Software Deployment

msi package creation of magicDisc

Application Information: - While installing the Magic disc’s setup.exe it will prompt for confirmation to install the driver, since the driver is an unsigned one (not digitally signed by Microsoft). Click “Install this driver software anyway” Then it will install the unsigned driver into the system.

The message box Click “Install this driver software anyway” will come into picture for those applications which are containing unsigned drivers in it.

(OS used:- window 7x64 bits)

INSTALLDIR:- C:\program files (86)\Magic disc\

Changes in system:-

1:- installs the unsigned driver (Name: - mcdbus.inf)
Location: - C:\Windows\System32\DriverStore\FileRepository and
oem files in C:\windows\inf
2. Changes in registry:-
Create registry entries under
- “HKLM\SYSTEM\CurrentControlSet\Enum\Root\SCSIADAPTER” and
- “HKLM\SYSTEM\CurrentControlSet\services\mcdbus”

Packaging information: - msi package created using wise packaging studio and custom action written to install the drivers using “DPInst.exe”

Package installation:- After installation when the shortcut is launched, it throws the below error message.

MagicDisc can't open driver(mcdbus), Please make sure that MagicDisc is run as adminstrator.
You need to right MagicDisc.exe on Windows Explorer, and click "Run As Adminstrator" to run.

Since the driver is not from a verified publisher (unsigned driver), the driver doesn’t install. Hence the error.

Solution :- Converting unsigned driver to signed driver

Guide to signing unsigned drivers

Tools you need: (most are from the Windows Driver Kit):
Inf2Cat.exe (To generate the unsigned catalog file from our INF)

In the same folder as Inf2Cat.exe I have the following DLLs:
Microsoft.Whos.Shared.IO.Cabinets.dll
Microsoft.Whos.Shared.IO.Catalogs.dll
Microsoft.Whos.Shared.Xml.InfReader.dll
Microsoft.Whos.Winqual.Submissions.SubmissionBuilder.dll
Microsoft.Whos.Xml.NonXmlDataReader.dll

Makecert.exe (Used to create our certificate)
Cert2spc.exe (Create Software Publisher's Certificate (SPC) from our certificate)
Signcode.Exe (Sign our catalog file with an Authenticode digital signature)
Certmgr.exe (Used to add and delete our certificate to the system root)

Introduction
Now we have our toolset in place, let's package the unsigned magicdisc’s driver. We're packaging this driver for a customer called ‘MSFTLtd’.

Let's assume we've captured the Magic disc application using a snapshot tool. We can see from the resultant snapshot that there is a file in [WindowsFolder]\inf called 'mcdbus.inf'. There are also file called 'mcdbus.sys' in [SystemFolder]DriverStore\FileRepository

All of these files make up the Magicdisc driver so let's create a folder anywhere on your work machine
(say, "c:\MDdrivers") and copy the three files to it.

We should now have our unsigned driver in a temporary folder called " c:\MDdrivers " which contains:
mcdbus.inf
mcdbus.sys
mInstNt.dll

Now let's generate a customer certificate, so we can sign this (and many more) driver(s).


SIGNING THE DRIVER
1. Create .cat (catalog) file for driver.

We notice that the Magicdisc driver contain a cat file which is for unsigned driver, so we'll need to generate one for singed.
Open the .INF file in a text editor. Ensure that under the [version] section that you have an entry specifying a .cat file. If it's not there, add the line
at the end of the section. For example:
[version]
Signature=xxxxxx
Provider=xxxxxx
CatalogFile.NT=mcdbus.cat

Command line:
Inf2Cat.exe /driver:"<Path to folder containing driver files>" /os:7_X64

Example:
Inf2Cat.exe /driver:"C:\MDdrivers" /os:7_X64


Running this successfully will generate mcdbus.cat in the 'C:\MDdrivers' folder.


2. Create authenticode certificate and set private key

Create another folder called 'c:\MSFTLtd_certificate'. It is here where we'll create our customer-specific certificate and private key. Remember that this certificate can be reused multiple times for the customer (MSFT Ltd) to sign different drivers, so keep naming conventions generic to your customer.

