-1

I am struggling to develope my own driver to hook on serial port IRP. To start I followed microsoft guide "Write a Universal Windows driver (KMDF) based on a template" It seems that the driver is written and built successfully so as signed too:

Rebuild started...
1>------ Rebuild All started: Project: KMDF Driver1, Configuration: Release x64 ------
1>Building 'KMDF Driver1' with toolset 'WindowsKernelModeDriver10.0' and the 'Universal' target platform.
1>Stamping x64\Release\KMDFDriver1.inf
1>Stamping [Version] section with DriverVer=09/03/2022,17.42.15.777
1>Driver.c
1>KMDF Driver1.vcxproj ->D:\_PROJECTS\_BASIC SOFTWARE\DriverTemplate\KMDF Driver1\x64\Release\KMDFDriver1.sys
1>Done Adding Additional Store
1>Successfully signed: D:\_PROJECTS\_BASIC SOFTWARE\DriverTemplate\KMDF Driver1\x64\Release\KMDFDriver1.sys
1>
1>Driver is 'Universal'.
1>........................
1>Signability test complete.
1>
1>Errors:
1>None
1>
1>Warnings:
1>None
1>
1>Catalog generation complete.
1>D:\_PROJECTS\_BASIC SOFTWARE\DriverTemplate\KMDF Driver1\x64\Release\KMDF Driver1\kmdfdriver1.cat
1>Done Adding Additional Store
1>Successfully signed: D:\_PROJECTS\_BASIC SOFTWARE\DriverTemplate\KMDF Driver1\x64\Release\KMDF Driver1\kmdfdriver1.cat
1>
========== Rebuild All: 1 succeeded, 0 failed, 0 skipped ==========

Then I tried to install using Device Manager: Action-> Add legacy driver-> Install the hardware that I manually select from a list (Advanced)-> I have Disk-> "KMDFDriver1.inf"->

Here it days "This driver is not digitally signed!"

And on the [Next] step it fails with: "The third-party INF does not contain digital signature information."

My .inf file is like this:

;
; KMDFDriver1.inf
;

[Version]
Signature="$WINDOWS NT$"
Class=System ; TODO: specify appropriate Class
ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318} ; TODO: specify appropriate ClassGuid
Provider=%ManufacturerName%
CatalogFile=KMDFDriver1.cat
DriverVer = 09/03/2022,18.2.12.202
PnpLockdown=1

[DestinationDirs]
DefaultDestDir = 12
KMDFDriver1_Device_CoInstaller_CopyFiles = 11

[SourceDisksNames]
1 = %DiskName%,,,""

[SourceDisksFiles]
KMDFDriver1.sys  = 1,,
;


;*****************************************
; Install Section
;*****************************************

[Manufacturer]
%ManufacturerName%=Standard,NTamd64

[Standard.NTamd64]
%KMDFDriver1.DeviceDesc%=KMDFDriver1_Device, Root\KMDFDriver1 ; TODO: edit hw-id

[KMDFDriver1_Device.NT]
CopyFiles=Drivers_Dir

[Drivers_Dir]
KMDFDriver1.sys

;-------------- Service installation
[KMDFDriver1_Device.NT.Services]
AddService = KMDFDriver1,%SPSVCINST_ASSOCSERVICE%, KMDFDriver1_Service_Inst

; -------------- KMDFDriver1 driver install sections
[KMDFDriver1_Service_Inst]
DisplayName    = %KMDFDriver1.SVCDESC%
ServiceType    = 1               ; SERVICE_KERNEL_DRIVER
StartType      = 3               ; SERVICE_DEMAND_START
ErrorControl   = 1               ; SERVICE_ERROR_NORMAL
ServiceBinary  = %12%\KMDFDriver1.sys

;
;--- KMDFDriver1_Device Coinstaller installation ------
;

[KMDFDriver1_Device.NT.CoInstallers]
AddReg=KMDFDriver1_Device_CoInstaller_AddReg
CopyFiles=KMDFDriver1_Device_CoInstaller_CopyFiles

[KMDFDriver1_Device_CoInstaller_AddReg]
;


[KMDFDriver1_Device_CoInstaller_CopyFiles]
;


[KMDFDriver1_Device.NT.Wdf]
KmdfService =  KMDFDriver1, KMDFDriver1_wdfsect
[KMDFDriver1_wdfsect]
KmdfLibraryVersion = 1.15

