Install a seft signed driver on Windows 10 64 bit - windows

I am struggling to develope my own driver to hook on serial port IRP.
To start I followed microsoft guide "Write a Universal Windows driver (KMDF) based on a template"
It seems that the driver is written and built successfully so as signed too:
Rebuild started...
1>------ Rebuild All started: Project: KMDF Driver1, Configuration: Release x64 ------
1>Building 'KMDF Driver1' with toolset 'WindowsKernelModeDriver10.0' and the 'Universal' target platform.
1>Stamping x64\Release\KMDFDriver1.inf
1>Stamping [Version] section with DriverVer=09/03/2022,17.42.15.777
1>Driver.c
1>KMDF Driver1.vcxproj ->D:\_PROJECTS\_BASIC SOFTWARE\DriverTemplate\KMDF Driver1\x64\Release\KMDFDriver1.sys
1>Done Adding Additional Store
1>Successfully signed: D:\_PROJECTS\_BASIC SOFTWARE\DriverTemplate\KMDF Driver1\x64\Release\KMDFDriver1.sys
1>
1>Driver is 'Universal'.
1>........................
1>Signability test complete.
1>
1>Errors:
1>None
1>
1>Warnings:
1>None
1>
1>Catalog generation complete.
1>D:\_PROJECTS\_BASIC SOFTWARE\DriverTemplate\KMDF Driver1\x64\Release\KMDF Driver1\kmdfdriver1.cat
1>Done Adding Additional Store
1>Successfully signed: D:\_PROJECTS\_BASIC SOFTWARE\DriverTemplate\KMDF Driver1\x64\Release\KMDF Driver1\kmdfdriver1.cat
1>
========== Rebuild All: 1 succeeded, 0 failed, 0 skipped ==========
Then I tried to install using Device Manager: Action-> Add legacy driver-> Install the hardware that I manually select from a list (Advanced)-> I have Disk-> "KMDFDriver1.inf"->
Here it days "This driver is not digitally signed!"
And on the [Next] step it fails with:
"The third-party INF does not contain digital signature information."
My .inf file is like this:
;
; KMDFDriver1.inf
;
[Version]
Signature="$WINDOWS NT$"
Class=System ; TODO: specify appropriate Class
ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318} ; TODO: specify appropriate ClassGuid
Provider=%ManufacturerName%
CatalogFile=KMDFDriver1.cat
DriverVer = 09/03/2022,18.2.12.202
PnpLockdown=1
[DestinationDirs]
DefaultDestDir = 12
KMDFDriver1_Device_CoInstaller_CopyFiles = 11
[SourceDisksNames]
1 = %DiskName%,,,""
[SourceDisksFiles]
KMDFDriver1.sys = 1,,
;
;*****************************************
; Install Section
;*****************************************
[Manufacturer]
%ManufacturerName%=Standard,NTamd64
[Standard.NTamd64]
%KMDFDriver1.DeviceDesc%=KMDFDriver1_Device, Root\KMDFDriver1 ; TODO: edit hw-id
[KMDFDriver1_Device.NT]
CopyFiles=Drivers_Dir
[Drivers_Dir]
KMDFDriver1.sys
;-------------- Service installation
[KMDFDriver1_Device.NT.Services]
AddService = KMDFDriver1,%SPSVCINST_ASSOCSERVICE%, KMDFDriver1_Service_Inst
; -------------- KMDFDriver1 driver install sections
[KMDFDriver1_Service_Inst]
DisplayName = %KMDFDriver1.SVCDESC%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
ServiceBinary = %12%\KMDFDriver1.sys
;
;--- KMDFDriver1_Device Coinstaller installation ------
;
[KMDFDriver1_Device.NT.CoInstallers]
AddReg=KMDFDriver1_Device_CoInstaller_AddReg
CopyFiles=KMDFDriver1_Device_CoInstaller_CopyFiles
[KMDFDriver1_Device_CoInstaller_AddReg]
;
[KMDFDriver1_Device_CoInstaller_CopyFiles]
;
[KMDFDriver1_Device.NT.Wdf]
KmdfService = KMDFDriver1, KMDFDriver1_wdfsect
[KMDFDriver1_wdfsect]
KmdfLibraryVersion = 1.15
[Strings]
SPSVCINST_ASSOCSERVICE= 0x00000002
ManufacturerName="<Your manufacturer name>" ;TODO: Replace with your manufacturer name
DiskName = "KMDFDriver1 Installation Disk"
KMDFDriver1.DeviceDesc = "KMDFDriver1 Device"
KMDFDriver1.SVCDESC = "KMDFDriver1 Service"
My project folder contains the follwoing files:
[D:_PROJECTS_BASIC SOFTWARE\DriverTemplate\KMDF Driver1\x64\Release]
KMDFDriver1.cer
KMDFDriver1.inf
KMDFDriver1.pdb
KMDFDriver1.sys
My goal is to be able to write and sign my own driver to hook it on my main application
I am running on a Windows 10 - 64 Bit - Secure Boot (which requires signed drivers).
I have my certificates valid and expiring in 2032.
What am I doing wrong?
Thanks

