Modify Driver INF

Archived from groups: microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.setup_deployment (More info?)

Hi NG,

I hate drivers that bring extra tools with them, like ATI Video Cards or
some Sound Drivers. Now I want to modify the INF File to delete the Registry
Entry. I also want to restructure the driver file layout (put all files
execpt cat and inf to a subfolder).
I know that I break the CAT file and the signatur than (if there is any). So
I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe to
sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify tells
me that the CAT file ist signed.
I added my ROOT Certificate to a test machine (trusted CAs store) and my
CodeSigning Vertificate also (as trusted publisher).
If I now try to update the Driver it is still shown as not signed. I do this
on an installed machine at the desktop. I try to update the driver and
select the inf file.

I also tried it on a RIPREP Image:
The Problem is that I have to modify the file structure and delete some reg
keys. I have to add the drivers to a RIPREP Image. I also disabled driver
signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
the setupapi.log that tells me that the driver is blocked:

[2004/09/29 16:28:15 520.92 Driver Install]
#-019 Searching for hardware ID(s):
pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
#-018 Searching for compatible ID(s):
pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pci\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
#-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
#I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver: "SigmaTel
C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
"_00011179".
#I087 Driver node not trusted, rank changed from 0x00000001 to 0x00008001.
#I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
driver date: 07/17/2003.
#-166 Device install function: DIF_SELECTBESTCOMPATDRV.
#I063 Selected driver installs from section [_00011179] in
"c:\drivers\stac97.inf".
#I320 Class GUID of device remains: {4D36E96C-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
#I058 Selected best compatible driver.
#-166 Device install function: DIF_INSTALLDEVICEFILES.
#I124 Doing copy-only install of
"PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
#-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
#E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
driver "SigmaTel C-Major Audio" blocked (server install). Error 0xe000022f:
Die INF-Datei des Drittanbieters enthält keine Digitalsignaturinformationen.
#E122 Device install failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.
#E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
Drittanbieters enthält keine Digitalsignaturinformationen.

(Sorry for the german Log)

As far as I have read, server install needs signed drivers. This test didn't
had the certificates installed.

So pls, if anyone has some hints, pls let me know.

cu and thx in advance...
Bjoern
3 answers Last reply
More about modify driver
  1. Archived from groups: microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.setup_deployment (More info?)

    You take a signed driver, replace the WHQL certificates with nothing more
    than a code-signing certificate, munge the hell out of the INF file, and you
    wonder what is wrong?

