67 replies to this topic

[Yennix]

Thanks for the welcome:)

And true! My little hack is for my very particular, and admittedly slightly off topic installation needs. Hopefully it's useful to some folks:) The less one has to founder through the MS Dev Net the better life seems to you that day;)

I completely endorse your qualification: You're mileage may vary folks!

Hi Yennix!

First: Welcome in our forum!
Second: Thanks four research which may be helpful for several users using this code, too.

But allow me a third statement:
Users using my driverSigning.Script should not worry thay they may get similar issues like you explained.

To write the script (and the underlying program) I only used the text

and developed with this knowledge my own program.

I did not use the linked program, nor I ported that prog into a different language.

Therefore troubles occuring with recompiling of the mentioned prog, are not relevant for my script.

Peter

[Yennix]

Please can you share your recompiled code. i would like to try it for the same usage as you (create a master image to deploy on different hardware)

Actually, I'll do one better, what I should have done origionally: I'll explain how I compiled the code.

First thing I did was grab the Origional C Source cited in Peters original post.

Next I replaced the CryptAcquireContext subroutine in that source with my revised one that had the context specification in it. Specifically...

if(CryptAcquireContext(

				&hCryptProv, 

				NULL, 

				NULL, 

				PROV_RSA_FULL, 

				0)) 

	{

		printf("CryptAcquireContext complete. \n");

	} else {

		MyHandleError("Acquisition of context failed.");

	}

becomes....

if(CryptAcquireContext(

				&hCryptProv,

				NULL,

				NULL,

				PROV_RSA_FULL,

				CRYPT_VERIFYCONTEXT))

	{

		printf("CryptAcquireContext complete. \n");

	} else {

		MyHandleError("Acquisition of context failed.");

	}

Next I downloaded the cygwin installer and installed the Cygwin system to my computer.

When you install Cygwin, be absolutely sure that you include the GCC-Core and GDB packages installed as well. These are the Gnu C Compiler and GNU Debugger packages you'll need if you want to do any basic C compiling on your computer. You may need other packages too depending on your needs. I've installed that thing so often that I just have a base set of boxes that i always check, regardless of where I'm putting it;) GCC-Core is one of them.

Ok, let Cygwin rip and finish. It should make a start menu folder for you called Cygwin, and in it a shortcut called "Cygwin Bash Shell". Launch that bad boy.

From here, I'm going to assume you know how to navigate through a *nix system. If you dont know what the "ls" or "man" commands do please check out this resource.

When it comes time to compile your source, navigate to the folder you have containing your .c file, and run this command:

gcc drvsignsup.c -mno-cygwin

I share that bit specifically because it bothers the heck out of me when I find my compiled apps require certain cygwin specific dlls to run;) The -mno-cygwin switch will remove cygwin dependency from your compiled app, making it portable to your windows machines as a standalone app, with out the need of dragging things like the cygwin1.dll around with the .exe.

Hope that helps dude!

And again, as Peter already pointed out, all this stuff isn't really required for his script. This is if you want to use the drvsignsup on an OS that you intend to image and deploy over and over again, or suppress the signing policy on currently rolled out computers via automation.

[Galapo]

I had to compile the c code for something I'm working on, so I thought I may as well provide the compiled program. In the zip are files to disable and enable driver-signing warnings.

Regards,
Galapo.

Attached Files

•  DriverSigning.zip   14.74KB   2117 downloads

[thunn]

try adding this entry...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]

"MinimizeFootprint"=dword:00000001

Setupapi will not call on crypto apis and assumes all is signed.
..use it at your own risk!

[Galapo]

try adding this entry...

Go you know if this entry may be successfully used on a full xp install?

Thanks,
Galapo.

[was_jaclaz]

It seems like it does:
http://www.tech-arch...7/msg00446.html



jaclaz

[bilou_gateux]

As no PNF files are generated with this registry entry, the setup routine don't know where to search the source binaries of the driver listed in SourceDisksFiles section of inf file and search only in path defined by registry entry
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup" /v "SourcePath"

ie install VMware Server on Windows Embedded with "MinimizeFootprint" /t REG_DWORD /v "00000001"
to solve this problem, i copy Source Files to Destination dir and create a hard link of binary to SourcePath dir for setup routine.

presetup.mcd

::# Windows Embedded default source path set to %SystemRoot%

if exist %SystemRoot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wepos.cat (

 if not exist %SystemRoot%\system32\vmnetbridge.dll copy /y "%~dp0StandAlone\Program Files\VMware\VMware Server\vmnetbridge.dll" %SystemRoot%\system32

 fsutil hardlink create %SystemRoot%\vmnetbridge.dll %SystemRoot%\system32\vmnetbridge.dll

 if not exist %SystemRoot%\system32\drivers\vmnetbridge.sys copy /y "%~dp0StandAlone\Program Files\VMware\VMware Server\XP Files\vmnetbridge.sys" %SystemRoot%\system32\drivers

 fsutil hardlink create %SystemRoot%\vmnetbridge.sys %SystemRoot%\system32\drivers\vmnetbridge.sys

 if not exist %SystemRoot%\system32\drivers\vmnet.sys copy /y "%~dp0StandAlone\Program Files\VMware\VMware Server\vmnet.sys" %SystemRoot%\system32\drivers

 fsutil hardlink create %SystemRoot%\vmnet.sys %SystemRoot%\system32\drivers\vmnet.sys