Like Anders said, use the test signature. It is the default for new projects.
Go to properties -> Driver signing -> General, and back change sign mode to Test Sign if it's not.
Then right click the .inf -> install (on the target computer). Or go to device manager, right click your device and update driver, then select your driver.
Secure Boot might mess with that, IDK I never used it.
Another option is to disable driver signature enforcement. Search in google how to do that if you need to.

Partially done but messy like hell and not finished with Driver testing but at least the Driver has been installed.
Preliminary requisites:
Make sure you have your certificate present in the Certificated list. It was created in Visual Studio.
Make sure Visual Studio compiles with no error.
In my case and for this little guide I did a Kernel Driver and Visual Studio built 2 different sets of drivers and .inf files.
Important: Disable Secure Boot if your BIOS has it. There is no tricky workaround to this. I did not like to do it but I had to.
../x64/Release/KMDFDriver.cer
../x64/Release/KMDFDriver.inf
../x64/Release/KMDFDriver.pdb
../x64/Release/KMDFDriver.sys
and
../x64/Release/KMDF Driver1/KMDFDriver.cat <-Catalog to add to System Database
../x64/Release/KMDF Driver1/KMDFDriver.inf <-Modify Manufacturer Name
../x64/Release/KMDF Driver1/KMDFDriver.sys <-THIS IS OUR TARGET
Here comes how I made it using the Catalog signed driver:
Disabled Secure Boot from BIOS (my machine has it)
Enable Test signing from commandline (admin lev)
"Bcdedit.exe -set TESTSIGNING ON"
Compiled Driver with visual studio
Modified .inf
ManufacturerName="MeMyselfAndI" ;
NOTE: this is very important otherwise the driver installation gives you a generic "error occured"
Signed driver again using Signtool.
NOTE: This is the strange part as Visual Studio apparently signed the code already but I needed to sign it again. Indeed right after the Driver size went from 9KB to 14KB
My certificate was present and generated by Visual Studio and then I used the /a option (automatic).
SignTool sign /v /a /d kmdfdriver1.cat /t http://timestamp.digicert.com KMDFDriver1.sys
Added my certificate to catalog.
SignTool catdb /v /u kmdfdriver1.cat
Note: All three files are in the same subdir of Visual Studio. To make it faster copy SignTool from its ClickOnce directory to your builing directory.... just copy it.
At this point the catalog is not loaded into the system yet. It is just installed. If you try to install it you'll get this message "The hash for the file is not present in the specified catalog file. The file is likely corrupt or the victim of tampering."
Time to REBOOT your PC
Finally right click on the .inf file and follow the instructions with the red banner and all the warnings of the world but off it goes!
Conclusions:
This was one of the most challenging and frustrating task of my life.
It is poorly documented in case of errors and a lot of damn pitfalls.
This link helped me more than any other Microsoft's docs:
http://www.davidegrayson.com/signing/
I hope this partially detailed way helped all like me who spent a day to get it to work smashing against Windows science walls.
R64