    --
    The personal opinion of
    Gary G. Little

    "Bjoern Wolfgardt" <given.sur@no-spam-ewetel.net> wrote in message
    news:eUmZSP%23pEHA.2880@TK2MSFTNGP09.phx.gbl...
    > Hi NG,
    >
    > I hate drivers that bring extra tools with them, like ATI Video Cards or
    > some Sound Drivers. Now I want to modify the INF File to delete the
    Registry
    > Entry. I also want to restructure the driver file layout (put all files
    > execpt cat and inf to a subfolder).
    > I know that I break the CAT file and the signatur than (if there is any).
    So
    > I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe
    to
    > sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify
    tells
    > me that the CAT file ist signed.
    > I added my ROOT Certificate to a test machine (trusted CAs store) and my
    > CodeSigning Vertificate also (as trusted publisher).
    > If I now try to update the Driver it is still shown as not signed. I do
    this
    > on an installed machine at the desktop. I try to update the driver and
    > select the inf file.
    >
    > I also tried it on a RIPREP Image:
    > The Problem is that I have to modify the file structure and delete some
    reg
    > keys. I have to add the drivers to a RIPREP Image. I also disabled driver
    > signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
    > the setupapi.log that tells me that the driver is blocked:
    >
    > [2004/09/29 16:28:15 520.92 Driver Install]
    > #-019 Searching for hardware ID(s):
    >
    pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
    121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
    > #-018 Searching for compatible ID(s):
    >
    pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
    i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
    > #-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
    > #I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
    > C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver: "SigmaTel
    > C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
    > "_00011179".
    > #I087 Driver node not trusted, rank changed from 0x00000001 to 0x00008001.
    > #I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
    > driver date: 07/17/2003.
    > #-166 Device install function: DIF_SELECTBESTCOMPATDRV.
    > #I063 Selected driver installs from section [_00011179] in
    > "c:\drivers\stac97.inf".
    > #I320 Class GUID of device remains:
    {4D36E96C-E325-11CE-BFC1-08002BE10318}.
    > #I060 Set selected driver.
    > #I058 Selected best compatible driver.
    > #-166 Device install function: DIF_INSTALLDEVICEFILES.
    > #I124 Doing copy-only install of
    > "PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
    > #-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
    > #E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
    > driver "SigmaTel C-Major Audio" blocked (server install). Error
    0xe000022f:
    > Die INF-Datei des Drittanbieters enthält keine
    Digitalsignaturinformationen.
    > #E122 Device install failed. Error 0xe000022f: Die INF-Datei des
    > Drittanbieters enthält keine Digitalsignaturinformationen.
    > #E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
    > Drittanbieters enthält keine Digitalsignaturinformationen.
    >
    > (Sorry for the german Log)
    >
    > As far as I have read, server install needs signed drivers. This test
    didn't
    > had the certificates installed.
    >
    > So pls, if anyone has some hints, pls let me know.
    >
    > cu and thx in advance...
    > Bjoern
    >
    >
  2. Archived from groups: microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.setup_deployment (More info?)

    Hi,

    I don't wonder what is going wrong. I ask if there is a way to do this. As
    far as I understand Windows 2003 has a way to do this:
    http://www.microsoft.com/whdc/driver/install/authenticode.mspx

    And btw, did I say that the driver I was testing has a WHQL certificate? The
    driver I have modified didn't have WHQL certificate.

    cu
    Bjoern

    "Gary G. Little" <gglittle.nospam@sbcglobal.net> schrieb im Newsbeitrag
