I am working with a client who has a 64-bit non-pnp KMDF driver that
currently does not use an INF file to install. Wandering through the posts
here, and the OSR blog’s I think I need to create and INF and a driver
package to get Attestation Signing, but I am not sure. Can the CAB file
submitted to Microsoft only contain the driver binary?
Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com
Pretty sure the cab needs to reference the inf as well
Bent from my phone
From: xxxxx@lists.osr.com on behalf of Don Burn
Sent: Sunday, August 13, 2017 8:15:30 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Windows 10 driver signing
I am working with a client who has a 64-bit non-pnp KMDF driver that
currently does not use an INF file to install. Wandering through the posts
here, and the OSR blog’s I think I need to create and INF and a driver
package to get Attestation Signing, but I am not sure. Can the CAB file
submitted to Microsoft only contain the driver binary?
Don Burn
Windows Driver Consulting
Website: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.windrvr.com&data=02|01|Doron.Holan%40microsoft.com|2f897b7009804b055c2808d4e25e3b76|72f988bf86f141af91ab2d7cd011db47|1|0|636382341733600777&sdata=Aq9FG54TxzYi2TW9eoDTI3cXETS5AWtLlBR0xH9sQpo%3D&reserved=0
—
NTDEV is sponsored by OSR
Visit the list online at: https:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at https:
To unsubscribe, visit the List Server section of OSR Online at https:</https:></https:></https:>
On Aug 13, 2017, at 8:15 AM, Don Burn wrote:
>
> I am working with a client who has a 64-bit non-pnp KMDF driver that
> currently does not use an INF file to install. Wandering through the posts
> here, and the OSR blog’s I think I need to create and INF and a driver
> package to get Attestation Signing, but I am not sure. Can the CAB file
> submitted to Microsoft only contain the driver binary?
No, you need a dummy INF that names the binary as the service for a fake device. You can throw it away when you get it back.
I just built one last week and it worked; I’ll look it up when I get to the office tomorrow.
—
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Tim Roberts wrote:
On Aug 13, 2017, at 8:15 AM, Don Burn wrote:
>> I am working with a client who has a 64-bit non-pnp KMDF driver that
>> currently does not use an INF file to install. Wandering through the posts
>> here, and the OSR blog’s I think I need to create and INF and a driver
>> package to get Attestation Signing, but I am not sure. Can the CAB file
>> submitted to Microsoft only contain the driver binary?
> No, you need a dummy INF that names the binary as the service for a fake device. You can throw it away when you get it back.
>
> I just built one last week and it worked; I’ll look it up when I get to the office tomorrow.
The following worked for me, with appropriate substitutions. I copied
the driver binaries into “Package”, with both 32-bit and 64-bit in a
structure like:
Package\fake.inf
Package\32\DRIVERNAME.sys
Package\64\DRIVERNAME.sys
Then I ran:
inf2cat /driver:Package /os:10_X86,10_X64
cabarc -r -p n fake.cab Package*
signtool sign /v /a /n Providenza /t
http://timestamp.verisign.com/scripts/timestamp.dll fake.cab
Then I literally submitted fake.cab through the attestation site, and it
came back with the SYS file signed.
[Version]
Signature = “$Windows NT$”
Class = USB
ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}
Provider = %Mfg%
DriverVer = 02/29/2016,1.1.0.5
CatalogFile = fake.cat
[SourceDisksNames]
3426=Our Disk
[SourceDisksFiles]
[SourceDisksFiles.x86]
DRIVERNAME.sys=3426,\32
[SourceDisksFiles.amd64]
DRIVERNAME.sys=3426,\64
[DestinationDirs]
DRIVERNAME.sys=12
[Manufacturer]
%Mfg%=VENDORNAME,NTamd64
[VENDORNAME]
%DeviceDesc% = xxxx, ROOT\FAKE_0001
[VENDORNAME.NTamd64]
%DeviceDesc% = xxxx, ROOT\FAKE_0001
[xxxx.NT]
CopyFiles= xxxx.copy
[xxxx.NTamd64]
CopyFiles= xxxx.copy
[xxxx.copy]
DRIVERNAME.sys
[Strings]
Mfg=VENDORNAME
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
In an OSR blog post about Windows 10 signing there was mention of IZArc. I
am looking into it and its command line capabilities and wanted to know
since the tool offers multiple types of compression (MS-ZIP, Quantum, and
LZX) what compression is Microsoft going to be happy with for signing?
Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
xxxxx@lists.osr.com
Sent: Sunday, August 13, 2017 11:16 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Windows 10 driver signing
I am working with a client who has a 64-bit non-pnp KMDF driver that
currently does not use an INF file to install. Wandering through the posts
here, and the OSR blog’s I think I need to create and INF and a driver
package to get Attestation Signing, but I am not sure. Can the CAB file
submitted to Microsoft only contain the driver binary?
Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com
—
NTDEV is sponsored by OSR
Visit the list online at:
http:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:></http:>
Peter,
Did you use the GUI or the command line? I am trying to create a
script for my client.
Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
xxxxx@lists.osr.com
Sent: Tuesday, August 15, 2017 4:34 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Windows 10 driver signing
I just had IZArc create a file with a type “.CAB”… it did the rest.
Peter
OSR
@OSRDrivers
—
NTDEV is sponsored by OSR
Visit the list online at:
http:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:></http:>
I’m GUI all the way, brother.
But… on the command line, shouldn’t it just work the same way?
izarcc -a “D:\fred.cab” " C:\MyStuff*.*"
Understand, that’s purely a guess…
Peter
OSR
@OSRDrivers
Don Burn wrote:
In an OSR blog post about Windows 10 signing there was mention of IZArc. I
am looking into it and its command line capabilities and wanted to know
since the tool offers multiple types of compression (MS-ZIP, Quantum, and
LZX) what compression is Microsoft going to be happy with for signing?
You can still find “cabarc.exe” in the deep weeds of the Internet.
https://stackoverflow.com/questions/3361928/where-can-i-get-the-cabarc-utility
Or, if you have kept all the tools you’ve ever installed (like I have),
it’s in the Windows Server 2003 SDK (version 3790).
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Tim,
I appreciate that, but I am hoping to give my client something they can rely on even if they find they need to download in the future.
Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts xxxxx@lists.osr.com
Sent: Tuesday, August 15, 2017 5:57 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Windows 10 driver signing
Don Burn wrote:
> In an OSR blog post about Windows 10 signing there was mention of IZArc. I
> am looking into it and its command line capabilities and wanted to
> know since the tool offers multiple types of compression (MS-ZIP,
> Quantum, and
> LZX) what compression is Microsoft going to be happy with for signing?
You can still find “cabarc.exe” in the deep weeds of the Internet.
https://stackoverflow.com/questions/3361928/where-can-i-get-the-cabarc-utility
Or, if you have kept all the tools you’ve ever installed (like I have), it’s in the Windows Server 2003 SDK (version 3790).
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
—
NTDEV is sponsored by OSR
Visit the list online at: http:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:>