Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Sept/Oct 2019 Issue of The NT Insider available


Download PDF here: http://insider.osr.com/2019/ntinsider_2019_01.pdf

It’s a particularly BIG issue, too: 40 pages of technical goodness, ranging from WDF to Minifilters. Check it out.
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Windows 7 driver signing problem

Niki_HopfiNiki_Hopfi Member Posts: 6
Hey guys, I've some problems with signing a driver for Windows 7.

I just have a simple mini-filter driver and tried to sign it with a certificate from Comodo.
The driver installs and runs without any problems on Windows 8 to Windows 10, only Windows 7 reports an error, when trying to install it.

I cross-signed the driver as shown below:

signtool.exe sign /v /p password /ac "C:\comodorsacertificationauthority_kmod.crt" /f "C:\cert.pfx"
/tr http://timestamp.comodoca.com/rfc3161 "C:\Users\name\desktop\drv.sys"
The following certificate was selected:
Issued to: xxx xxxxx
Issued by: COMODO RSA Code Signing CA
Expires: Mon Oct 31 01:59:59 2016
SHA1 hash: *hash here*

Cross certificate chain (using machine store):
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 15:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

Issued to: COMODO RSA Certification Authority
Issued by: Microsoft Code Verification Root
Expires: Mon Apr 12 00:16:20 2021
SHA1 hash: 106870659C069F248C8C0A05ACD871CABEB3CC38

Issued to: COMODO RSA Code Signing CA
Issued by: COMODO RSA Certification Authority
Expires: Tue May 09 01:59:59 2028
SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47

Issued to: xxx xxxxx
Issued by: COMODO RSA Code Signing CA
Expires: Mon Oct 31 01:59:59 2016
SHA1 hash: *hash here*

Done Adding Additional Store
Successfully signed and timestamped: C:\Users\name\desktop\drv.sys

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0

C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin>fltmc load drv

Error: 0x80070241

Could not translate error code. Code: 0x80070241, Reason:
7a

Obviously, I run the cmd prompt with admin rights.
In the windows event log (code integrity) I get the following errors: (translated from german)
The image of the file (drv.sys) could not be validated, because the record of image hashes could not be found on the system.

Any ideas on what I'm doing wrong? I already spent days on figuring out what I'm doing wrong, without success. :/

I would appreciate any kind of help. Thanks!

Comments

  • Are the appriorate COMODO root certificates installed on Win 7 ?

    Christiaan

    ----- Original Message -----
    From: <xxxxx@gmail.com>
    To: "Windows System Software Devs Interest List" <xxxxx@lists.osr.com>
    Sent: Sunday, August 21, 2016 6:02 PM
    Subject: [ntdev] Windows 7 driver signing problem