    news:_lk7d.375$q%7.157@newssvr11.news.prodigy.com...
    > You take a signed driver, replace the WHQL certificates with nothing more
    > than a code-signing certificate, munge the hell out of the INF file, and
    > you
    > wonder what is wrong?
    >
    > --
    > The personal opinion of
    > Gary G. Little
    >
    > "Bjoern Wolfgardt" <given.sur@no-spam-ewetel.net> wrote in message
    > news:eUmZSP%23pEHA.2880@TK2MSFTNGP09.phx.gbl...
    >> Hi NG,
    >>
    >> I hate drivers that bring extra tools with them, like ATI Video Cards or
    >> some Sound Drivers. Now I want to modify the INF File to delete the
    > Registry
    >> Entry. I also want to restructure the driver file layout (put all files
    >> execpt cat and inf to a subfolder).
    >> I know that I break the CAT file and the signatur than (if there is any).
    > So
    >> I used MAKECAT.exe to generate the new CAT File. I also used SIGNTOOL.exe
    > to
    >> sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify
    > tells
    >> me that the CAT file ist signed.
    >> I added my ROOT Certificate to a test machine (trusted CAs store) and my
    >> CodeSigning Vertificate also (as trusted publisher).
    >> If I now try to update the Driver it is still shown as not signed. I do
    > this
    >> on an installed machine at the desktop. I try to update the driver and
    >> select the inf file.
    >>
    >> I also tried it on a RIPREP Image:
    >> The Problem is that I have to modify the file structure and delete some
    > reg
    >> keys. I have to add the drivers to a RIPREP Image. I also disabled driver
    >> signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message in
    >> the setupapi.log that tells me that the driver is blocked:
    >>
    >> [2004/09/29 16:28:15 520.92 Driver Install]
    >> #-019 Searching for hardware ID(s):
    >>
    > pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
    > 121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
    >> #-018 Searching for compatible ID(s):
    >>
    > pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
    > i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
    >> #-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
    >> #I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
    >> C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver:
    >> "SigmaTel
    >> C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
    >> "_00011179".
    >> #I087 Driver node not trusted, rank changed from 0x00000001 to
    >> 0x00008001.
    >> #I023 Actual install section: [_00011179.NT]. Rank: 0x00008001. Effective
    >> driver date: 07/17/2003.
    >> #-166 Device install function: DIF_SELECTBESTCOMPATDRV.
    >> #I063 Selected driver installs from section [_00011179] in
    >> "c:\drivers\stac97.inf".
    >> #I320 Class GUID of device remains:
    > {4D36E96C-E325-11CE-BFC1-08002BE10318}.
    >> #I060 Set selected driver.
    >> #I058 Selected best compatible driver.
    >> #-166 Device install function: DIF_INSTALLDEVICEFILES.
    >> #I124 Doing copy-only install of
    >> "PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
    >> #-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
    >> #E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf" for
    >> driver "SigmaTel C-Major Audio" blocked (server install). Error
    > 0xe000022f:
    >> Die INF-Datei des Drittanbieters enthält keine
    > Digitalsignaturinformationen.
    >> #E122 Device install failed. Error 0xe000022f: Die INF-Datei des
    >> Drittanbieters enthält keine Digitalsignaturinformationen.
    >> #E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
    >> Drittanbieters enthält keine Digitalsignaturinformationen.
    >>
    >> (Sorry for the german Log)
    >>
    >> As far as I have read, server install needs signed drivers. This test
    > didn't
    >> had the certificates installed.
    >>
    >> So pls, if anyone has some hints, pls let me know.
    >>
    >> cu and thx in advance...
    >> Bjoern
    >>
    >>
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.setup_deployment (More info?)

