none
Sign a driver with V.S 2015 RRS feed

  • Question

  • Hello,

    I created a KMDF project under V.S 2015 and also installed the certificate (symantec) that enables me to sign a driver.

    Upon build + sign I got the following messages in the log file:

    Building 'KMDF Driver4' with toolset 'WindowsKernelModeDriver10.0' and the 'Universal' target platform.
      Stamping Debug\KMDFDriver4.inf [Version] section with DriverVer=07/06/2017,16.41.31.155
      Device.c
      Driver.c
      Queue.c
      Generating Code...
      KMDF Driver4.vcxproj -> \\eltidevop\usr$\zv33945\my documents\visual studio 2015\Projects\KMDF Driver4\Debug\KMDFDriver4.sys
      KMDF Driver4.vcxproj -> \\eltidevop\usr$\zv33945\my documents\visual studio 2015\Projects\KMDF Driver4\Debug\KMDFDriver4.pdb (Full PDB)
    C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets(1459,5): warning : Production sign is turned on in debug mode.
      Done Adding Additional Store
      
      Number of errors: 1
      
    SIGNTASK : SignTool error : The specified timestamp server either could not be reached or
      returned an invalid response.
    SIGNTASK : SignTool error : An error occurred while attempting to sign: \\eltidevop\usr$\zv33945\my documents\visual studio 2015\Projects\KMDF Driver4\Debug\KMDFDriver4.sys
      

    During the sign phase I got the login message and entered user+password. 

    The sys file is created but the sign fails.

    Is it possible that there is a setting in V.S 2015 that causes this problem ?

    According to IT, there is no firewall preventing my PC to access the web. 

    Thank you,

    Zvika 


    Friday, July 7, 2017 1:25 PM

Answers

  • Open a VS build command window and run msbuild in the package directory with /v:[level] https://msdn.microsoft.com/en-us/library/ms164311.aspx?f=255&MSPPError=-2147217396

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    • Marked as answer by Z. V Sunday, July 16, 2017 6:58 PM
    Sunday, July 9, 2017 7:11 AM
  • According to IT, there is no firewall preventing my PC to access the web. 

    Zvika, do you have a Checkpoint or other appliance for SSL decryption? It can be the reason. Security-sensitive applications (such as signtool) may detect these things and (rightly) refuse to connect. Though, ping and all popular browsers will work.

    -- pa

    • Marked as answer by Z. V Sunday, July 16, 2017 6:58 PM
    Sunday, July 9, 2017 10:23 AM

All replies

  • Does the tool work on the command line when you test it outside of msbuild?

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, July 7, 2017 3:09 PM
  • Does the tool work on the command line when you test it outside of msbuild?

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Hello,

    How can I know the exact command line ?

    Thank you,

    Zvika

    Sunday, July 9, 2017 4:54 AM
  • Open a VS build command window and run msbuild in the package directory with /v:[level] https://msdn.microsoft.com/en-us/library/ms164311.aspx?f=255&MSPPError=-2147217396

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    • Marked as answer by Z. V Sunday, July 16, 2017 6:58 PM
    Sunday, July 9, 2017 7:11 AM
  • According to IT, there is no firewall preventing my PC to access the web. 

    Zvika, do you have a Checkpoint or other appliance for SSL decryption? It can be the reason. Security-sensitive applications (such as signtool) may detect these things and (rightly) refuse to connect. Though, ping and all popular browsers will work.

    -- pa

    • Marked as answer by Z. V Sunday, July 16, 2017 6:58 PM
    Sunday, July 9, 2017 10:23 AM
  • Hi Doron,

    I ran the following command from a CMD windows:

    "C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe"  sign /ph /ac "C:\Program Files (x86)\Windows Kits\10\crosscertificates\VRSN_C3_PCA_G5_Root_CA_Cross.cer" /sha1 "8D45738AF3395245EA96882C2084C87B50FB8A08" /t "http://timestamp.verisign.com/scripts/timstamp.dll" "C:\temp\KMDF Driver3\Debug\KMDFDriver3.sys"

    And got the same error:

    Done Adding Additional Store
    SignTool Error: The specified timestamp server either could not be reached or
    returned an invalid response.
    SignTool Error: An error occurred while attempting to sign: C:\temp\KMDF Driver3\Debug\KMDFDriver3.sys

    Number of errors: 1

    Thank you,

    Zvika

    Sunday, July 9, 2017 10:39 AM
  • Hello Doron, Pavel,

    Is wan an "IT" problem. Signing now works.

    Thank you for your help,

    Zvika 

    Monday, July 10, 2017 6:34 PM