Hello,
I try to run the ELAM sample driver but I got a problem. After building and self signing driver I successfully install( at least I didn’t get any error) the driver and reboot a system. After rebooting Windows got in the “Diagnostic and Repair” Mode. SrtTrail.txt shows that \elamsample.sys is corrupt. Is possible to get more information why Windows decided that the file is corrupt? I likely missed something in build and installation.
Bellow is information of my system and driver.
VMware Workstation with Windows 10 x64.
I built the driver with Visual Studio solution disabling signing.
Generated a self-signing certificate
makecert.exe -r -pe -ss PrivateCertStore -n “CN=TestElam” -eku 1.3.6.1.4.1.311.61.4.1,1.3.6.1.5.5.7.3.3 -sr localmachine TestElam.cer
Enable testsigning in a test mashine
bcdedit /set testsigning on
Installing the driver according the ReadMe of the ELAM sample
"Copy the signed elamsample.sys file to the %WINDIR%\System32\Drivers directory on your test machine.
Use the sc.exe tool present in Windows to install the driver:
sc create ElamSample binpath=%windir%\system32\drivers\elamsample.sys type=kernel start=boot error=critical group=Early-Launch
"
I have no idea what I did wrong and any help would be appreciated.
Installing the driver according the ReadMe of the ELAM sample
“Copy the signed elamsample.sys file to the %WINDIR%\System32\Drivers directory on your test machine.
Use the sc.exe tool present in Windows to install the driver:
sc create ElamSample binpath=%windir%\system32\drivers\elamsample.sys type=kernel start=boot error=critical group=Early-Launch”
Just to be clear, the “sc” command was designed by someone who had never
designed a command-line tool before. There has to be a space after the
equals sign, but not before:
You might check the registry in
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ElamSample and see
if it looks right, or do
sc query ElamSample
and see if the output is reasonable.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
I think you need: sha256 signing, /ph (signtool) and /integritycheck (link).
On Apr 21, 2017 4:50 PM, wrote:
Hello, I try to run the ELAM sample driver but I got a problem. After building and self signing driver I successfully install( at least I didn’t get any error) the driver and reboot a system. After rebooting Windows got in the “Diagnostic and Repair” Mode. SrtTrail.txt shows that \elamsample.sys is corrupt. Is possible to get more information why Windows decided that the file is corrupt? I likely missed something in build and installation. Bellow is information of my system and driver. VMware Workstation with Windows 10 x64. I built the driver with Visual Studio solution disabling signing. Generated a self-signing certificate makecert.exe -r -pe -ss PrivateCertStore -n “CN=TestElam” -eku 1.3.6.1.4.1.311.61.4.1,1.3.6.1.5.5.7.3.3 -sr localmachine TestElam.cer
Enable testsigning in a test mashine bcdedit /set testsigning on
Installing the driver according the ReadMe of the ELAM sample “Copy the signed elamsample.sys file to the %WINDIR%\System32\Drivers directory on your test machine. Use the sc.exe tool present in Windows to install the driver: sc create ElamSample binpath=%windir%\system32\drivers\elamsample.sys type=kernel start=boot error=critical group=Early-Launch ” I have no idea what I did wrong and any help would be appreciated.
Thanks,
The problem was in missing sha265 signing. I didn’t pay attention on this because ‘sc’ didn’t give any warning or error when I used default sha1.
Igor