The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I ran into the June 1 Authenticode apocalypse today, and then caught up with the blog posts and the forum posts here to learn what had happened. Whirlwind afternoon. Yikes. It looks like in the end, Microsoft stood their ground, and things have been declared a "lost cause". Somebody mentioned the extra dirty timestamp server hack, which really seems to violate the spirit of signing rules, and so that was dismissed as nonviable. And so in the absence of a good, clean, reliable, non-sketchy solution, we're in a bad place.
Worry no longer: I wrote up a little summary of a very clean workaround here: https://git.zx2c4.com/downlevel-driver-enabler/about/
In short, the security barrier that Windows cares about relates to the CA used for code signing, and the information along that certification path. The kernel enforces this, and all is well. There's an additional obsolete policy barrier, in which Windows 7 will reject drivers that have been PnP certified for Windows 10. We know this isn't security sensitive in the least, since non-PnP drivers load. Instead, it's just some basic userspace policy around PnP. And fortunately, Microsoft provides a facility for turning it off, and really modifying everything about how that policy is enforced. And it allows this without having to do anything naughty. By flipping a registry key, you can choose how PnP driver installation works. So the write-up simply describes turns off the OS version check. It does this, again, without having to mess with the kernel's security-sensitive load-time check. This then allows us to load Windows 10 attestation signed drivers in Windows 7 and 8.1, both for the PnP case and the non-PnP case. In my tests so far, it works very well.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Writing WDF Drivers||12 September 2022||Live, Online|
|Internals & Software Drivers||23 October 2022||Live, Online|
|Kernel Debugging||14 November 2022||Live, Online|
|Developing Minifilters||5 December 2022||Live, Online|