none
About error 577 of driver service. RRS feed

  • Question

  • I met an error after I got I modified the driver of NDIS Filter 6.0 and signed when installation.

    I believe the driver sys file and cat file both signing with my kernel certificate, and the installation is successful without any problems.

    After the driver got installed with NetCfg, about 3 secs later, a popup shows that the driver file does not have a vaild signature.

    1>  After EKU filter, 3 certs were left.
    1>  After expiry filter, 2 certs were left.
    1>  After Hash filter, 1 certs were left.
    1>  After Private Key filter, 1 certs were left.
    1>  The following certificate was selected:
    1>      Issued to: *********************(marked)
    1>  
    1>      Issued by: StartCom Class 3 Primary Intermediate Object CA
    1>  
    1>      Expires:   Sun Feb 21 20:47:59 2016
    1>  
    1>      SHA1 hash: E762DF92A9C179F1951750C96CD0DDF799408A18
    1>  
    1>  
    1>  Cross certificate chain (using machine store):
    1>      Issued to: Microsoft Code Verification Root
    1>  
    1>      Issued by: Microsoft Code Verification Root
    1>  
    1>      Expires:   Sat Nov 01 21:54:03 2025
    1>  
    1>      SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
    1>  
    1>  
    1>          Issued to: StartCom Certification Authority
    1>  
    1>          Issued by: Microsoft Code Verification Root
    1>  
    1>          Expires:   Fri Apr 16 04:23:19 2021
    1>  
    1>          SHA1 hash: E6069E048DEA8D817AFC4188B1BEF1D888D0AF17
    1>  
    1>  
    1>              Issued to: StartCom Class 3 Primary Intermediate Object CA
    1>  
    1>              Issued by: StartCom Certification Authority
    1>  
    1>              Expires:   Wed Oct 25 06:03:55 2017
    1>  
    1>              SHA1 hash: 660746026115B8DF862C4F5CF1C51508E96E33D0
    1>  
    1>  
    1>                  Issued to: *********************(marked)
    1>  
    1>                  Issued by: StartCom Class 3 Primary Intermediate Object CA
    1>  
    1>                  Expires:   Sun Feb 21 20:47:59 2016
    1>  
    1>                  SHA1 hash: E762DF92A9C179F1951750C96CD0DDF799408A18
    1>  
    1>  
    1>  
    1>  The following additional certificates will be attached:
    1>      Issued to: StartCom Certification Authority
    1>  
    1>      Issued by: Microsoft Code Verification Root
    1>  
    1>      Expires:   Fri Apr 16 04:23:19 2021
    1>  
    1>      SHA1 hash: E6069E048DEA8D817AFC4188B1BEF1D888D0AF17
    1>  
    1>  
    1>      Issued to: StartCom Class 3 Primary Intermediate Object CA
    1>  
    1>      Issued by: StartCom Certification Authority
    1>  
    1>      Expires:   Wed Oct 25 06:03:55 2017
    1>  
    1>      SHA1 hash: 660746026115B8DF862C4F5CF1C51508E96E33D0
    1>  
    1>  
    1>  Done Adding Additional Store
    1>  Successfully signed: F:\ndis-filter\x64\Win7Debug\qzjndis.sys
    1>  
    1>  
    1>  Number of files successfully Signed: 1

    And I typed "net start qzjndis", it shows

    Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    This driver can works under testsigning enabled, but I already signing them with my kernel certifcate how could it failed to load in non-testsigning mode?

    Please help.


    Friday, March 29, 2013 8:10 AM

Answers

  • I solved it myself by request a cert which using SHA1 not SHA2.

    Windows 8 supports SHA2 certificate only.

    • Marked as answer by ZhongJie Qiu Monday, April 1, 2013 9:55 AM
    Monday, April 1, 2013 9:55 AM

All replies

  • I also use SignTool to verify the sys and cat files in clean Virtual machine, the result seems correct.

    Cross Certificate Chain:
        Issued to: Microsoft Code Verification Root
        Issued by: Microsoft Code Verification Root
        Expires:   Sat Nov 01 21:54:03 2025
        SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
    
            Issued to: StartCom Certification Authority
            Issued by: Microsoft Code Verification Root
            Expires:   Fri Apr 16 04:23:19 2021
            SHA1 hash: E6069E048DEA8D817AFC4188B1BEF1D888D0AF17
    
                Issued to: StartCom Class 3 Primary Intermediate Object CA
                Issued by: StartCom Certification Authority
                Expires:   Wed Oct 25 06:03:55 2017
                SHA1 hash: 660746026115B8DF862C4F5CF1C51508E96E33D0
    
                    Issued to: **************(marked)
                    Issued by: StartCom Class 3 Primary Intermediate Object CA
                    Expires:   Sun Feb 21 20:47:59 2016
                    SHA1 hash: E762DF92A9C179F1951750C96CD0DDF799408A18
    
    Successfully verified: qzjndis.cat

    Friday, March 29, 2013 8:32 AM
  • are you installing your cert into the machine store or the local user cert store?