Related

Tizen development in Visual Studio stuck with "Initializing Debugger" dialog

I I started a new TizenWearableApp in VS 2019, started the Tizen-Emulator and hit run.
The output from Tizen shows the successful build and that the app is signed with Default Certificates. After that, the last printed line is the full path to the .tpk file and a Microsoft Visual Studio Dialog with "Initializing Debugger"...
stuck state screenshot -> https://imgur.com/a/91sEknd
After that nothing more happens. I can press the cancle button and can then see in the Output the following which didnĀ“t help me:
: <<< Start debugging "org.tizen.example.TizenWearableAppV4" >>>
: Try to terminate running application: org.tizen.example.TizenWearableAppV4
: No application to be terminated: 255
WARNING: Your data are to be sent over an unencrypted connection and could be read by others.
pushed org.tizen.example.TizenWearableAppV4-1.0.0.tpk 0% 0KB 0KB/s
pushed org.tizen.example.TizenWearableAppV4-1.0.0.tpk 100% 19KB 0KB/s
1 file(s) pushed. 0 file(s) skipped.
D:\repos\Tizen\TizenWearableAppV4\TizenWearableAppV4\bin\Debug\tizen40\org.tizen.example.TizenWearableAppV4-1.0.0.tpk 447KB/s (19702 bytes in 0.042s)
path is /home/owner/share/tmp/sdk_tools/org.tizen.example.TizenWearableAppV4-1.0.0.tpk
processing result : Operation not allowed [-4] failed
Package found on the target system: "lldb-3.8.1-i686" (tar.gz)
: Launching org.tizen.example.TizenWearableAppV4
: 'org.tizen.example.TizenWearableAppV4' is dependent on 'org.tizen.example.TizenWearableAppV4-1.0.0.tpk'.
: ... launch failed
I hope anybody can help me to fix that problem (i got it already working a few month back on this machine).
Thanks in advance.
https://github.com/Samsung/build-task-tizen/blob/master/doc/tizen.net.sdk-signing-tpk.md
Here is the page that helped me. I had the same problem but don't want to build from tizen.bat every time. The solution in the above document that worked for me was to close Visual Studio and open the *.csproj file in my solution then add the following replacing with the directory of the certificates I created and my passwords:
<PropertyGroup>
<AuthorPath>author_test.p12</AuthorPath>
<AuthorPass>author_test</AuthorPass>
<DistributorPath>tizen-distributor-signer.p12</DistributorPath>
<DistributorPass>tizenpkcs12passfordsigner</DistributorPass>
</PropertyGroup>
Just put it below any other Property Group tags. Open Visual Studio again and it should build using the certificate.
Faced same. The reason was in certificate signed with wrong distributor - for physical devices (not emulated) you need Samsung distributor certificate. You need to do:
Install Samsung Certificate Extension in Tizen package manager
Open Certificate manager
Run certificate profile wizard and select Samsung option
Follow wizard
Refer to https://stackoverflow.com/a/40755444/4165898

Trouble installing custom inf in Windows 10 Professional. Windows overrides it with OEM driver

