Tim Roberts wrote :
>Well, if you always install using a CAT file, then it’s not necessary to sign the SYS file at all. The kernel will find the CAT file and use it instead.
Do you mean that , for example 64 bit Windows 7 , will load THAT *.sys driver file at boot time ? I was always persuaded that the driver had to be signed.
>In my case, I like to copy replacement binaries in by hand without going through the full install process.
I am practicising this myself. I think that Microsoft “trusts” that the driver belongs to the original package ( to shorten boot time ) , although there is a way back to the *inf via the ClassID in the \Enum or Enum\Root registry hives.
Regards ,
Christiaan
----- Original Message -----
From: Tim Roberts
To: Windows System Software Devs Interest List
Sent: Monday, November 17, 2014 6:57 PM
Subject: Re: [ntdev] error code 52 for one signed driver
Christiaan Ghijselinck wrote:
You must sign the driver first , then create the *.cat file from the *.inf referring to the signed driver , then sign the *.cat file.
Well, if you always install using a CAT file, then it’s not necessary to sign the SYS file at all. The kernel will find the CAT file and use it instead.
In my case, I like to copy replacement binaries in by hand without going through the full install process. When I do that, the CAT file is invalidated, so the checksums don’t match. Because of that, I do exactly as you say: sign the SYS, build the CAT, then sign the CAT.
Turning this upside down, until Windows 8, you don’t actually have to sign the CAT file. The CAT file signature was only used for the install-time warning, which you could override. Signing the SYS alone was enough to get the driver loaded. This has changed in Windows 8.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer