Prev: Can filter driver ignore an AddDevice?
Next: KeWaitForSingleObject in Completion/Cancellation Routine
From: Chris Nillissen Chris on 19 Nov 2009 05:13
I have a File System Filter driver that we have designed and built. We went
through the signing process and have received the signed .cat files from
Winqual.

I have a custom installer application (32-bit) for our product. When I try
and install the driver with this installer application, it goes through the
entire process of installing it and completes. Looking at the setupapi.app
log file there was no error in there. However, after a number of moments the
"Program Compatibility Assistant" message box appears saying that "Windows
requires a digitally signed driver".

I have run "signtool verify /v /kp /c dnafsmonitor.cat dnafsmonitor.sys" and
it seems to verify fine without errors.

When I check security event logs, it says:
"Code integrity determined that the image hash of a file is not valid."


If i check the CodeIntegraty section of the Event Viewer it says :
"Windows is unable to verify the image integrity of the file
\Device\HarddiskVolume1\Windows\System32\drivers\dnaFSMonitor.sys because
file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or
that might be malicious software from an unknown source."

I am at a loss as to what to do and generating a support ticket from here in
Australia is driving me crazy.

Thanks for the help.
From: Pavel A. on 19 Nov 2009 06:49
It is possible that the signature failure occurs just because of
some change in filesystem behaviour, caused by your filter :)
Can you run the driver in no-op mode to check this idea?

The OSR ntfsd list is the best place to ask FS filter questions, please
visit
http://www.osronline.com/cf.cfm?PageURL=showlists.CFM?list=NTFSD

Regards,
--pa


"Chris Nillissen" <Chris Nillissen(a)discussions.microsoft.com> wrote in
message news:F1402D8A-E44C-4358-8D3F-A720A2C54881(a)microsoft.com...
> I have a File System Filter driver that we have designed and built. We
> went
> through the signing process and have received the signed .cat files from
> Winqual.
>
> I have a custom installer application (32-bit) for our product. When I try
> and install the driver with this installer application, it goes through
> the
> entire process of installing it and completes. Looking at the setupapi.app
> log file there was no error in there. However, after a number of moments
> the
> "Program Compatibility Assistant" message box appears saying that "Windows
> requires a digitally signed driver".
>
> I have run "signtool verify /v /kp /c dnafsmonitor.cat dnafsmonitor.sys"
> and
> it seems to verify fine without errors.
>
> When I check security event logs, it says:
> "Code integrity determined that the image hash of a file is not valid."
>
>
> If i check the CodeIntegraty section of the Event Viewer it says :
> "Windows is unable to verify the image integrity of the file
> \Device\HarddiskVolume1\Windows\System32\drivers\dnaFSMonitor.sys because
> file hash could not be found on the system. A recent hardware or software
> change might have installed a file that is signed incorrectly or damaged,
> or
> that might be malicious software from an unknown source."
>
> I am at a loss as to what to do and generating a support ticket from here
> in
> Australia is driving me crazy.
>
> Thanks for the help.

From: Chris Nillissen on 19 Nov 2009 07:34
Thanks for the reply.

I'm not the main driver developer, so forgive me for sounding nieve... what
is no-op mode and how do I run it like this.

FYI, the way our installer works is basically as follows:

1) Install the driver with the command 'RUNDLL32.EXE
SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 dnafsmonitor.inf'
2) Install the user-mode service and start it. (On start of this service it
loads and connects to the driver)

I have also posted on the OSR site.

Thanks


"Pavel A." wrote:

> It is possible that the signature failure occurs just because of
> some change in filesystem behaviour, caused by your filter :)
> Can you run the driver in no-op mode to check this idea?
>
> The OSR ntfsd list is the best place to ask FS filter questions, please
> visit
> http://www.osronline.com/cf.cfm?PageURL=showlists.CFM?list=NTFSD
>
> Regards,
> --pa
>
>
> "Chris Nillissen" <Chris Nillissen(a)discussions.microsoft.com> wrote in
> message news:F1402D8A-E44C-4358-8D3F-A720A2C54881(a)microsoft.com...
> > I have a File System Filter driver that we have designed and built. We
> > went
> > through the signing process and have received the signed .cat files from
> > Winqual.
> >
> > I have a custom installer application (32-bit) for our product. When I try
> > and install the driver with this installer application, it goes through
> > the
> > entire process of installing it and completes. Looking at the setupapi.app
> > log file there was no error in there. However, after a number of moments
> > the
> > "Program Compatibility Assistant" message box appears saying that "Windows
> > requires a digitally signed driver".
> >
> > I have run "signtool verify /v /kp /c dnafsmonitor.cat dnafsmonitor.sys"
> > and
> > it seems to verify fine without errors.
> >
> > When I check security event logs, it says:
> > "Code integrity determined that the image hash of a file is not valid."
> >
> >
> > If i check the CodeIntegraty section of the Event Viewer it says :
> > "Windows is unable to verify the image integrity of the file
> > \Device\HarddiskVolume1\Windows\System32\drivers\dnaFSMonitor.sys because
> > file hash could not be found on the system. A recent hardware or software
> > change might have installed a file that is signed incorrectly or damaged,
> > or
> > that might be malicious software from an unknown source."
> >
> > I am at a loss as to what to do and generating a support ticket from here
> > in
> > Australia is driving me crazy.
> >
> > Thanks for the help.
>
From: Pavel A. on 19 Nov 2009 09:22
"Chris Nillissen" <ChrisNillissen(a)discussions.microsoft.com> wrote in
message news:79E0F1F2-885F-47CA-BAC6-17E914EAC805(a)microsoft.com...
> Thanks for the reply.
>
> I'm not the main driver developer, so forgive me for sounding nieve...
> what
> is no-op mode and how do I run it like this.