I have made a signed USB Serial inf file for a custom device and created an installer that successfully installs the driver to Windows 7 (32/64), Windows 8.1 (64) but not Windows 10. This applies to the default installation (right-click, install) directly on the file, using Device Manager and using PNPUTIL. The device driver successfully installs but the OEM usbser driver is used instead. After clicking "Update Driver" and selecting my driver in Device Manager, Windows prompts me with "The best driver software is already installed for your device". If I use Device Manager and choose "Have Disk" I can successfully get around the issue with Windows 10 enforcing their own driver. This doesn't get me any closer to having a successful inf file and installer though.
My process for default installation:
Unplug the device from the USB port
Load a snap shot of freshly-installed Windows 10 Professional
Right click, install on the .inf file
Plug in the device
Look at Device Manager and see that the standard USB Serial Device driver made by Microsoft is used instead of my driver
If I then uninstall it and repeat steps 3-5 it sometimes allows my custom driver to stick.
I've been told that my driver installs on Windows 10 Enterprise, which confuses matters further.
Question: What am I doing wrong?
My inf file:
;************************************************************
; Windows USB CDC ACM Setup File
; Copyright (c) 2000 Microsoft Corporation
; Version v1.1, updated 17 April 2013
[Strings]
DriverPackageDisplayName="Rinstrum USB Serial Drivers"
ManufacturerName="Rinstrum"
ServiceName="USB RS-232 Emulation Driver"
linux.gserial="Rinstrum USB Gadget Serial"
MFGNAME="Rinstrum"
[DefaultInstall]
CopyINF=c500.inf
[Version]
DriverVer=03/02/2017,1.0.0.0
Signature=$Windows NT$
Class=Ports
ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318}
Provider=%MFGNAME%
CatalogFile=c500.cat
DriverPackageDisplayName=%DriverPackageDisplayName%
PnpLockdown=1
[Manufacturer]
%MFGNAME%=Models,NTx86,NTamd64,NTarm
[DestinationDirs]
DefaultDestDir=12
FakeModemCopyFileSection=12
[Models.NTx86]
%linux.gserial%=DriverInstall, USB\VID_1FC9&PID_816A, USB\VID_1FC9&PID_816A&MI_00
[Models.NTamd64]
%linux.gserial%=DriverInstall, USB\VID_1FC9&PID_816A, USB\VID_1FC9&PID_816A&MI_00
[Models.NTarm]
%linux.gserial%=DriverInstall, USB\VID_1FC9&PID_816A, USB\VID_1FC9&PID_816A&MI_00
[DriverInstall]
Include=mdmcpq.inf
CopyFiles=FakeModemCopyFileSection
AddReg=DriverAddReg
[DriverAddReg]
HKR,,DevLoader,,*ntkern
HKR,,NTMPDriver,,%DRIVERFILENAME%.sys
HKR,,EnumPropPages32,,"MsPorts.dll,SerialPortPropPageProvider"
[DriverInstall.Services]
Include=mdmcpq.inf
AddService=usbser,0x2,DriverService
[DriverService]
DisplayName=%ServiceName%
ServiceType=1
StartType=3
ErrorControl=1
ServiceBinary=%12%\usbser.sys
LoadOrderGroup=Base
Update: additional info from setupapi.dev.log
>>> [Device Install (DiInstallDriver) - C:\Users\R&D\Desktop\c500.inf]
>>> Section start 2017/02/03 17:17:58.321
cmd: "C:\Windows\System32\InfDefaultInstall.exe" "C:\Users\R&D\Desktop\c500.inf"
ndv: Flags: 0x00000000
ndv: INF path: C:\Users\R&D\Desktop\c500.inf
inf: {SetupCopyOEMInf: C:\Users\R&D\Desktop\c500.inf} 17:17:58.337
inf: Copy style: 0x00000000 !
inf: Driver package is already in driver store
inf: Driver Store Path: C:\Windows\System32\DriverStore\FileRepository\c500.inf_amd64_4fee793fb11027ac\c500.inf inf: Published Inf Path: C:\Windows\INF\oem4.inf
inf: {SetupCopyOEMInf exit (0x00000000)} 17:17:58.368
<<< Section end 2017/02/03 17:17:58.399
<<< [Exit status: SUCCESS]
Update:
setupapi.dev.log gives the following error when trying to install the device
sig: Success: File is signed in Authenticode(tm) catalog.
sig: Error 0xe0000242: The publisher of an Authenticode(tm) signed catalog has not yet been established as trusted.
Update:
The VBox guest additions installer manages to install my inf file in WIN10. Here is the source:
https://www.virtualbox.org/browser/vbox/trunk/src/VBox/Additions/WINNT/Installer/VBoxDrvInst.cpp#L433
Windows needs to be activated before the user is granted the permission to override the OEM drivers in Windows 10. Activating windows on my test machine solved this issue.
Try setting your DriverVer directive correctly, with today's date and 1.0.0.0. The date is one thing that Windows looks at when deciding what driver to use.

