Installing unsigned drivers for windows 7
Hello
I have seen the post ofGuide to signing unsigned drivers , the description doesn't work for Windows 7 x86, altough I have created the *.cat file with "/os:XP_X86,7_X86" (have tried with only 7_X86 too).
Has anybody an ideo how to sign the unsigned drivers for Windows 7?
manes
I have seen the post of
Has anybody an ideo how to sign the unsigned drivers for Windows 7?
manes
0 Comments
[ + ] Show comments
Answers (11)
Please log in to answer
Posted by:
spartacus
14 years ago
Are you sure you are using the latest version of inf2cat from the Windows Driver Kit 7.1.0 ?
Available for download here
Regards,
Spartacus
Available for download here
Regards,
Spartacus
Posted by:
anonymous_9363
14 years ago
the description doesn't work for Windows 7 x86No offence but, FFR, a post like this is next to useless. You should describe EXACTLY what happens, detail any errors returned and what you tried - if anything - to fix the problem.
Posted by:
manes
14 years ago
I have signed the driver like in the description "Guide to signing unsigned drivers", it works on XP. On W7 it shows the window that it doesent trust the publisher.
I will try to use the latest inf2cat.
manes
I will try to use the latest inf2cat.
manes
Posted by:
manes
14 years ago
I have used the inf2cat from http://winqual-submission-tool.software.informer.com/
Posted by:
manes
14 years ago
Have used the latest version of inf2cat from Windows Driver Kit 7.1.0, it doesn't work on W7 Enterprise, on XP SP3 it works.
here is a screenshot of the window, I'm from switzerland so it's in german http://cs-sound.com/w7.JPG
has anybody an idea how to do it on W7 Enterprise?
here is a screenshot of the window, I'm from switzerland so it's in german http://cs-sound.com/w7.JPG
has anybody an idea how to do it on W7 Enterprise?
Posted by:
manes
14 years ago
Now, I have done the steps similar in the description of ms: http://technet.microsoft.com/en-us/library/dd919238(WS.10).aspx
I have used the tools of WinDDK7 and MS SDK Windows 7 and .Net Framework 3.5
1. create a certificate in the Root store:
makecert -r -n CN="TestZert" -ss Root -sr LocalMachine -pe
2. Create the *.Cat File
inf2cat.exe /driver:[PathToINFwithoutFile] /os:XP_X86,7_x86
3. Signing with signtool.exe
signtool.exe sign /s Root /n “TestZert†/t http://timestamp.verisign.com/scripts/timestamp.dll [PathCATFile]
this works, i just have to accept "trust everytime"
but i can't export the certificate to an other computer, if i export the PFX and install it on an other computer to Root and TrustedPublisher it doesn't work, same screenshot further up
I have also tried to export just the TestZert.cer and import it to Root and TrustedPublisher, doens't work
Has anybody an idea how i can export the certificate that it works on other computers?
I have used the tools of WinDDK7 and MS SDK Windows 7 and .Net Framework 3.5
1. create a certificate in the Root store:
makecert -r -n CN="TestZert" -ss Root -sr LocalMachine -pe
2. Create the *.Cat File
inf2cat.exe /driver:[PathToINFwithoutFile] /os:XP_X86,7_x86
3. Signing with signtool.exe
signtool.exe sign /s Root /n “TestZert†/t http://timestamp.verisign.com/scripts/timestamp.dll [PathCATFile]
this works, i just have to accept "trust everytime"
but i can't export the certificate to an other computer, if i export the PFX and install it on an other computer to Root and TrustedPublisher it doesn't work, same screenshot further up
I have also tried to export just the TestZert.cer and import it to Root and TrustedPublisher, doens't work
Has anybody an idea how i can export the certificate that it works on other computers?
Posted by:
manes
14 years ago
finally i've got it.
my mistake was, a haven't installed the certificate to root store of the computer, i have added the certificate to the user root store, this doesn't work...