)

setup.cmd

msiexec -i  "%~dp0StandAlone\VMware Server Standalone.msi" ADDLOCAL=ALL REMOVE=diskUtil,Perfmon,Tools DESKTOP_SHORTCUT=0 STARTMENU_SHORTCUT=0 QUICKLAUNCH_SHORTCUT=1 SERIALNUMBER="XXXXX-XXXXX-XXXXX-XXXXX" /qn REBOOT="ReallySuppress"

I remember having the same issue with full Windows XP Professional and "MinimizeFootprint" /t REG_DWORD /v "00000001"

[fueralles]

hey,

i found your forum via this blog (http://www.dualsoft....majstorije/?p=6)
i downloaded the DriverSigning.zip and run the DriverSigning-Off.exe.
each time i try it, also on different xp systems, i receive this errors:

C:\Documents and Settings\administrator\Desktop\DriverSigning>DriverSigning-Off.exe

RegOpenKey sucess
RegQueryValue sucess
Seed=41517aaf
Hello, World
CryptAcquireContext complete.
An empty hash object has been created.
The data has been hashed.
The data has been hashed.
The hash has been retrieved.
Hash: 3d b8 1e a4 6a a0 8a 22 10 92 48 10 34 f3 30 b9
Create md5 hash completed without error.
RegOpenKey sucess
RegSetValueEx sucess
RegOpenKey failure
RegSetValueEx failure
RegOpenKey sucess
RegSetValueEx sucess

Any ideas?

best,

[pscEx]

i found your forum via this blog (http://www.dualsoft....majstorije/?p=6)
i downloaded the DriverSigning.zip and run the DriverSigning-Off.exe.
each time i try it, also on different xp systems, i receive this errors:

To run this app on your local pc does not make much sence. You can better use the provided wizard.

If you run it in a PE, please check whether the key
HKEY_CURRENT_USER\Software\Microsoft\Driver Signing
is defined in the PE's registry, and whether you have write access.

BTW: The zip you downloaded seems to be a recompile of

//* This program turns the Driver signing Policy On/Off for Windows XP */
// * Written by Stefan 'Sec' Zehl <sec@xxxxxx>, 15.11.2004
// *
// * Thanks to sysinternals.com for regmon and apispy
// * to msdn.microsoft.com for windows reference
// * to cygwin for their environment
// *

and with recompiles I usually have some concerns (besides they have been made by me ...)

Peter)

[fueralles]

good morning,

thanks for your fast answer, peter.

i would like to use the driversigning off/on method to build a silent openVPN installation without the ¨M$ driver signing popup¨.
is there a way to export your script ( this ) or the PE wizard/script into a .exe file?

best

[pscEx]

good morning,

thanks for your fast answer, peter.

i would like to use the driversigning off/on method to build a silent openVPN installation without the ¨M$ driver signing popup¨.
is there a way to export your script ( this ) or the PE wizard/script into a .exe file?

best

Good news:

Using WinBuilder you can extract DriverSigning.exe from the script.
As I assume you are new with WinBuilder and may need some time to extract.
Therefore I attach the exe here.
If you start it with a -D switch it writes some info into a log.
Then we can see whether it has toubles to open the 'famous' key.

Bad news:
The exe only switches 'off'. A running PE does not need an 'On'.

But if this works for you, I can add an additional switch -On

Peter

 DriverSigning.zip   21.1KB   641 downloads

[fueralles]

hello,

output with the -D switch ... but the driver signing is furthermore on (testet on different systems, windows xp sp2 - current windows updates installed)

\DriverSigning>DriverSigning.exe -D
RegOpenKeyEx System\WPA\PnP
res 0
RegQueryValueEx seed
res 234
RegOpenKeyEx Software\Microsoft\Windows\CurrentVersion\Setup
res 0
RegSetValueEx PrivateHash
res 0
RegOpenKeyEx Software\Microsoft\Windows\CurrentVersion\Setup
res 0
RegSetValueEx Policy
res 0

[pscEx]

hello,

output with the -D switch ... but the driver signing is furthermore on (testet on different systems, windows xp sp2 - current windows updates installed)

Sorry, really bad news:

First I fixed the 'res=234' (means more data than required).

But that does not change anything on the fact:

My DriverSigning.exe program (and I'm sure that the two ones you already have, are not different too, seen from the source code) works only onto a mounted WinBuilder (or maybe BartPE) registry hive, but not onto the running OS registry.

In the running OS there is an additional registry key which is changed on DriverSigning Policy Changes:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed"=hex:2b,50,82,...

and currently I have no idea where to get these values. Google does not help here a lot.

Peter

[fueralles]

Hello Peter,

I found these two files (see attached) and they are still working. Now I´m able to switch the DriverSigning On/Off.
The output is the same like yours, but without the error.

best

Attached Files

•  DriverSigning_work.zip   11.96KB   877 downloads

[pscEx]

Hello Peter,

I found these two files (see attached) and they are still working. Now I´m able to switch the DriverSigning On/Off.
The output is the same like yours, but without the error.

best

Thanks!

That proofs that it is also possible on the local machine. I have to check my code.

Peter

[pscEx]

Thanks!

That proofs that it is also possible on the local machine. I have to check my code.

Peter

In the mean time I did so and it now works. Thanks again!

There is a new DriverSigning.Script version 8 on the nativeEx server: http://nativeex.boot...rSigning.Script
It contains a new DriverSigning.exe.

The exe itself can also be download as http:///nativeex.boo...iverSigning.exe

Peter

[paraglider]

What was the fix?

[pscEx]

What was the fix?

If you really want to know: It is a shame: For local PC I exchanged 0 and 1

Peter