Inf file can't find usbser.sys in Windows 7 only

UPDATE: Thanks to the answer below I managed to get this to work on Windows 7. I have since realized that Windows 10 installs but overrides my driver with the OEM USB Serial driver. Please see: Trouble installing custom inf in Windows 10 Professional. Windows overrides it with OEM driver
-
I attempted to make an Inf file that installs a usb-serial device using the standard windows usb-serial driver. This file successfully installs the driver on Windows 8.1 and Windows 10 but fails in Windows 7 32bit and Windows 7 64 bit. I attempted to right-click install the driver from the desktop (default install). The first time I attempted this I was presented with the error "The inf file you suggested does not support this method of installation". I added the defaultInstall sections to the inf file. After I did this the error disappeared but the system could not find usbser.sys. "The file 'usbser.sys' on windows cd is needed."
What do I need to add to the inf file below in order to make this successfully install from Windows 7?
Current inf file:
;************************************************************
; Windows USB CDC ACM Setup File
; Copyright (c) 2000 Microsoft Corporation
; Version v1.1, updated 17 April 2013
[Version]
Signature="$Windows NT$"
Class=Ports
ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318}
Provider=%MFGNAME%
LayoutFile=layout.inf
CatalogFile=%MFGFILENAME%.cat
DriverVer=11/15/2007,5.1.2600.0
[Manufacturer]
%MFGNAME%=DeviceList, NTamd64
[DestinationDirs]
DefaultDestDir=12
;------------------------------------------------------------------------------
; Windows 2000/XP/Vista-32bit Sections
;------------------------------------------------------------------------------
;DEFAULT SECTION ADDED
;---------------------------------------------
[DefaultInstall.nt]
include=mdmcpq.inf
CopyFiles=DriverCopyFiles.nt
AddReg=DriverInstall.nt.AddReg
[DefaultInstall.nt.Services]
AddService=usbser, 0x00000002, DriverService.nt
;---------------------------------------------
[DriverInstall.nt]
include=mdmcpq.inf
CopyFiles=DriverCopyFiles.nt
AddReg=DriverInstall.nt.AddReg
[DriverCopyFiles.nt]
usbser.sys,,,0x20
[DriverInstall.nt.AddReg]
HKR,,DevLoader,,*ntkern
HKR,,NTMPDriver,,%DRIVERFILENAME%.sys
HKR,,EnumPropPages32,,"MsPorts.dll,SerialPortPropPageProvider"
[DriverInstall.nt.Services]
AddService=usbser, 0x00000002, DriverService.nt
[DriverService.nt]
DisplayName=%SERVICE%
ServiceType=1
StartType=3
ErrorControl=1
ServiceBinary=%12%\%DRIVERFILENAME%.sys
;------------------------------------------------------------------------------
; Vista-64bit Sections
;------------------------------------------------------------------------------
;DEFAULT SECTION ADDED
;---------------------------------
[DefaultInstall.NTamd64]
include=mdmcpq.inf
CopyFiles=DriverCopyFiles.NTamd64
AddReg=DriverInstall.NTamd64.AddReg
[DefaultInstall.NTamd64.Services]
AddService=usbser, 0x00000002, DriverService.NTamd64
;----------------------------------
[DriverInstall.NTamd64]
include=mdmcpq.inf
CopyFiles=DriverCopyFiles.NTamd64
AddReg=DriverInstall.NTamd64.AddReg
[DriverCopyFiles.NTamd64]
%DRIVERFILENAME%.sys,,,0x20
[DriverInstall.NTamd64.AddReg]
HKR,,DevLoader,,*ntkern
HKR,,NTMPDriver,,%DRIVERFILENAME%.sys
HKR,,EnumPropPages32,,"MsPorts.dll,SerialPortPropPageProvider"
[DriverInstall.NTamd64.Services]
AddService=usbser, 0x00000002, DriverService.NTamd64
[DriverService.NTamd64]
DisplayName=%SERVICE%
ServiceType=1
StartType=3
ErrorControl=1
ServiceBinary=%12%\%DRIVERFILENAME%.sys
;------------------------------------------------------------------------------
; Vendor and Product ID Definitions
;------------------------------------------------------------------------------
; When developing your USB device, the VID and PID used in the PC side
; application program and the firmware on the microcontroller must match.
; Modify the below line to use your VID and PID. Use the format as shown below.
; Note: One INF file can be used for multiple devices with different VID and PIDs.
; For each supported device, append ",USB\VID_xxxx&PID_yyyy" to the end of the line.
;------------------------------------------------------------------------------
[SourceDisksFiles]
[SourceDisksNames]
[DeviceList]
%linux.gserial%=DriverInstall, USB\VID_1FC9&PID_816A, USB\VID_1FC9&PID_816A&MI_00
[DeviceList.NTamd64]
%linux.gserial%=DriverInstall, USB\VID_1FC9&PID_816A, USB\VID_1FC9&PID_816A&MI_00
;------------------------------------------------------------------------------
; String Definitions
;------------------------------------------------------------------------------
;Modify these strings to customize your device
;------------------------------------------------------------------------------
[Strings]
MFGFILENAME="c500"
DRIVERFILENAME ="usbser"
MFGNAME="Rinstrum Pty Ltd"
INSTDISK="Rinstrum USB Gadget Serial Driver Installer"
linux.gserial="Rinstrum USB Gadget Serial"
SERVICE="USB RS-232 Emulation Driver"
If I then use the command RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 c500.inf on the command line I'm prompted with the error "Installation failed".
I've made plenty of usbser.sys-based drivers that work on Windows 7. Here is an example: https://github.com/pololu/p-star-examples/blob/master/drivers/p-star-serial.inf
I think you don't need to have your "DriverCopyFiles.nt" section and the references to it. Look at the driver I linked to above which shows how to refer to a "FakeModemCopyFileSection" instead.
Also, one thing that looks fishy about yours is that you chose to make "usbser" by a string in the "Strings" section. I really don't see the point of that and the whitespace near for the definition of that string is messed up. You can just write "usbser" in the places where it is used.
This in addition to David Grayson's answer. I used his example at https://github.com/pololu/p-star-examples/blob/master/drivers/p-star-serial.inf as basis for my inf files.
Make sure that whatever identification information you specify in the .inf file matches exactly what is shown as the Hardware Ids in Device Manager. For instance, I had some &MI_00 or &MI_01 stuff in the Hardware Ids once and that made Windows to not match the device.
Hmm, it seems that the &REV_0000 was not required.