This means, is it possible to start this driver so that it just loads into
memory but does nothing?
However, only the developer know how to do this, it is not something
generic.

Regards,
--pa

> FYI, the way our installer works is basically as follows:
>
> 1) Install the driver with the command 'RUNDLL32.EXE
> SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 dnafsmonitor.inf'
> 2) Install the user-mode service and start it. (On start of this service
> it
> loads and connects to the driver)
>
> I have also posted on the OSR site.
>
> Thanks
>
>
> "Pavel A." wrote:
>
>> It is possible that the signature failure occurs just because of
>> some change in filesystem behaviour, caused by your filter :)
>> Can you run the driver in no-op mode to check this idea?
>>
>> The OSR ntfsd list is the best place to ask FS filter questions, please
>> visit
>> http://www.osronline.com/cf.cfm?PageURL=showlists.CFM?list=NTFSD
>>
>> Regards,
>> --pa
>>
>>
>> "Chris Nillissen" <Chris Nillissen(a)discussions.microsoft.com> wrote in
>> message news:F1402D8A-E44C-4358-8D3F-A720A2C54881(a)microsoft.com...
>> > I have a File System Filter driver that we have designed and built. We
>> > went
>> > through the signing process and have received the signed .cat files
>> > from
>> > Winqual.
>> >
>> > I have a custom installer application (32-bit) for our product. When I
>> > try
>> > and install the driver with this installer application, it goes through
>> > the
>> > entire process of installing it and completes. Looking at the
>> > setupapi.app
>> > log file there was no error in there. However, after a number of
>> > moments
>> > the
>> > "Program Compatibility Assistant" message box appears saying that
>> > "Windows
>> > requires a digitally signed driver".
>> >
>> > I have run "signtool verify /v /kp /c dnafsmonitor.cat
>> > dnafsmonitor.sys"
>> > and
>> > it seems to verify fine without errors.
>> >
>> > When I check security event logs, it says:
>> > "Code integrity determined that the image hash of a file is not valid."
>> >
>> >
>> > If i check the CodeIntegraty section of the Event Viewer it says :
>> > "Windows is unable to verify the image integrity of the file
>> > \Device\HarddiskVolume1\Windows\System32\drivers\dnaFSMonitor.sys
>> > because
>> > file hash could not be found on the system. A recent hardware or
>> > software
>> > change might have installed a file that is signed incorrectly or
>> > damaged,
>> > or
>> > that might be malicious software from an unknown source."
>> >
>> > I am at a loss as to what to do and generating a support ticket from
>> > here
>> > in
>> > Australia is driving me crazy.
>> >
>> > Thanks for the help.
>>
From: Chris Nillissen on 19 Nov 2009 22:19
Even if I just install it without loading it up it seems to generate this
error.

I find it strange that when I install using the SetupAPI it doesn't fall
over there. Normally, if you try to install an unsigned driver, the SetupAPI
blocks the installation altogether. If I check the SetupAPI.app logs it all
installed fine.


"Pavel A." wrote:

> It is possible that the signature failure occurs just because of
> some change in filesystem behaviour, caused by your filter :)
> Can you run the driver in no-op mode to check this idea?
>
> The OSR ntfsd list is the best place to ask FS filter questions, please
> visit
> http://www.osronline.com/cf.cfm?PageURL=showlists.CFM?list=NTFSD
>
> Regards,
> --pa
>
>
> "Chris Nillissen" <Chris Nillissen(a)discussions.microsoft.com> wrote in
> message news:F1402D8A-E44C-4358-8D3F-A720A2C54881(a)microsoft.com...
> > I have a File System Filter driver that we have designed and built. We
> > went
> > through the signing process and have received the signed .cat files from
> > Winqual.
> >
> > I have a custom installer application (32-bit) for our product. When I try
> > and install the driver with this installer application, it goes through
> > the
> > entire process of installing it and completes. Looking at the setupapi.app
> > log file there was no error in there. However, after a number of moments
> > the
> > "Program Compatibility Assistant" message box appears saying that "Windows
> > requires a digitally signed driver".
> >
> > I have run "signtool verify /v /kp /c dnafsmonitor.cat dnafsmonitor.sys"
> > and
> > it seems to verify fine without errors.
> >
> > When I check security event logs, it says:
> > "Code integrity determined that the image hash of a file is not valid."
> >
> >
> > If i check the CodeIntegraty section of the Event Viewer it says :
> > "Windows is unable to verify the image integrity of the file
> > \Device\HarddiskVolume1\Windows\System32\drivers\dnaFSMonitor.sys because
> > file hash could not be found on the system. A recent hardware or software
> > change might have installed a file that is signed incorrectly or damaged,
> > or
> > that might be malicious software from an unknown source."
> >
> > I am at a loss as to what to do and generating a support ticket from here
> > in
> > Australia is driving me crazy.
> >
> > Thanks for the help.
>
 |  Next  |  Last
Pages: 1 2
Prev: Can filter driver ignore an AddDevice?
Next: KeWaitForSingleObject in Completion/Cancellation Routine