[Strings]
SPSVCINST_ASSOCSERVICE= 0x00000002
ManufacturerName="<Your manufacturer name>" ;TODO: Replace with your manufacturer name
DiskName = "KMDFDriver1 Installation Disk"
KMDFDriver1.DeviceDesc = "KMDFDriver1 Device"
KMDFDriver1.SVCDESC = "KMDFDriver1 Service"

My project folder contains the follwoing files:

[D:_PROJECTS_BASIC SOFTWARE\DriverTemplate\KMDF Driver1\x64\Release]

KMDFDriver1.cer
KMDFDriver1.inf
KMDFDriver1.pdb
KMDFDriver1.sys

My goal is to be able to write and sign my own driver to hook it on my main application

I am running on a Windows 10 - 64 Bit - Secure Boot (which requires signed drivers). I have my certificates valid and expiring in 2032.

What am I doing wrong?

Thanks

Rick64
  • 409
  • 1
  • 5
  • 7
  • Use test signing mode while developing? If you want to distribute this driver to other people you have to pay the certificate-mafia for a proper certificate. – Anders Sep 03 '22 at 17:19
  • @Anders I know I should pay when I want to distribute it but how can I test my driver if I cannot use it in a Dev enviorment? Any idea? – Rick64 Sep 03 '22 at 19:44

2 Answers2

1

Like Anders said, use the test signature. It is the default for new projects.
Go to properties -> Driver signing -> General, and back change sign mode to Test Sign if it's not.
Then right click the .inf -> install (on the target computer). Or go to device manager, right click your device and update driver, then select your driver.
Secure Boot might mess with that, IDK I never used it.
Another option is to disable driver signature enforcement. Search in google how to do that if you need to.

lepainbrioche
  • 121
  • 4
0

Partially done but messy like hell and not finished with Driver testing but at least the Driver has been installed.

Preliminary requisites:

  1. Make sure you have your certificate present in the Certificated list. It was created in Visual Studio.
  2. Make sure Visual Studio compiles with no error.
  3. In my case and for this little guide I did a Kernel Driver and Visual Studio built 2 different sets of drivers and .inf files.
  4. Important: Disable Secure Boot if your BIOS has it. There is no tricky workaround to this. I did not like to do it but I had to.
   ../x64/Release/KMDFDriver.cer
   ../x64/Release/KMDFDriver.inf
   ../x64/Release/KMDFDriver.pdb
   ../x64/Release/KMDFDriver.sys

and

   ../x64/Release/KMDF Driver1/KMDFDriver.cat   <-Catalog to add to System Database
   ../x64/Release/KMDF Driver1/KMDFDriver.inf   <-Modify Manufacturer Name 
   ../x64/Release/KMDF Driver1/KMDFDriver.sys   <-THIS IS OUR TARGET

Here comes how I made it using the Catalog signed driver:

  • Disabled Secure Boot from BIOS (my machine has it)
  • Enable Test signing from commandline (admin lev)
"Bcdedit.exe -set TESTSIGNING ON"
  • Compiled Driver with visual studio
  • Modified .inf
ManufacturerName="MeMyselfAndI" ;

NOTE: this is very important otherwise the driver installation gives you a generic "error occured"

  • Signed driver again using Signtool.

NOTE: This is the strange part as Visual Studio apparently signed the code already but I needed to sign it again. Indeed right after the Driver size went from 9KB to 14KB

My certificate was present and generated by Visual Studio and then I used the /a option (automatic).

SignTool sign /v /a /d kmdfdriver1.cat /t http://timestamp.digicert.com KMDFDriver1.sys
  • Added my certificate to catalog.
SignTool catdb /v /u kmdfdriver1.cat

Note: All three files are in the same subdir of Visual Studio. To make it faster copy SignTool from its ClickOnce directory to your builing directory.... just copy it.

At this point the catalog is not loaded into the system yet. It is just installed. If you try to install it you'll get this message "The hash for the file is not present in the specified catalog file. The file is likely corrupt or the victim of tampering."

  • Time to REBOOT your PC

Finally right click on the .inf file and follow the instructions with the red banner and all the warnings of the world but off it goes!

Conclusions:

This was one of the most challenging and frustrating task of my life. It is poorly documented in case of errors and a lot of damn pitfalls.

This link helped me more than any other Microsoft's docs:

http://www.davidegrayson.com/signing/

I hope this partially detailed way helped all like me who spent a day to get it to work smashing against Windows science walls.

R64

Rick64
  • 409
  • 1
  • 5
  • 7