test driver signing issue to resolve hash problem

NTFSD
1

hi all,

i was looking into an issue of codeintegrity for my driver for Vista 32bit and i was getting securtiy audit info as :
Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\WavxDMgr.sys

as i was installing my new driver package everytime i was getting this information in vista event log .i tried out with two ways to resolve this

1)test signing my driver using embedded signatures i signed it using signtool utility available in WDK 6000 .in this i followed the procedure as mentioned as mentioned by MSFT manual KMCS walkthrough but it didnt turn out well in my case as when i am verifying my driver using signtool it is giving error.
2)test signing using catalog file i generated a catalog file using signability utility ,i signed it using siogntool but when i was verifying it using signtool i was getting errors like the catalog file is not having the entry of my .inf file .

can anyone help me out i am stuck with this and the vista eevnt log is not at all budging from that event entry of code integrity .Thanks in advance

Sankalp

2

I would like to add some info to my previous post my driver is actuallly a minfilter driver and it is a boot start driver it is using inf file for installation so i want to know,

  1. that is it like there’s something missing in the inf file that is making this code integrity error to come .
    or
  2. there is an altogether different procedure for test signing minifilter driver
    i was following the following link as the procedure

download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde- d599bac8184a/KMCS_Walkthrough.doc

thanks again
Sankalp

3

The only way I found to get rid of that message is to use a Microsoft Cross-Certificate. It links your digital signature from a known CA to the Microsoft CA. But I don’t think it will work with test certificates.

http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx

HTH,
Ken

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@rsystems.com
Sent: Wednesday, January 09, 2008 6:14 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] test driver signing issue to resolve hash problem

hi all,

i was looking into an issue of codeintegrity for my driver for Vista 32bit and i was getting securtiy audit info as :
Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\WavxDMgr.sys

as i was installing my new driver package everytime i was getting this information in vista event log .i tried out with two ways to resolve this

1)test signing my driver using embedded signatures i signed it using signtool utility available in WDK 6000 .in this i followed the procedure as mentioned as mentioned by MSFT manual KMCS walkthrough but it didnt turn out well in my case as when i am verifying my driver using signtool it is giving error.
2)test signing using catalog file i generated a catalog file using signability utility ,i signed it using siogntool but when i was verifying it using signtool i was getting errors like the catalog file is not having the entry of my .inf file .

can anyone help me out i am stuck with this and the vista eevnt log is not at all budging from that event entry of code integrity .Thanks in advance

Sankalp

NTFSD is sponsored by OSR

For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

4

You are going to have to provide more details here. The steps outlined in
the walkthrough are known to work, So you have done something wrong. Also
see this article on OSR’s website:
http://www.osronline.com/article.cfm?article=476

I have test signed multiple miniport drivers using these techniques.

On Jan 9, 2008 6:42 AM, wrote:

> I would like to add some info to my previous post my driver is actuallly a
> minfilter driver and it is a boot start driver it is using inf file for
> installation so i want to know,
>
> 1) that is it like there’s something missing in the inf file that is
> making this code integrity error to come .
> or
> 2) there is an altogether different procedure for test signing minifilter
> driver
> i was following the following link as the procedure
>
> download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/KMCS_Walkthrough.doc
>
> thanks again
> Sankalp
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@hollistech.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>


Mark Roddy