Command line:

MakeCert.Exe -r -pe <path to .cer file you want to generate> -n CN=<certificate name> -sv <path to .pvk file you want to generate> -len 2048

Example:

makecert.exe -r -pe "c\MSFTLtd_certificate\MSFTLtd.cer" -n CN="MSFTLtd" -sv " c\MSFTLtd_certificate\MSFTLtd.pvk" -len 2048


Running this will ask you to set a private key. “Click on none” Make a note of this key! Running this command will generate:
c\MSFTLtd_certificate\MSFTLtd.cer and
c\MSFTLtd_certificate\MSFTLtd.pvk


3. Create Software Publisher's Certificate (SPC) from our certificate

Command Line:

Cert2Spc.Exe <path to .cer file> <path to .spc file>

Example:

cert2spc.exe " c\MSFTLtd _certificate\MSFTLtd.cer" " c\MSFTLtd _certificate\MSFTLtd.spc"

This will generate c\MSFTLtd_certificate\MSFTLtd.spc


4. Sign the catalog file

Command line:

signcode.exe -spc <path to .spc file> -v <path to .pvk file> -t http://timestamp.verisign.com/scripts/timstamp.dll <Path to catalogfile>

Example:

SignCode.Exe -spc " c\MSFTLtd _certificate\MSFTLtd.spc" –v "c\MSFTLtd_certificate\MSFTLtd.pvk" –t http://timestamp.verisign.com/scripts/timstamp.dll "C:\MDdrivers\mcdbus.cat"



The above methods: - “Guide to signing unsigned drivers”
Is usefull to create
.cer file- customer-specific certificate
And .cat (Catalog)file and to Sign the catalog file

Step 1:- Signing the driver (using above document)
i) Create .cat (catalog) file for driver ( Delete the old one from INSTALLDIR )
ii) Create Authenticode certificate
iii) Create Software Publisher's Certificate (SPC) from our certificate
iv) Sign the catalog file
Now we have following files
mcdbus.inf (content changed)
mcdbus.sys
mcdbus.cat file (New one)
MSFTLtd.cer

Step 2:- Created msi package
Replace following files with newly generated files in the INSTALLDIR of the package
mcdbus.inf
mcdbus.sys
mcdbus.cat
and add MSFTLtd.cer file under windows\system32 in msi
and add certmgr.exe file under INSTALLDIR
Now the INSTALLDIR contains following files
MagicDisc.exe
Mcdbus.cat (Newly created)
Mcdbus.inf (Newly created)
Mcdbus.sys (New)
mcdInst64.exe
mInstNt.dll
certmgr.exe
muninst.exe

Step 3:- Adding Custom Actions in the msi
A) During Installation
Condition: - NOT Installed

i) To add certificate to local machine
Name: CA_AddCertLocal
Executable files: certmgr.exe
Command line Argument: -add "[SystemFolder]MSFTLtd.cer" -s -r localMachine ROOT

ii) To add Certificate to Trusted publishers
Name: CA_AddCertPublish
Executable files: certmgr.exe
Command line Argument: -add "[SystemFolder]MSFTLtd.cer" -c -s -r localMachine TrustedPublisher

iii) Installing the driver using DPInst.exe
Name:- CA_installDriver
Executable files: DPInstx64.exe
Command line Argument: /S /SA /F

iv) InstallSCSI using “mcdInst64.exe”
This exe will create and start service and add entries into registries under
- “HKLM\SYSTEM\CurrentControlSet\Enum\Root\SCSIADAPTER” and
- “HKLM\SYSTEM\CurrentControlSet\services\mcdbus”
Name:- CA_InstallSCSI
Command line Argument:-
"[INSTALLDIR]mcdInst64.exe" "[ProgramFilesFolder]MagicDisc"

B) During Uninstalltion
Condition:- REMOVE~="ALL"

v) To delete certificate From Trusted publishers
Name: CA_DelCertPublish
Executable files: certmgr.exe
Command line Argument: -del -c -n "MSFTLtd" -c -s -r localMachine TrustedPublisher

vi) To Delete Certificate From local machine
Name: CA_DelCertLocal
Executable files: certmgr.exe
Command line Argument: -del -c -n "MSFTLtd" -s -r localMachine ROOT

vii) To uninstall the driver from local machine
Name: CA_Unistall_mcdbusDriver
EXE or command line: cmd.exe /c ""[INSTALLDIR]DPInstx64.exe" /U "[INSTALLDIR]mcdbus.inf" /s"

viii) To Stop service
Name: CA_UninstallSCSI
EXE or command line: "[INSTALLDIR]mcdInst64.exe" –uninst

ix) To Delete service
Name: CA_Unistall_service
EXE or command line: cmd.exe /c "sc delete mcdbus"