20 2021
    > SHA1 hash: 106870659C069F248C8C0A05ACD871CABEB3CC38
    >
    > Issued to: COMODO RSA Code Signing CA
    > Issued by: COMODO RSA Certification Authority
    > Expires: Tue May 09 01:59:59 2028
    > SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
    >
    > Issued to: xxx xxxxx
    > Issued by: COMODO RSA Code Signing CA
    > Expires: Mon Oct 31 01:59:59 2016
    > SHA1 hash: *hash here*
    >
    > Done Adding Additional Store
    > Successfully signed and timestamped: C:\Users\name\desktop\drv.sys
    >
    > Number of files successfully Signed: 1
    > Number of warnings: 0
    > Number of errors: 0
    >
    > C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin>fltmc load drv
    >
    > Error: 0x80070241
    >
    > Could not translate error code. Code: 0x80070241, Reason:
    > 7a
    >
    > Obviously, I run the cmd prompt with admin rights.
    > In the windows event log (code integrity) I get the following errors: (translated from german)
    > The image of the file (drv.sys) could not be validated, because the record of image hashes could not be found on the system.
    >
    > Any ideas on what I'm doing wrong? I already spent days on figuring out what I'm doing wrong, without success. :/
    >
    > I would appreciate any kind of help. Thanks!
    >
    > ---
    > NTDEV is sponsored by OSR
    >
    > Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev&gt;
    >
    > MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
    > Details at <http://www.osr.com/seminars&gt;
    >
    > To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer&gt;
  • Jan_BottorffJan_Bottorff Member - All Emails Posts: 471
    It might be your signing key is SHA2, and the copy of Win 7 you are using does not have the SHA2 support patch. Search previous messages on this list for the way to determine this and fix it. Win 7 as it comes off the install DVD didn’t work with SHA2 keys under certain condition, like I believe drivers that required checking the signature of the binary using an embedded signature.

    Jan


    On 8/21/16, 9:02 AM, "[email protected] on behalf of [email protected]" <[email protected] on behalf of [email protected]> wrote:

    Hey guys, I've some problems with signing a driver for Windows 7.

    I just have a simple mini-filter driver and tried to sign it with a certificate from Comodo.
    The driver installs and runs without any problems on Windows 8 to Windows 10, only Windows 7 reports an error, when trying to install it.

    I cross-signed the driver as shown below:

    signtool.exe sign /v /p password /ac "C:\comodorsacertificationauthority_kmod.crt" /f "C:\cert.pfx"
    /tr http://timestamp.comodoca.com/rfc3161 "C:\Users\name\desktop\drv.sys"
    The following certificate was selected:
    Issued to: xxx xxxxx
    Issued by: COMODO RSA Code Signing CA
    Expires: Mon Oct 31 01:59:59 2016
    SHA1 hash: *hash here*

    Cross certificate chain (using machine store):
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires: Sat Nov 01 15:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

    Issued to: COMODO RSA Certification Authority
    Issued by: Microsoft Code Verification Root
    Expires: Mon Apr 12 00:16:20 2021
    SHA1 hash: 106870659C069F248C8C0A05ACD871CABEB3CC38

    Issued to: COMODO RSA Code Signing CA
    Issued by: COMODO RSA Certification Authority
    Expires: Tue May 09 01:59:59 2028
    SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47

    Issued to: xxx xxxxx
    Issued by: COMODO RSA Code Signing CA
    Expires: Mon Oct 31 01:59:59 2016
    SHA1 hash: *hash here*

    Done Adding Additional Store
    Successfully signed and timestamped: C:\Users\name\desktop\drv.sys

    Number of files successfully Signed: 1
    Number of warnings: 0
    Number of errors: 0

    C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin>fltmc load drv

    Error: 0x80070241

    Could not translate error code. Code: 0x80070241, Reason:
    7a

    Obviously, I run the cmd prompt with admin rights.
    In the windows event log (code integrity) I get the following errors: (translated from german)
    The image of the file (drv.sys) could not be validated, because the record of image hashes could not be found on the system.

    Any ideas on what I'm doing wrong? I already spent days on figuring out what I'm doing wrong, without success. :/

    I would appreciate any kind of help. Thanks!

    ---
    NTDEV is sponsored by OSR

    Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev&gt;

    MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
    Details at <http://www.osr.com/seminars&gt;

    To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer&gt;
  • Niki_HopfiNiki_Hopfi Member Posts: 6
    Thanks for your quick replies!

    You were right, the patch for sha2 support was missing, even though SP1 was installed.

    I manually installed it and now it works.

    Thank you guys!

    BR, Nick

    > Am 22.08.2016 um 00:07 schrieb Jan Bottorff <[email protected]>:
    >
    > It might be your signing key is SHA2, and the copy of Win 7 you are using does not have the SHA2 support patch. Search previous messages on this list for the way to determine this and fix it. Win 7 as it comes off the install DVD didn’t work with SHA2 keys under certain condition, like I believe drivers that required checking the signature of the binary using an embedded signature.
    >
    > Jan
    >
    >
    > On 8/21/16, 9:02 AM, "[email protected] on behalf of [email protected]" <[email protected] on behalf of [email protected]> wrote:
    >
    > Hey guys, I've some problems with signing a driver for Windows 7.
    >
    > I just have a simple mini-filter driver and tried to sign it with a certificate from Comodo.
    > The driver installs and runs without any problems on Windows 8 to Windows 10, only Windows 7 reports an error, when trying to install it.
    >
    > I cross-signed the driver as shown below:
    >
    > signtool.exe sign /v /p password /ac "C:\comodorsacertificationauthority_kmod.crt" /f "C:\cert.pfx"
    > /tr http://timestamp.comodoca.com/rfc3161 "C:\Users\name\desktop\drv.sys"
    > The following certificate was selected:
    > Issued to: xxx xxxxx
    > Issued by: COMODO RSA Code Signing CA
    > Expires: Mon Oct 31 01:59:59 2016
    > SHA1 hash: *hash here*
    >
    > Cross certificate chain (using machine store):
    > Issued to: Microsoft Code Verification Root
    > Issued by: Microsoft Code Verification Root
    > Expires: Sat Nov 01 15:54:03 2025
    > SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
    >
    > Issued to: COMODO RSA Certification Authority
    > Issued by: Microsoft Code Verification Root
    > Expires: Mon Apr 12 00:16:20 2021
    > SHA1 hash: 106870659C069F248C8C0A05ACD871CABEB3CC38
    >
    > Issued to: COMODO RSA Code Signing CA
    > Issued by: COMODO RSA Certification Authority
    > Expires: Tue May 09 01:59:59 2028
    > SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
    >
    > Issued to: xxx xxxxx
    > Issued by: COMODO RSA Code Signing CA
    > Expires: Mon Oct 31 01:59:59 2016
    > SHA1 hash: *hash here*
    >
    > Done Adding Additional Store
    > Successfully signed and timestamped: C:\Users\name\desktop\drv.sys
    >
    > Number of files successfully Signed: 1
    > Number of warnings: 0
    > Number of errors: 0
    >
    > C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin>fltmc load drv
    >
    > Error: 0x80070241
    >
    > Could not translate error code. Code: 0x80070241, Reason:
    > 7a
    >
    > Obviously, I run the cmd prompt with admin rights.
    > In the windows event log (code integrity) I get the following errors: (translated from german)
    > The image of the file (drv.sys) could not be validated, because the record of image hashes could not be found on the system.
    >
    > Any ideas on what I'm doing wrong? I already spent days on figuring out what I'm doing wrong, without success. :/
    >
    > I would appreciate any kind of help. Thanks!
    >
    > ---
    > NTDEV is sponsored by OSR
    >
    > Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev&gt;
    >
    > MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
    > Details at <http://www.osr.com/seminars&gt;
    >
    > To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer&gt;
    >
    >
    >
    > ---
    > NTDEV is sponsored by OSR
    >
    > Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev&gt;
    >
    > MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
    > Details at <http://www.osr.com/seminars&gt;
    >
    > To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer&gt;
  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,403
    Christiaan Ghijselinck wrote:
    > Are the appriorate COMODO root certificates installed on Win 7 ?

    They don't have to be. That's the point of the cross-certificate. As
    long as the "Microsoft Code Verification Root" is in the chain, that's
    all that is necessary.

    --
    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA