Modify Driver INF

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.setup_deployment (More info?)

Hi NG,

I hate drivers that bring extra tools with them, like ATI Video Cards or
some Sound Drivers. Now I want to modify the INF File to delete the Registry
Entry. I also want to restructure the driver file layout (put all files
execpt cat and inf to a subfolder).
I know that I break the CAT file and the signatur than (if there is any). So
I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe to
sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify tells
me that the CAT file ist signed.
I added my ROOT Certificate to a test machine (trusted CAs store) and my
CodeSigning Vertificate also (as trusted publisher).
If I now try to update the Driver it is still shown as not signed. I do this
on an installed machine at the desktop. I try to update the driver and
select the inf file.

I also tried it on a RIPREP Image:
The Problem is that I have to modify the file structure and delete some reg
keys. I have to add the drivers to a RIPREP Image. I also disabled driver
signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
the setupapi.log that tells me that the driver is blocked:

[2004/09/29 16:28:15 520.92 Driver Install]
#-019 Searching for hardware ID(s):
pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
#-018 Searching for compatible ID(s):
pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pci\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
#-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
#I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver: "SigmaTel
C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
"_00011179".
#I087 Driver node not trusted, rank changed from 0x00000001 to 0x00008001.
#I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
driver date: 07/17/2003.
#-166 Device install function: DIF_SELECTBESTCOMPATDRV.
#I063 Selected driver installs from section [_00011179] in
"c:\drivers\stac97.inf".
#I320 Class GUID of device remains: {4D36E96C-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
#I058 Selected best compatible driver.
#-166 Device install function: DIF_INSTALLDEVICEFILES.
#I124 Doing copy-only install of
"PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
#-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
#E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
driver "SigmaTel C-Major Audio" blocked (server install). Error 0xe000022f:
Die INF-Datei des Drittanbieters enthält keine Digitalsignaturinformationen.
#E122 Device install failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.
#E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.

(Sorry for the german Log)

As far as I have read, server install needs signed drivers. This test didn't
had the certificates installed.

So pls, if anyone has some hints, pls let me know.

cu and thx in advance...
Bjoern
 
Archived from groups: microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.setup_deployment (More info?)

You take a signed driver, replace the WHQL certificates with nothing more
than a code-signing certificate, munge the hell out of the INF file, and you
wonder what is wrong?

--
The personal opinion of
Gary G. Little

"Bjoern Wolfgardt" <given.sur@no-spam-ewetel.net> wrote in message
news:eUmZSP%23pEHA.2880@TK2MSFTNGP09.phx.gbl...
> Hi NG,
>
> I hate drivers that bring extra tools with them, like ATI Video Cards or
> some Sound Drivers. Now I want to modify the INF File to delete the
Registry
> Entry. I also want to restructure the driver file layout (put all files
> execpt cat and inf to a subfolder).
> I know that I break the CAT file and the signatur than (if there is any).
So
> I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe
to
> sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify
tells
> me that the CAT file ist signed.
> I added my ROOT Certificate to a test machine (trusted CAs store) and my
> CodeSigning Vertificate also (as trusted publisher).
> If I now try to update the Driver it is still shown as not signed. I do
this
> on an installed machine at the desktop. I try to update the driver and
> select the inf file.
>
> I also tried it on a RIPREP Image:
> The Problem is that I have to modify the file structure and delete some
reg
> keys. I have to add the drivers to a RIPREP Image. I also disabled driver
> signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
> the setupapi.log that tells me that the driver is blocked:
>
> [2004/09/29 16:28:15 520.92 Driver Install]
> #-019 Searching for hardware ID(s):
>
pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
> #-018 Searching for compatible ID(s):
>
pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
> #-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
> #I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
> C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver: "SigmaTel
> C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
> "_00011179".
> #I087 Driver node not trusted, rank changed from 0x00000001 to 0x00008001.
> #I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
> driver date: 07/17/2003.
> #-166 Device install function: DIF_SELECTBESTCOMPATDRV.
> #I063 Selected driver installs from section [_00011179] in
> "c:\drivers\stac97.inf".
> #I320 Class GUID of device remains:
{4D36E96C-E325-11CE-BFC1-08002BE10318}.
> #I060 Set selected driver.
> #I058 Selected best compatible driver.
> #-166 Device install function: DIF_INSTALLDEVICEFILES.
> #I124 Doing copy-only install of
> "PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
> #-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
> #E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
> driver "SigmaTel C-Major Audio" blocked (server install). Error
0xe000022f:
> Die INF-Datei des Drittanbieters enthält keine
Digitalsignaturinformationen.
> #E122 Device install failed. Error 0xe000022f: Die INF-Datei des
> Drittanbieters enthält keine Digitalsignaturinformationen.
> #E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
> Drittanbieters enthält keine Digitalsignaturinformationen.
>
> (Sorry for the german Log)
>
> As far as I have read, server install needs signed drivers. This test
didn't
> had the certificates installed.
>
> So pls, if anyone has some hints, pls let me know.
>
> cu and thx in advance...
> Bjoern
>
>
 
Archived from groups: microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.setup_deployment (More info?)

Hi,

I don't wonder what is going wrong. I ask if there is a way to do this. As
far as I understand Windows 2003 has a way to do this:
http://www.microsoft.com/whdc/driver/install/authenticode.mspx

And btw, did I say that the driver I was testing has a WHQL certificate? The
driver I have modified didn't have WHQL certificate.

cu
Bjoern

"Gary G. Little" <gglittle.nospam@sbcglobal.net> schrieb im Newsbeitrag
news:_lk7d.375$q%7.157@newssvr11.news.prodigy.com...
> You take a signed driver, replace the WHQL certificates with nothing more
> than a code-signing certificate, munge the hell out of the INF file, and
> you
> wonder what is wrong?
>
> --
> The personal opinion of
> Gary G. Little
>
> "Bjoern Wolfgardt" <given.sur@no-spam-ewetel.net> wrote in message
> news:eUmZSP%23pEHA.2880@TK2MSFTNGP09.phx.gbl...
>> Hi NG,
>>
>> I hate drivers that bring extra tools with them, like ATI Video Cards or
>> some Sound Drivers. Now I want to modify the INF File to delete the
> Registry
>> Entry. I also want to restructure the driver file layout (put all files
>> execpt cat and inf to a subfolder).
>> I know that I break the CAT file and the signatur than (if there is any).
> So
>> I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe
> to
>> sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify
> tells
>> me that the CAT file ist signed.
>> I added my ROOT Certificate to a test machine (trusted CAs store) and my
>> CodeSigning Vertificate also (as trusted publisher).
>> If I now try to update the Driver it is still shown as not signed. I do
> this
>> on an installed machine at the desktop. I try to update the driver and
>> select the inf file.
>>
>> I also tried it on a RIPREP Image:
>> The Problem is that I have to modify the file structure and delete some
> reg
>> keys. I have to add the drivers to a RIPREP Image. I also disabled driver
>> signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
>> the setupapi.log that tells me that the driver is blocked:
>>
>> [2004/09/29 16:28:15 520.92 Driver Install]
>> #-019 Searching for hardware ID(s):
>>
> pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
> 121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
>> #-018 Searching for compatible ID(s):
>>
> pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
> i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
>> #-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
>> #I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
>> C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver:
>> "SigmaTel
>> C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
>> "_00011179".
>> #I087 Driver node not trusted, rank changed from 0x00000001 to
>> 0x00008001.
>> #I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
>> driver date: 07/17/2003.
>> #-166 Device install function: DIF_SELECTBESTCOMPATDRV.
>> #I063 Selected driver installs from section [_00011179] in
>> "c:\drivers\stac97.inf".
>> #I320 Class GUID of device remains:
> {4D36E96C-E325-11CE-BFC1-08002BE10318}.
>> #I060 Set selected driver.
>> #I058 Selected best compatible driver.
>> #-166 Device install function: DIF_INSTALLDEVICEFILES.
>> #I124 Doing copy-only install of
>> "PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
>> #-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
>> #E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
>> driver "SigmaTel C-Major Audio" blocked (server install). Error
> 0xe000022f:
>> Die INF-Datei des Drittanbieters enthält keine
> Digitalsignaturinformationen.
>> #E122 Device install failed. Error 0xe000022f: Die INF-Datei des
>> Drittanbieters enthält keine Digitalsignaturinformationen.
>> #E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
>> Drittanbieters enthält keine Digitalsignaturinformationen.
>>
>> (Sorry for the german Log)
>>
>> As far as I have read, server install needs signed drivers. This test
> didn't
>> had the certificates installed.
>>
>> So pls, if anyone has some hints, pls let me know.
>>
>> cu and thx in advance...
>> Bjoern
>>
>>
>
>
 
Archived from groups: microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.setup_deployment (More info?)

Authenticode signatures are only applicable to Server 2003, and are not
recognized by XP, SP1 or SP2.

--
The personal opinion of
Gary G. Little

"Bjoern Wolfgardt" <given.sur@no-spam-ewetel.net> wrote in message
news:OD40zVEqEHA.1960@TK2MSFTNGP10.phx.gbl...
> Hi,
>
> I don't wonder what is going wrong. I ask if there is a way to do this. As
> far as I understand Windows 2003 has a way to do this:
> http://www.microsoft.com/whdc/driver/install/authenticode.mspx
>
> And btw, did I say that the driver I was testing has a WHQL certificate?
The
> driver I have modified didn't have WHQL certificate.
>
> cu
> Bjoern
>
> "Gary G. Little" <gglittle.nospam@sbcglobal.net> schrieb im Newsbeitrag
> news:_lk7d.375$q%7.157@newssvr11.news.prodigy.com...
> > You take a signed driver, replace the WHQL certificates with nothing
more
> > than a code-signing certificate, munge the hell out of the INF file, and
> > you
> > wonder what is wrong?
> >
> > --
> > The personal opinion of
> > Gary G. Little
> >
> > "Bjoern Wolfgardt" <given.sur@no-spam-ewetel.net> wrote in message
> > news:eUmZSP%23pEHA.2880@TK2MSFTNGP09.phx.gbl...
> >> Hi NG,
> >>
> >> I hate drivers that bring extra tools with them, like ATI Video Cards
or
> >> some Sound Drivers. Now I want to modify the INF File to delete the
> > Registry
> >> Entry. I also want to restructure the driver file layout (put all files
> >> execpt cat and inf to a subfolder).
> >> I know that I break the CAT file and the signatur than (if there is
any).
> > So
> >> I used MAKECAT.exe to generate the new CAT File. I also used
SIGNTOOL.exe
> > to
> >> sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify
> > tells
> >> me that the CAT file ist signed.
> >> I added my ROOT Certificate to a test machine (trusted CAs store) and
my
> >> CodeSigning Vertificate also (as trusted publisher).
> >> If I now try to update the Driver it is still shown as not signed. I do
> > this
> >> on an installed machine at the desktop. I try to update the driver and
> >> select the inf file.
> >>
> >> I also tried it on a RIPREP Image:
> >> The Problem is that I have to modify the file structure and delete some
> > reg
> >> keys. I have to add the drivers to a RIPREP Image. I also disabled
driver
> >> signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message
in
> >> the setupapi.log that tells me that the driver is blocked:
> >>
> >> [2004/09/29 16:28:15 520.92 Driver Install]
> >> #-019 Searching for hardware ID(s):
> >>
> >
pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
> > 121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
> >> #-018 Searching for compatible ID(s):
> >>
> >
pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
> > i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
> >> #-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
> >> #I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
> >> C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver:
> >> "SigmaTel
> >> C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
> >> "_00011179".
> >> #I087 Driver node not trusted, rank changed from 0x00000001 to
> >> 0x00008001.
> >> #I023 Actual install section: [_00011179.NT]. Rank: 0x00008001.
Effective
> >> driver date: 07/17/2003.
> >> #-166 Device install function: DIF_SELECTBESTCOMPATDRV.
> >> #I063 Selected driver installs from section [_00011179] in
> >> "c:\drivers\stac97.inf".
> >> #I320 Class GUID of device remains:
> > {4D36E96C-E325-11CE-BFC1-08002BE10318}.
> >> #I060 Set selected driver.
> >> #I058 Selected best compatible driver.
> >> #-166 Device install function: DIF_INSTALLDEVICEFILES.
> >> #I124 Doing copy-only install of
> >> "PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
> >> #-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
> >> #E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf"
for
> >> driver "SigmaTel C-Major Audio" blocked (server install). Error
> > 0xe000022f:
> >> Die INF-Datei des Drittanbieters enthält keine
> > Digitalsignaturinformationen.
> >> #E122 Device install failed. Error 0xe000022f: Die INF-Datei des
> >> Drittanbieters enthält keine Digitalsignaturinformationen.
> >> #E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
> >> Drittanbieters enthält keine Digitalsignaturinformationen.
> >>
> >> (Sorry for the german Log)
> >>
> >> As far as I have read, server install needs signed drivers. This test
> > didn't
> >> had the certificates installed.
> >>
> >> So pls, if anyone has some hints, pls let me know.
> >>
> >> cu and thx in advance...
> >> Bjoern
> >>
> >>
> >
> >
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom