error 0xC000036B STATUS_DRIVER_BLOCKED_CRITICAL while trying to load driver ring0.sys written by my in MASM32 RRS feed

  • Question

  • I turned off driver signature check with bcdedit.exe -set TESTSIGNING ON After restart I am getting message written on screen that it is testing mode.

    I wrote my unsigned ring0 kernel mode driver in MASM32 assembler and got ring0.sys file. After trying to load it with ZwLoadDriver I get response message that 0xC000036B.

    I read that it is Windows PatchGuard protecting it from being loaded. How to turn it off?

    Is there any way to load driver off memory and message box with error message instead of blue screen?

    Thursday, December 12, 2019 10:43 PM

All replies

  • I made my own certificate with makeCert.exe from WDK. I added as trusted certificate with certMgr.exe from WDK. I signed driver with following command: signtool sign /v /fd sha256 /s PrivateCertStore /n /t "C:\driver.sys"

    After trying to load it i get still same error. I did signature verification: signtool verify "C:\driver.sys"

    I got error that "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."

    I that because certificate was made for PrivateCertStore and added to that store but not to RootCertStore? What is correct store name for root cert store?

    Tuesday, December 17, 2019 12:30 AM