Windows 8 driver install and catalog/signature validation

I can't get windows 8 (release preview) to accept either the inf2cat or makecat approach described as solutions to the question at
What changed in the driver signature requirements for Windows 8?
unless I disable validation.
I am not signing these with any certificates at this point, just trying to get past the errors preventing the drivers from installing at all.
Windows 8 gives me a very nondescript error:
"A problem was encountered while attempting to add the driver to the store."
Looking in the event logs, there is nothing of use; only an informational entry from "Windows Error Reporting" indicating a PnPdriverimporterror.
When i use my original files with the cab files that don't match the inf, I get the error everyone else is listing:
The hash for the file is not present in the specified catalog file.
I have one .inf file that i need to generate a .cat for.
Perhaps I am doing something wrong. Ideas??
INF2CAT Approach
c:\win_xp_vista32_64>inf2cat /driver:"." /os:XP_X86,XP_x64,Vista_X86,Vista_x64,7_X86,7_X64,8_X86,8_X64
.......................
Signability test complete.
Errors:
None
Warnings:
22.9.10: usbser.sys in [drivercopyfiles.nt] is missing from [SourceDisksFiles] s
ection in \mchpcdc.inf; ok if file source is provided via LayoutFile in [Version
].
22.9.10: %driverfilename%.sys in [drivercopyfiles.ntamd64] is missing from [Sour
ceDisksFiles] section in \mchpcdc.inf; ok if file source is provided via LayoutF
ile in [Version].
Catalog generation complete.
c:\win_xp_vista32_64\mchpcdc.cat
MAKECAT approach
--- start of catalog.cdf file---
[CatalogHeader]
Name=mchpcdc.cat
ResultDir=.\
[CatalogFiles]
<hash>mchpcdc=.\mchpcdc.inf
---end of .cdf file ---
c:\win_xp_vista32_64>makecat catalog.cdf
These same files, w/ the cat from either approach install just fine in Windows 7.
I think this problem is to do with "windows driver signing enforcement". You can resolve this by disabling this option. Go through with below link:
http://tivadj-tech.blogspot.in/2012/09/certificate-check-error-when-installing.html
I just tested this on Windows 10 and 8 PRO now, to get this right, follow these steps:
1) From your Start menu, locate your DDK's "x64 Checked Build Environment" i.e. the custom DOS build screen. Right-click, run-as administrator...
2) Compile your source with the Build tools etc.
3) Go into your compiled code, and then create your test-certificate (you don't need to purchase one just yet, use your self-signed one created with the line below):
makecert -r -pe -ss PrivateCertStore -n CN=newhex.com(Test) NewhexTest.cer
The above means your certificate is called "newhex.com(Test)" and the generated file is "NewhexTest.cer"
4) Create / Edit your .CDF file which contains items about what your CAT file's contents.
5) Create your CAT file by executing:
makecat -v MyCDF.CDF
This should generate an un-signed CAT file that includes all files specified by your CDF.
6) Sign your CAT file as follows:
Signtool sign /v /s PrivateCertStore /n newhex.com(test) /t http://timestamp.verisign.com/scripts/timestamp.dll MyDriverWhatever.cat
This should result in a CAT file that is signed, but don't just install it, because your Windows can't trust Newhex's cert since it's not in the keystore, to fix this do:
7) Add your certificate to your private Key Store, remember this step MUST be done by an administrators access, otherwise you will get an error about (Keystore not found etc):
certmgr.exe -add NewhexTest.cer -s -r localMachine root
This should add into your keystore, Once done, you can then:
8) Go into your device manager, and add your new driver, you would get a warning but will be accepted and installed without the need to reboot with a forced (Don't check cert type account).
I tried this already and it works on Windows 10 and Windows 8 pro versions.
Kind Regards
Heider Sati
You are supposed to use inf2cat, not makecat, because you have an INF file.
You should work on addressing those warnings from inf2cat by fixing your INF file. Here is my INF file that uses usbser.sys and doesn't cause any warnings: https://gist.github.com/3647208
I was able to fix my INF file thanks to the advice from chinzei in the first post of this thread: http://www.microchip.com/forums/m488342-print.aspx
If you continue to have trouble, please edit your question to include the source of your INF file, or at least a link to the source.
I encounter the same problem and was able to install my driver with a TEST certificate using the instructions provided here:
http://msdn.microsoft.com/en-us/windows/hardware/gg487328.aspx