    > Hey guys, I've some problems with signing a driver for Windows 7.
    >
    > I just have a simple mini-filter driver and tried to sign it with a certificate from Comodo.
    > The driver installs and runs without any problems on Windows 8 to Windows 10, only Windows 7 reports an error, when trying to
    > install it.
    >
    > I cross-signed the driver as shown below:
    >
    > signtool.exe sign /v /p password /ac "C:\comodorsacertificationauthority_kmod.crt" /f "C:\cert.pfx"
    > /tr http://timestamp.comodoca.com/rfc3161 "C:\Users\name\desktop\drv.sys"
    > The following certificate was selected:
    > Issued to: xxx xxxxx
    > Issued by: COMODO RSA Code Signing CA
    > Expires: Mon Oct 31 01:59:59 2016
    > SHA1 hash: *hash here*
    >
    > Cross certificate chain (using machine store):
    > Issued to: Microsoft Code Verification Root
    > Issued by: Microsoft Code Verification Root
    > Expires: Sat Nov 01 15:54:03 2025
    > SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
    >
    > Issued to: COMODO RSA Certification Authority
    > Issued by: Microsoft Code Verification Root
    > Expires: Mon Apr 12 00:16:20 2021
    > SHA1 hash: 106870659C069F248C8C0A05ACD871CABEB3CC38
    >
    > Issued to: COMODO RSA Code Signing CA
    > Issued by: COMODO RSA Certification Authority
    > Expires: Tue May 09 01:59:59 2028
    > SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
    >
    > Issued to: xxx xxxxx
    > Issued by: COMODO RSA Code Signing CA
    > Expires: Mon Oct 31 01:59:59 2016
    > SHA1 hash: *hash here*
    >
    > Done Adding Additional Store
    > Successfully signed and timestamped: C:\Users\name\desktop\drv.sys
    >
    > Number of files successfully Signed: 1
    > Number of warnings: 0
    > Number of errors: 0
    >
    > C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin>fltmc load drv
    >
    > Error: 0x80070241
    >
    > Could not translate error code. Code: 0x80070241, Reason:
    > 7a
    >
    > Obviously, I run the cmd prompt with admin rights.
    > In the windows event log (code integrity) I get the following errors: (translated from german)
    > The image of the file (drv.sys) could not be validated, because the record of image hashes could not be found on the system.
    >
    > Any ideas on what I'm doing wrong? I already spent days on figuring out what I'm doing wrong, without success. :/
    >
    > I would appreciate any kind of help. Thanks!
    >
    > ---
    > NTDEV is sponsored by OSR
    >
    > Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev>;
    >
    > MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
    > Details at <http://www.osr.com/seminars>;
    >
    > To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>;
  • Jan_BottorffJan_Bottorff Member - All Emails Posts: 471
    It might be your signing key is SHA2, and the copy of Win 7 you are using does not have the SHA2 support patch. Search previous messages on this list for the way to determine this and fix it. Win 7 as it comes off the install DVD didn’t work with SHA2 keys under certain condition, like I believe drivers that required checking the signature of the binary using an embedded signature.

    Jan


    On 8/21/16, 9:02 AM, "xxxxx@lists.osr.com on behalf of xxxxx@gmail.com" <xxxxx@lists.osr.com on behalf of xxxxx@gmail.com> wrote:

    Hey guys, I've some problems with signing a driver for Windows 7.

    I just have a simple mini-filter driver and tried to sign it with a certificate from Comodo.
    The driver installs and runs without any problems on Windows 8 to Windows 10, only Windows 7 reports an error, when trying to install it.

    I cross-signed the driver as shown below:

    signtool.exe sign /v /p password /ac "C:\comodorsacertificationauthority_kmod.crt" /f "C:\cert.pfx"
    /tr http://timestamp.comodoca.com/rfc3161 "C:\Users\name\desktop\drv.sys"
    The following certificate was selected:
    Issued to: xxx xxxxx
    Issued by: COMODO RSA Code Signing CA
    Expires: Mon Oct 31 01:59:59 2016
    SHA1 hash: *hash here*

    Cross certificate chain (using machine store):
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires: Sat Nov 01 15:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

    Issued to: COMODO RSA Certification Authority
    Issued by: Microsoft Code Verification Root
    Expires: Mon Apr 12 00:16:20 2021
    SHA1 hash: 106870659C069F248C8C0A05ACD871CABEB3CC38

    Issued to: COMODO RSA Code Signing CA
    Issued by: COMODO RSA Certification Authority
    Expires: Tue May 09 01:59:59 2028
    SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47

    Issued to: xxx xxxxx
    Issued by: COMODO RSA Code Signing CA
    Expires: Mon Oct 31 01:59:59 2016
    SHA1 hash: *hash here*

    Done Adding Additional Store
    Successfully signed and timestamped: C:\Users\name\desktop\drv.sys

    Number of files successfully Signed: 1
    Number of warnings: 0
    Number of errors: 0

    C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin>fltmc load drv

    Error: 0x80070241

    Could not translate error code. Code: 0x80070241, Reason:
    7a

    Obviously, I run the cmd prompt with admin rights.
    In the windows event log (code integrity) I get the following errors: (translated from german)
    The image of the file (drv.sys) could not be validated, because the record of image hashes could not be found on the system.

    Any ideas on what I'm doing wrong? I already spent days on figuring out what I'm doing wrong, without success. :/

    I would appreciate any kind of help. Thanks!

    ---
    NTDEV is sponsored by OSR

    Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev>;

    MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
    Details at <http://www.osr.com/seminars>;

    To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>;
  • Niki_HopfiNiki_Hopfi Member Posts: 6
    Thanks for your quick replies!

