Driver Signing for x64 Windows

Forum for discussion about kernel-mode development.
Post Reply
djnemo
Posts: 4
Joined: Sun Aug 26, 2012 8:33 pm

Driver Signing for x64 Windows

Post by djnemo » Fri Aug 31, 2012 12:35 am

Hi KernelMode,

i have a project that contain a kernel driver as part of the project and we want to install this kernel module on 10 to 20 client computer as we do not have enough budget to buy a licence i was looking for a free or more cheaper way to load my kernel module in x64 version of windows i have read all previous posts on this forum and lot of searching in google and finally all free and cheaper way ended to Test-Mode which require restart on installation and have an ugly Test Mode on every corner of windows.
first i thought if i create a self-signed licence on each client manually can let me to load my driver without need to load OS into test-mode or paying to licence.But it seems(i if i did all creating cert and signing correct) after we generate the cert and install it and sign the cat file and inf file still we need to load OS in test-mode ?!! Is this True ?

I want to know if there is any other ways to let us load this driver on this few number of machines ?

Thank You

User avatar
EP_X0FF
Global Moderator
Posts: 4872
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Driver Signing for x64 Windows

Post by EP_X0FF » Sun Sep 02, 2012 9:39 am

Ring0 - the source of inspiration

User avatar
everdox
Posts: 30
Joined: Mon Dec 26, 2011 4:07 am

Re: Driver Signing for x64 Windows

Post by everdox » Mon Sep 03, 2012 3:11 pm

yes it's true. either you purchase a cert from a root CA or you boot with testsigning enabled. Third option would be to just bypass the check in MmLoadSystemImage but in your case that would require modification of not only the kernel but the windows boot sequence as well.

Also, the actual raw data for the text in the bottom right "Test Mode" is stored in user32.dll.mui and you can easily null it out.

User avatar
xdeadcode
Posts: 44
Joined: Mon Dec 19, 2011 3:01 pm
Location: poland

Re: Driver Signing for x64 Windows

Post by xdeadcode » Mon Sep 03, 2012 7:56 pm

Hi djnemo,

There are many illegal ways to bypass x64 (look at bootkits and rootkits) signing BUT you will most likely be detected as malware or simply blocked by AVs since you are doing illegal stuff (especially when you are patching kernel making it unstable), so if you develop commercial driver best way is to sign it... Now it is not so expensive.

Best regards,

User avatar
Brock
Posts: 211
Joined: Wed Apr 28, 2010 3:13 am
Location: Valparaiso, Florida USA
Contact:

Re: Driver Signing for x64 Windows

Post by Brock » Wed Sep 05, 2012 4:04 am

I have been using GlobalSign for signing 64-bit kernel-mode drivers and at the time of registration it only cost me $100 USD for the single developer license, if you're a company it's not that much more expensive. This is very affordable for annual code signing as opposed to other companies such as VeriSign, Comodo etc. which charge way more money. Also, be sure that the company you decide to purchase your signing certificate from allows for the actual signing of "64-bit kernel drivers", last I checked Comodo still did not have this support! You can see a list of some of the supported CA's here http://msdn.microsoft.com/en-us/library ... 87315.aspx
Accept nothing less than STATUS_SUCCESS

djnemo
Posts: 4
Joined: Sun Aug 26, 2012 8:33 pm

Re: Driver Signing for x64 Windows

Post by djnemo » Thu Sep 06, 2012 7:44 am

Hello,

Is there anyway to sign the driver locally or fake the cert some how ?(to load it in normal boot) ?

Thnk you for all your nice replies

Post Reply