Hi guys,
I am trying to register for callbacks related to process handle creation and duplication usingObRegisterCallbacks . The problem is that it returns ACCESS_DENIED, which on msdn states that the driver is not signed. I am using vs2015 which auto signs the binary, also signed my binary with a valid company certificate, but still the status ACCESS_DENIED persists, i am using windbg my host is windows 10 and my target is win 7 32 bit (Testing it on VM). Any help is greatly appreciated… 
Deepak
Try generating the test cert in vs option. It worked for me
On Dec 23, 2015 12:53 PM, wrote:
> Hi guys,
>
> I am trying to register for callbacks related to process handle creation
> and duplication usingObRegisterCallbacks . The problem is that it returns
> ACCESS_DENIED, which on msdn states that the driver is not signed. I am
> using vs2015 which auto signs the binary, also signed my binary with a
> valid company certificate, but still the status ACCESS_DENIED persists, i
> am using windbg my host is windows 10 and my target is win 7 32 bit
> (Testing it on VM). Any help is greatly appreciated…
>
> Deepak
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: <
> http://www.osronline.com/showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
></http:>
Hi Goresh,
Tried that too… 
doesnt work, still get that access denied ntstatus :(
Deepak
> I am trying to register for callbacks related to process handle creation and
duplication usingObRegisterCallbacks . The problem is that it returns
ACCESS_DENIED, which on msdn states that the driver is not signed.
- Use /INTEGRITYCHECK linker option.
- Sign your driver with /ph signtool option.
Hi Aleh,
/INTEGRITYCHECK does the trick…
I had a sources file that had the flag, but since i was using VS2015 sources wasnt requires 
I had to put it in linker and viola it worked :)