Another question, is it correct that certmgr.exe does not remove the certificate on w7? it says certmgre.exe succeed, but the certificate isn't deleted, installation works fine
certmgr.exe /add ".\AppGateIPTunnelingCertABX.cer" -s -r LocalMachine Root -->to install --> succeed --> installed
certmgr.exe /del ".\AppGateIPTunnelingCertABX.cer" -s -r LocalMachine Root --> to delete --> succeed --> not deleted
Whatever, with certutil.exe it works fine on w7
This are my steps finally:
1. create a certificate in the Root store:
makecert -r -n CN="TestZert" -ss Root -sr LocalMachine (-pe no need)
2. create the *.cat File
inf2cat.exe /driver:[PathToINFwithoutFile] /os:XP_X86,7_x86
3. signing with signtool.exe
signtool.exe sign /s Root /n “TestZert†/t http://timestamp.verisign.com/scripts/timestamp.dll [PathCATFilewithFile]
4. export the certificate from certstore manually
5. install the certificate to Root and TrustedPublisher on windows 7 with certutil.exe
install
certutil.exe -addstore "Root" ".\TestZer.cer"
certutil.exe -addstore "TrustedPublisher" ".\TestZer.cer"
delete (just for information)
certutil.exe -delstore "Root" "TestZer"
certutil.exe -delstore "TrustedPublisher" "TestZer"
regards manes
my mistake was, a haven't installed the certificate to root store of the computer, i have added the certificate to the user root store, this doesn't work...
Another question, is it correct that certmgr.exe does not remove the certificate on w7? it says certmgre.exe succeed, but the certificate isn't deleted, installation works fine
certmgr.exe /add ".\AppGateIPTunnelingCertABX.cer" -s -r LocalMachine Root -->to install --> succeed --> installed
certmgr.exe /del ".\AppGateIPTunnelingCertABX.cer" -s -r LocalMachine Root --> to delete --> succeed --> not deleted
Whatever, with certutil.exe it works fine on w7
This are my steps finally:
1. create a certificate in the Root store:
makecert -r -n CN="TestZert" -ss Root -sr LocalMachine (-pe no need)
2. create the *.cat File
inf2cat.exe /driver:[PathToINFwithoutFile] /os:XP_X86,7_x86
3. signing with signtool.exe
signtool.exe sign /s Root /n “TestZert†/t http://timestamp.verisign.com/scripts/timestamp.dll [PathCATFilewithFile]
4. export the certificate from certstore manually
5. install the certificate to Root and TrustedPublisher on windows 7 with certutil.exe
install
certutil.exe -addstore "Root" ".\TestZer.cer"
certutil.exe -addstore "TrustedPublisher" ".\TestZer.cer"
delete (just for information)
certutil.exe -delstore "Root" "TestZer"
certutil.exe -delstore "TrustedPublisher" "TestZer"
regards manes
Posted by:
manes
14 years ago
A little questian, does the merge module difxapp.msm delte the driver on uninstall?
Posted by:
manes
14 years ago
Now I have included the difxapp.msm merge module from wddk7, it creates the table msidriverpackages but all the CA's don't exist...Have importet it with WPS 8.0...i am working on it...any body has an idea?
Posted by:
captain_planet
14 years ago
Good work, manes.
I think the CAs get built into the MSI once you compile it from your WSI. I've not used Wise for a while, but I do remember that the structuring of your files is important for the DifX tabs to show correctly. Ensure you have all your driver files in the same component (.SYS files, .DLL files, .INF and whatever else), and (most importantly) that the keypath for the component is your .inf file.
I think the CAs get built into the MSI once you compile it from your WSI. I've not used Wise for a while, but I do remember that the structuring of your files is important for the DifX tabs to show correctly. Ensure you have all your driver files in the same component (.SYS files, .DLL files, .INF and whatever else), and (most importantly) that the keypath for the component is your .inf file.
Posted by:
norexx
14 years ago
I've run into similar issues, and I went through a lot of trial-and-error before I got something that worked reliably. You can use either certmgr.exe (from the “Windows Driver Kitâ€Â) or certutil.exe, but certutil.exe comes native on Win7, XP & Vista –no need to download & pre-install or worry about versioning. Basically, you have to get the syntax exactly right for it to work when calling your script or batchfile from Wise:
Steps to ADD trusted root certificate file to local Computer during MSI install:
1. Open MSI/MST, go to MSI Script - "Execute Deferred" tab.
2. Add "Execute Program From Destination" action inside an "If Statement" just above "InstallFinalize" (near bottom) , as follows (substitute appropriate target folder for "[INSTALLDIR]\", including backslash, and your script file for "\Addcerts.cmd"):
[blockquote]
If (Not Installed OR REINSTALL) AND (AdminUser=1)
Execute Program From Destination CMD.exe /c "[INSTALLDIR]\Addcerts.cmd" Default Directory Windows\System32 [AddCerts]
End[/blockquote]
3. Make sure you set Default Directory to "SystemFolder" (displays as Windows\System32), because this is where certutil.exe resides.
