I'd like to know if the driver 2.1.1 will be prevented to run because of the SHA256 signature, without trying to load it (because the user can have volumes in use with a previous driver version).
I tried WinVerifyTrust but the results are unusable. On Vista, it says that the certificat is expired for both the versions 2.0.10 and 2.1.1.
I could check the system version, and on Windows 7, check the presence of KB4474419. But isn't there a cleaner way?
How to know if imdisk 2.1.1 will run?
#1
Posted 23 February 2022 - 04:00 PM
#2
Posted 23 February 2022 - 04:12 PM
Not sure really, I have never thought about implementing a pre-load check in this way. I would say that checking OS version and KB4474419 is probably the best option.
#3
Posted 24 February 2022 - 06:21 PM
Instead of checking the presence of an update, someone has found a better way:
https://www.navossoc...alled-for-sure/
In short: check the presence of "CryptCATAdminAcquireContext2" in wintrust.dll.
I checked a few things and yes, it really seems to be the most simple and reliable way to know the support of SHA256 signed drivers.
But of course, we still have to check the OS version for the cases where the driver will still be loaded (OS < 6.0 or Vista/7 32-bit).
#4
Posted 24 February 2022 - 10:33 PM
Thanks for looking into this! It is good to know!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users