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, March 29, 2013 4:20 PM
  • @Doron,

    do you mean the cert with key of signing? I installed it in user cert store, and I tried install it in machine store but VS2012 can not found it in configuration window.

    When I trying to set the key directly load from pfx file, VS2012 gives me the error:

         sto:           {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE} 11:56:33.635
         inf:                Opened INF: 'C:\Windows\System32\DriverStore\Temp\{0f7d9cc3-454e-1f6f-0fec-ef1e78ccd857}\qzjndis.inf' ([strings])
         sig:                {_VERIFY_FILE_SIGNATURE} 11:56:33.635
         sig:                     Key      = qzjndis.inf
         sig:                     FilePath = C:\Windows\System32\DriverStore\Temp\{0f7d9cc3-454e-1f6f-0fec-ef1e78ccd857}\qzjndis.inf
         sig:                     Catalog  = C:\Windows\System32\DriverStore\Temp\{0f7d9cc3-454e-1f6f-0fec-ef1e78ccd857}\qzjndis.cat
         flq:                     {SPFILENOTIFY_CABINETINFO}
         flq:                     {SPFILENOTIFY_CABINETINFO - exit(0x00000000)}
         flq:                     {SPFILENOTIFY_FILEEXTRACTED}
         flq:                     {SPFILENOTIFY_FILEEXTRACTED - exit(0x00000000)}
         flq:                     {SPFILENOTIFY_CABINETINFO}
         flq:                     {SPFILENOTIFY_CABINETINFO - exit(0x00000000)}
         flq:                     {SPFILENOTIFY_FILEEXTRACTED}
         flq:                     {SPFILENOTIFY_FILEEXTRACTED - exit(0x00000000)}
    !    sig:                     Verifying file against specific (valid) catalog failed! (0x800b0109)
    !    sig:                     Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
         sig:                {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 11:56:33.667
         sig:                {_VERIFY_FILE_SIGNATURE} 11:56:33.667
         sig:                     Key      = qzjndis.inf
         sig:                     FilePath = C:\Windows\System32\DriverStore\Temp\{0f7d9cc3-454e-1f6f-0fec-ef1e78ccd857}\qzjndis.inf
         sig:                     Catalog  = C:\Windows\System32\DriverStore\Temp\{0f7d9cc3-454e-1f6f-0fec-ef1e78ccd857}\qzjndis.cat
         flq:                     {SPFILENOTIFY_CABINETINFO}
         flq:                     {SPFILENOTIFY_CABINETINFO - exit(0x00000000)}
         flq:                     {SPFILENOTIFY_FILEEXTRACTED}
         flq:                     {SPFILENOTIFY_FILEEXTRACTED - exit(0x00000000)}
         flq:                     {SPFILENOTIFY_CABINETINFO}
         flq:                     {SPFILENOTIFY_CABINETINFO - exit(0x00000000)}
         flq:                     {SPFILENOTIFY_FILEEXTRACTED}
         flq:                     {SPFILENOTIFY_FILEEXTRACTED - exit(0x00000000)}
         sig:                     Success: File is signed in Authenticode(tm) catalog.
         sig:                     Error 0xe0000242: The publisher of an Authenticode(tm) signed catalog has not yet been established as trusted.
         sig:                {_VERIFY_FILE_SIGNATURE exit(0xe0000242)} 11:56:33.698
         sto:                Validating driver package files against catalog 'qzjndis.cat'.
    !    sto:                Driver package signer is unknown but user trusts the signer.
         sto:           {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE exit(0x00000000)} 11:56:34.774
         sto:           Verified driver package signature:
         sto:                Digital Signer Score = 0xFF000000
         sto:                Digital Signer Name  = <unknown>
         sto:           {DRIVERSTORE_IMPORT_NOTIFY_BEGIN} 11:56:34.774
         inf:                Opened INF: 'C:\Windows\System32\DriverStore\Temp\{0f7d9cc3-454e-1f6f-0fec-ef1e78ccd857}\qzjndis.inf' ([strings])
         sto:                Create system restore point:
         sto:                     Description = ***********(marked) Company Limited Network Service
         sto:                     Time        = 7098ms
         sto:                     Status      = 0x00000000 (SUCCESS)
         sto:           {DRIVERSTORE_IMPORT_NOTIFY_BEGIN: exit(0x00000000)} 11:56:41.872
         sto:           Importing driver package files:
         sto:                Source Path      = C:\Windows\System32\DriverStore\Temp\{0f7d9cc3-454e-1f6f-0fec-ef1e78ccd857}
         sto:                Destination Path = C:\Windows\System32\DriverStore\FileRepository\qzjndis.inf_amd64_neutral_b3fdc78df34123ed
         sto:           {Copy Directory: C:\Windows\System32\DriverStore\Temp\{0f7d9cc3-454e-1f6f-0fec-ef1e78ccd857}} 11:56:41.872
         sto:                Target Path = C:\Windows\System32\DriverStore\FileRepository\qzjndis.inf_amd64_neutral_b3fdc78df34123ed
         sto:           {Copy Directory: exit(0x00000000)} 11:56:41.872
         sto:           {Index Driver Package: C:\Windows\System32\DriverStore\FileRepository\qzjndis.inf_amd64_neutral_b3fdc78df34123ed\qzjndis.inf} 11:56:41.872
         idb:                Registered driver store entry 'qzjndis.inf_amd64_neutral_b3fdc78df34123ed'.
         idb:                Published 'qzjndis.inf_amd64_neutral_b3fdc78df34123ed\qzjndis.inf' to 'C:\Windows\INF\oem12.inf'
         idb:                Published driver store entry 'qzjndis.inf_amd64_neutral_b3fdc78df34123ed'.
         sto:                Published driver package INF 'oem12.inf' was changed.
         sto:                Active published driver package is 'qzjndis.inf_amd64_neutral_b3fdc78df34123ed'.
         sto:           {Index Driver Package: exit(0x00000000)} 11:56:42.309