4. Under "Properties" tab of 'Execute' custom action, make sure 'Processing' is set to "Synchronous, Ignore exit code"
5. The script can be a .bat, .cmd, .vbs, etc., but make sure the syntax follows this example (note this example registers the cert file 'mycert.cer' on both 64 & 32-bit Win7):
[blockquote]
certutil.exe -addstore root "%ProgramFiles%\Cisco\Cisco AnyConnect VPN Client\TrustedCerts\mycert.cer"
certutil.exe -addstore root "%ProgramFiles(x86)%\Cisco\Cisco AnyConnect VPN Client\TrustedCerts\mycert.cer"
Exit[/blockquote]
Steps to REMOVE trusted root certificate file from local Computer during MSI uninstall:
1. Open MSI/MST, go to MSI Script - "Execute Deferred" tab.
2. Add "Execute Program From Destination" action inside an "If Statement" just above "RemoveIniValues", as follows (substitute appropriate target folder for "[INSTALLDIR]\", including backslash, and your script file for "\Delcerts.cmd"):
[blockquote]
If (REMOVE = "ALL") AND (AdminUser=1)
Execute Program From Destination CMD.exe /c "[INSTALLDIR]\Delcerts.cmd" Default Directory Windows\System32 [DelCerts]
End[/blockquote]
3. Make sure you set Default Directory to "SystemFolder" (displays as Windows\System32), because this is where certutil.exe resides.
4. Under "Properties" tab of 'Execute' custom action, make sure 'Processing' is set to "Synchronous, Ignore exit code"
5. The script can be a .bat, .cmd, .vbs, etc., but make sure the syntax matches as follows (substitute certificate name EXACTLY AS IT APPEARS under MMC - "Certificates (Local Computer)" - "Trusted Root Certificatation Authorities" - Certificates" - "Issued To" column):
[blockquote]certutil.exe -delstore root MyCertfiicate
Exit[/blockquote]
Steps to ADD trusted root certificate file to local Computer during MSI install:
1. Open MSI/MST, go to MSI Script - "Execute Deferred" tab.
2. Add "Execute Program From Destination" action inside an "If Statement" just above "InstallFinalize" (near bottom) , as follows (substitute appropriate target folder for "[INSTALLDIR]\", including backslash, and your script file for "\Addcerts.cmd"):
[blockquote]
If (Not Installed OR REINSTALL) AND (AdminUser=1)
Execute Program From Destination CMD.exe /c "[INSTALLDIR]\Addcerts.cmd" Default Directory Windows\System32 [AddCerts]
End[/blockquote]
3. Make sure you set Default Directory to "SystemFolder" (displays as Windows\System32), because this is where certutil.exe resides.
4. Under "Properties" tab of 'Execute' custom action, make sure 'Processing' is set to "Synchronous, Ignore exit code"
5. The script can be a .bat, .cmd, .vbs, etc., but make sure the syntax follows this example (note this example registers the cert file 'mycert.cer' on both 64 & 32-bit Win7):
[blockquote]
certutil.exe -addstore root "%ProgramFiles%\Cisco\Cisco AnyConnect VPN Client\TrustedCerts\mycert.cer"
certutil.exe -addstore root "%ProgramFiles(x86)%\Cisco\Cisco AnyConnect VPN Client\TrustedCerts\mycert.cer"
Exit[/blockquote]
Steps to REMOVE trusted root certificate file from local Computer during MSI uninstall:
1. Open MSI/MST, go to MSI Script - "Execute Deferred" tab.
2. Add "Execute Program From Destination" action inside an "If Statement" just above "RemoveIniValues", as follows (substitute appropriate target folder for "[INSTALLDIR]\", including backslash, and your script file for "\Delcerts.cmd"):
[blockquote]
If (REMOVE = "ALL") AND (AdminUser=1)
Execute Program From Destination CMD.exe /c "[INSTALLDIR]\Delcerts.cmd" Default Directory Windows\System32 [DelCerts]
End[/blockquote]
3. Make sure you set Default Directory to "SystemFolder" (displays as Windows\System32), because this is where certutil.exe resides.
4. Under "Properties" tab of 'Execute' custom action, make sure 'Processing' is set to "Synchronous, Ignore exit code"
5. The script can be a .bat, .cmd, .vbs, etc., but make sure the syntax matches as follows (substitute certificate name EXACTLY AS IT APPEARS under MMC - "Certificates (Local Computer)" - "Trusted Root Certificatation Authorities" - Certificates" - "Issued To" column):
[blockquote]certutil.exe -delstore root MyCertfiicate
Exit[/blockquote]
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.