    Authenticode signatures are only applicable to Server 2003, and are not
    recognized by XP, SP1 or SP2.

    --
    The personal opinion of
    Gary G. Little

    "Bjoern Wolfgardt" <given.sur@no-spam-ewetel.net> wrote in message
    news:OD40zVEqEHA.1960@TK2MSFTNGP10.phx.gbl...
    > Hi,
    >
    > I don't wonder what is going wrong. I ask if there is a way to do this. As
    > far as I understand Windows 2003 has a way to do this:
    > http://www.microsoft.com/whdc/driver/install/authenticode.mspx
    >
    > And btw, did I say that the driver I was testing has a WHQL certificate?
    The
    > driver I have modified didn't have WHQL certificate.
    >
    > cu
    > Bjoern
    >
    > "Gary G. Little" <gglittle.nospam@sbcglobal.net> schrieb im Newsbeitrag
    > news:_lk7d.375$q%7.157@newssvr11.news.prodigy.com...
    > > You take a signed driver, replace the WHQL certificates with nothing
    more
    > > than a code-signing certificate, munge the hell out of the INF file, and
    > > you
    > > wonder what is wrong?
    > >
    > > --
    > > The personal opinion of
    > > Gary G. Little
    > >
    > > "Bjoern Wolfgardt" <given.sur@no-spam-ewetel.net> wrote in message
    > > news:eUmZSP%23pEHA.2880@TK2MSFTNGP09.phx.gbl...
    > >> Hi NG,
    > >>
    > >> I hate drivers that bring extra tools with them, like ATI Video Cards
    or
    > >> some Sound Drivers. Now I want to modify the INF File to delete the
    > > Registry
    > >> Entry. I also want to restructure the driver file layout (put all files
    > >> execpt cat and inf to a subfolder).
    > >> I know that I break the CAT file and the signatur than (if there is
    any).
    > > So
    > >> I used MAKECAT.exe to generate the new CAT File. I also used
    SIGNTOOL.exe
    > > to
    > >> sign the CAT file with my codesigning certificate. SIGNTOOL.exe verify
    > > tells
    > >> me that the CAT file ist signed.
    > >> I added my ROOT Certificate to a test machine (trusted CAs store) and
    my
    > >> CodeSigning Vertificate also (as trusted publisher).
    > >> If I now try to update the Driver it is still shown as not signed. I do
    > > this
    > >> on an installed machine at the desktop. I try to update the driver and
    > >> select the inf file.
    > >>
    > >> I also tried it on a RIPREP Image:
    > >> The Problem is that I have to modify the file structure and delete some
    > > reg
    > >> keys. I have to add the drivers to a RIPREP Image. I also disabled
    driver
    > >> signing policy (DRIVERSIGNINGPOLICY=IGNORE). But I still get a message
    in
    > >> the setupapi.log that tells me that the driver is blocked:
    > >>
    > >> [2004/09/29 16:28:15 520.92 Driver Install]
    > >> #-019 Searching for hardware ID(s):
    > >>
    > >
    pci\ven_8086&dev_24c5&subsys_04121179&rev_03,pci\ven_8086&dev_24c5&subsys_04
    > > 121179,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
    > >> #-018 Searching for compatible ID(s):
    > >>
    > >
    pci\ven_8086&dev_24c5&rev_03,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pc
    > > i\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
    > >> #-198 Command line processed: C:\WINDOWS\system32\services.exe -setup
    > >> #I022 Found "PCI\VEN_8086&DEV_24c5&subsys_04121179" in
    > >> C:\Drivers\stac97.inf; Device: "SigmaTel C-Major Audio"; Driver:
    > >> "SigmaTel
    > >> C-Major Audio"; Provider: "SigmaTel"; Mfg: "SigmaTel"; Section name:
    > >> "_00011179".
    > >> #I087 Driver node not trusted, rank changed from 0x00000001 to
    > >> 0x00008001.
    > >> #I023 Actual install section: [_00011179.NT]. Rank: 0x00008001.
    Effective
    > >> driver date: 07/17/2003.
    > >> #-166 Device install function: DIF_SELECTBESTCOMPATDRV.
    > >> #I063 Selected driver installs from section [_00011179] in
    > >> "c:\drivers\stac97.inf".
    > >> #I320 Class GUID of device remains:
    > > {4D36E96C-E325-11CE-BFC1-08002BE10318}.
    > >> #I060 Set selected driver.
    > >> #I058 Selected best compatible driver.
    > >> #-166 Device install function: DIF_INSTALLDEVICEFILES.
    > >> #I124 Doing copy-only install of
    > >> "PCI\VEN_8086&DEV_24C5&SUBSYS_04121179&REV_03\3&61AAA01&0&FD".
    > >> #-011 Installing section [_00011179.NT] from "c:\drivers\stac97.inf".
    > >> #E358 An unsigned or incorrectly signed file "c:\drivers\stac97.inf"
    for
    > >> driver "SigmaTel C-Major Audio" blocked (server install). Error
    > > 0xe000022f:
    > >> Die INF-Datei des Drittanbieters enthält keine
    > > Digitalsignaturinformationen.
    > >> #E122 Device install failed. Error 0xe000022f: Die INF-Datei des
    > >> Drittanbieters enthält keine Digitalsignaturinformationen.
    > >> #E157 Default installer failed. Error 0xe000022f: Die INF-Datei des
    > >> Drittanbieters enthält keine Digitalsignaturinformationen.
    > >>
    > >> (Sorry for the german Log)
    > >>
    > >> As far as I have read, server install needs signed drivers. This test
    > > didn't
    > >> had the certificates installed.
    > >>
    > >> So pls, if anyone has some hints, pls let me know.
    > >>
    > >> cu and thx in advance...
    > >> Bjoern
    > >>
    > >>
    > >
    > >
    >
    >
Ask a new question

Read More

Drivers Windows XP