    I'm not sure why the the setupapi.dev.log told that root certificate was not trusted.

    But the files from signtool is verified.

    Verifying: qzjndis.sys
    Hash of file (sha1): CA1DEA1117ACF469D3194C90A8E3DDD7AB9917A5
    
    Signing Certificate Chain:
        Issued to: StartCom Certification Authority
        Issued by: StartCom Certification Authority
        Expires:   Thu Sep 18 03:46:36 2036
        SHA1 hash: 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
    
            Issued to: StartCom Class 3 Primary Intermediate Object CA
            Issued by: StartCom Certification Authority
            Expires:   Wed Oct 25 06:03:55 2017
            SHA1 hash: 660746026115B8DF862C4F5CF1C51508E96E33D0
    
                Issued to: ****************(marked)
                Issued by: StartCom Class 3 Primary Intermediate Object CA
                Expires:   Sun Feb 21 20:47:59 2016
                SHA1 hash: E762DF92A9C179F1951750C96CD0DDF799408A18
    
    The signature is timestamped: Sat Mar 30 11:55:34 2013
    Timestamp Verified by:
        Issued to: Thawte Timestamping CA
        Issued by: Thawte Timestamping CA
        Expires:   Fri Jan 01 07:59:59 2021
        SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656
    
            Issued to: Symantec Time Stamping Services CA - G2
            Issued by: Thawte Timestamping CA
            Expires:   Thu Dec 31 07:59:59 2020
            SHA1 hash: 6C07453FFDDA08B83707C09B82FB3D15F35336B1
    
                Issued to: Symantec Time Stamping Services Signer - G4
                Issued by: Symantec Time Stamping Services CA - G2
                Expires:   Wed Dec 30 07:59:59 2020
                SHA1 hash: 65439929B67973EB192D6FF243E6767ADF0834E4
    
    Cross Certificate Chain:
        Issued to: Microsoft Code Verification Root
        Issued by: Microsoft Code Verification Root
        Expires:   Sat Nov 01 21:54:03 2025
        SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
    
            Issued to: StartCom Certification Authority
            Issued by: Microsoft Code Verification Root
            Expires:   Fri Apr 16 04:23:19 2021
            SHA1 hash: E6069E048DEA8D817AFC4188B1BEF1D888D0AF17
    
                Issued to: StartCom Class 3 Primary Intermediate Object CA
                Issued by: StartCom Certification Authority
                Expires:   Wed Oct 25 06:03:55 2017
                SHA1 hash: 660746026115B8DF862C4F5CF1C51508E96E33D0
    
                    Issued to: ****************(marked)
                    Issued by: StartCom Class 3 Primary Intermediate Object CA
                    Expires:   Sun Feb 21 20:47:59 2016
                    SHA1 hash: E762DF92A9C179F1951750C96CD0DDF799408A18
    
    File has page hashes.
    
    
    Successfully verified: qzjndis.sys
    
    Number of files successfully Verified: 2
    Number of warnings: 0
    Number of errors: 0
    
    C:\Users\QZJ\Desktop>

    Is the problem of certificate?



    • Edited by ZhongJie Qiu Saturday, March 30, 2013 1:04 PM Typing mistake: VS2010 should be VS2012
    Saturday, March 30, 2013 4:09 AM
  • pictures attached.

    http://social.msdn.microsoft.com/Forums/getfile/265095

    Sunday, March 31, 2013 10:09 AM
  • I solved it myself by request a cert which using SHA1 not SHA2.

    Windows 8 supports SHA2 certificate only.

    • Marked as answer by ZhongJie Qiu Monday, April 1, 2013 9:55 AM
    Monday, April 1, 2013 9:55 AM