    You were right, the patch for sha2 support was missing, even though SP1 was installed.

    I manually installed it and now it works.

    Thank you guys!

    BR, Nick

    > Am 22.08.2016 um 00:07 schrieb Jan Bottorff <xxxxx@pmatrix.com>:
    >
    > It might be your signing key is SHA2, and the copy of Win 7 you are using does not have the SHA2 support patch. Search previous messages on this list for the way to determine this and fix it. Win 7 as it comes off the install DVD didn’t work with SHA2 keys under certain condition, like I believe drivers that required checking the signature of the binary using an embedded signature.
    >
    > Jan
    >
    >
    > On 8/21/16, 9:02 AM, "xxxxx@lists.osr.com on behalf of xxxxx@gmail.com" <xxxxx@lists.osr.com on behalf of xxxxx@gmail.com> wrote:
    >
    > Hey guys, I've some problems with signing a driver for Windows 7.
    >
    > I just have a simple mini-filter driver and tried to sign it with a certificate from Comodo.
    > The driver installs and runs without any problems on Windows 8 to Windows 10, only Windows 7 reports an error, when trying to install it.
    >
    > I cross-signed the driver as shown below:
    >
    > signtool.exe sign /v /p password /ac "C:\comodorsacertificationauthority_kmod.crt" /f "C:\cert.pfx"
    > /tr http://timestamp.comodoca.com/rfc3161 "C:\Users\name\desktop\drv.sys"
    > The following certificate was selected:
    > Issued to: xxx xxxxx
    > Issued by: COMODO RSA Code Signing CA
    > Expires: Mon Oct 31 01:59:59 2016
    > SHA1 hash: *hash here*
    >
    > Cross certificate chain (using machine store):
    > Issued to: Microsoft Code Verification Root
    > Issued by: Microsoft Code Verification Root
    > Expires: Sat Nov 01 15:54:03 2025
    > SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
    >
    > Issued to: COMODO RSA Certification Authority
    > Issued by: Microsoft Code Verification Root
    > Expires: Mon Apr 12 00:16:20 2021
    > SHA1 hash: 106870659C069F248C8C0A05ACD871CABEB3CC38
    >
    > Issued to: COMODO RSA Code Signing CA
    > Issued by: COMODO RSA Certification Authority
    > Expires: Tue May 09 01:59:59 2028
    > SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
    >
    > Issued to: xxx xxxxx
    > Issued by: COMODO RSA Code Signing CA
    > Expires: Mon Oct 31 01:59:59 2016
    > SHA1 hash: *hash here*
    >
    > Done Adding Additional Store
    > Successfully signed and timestamped: C:\Users\name\desktop\drv.sys
    >
    > Number of files successfully Signed: 1
    > Number of warnings: 0
    > Number of errors: 0
    >
    > C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin>fltmc load drv
    >
    > Error: 0x80070241
    >
    > Could not translate error code. Code: 0x80070241, Reason:
    > 7a
    >
    > Obviously, I run the cmd prompt with admin rights.
    > In the windows event log (code integrity) I get the following errors: (translated from german)
    > The image of the file (drv.sys) could not be validated, because the record of image hashes could not be found on the system.
    >
    > Any ideas on what I'm doing wrong? I already spent days on figuring out what I'm doing wrong, without success. :/
    >
    > I would appreciate any kind of help. Thanks!
    >
    > ---
    > NTDEV is sponsored by OSR
    >
    > Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev>;
    >
    > MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
    > Details at <http://www.osr.com/seminars>;
    >
    > To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>;
    >
    >
    >
    > ---
    > NTDEV is sponsored by OSR
    >
    > Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev>;
    >
    > MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
    > Details at <http://www.osr.com/seminars>;
    >
    > To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>;
  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,102
    Christiaan Ghijselinck wrote:
    > Are the appriorate COMODO root certificates installed on Win 7 ?

    They don't have to be. That's the point of the cross-certificate. As
    long as the "Microsoft Code Verification Root" is in the chain, that's
    all that is necessary.

    --
    Tim Roberts, xxxxx@probo.com
    Providenza & Boekelheide, Inc.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE