Using Mini Spy Mini Filter Driver+VS 2015

Hi, i am trying to use Mini Spy sample project, I successfully built both the Driver and User application without any error
I am using Hyper-V remote desktop.
1.) Inside my X64\Debug folder i can’t see an INF file, is it okay, should i use the checked out version INF or should a new one be created while building project.
2.) Do i have to install the .CER file before installing driver? I guess I do!
3.) What are those .LOG, .MAP etc, do i need any file other than .sys .cer .exe .inf?
4.) Even after installing .CER, .sys-> Properties-> Digital Signature. It says “This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.”
5.) Trying again Driver installs without any error & I could see minispy.sys in system32-> Drivers, but then fltmc load minispy says “Windows cannot verify the digital signature for this file. A recent…”, what should i do?
6.) Running minispy.exe says VCRUNTIME140D.dll is missing, what default dll, dll set should i have before running this minispy.exe & how to acquire them?

Forget about signing. Just attach a kernel debugger (which shuts off all
signature enforcement) and you can deal with signing at a later date.

For specific answers:

  1. The one in the Debug folder is fine

  2. Forget about signing

  3. Google knows

  4. Forget about signing

  5. Forget about signing

  6. Google knows

-scott
OSR
@OSRDrivers

wrote in message news:xxxxx@ntfsd…

Hi, i am trying to use Mini Spy sample project, I successfully built both
the Driver and User application without any error
I am using Hyper-V remote desktop.
1.) Inside my X64\Debug folder i can’t see an INF file, is it okay, should i
use the checked out version INF or should a new one be created while
building project.
2.) Do i have to install the .CER file before installing driver? I guess I
do!
3.) What are those .LOG, .MAP etc, do i need any file other than .sys .cer
.exe .inf?
4.) Even after installing .CER, .sys-> Properties-> Digital Signature. It
says “This CA Root certificate is not trusted because it is not in the
Trusted Root Certification Authorities store.”
5.) Trying again Driver installs without any error & I could see minispy.sys
in system32-> Drivers, but then fltmc load minispy says “Windows cannot
verify the digital signature for this file. A recent…”, what should i
do?
6.) Running minispy.exe says VCRUNTIME140D.dll is missing, what default dll,
dll set should i have before running this minispy.exe & how to acquire them?

  1. Just use the INF in the project to install the driver
  2. You can configure your system to disable driver signing so you don’t
    have to sign it. It sounds like this is an investigation so I would
    disable driver signing.
  3. For testing and playing, you only need the sys, pdb and INF

There is a ton of information on driver signing, sounds like you aren’t
doing something correct.

Pete


Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295

------ Original Message ------
From: xxxxx@seclore.com
To: “Windows File Systems Devs Interest List”
Sent: 2/27/2017 2:07:06 AM
Subject: [ntfsd] Using Mini Spy Mini Filter Driver+VS 2015

>Hi, i am trying to use Mini Spy sample project, I successfully built
>both the Driver and User application without any error
>I am using Hyper-V remote desktop.
>1.) Inside my X64\Debug folder i can’t see an INF file, is it okay,
>should i use the checked out version INF or should a new one be created
>while building project.
>2.) Do i have to install the .CER file before installing driver? I
>guess I do!
>3.) What are those .LOG, .MAP etc, do i need any file other than .sys
>.cer .exe .inf?
>4.) Even after installing .CER, .sys-> Properties-> Digital
>Signature. It says “This CA Root certificate is not trusted because it
>is not in the Trusted Root Certification Authorities store.”
>5.) Trying again Driver installs without any error & I could see
>minispy.sys in system32-> Drivers, but then fltmc load minispy says
>“Windows cannot verify the digital signature for this file. A
>recent…”, what should i do?
>6.) Running minispy.exe says VCRUNTIME140D.dll is missing, what default
>dll, dll set should i have before running this minispy.exe & how to
>acquire them?
>
>—
>NTFSD is sponsored by OSR
>
>
>MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>software drivers!
>Details at http:
>
>To unsubscribe, visit the List Server section of OSR Online at
>http:</http:></http:>