Driver Installation Issue with Installshield

I am just trying to install using Installshield 2009 a demo driver written by me.
I wrote a demo inf file.
I also wrote a simple console application in VC++.
Then I wanted to install the application along with the drivers and so I created Basic MSI Project and added my application exe to it.
After this I added my inf file to it using Device Driver Wizard(located in Set Up Design >>> New Feature) where installshield also added the .sys and .cat files.
Now the problem is that when I run the generated msi file it only installs the application and the driver does not installed.
During installation it gives me a Windows Security window and when I clink on "Install this driver software anyway" it proceeds ahead for install completion.
But the are no drivers in system32/drivers and no entried in registry.
The demo driver contain just basic driver functions with printfs in them.
The inf contains:
[version]
Signature="$CHICAGO$"
Class=RKP_LTO_DEMO_DD
; GUID created by me usingGUIDGEN tool
ClassGuid={03E9C4D5-178E-4684-B407-A3E103D71CE9}
Provider=%DD_DEMO%
CatalogFile = dd_demo.cat
DriverVer=02/24/2012, 2.0.1.2
[DefaultInstall]
CopyFiles=XYZ_Device.Copy
AddReg=XYZ_DeviceHW
[XYZ_Device.Copy]
demo_dd.sys
[XYZ_DeviceHW]
HKLM,SYSTEM\CurrentControlSet\services\,demo_dd,0x00000000,"%12%\demo_dd.sys"
[SourceDisksNames]
1=%RTO_DISK_NAME%,Sample_DIF,0
[SourceDisksFiles]
demo_dd.sys=1,,
[DestinationDirs]
XYZ_Device.Copy=12
[Strings]
SPSVCINST_ASSOCSERVICE= 0x00000002
DD_DEMO = "RKP XYZ DD DEMO"
DisplayName = "RKP XYZ Driver Install Frameworks"
ClassName = "rkp xyz dd_demo"
DD_DEMO.DeviceDesc = "Rkp Xyz WI DIF Sample"
rto.SVCDESC = "RKP XYZ Device Driver"
RTO_DISK_NAME ="RKP XYZ Installation Disk"
The installshield install log gives the following message (0xE0000301):
DIFXAPP: INFO: ENTER: DriverPackageInstallW
DIFXAPP: WARNINGRIVER_PACKAGE_LEGACY_MODE flag set but not supported on Plug and Play driver on VISTA. Flag will be ignored.
DIFXAPP: INFO: Installing INF file 'C:\Program Files (x86)\DEMO\My Product Name\dd_demo\dd_demo.inf' (Plug and Play).
DIFXAPP: WARNING:No device Ids found in INF 'C:\Windows\System32\DriverStore\FileRepository\dd_demo.inf_amd64_neutral_c3727dded0bf2410\dd_demo.inf' for current platform.
DIFXAPP: INFO: RETURN: DriverPackageInstallW (0xE0000301)
The driver gets installed when I install it using run32dll.exe.
I verified this by checking the system32/drivers folder and the seeing the registry entry.
But with installshield it does not install it.
Will anybody pls let me know what might be the issue and how to resolve it?
How to fix this issue?

Resources