Hello

I have seen the post of Guide to signing unsigned drivers , the description doesn't work for Windows 7 x86, altough I have created the *.cat file with "/os:XP_X86,7_X86" (have tried with only 7_X86 too).

Has anybody an ideo how to sign the unsigned drivers for Windows 7?

manes
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Are you sure you are using the latest version of inf2cat from the Windows Driver Kit 7.1.0 ?

Available for download here

Regards,

Spartacus
Answered 11/12/2010 by: spartacus
Black Belt

Please log in to comment
0
the description doesn't work for Windows 7 x86No offence but, FFR, a post like this is next to useless. You should describe EXACTLY what happens, detail any errors returned and what you tried - if anything - to fix the problem.
Answered 11/12/2010 by: VBScab
Red Belt

Please log in to comment
0
I have signed the driver like in the description "Guide to signing unsigned drivers", it works on XP. On W7 it shows the window that it doesent trust the publisher.

I will try to use the latest inf2cat.

manes
Answered 11/12/2010 by: manes
Senior Yellow Belt

Please log in to comment
0
I have used the inf2cat from http://winqual-submission-tool.software.informer.com/
Answered 11/12/2010 by: manes
Senior Yellow Belt

Please log in to comment
0
Have used the latest version of inf2cat from Windows Driver Kit 7.1.0, it doesn't work on W7 Enterprise, on XP SP3 it works.

here is a screenshot of the window, I'm from switzerland so it's in german http://cs-sound.com/w7.JPG

has anybody an idea how to do it on W7 Enterprise?
Answered 11/12/2010 by: manes
Senior Yellow Belt

Please log in to comment
0
Now, I have done the steps similar in the description of ms: http://technet.microsoft.com/en-us/library/dd919238(WS.10).aspx

I have used the tools of WinDDK7 and MS SDK Windows 7 and .Net Framework 3.5


1. create a certificate in the Root store:
makecert -r -n CN="TestZert" -ss Root -sr LocalMachine -pe

2. Create the *.Cat File
inf2cat.exe /driver:[PathToINFwithoutFile] /os:XP_X86,7_x86

3. Signing with signtool.exe
signtool.exe sign /s Root /n “TestZert” /t http://timestamp.verisign.com/scripts/timestamp.dll [PathCATFile]

this works, i just have to accept "trust everytime"

but i can't export the certificate to an other computer, if i export the PFX and install it on an other computer to Root and TrustedPublisher it doesn't work, same screenshot further up

I have also tried to export just the TestZert.cer and import it to Root and TrustedPublisher, doens't work

Has anybody an idea how i can export the certificate that it works on other computers?
Answered 11/13/2010 by: manes
Senior Yellow Belt

Please log in to comment
0
finally i've got it.

my mistake was, a haven't installed the certificate to root store of the computer, i have added the certificate to the user root store, this doesn't work...

Another question, is it correct that certmgr.exe does not remove the certificate on w7? it says certmgre.exe succeed, but the certificate isn't deleted, installation works fine

certmgr.exe /add ".\AppGateIPTunnelingCertABX.cer" -s -r LocalMachine Root -->to install --> succeed --> installed
certmgr.exe /del ".\AppGateIPTunnelingCertABX.cer" -s -r LocalMachine Root --> to delete --> succeed --> not deleted

Whatever, with certutil.exe it works fine on w7

This are my steps finally:

1. create a certificate in the Root store:
makecert -r -n CN="TestZert" -ss Root -sr LocalMachine (-pe no need)

2. create the *.cat File
inf2cat.exe /driver:[PathToINFwithoutFile] /os:XP_X86,7_x86

3. signing with signtool.exe
signtool.exe sign /s Root /n “TestZert” /t http://timestamp.verisign.com/scripts/timestamp.dll [PathCATFilewithFile]

4. export the certificate from certstore manually

5. install the certificate to Root and TrustedPublisher on windows 7 with certutil.exe
install

certutil.exe -addstore "Root" ".\TestZer.cer"
certutil.exe -addstore "TrustedPublisher" ".\TestZer.cer"

delete (just for information)

certutil.exe -delstore "Root" "TestZer"
certutil.exe -delstore "TrustedPublisher" "TestZer"

regards manes
Answered 11/14/2010 by: manes
Senior Yellow Belt

Please log in to comment
0
A little questian, does the merge module difxapp.msm delte the driver on uninstall?
Answered 11/14/2010 by: manes
Senior Yellow Belt

Please log in to comment
0
Now I have included the difxapp.msm merge module from wddk7, it creates the table msidriverpackages but all the CA's don't exist...Have importet it with WPS 8.0...i am working on it...any body has an idea?
Answered 11/14/2010 by: manes
Senior Yellow Belt

Please log in to comment
0
Good work, manes.

I think the CAs get built into the MSI once you compile it from your WSI. I've not used Wise for a while, but I do remember that the structuring of your files is important for the DifX tabs to show correctly. Ensure you have all your driver files in the same component (.SYS files, .DLL files, .INF and whatever else), and (most importantly) that the keypath for the component is your .inf file.
Answered 11/15/2010 by: captain_planet
Third Degree Brown Belt

Please log in to comment
0
I've run into similar issues, and I went through a lot of trial-and-error before I got something that worked reliably. You can use either certmgr.exe (from the “Windows Driver Kit”) or certutil.exe, but certutil.exe comes native on Win7, XP & Vista –no need to download & pre-install or worry about versioning. Basically, you have to get the syntax exactly right for it to work when calling your script or batchfile from Wise:


Steps to ADD trusted root certificate file to local Computer during MSI install:

1. Open MSI/MST, go to MSI Script - "Execute Deferred" tab.

2. Add "Execute Program From Destination" action inside an "If Statement" just above "InstallFinalize" (near bottom) , as follows (substitute appropriate target folder for "[INSTALLDIR]\", including backslash, and your script file for "\Addcerts.cmd"):




[blockquote]
If (Not Installed OR REINSTALL) AND (AdminUser=1)
Execute Program From Destination CMD.exe /c "[INSTALLDIR]\Addcerts.cmd" Default Directory Windows\System32 [AddCerts]
End[/blockquote]
3. Make sure you set Default Directory to "SystemFolder" (displays as Windows\System32), because this is where certutil.exe resides.

4. Under "Properties" tab of 'Execute' custom action, make sure 'Processing' is set to "Synchronous, Ignore exit code"

5. The script can be a .bat, .cmd, .vbs, etc., but make sure the syntax follows this example (note this example registers the cert file 'mycert.cer' on both 64 & 32-bit Win7):



[blockquote]
certutil.exe -addstore root "%ProgramFiles%\Cisco\Cisco AnyConnect VPN Client\TrustedCerts\mycert.cer"
certutil.exe -addstore root "%ProgramFiles(x86)%\Cisco\Cisco AnyConnect VPN Client\TrustedCerts\mycert.cer"
Exit[/blockquote]

Steps to REMOVE trusted root certificate file from local Computer during MSI uninstall:

1. Open MSI/MST, go to MSI Script - "Execute Deferred" tab.

2. Add "Execute Program From Destination" action inside an "If Statement" just above "RemoveIniValues", as follows (substitute appropriate target folder for "[INSTALLDIR]\", including backslash, and your script file for "\Delcerts.cmd"):



[blockquote]
If (REMOVE = "ALL") AND (AdminUser=1)
Execute Program From Destination CMD.exe /c "[INSTALLDIR]\Delcerts.cmd" Default Directory Windows\System32 [DelCerts]
End[/blockquote]
3. Make sure you set Default Directory to "SystemFolder" (displays as Windows\System32), because this is where certutil.exe resides.

4. Under "Properties" tab of 'Execute' custom action, make sure 'Processing' is set to "Synchronous, Ignore exit code"

5. The script can be a .bat, .cmd, .vbs, etc., but make sure the syntax matches as follows (substitute certificate name EXACTLY AS IT APPEARS under MMC - "Certificates (Local Computer)" - "Trusted Root Certificatation Authorities" - Certificates" - "Issued To" column):



[blockquote]certutil.exe -delstore root MyCertfiicate
Exit[/blockquote]
Answered 11/23/2010 by: norexx
Orange Belt

Please log in to comment
Answer this question or Comment on this question for clarity