none
Driver verification is failing due to code integrity check with latest HLK build. RRS feed

  • Question

  • We are performing Windows compatibility test using latest HLK (Version 10.1.14393.4) for our Product drivers, one of our Product driver is a PnP kernel mode driver.  We had performed Windows compatibility test for same driver using older version of HLK and got signed from Microsoft dashboard. Now,  We are building same driver using Visual Studio 2012 and Windows Driver Kit 8.0 and "Hypervisor Code Integrity Readiness Test" is failing (Which was not present in previous HLK versions) on Windows 10 and Windows 2016 TP5 build with issue

    Parsing Driver Verifier CI statistics log file detected Code Integrity FAILURES, Non-zero Code Integrity statistic found: Execute-Write Section Count: == 1’.

    Code integrity traces are as follows: 

    Code Integrity Statistics:            

    Execute Pool Type Count:                0        

    Execute Page Protection Count:          0        

    Execute Page Mapping Count:             0        

    Execute-Write Section Count:            1        

    Section Alignment Failures:             0  

    As per this link (https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10/) , we are supposed to either use latest WDK with VS 2015 or there will be patch for VS 2013 which will modify the default RWX permission of INIT section, no information is present for VS 2012 though.   

    We have few queries on this :-  

    1. "Visual Studio 2013 currently marks the INIT section as RWX. This will be patched soon, but is still compatible as Windows 10 will automatically strip the write permission (W) from the INIT section"   From above information from the blog, it seems like the previous versions should be compatible with Windows 10 but, in current failure scenario how should we perform HLK test ?
    2. How can we apply the VS 2013 patch as mentioned above for automatically strip of write permission in our development environment (VS2012)? 
    Wednesday, August 17, 2016 2:51 PM

All replies

  • I am also facing similar kind of issue but it's related to 'Execute Pool Type Count'. Below is the error which i am facing.

    WDTF_TEST : Non-zero Code Integrity statistic found: Execute Pool Type Count: == 95.


    Wednesday, August 24, 2016 2:25 PM
  • @swati Execute pool type count is something different. You have to use NonpagedpoolNX instead of NonPagedPool. Refer MSDN for more details on how to make existing code work with new HLK. 
    Tuesday, September 6, 2016 1:47 PM
  • How can we apply the VS 2013 patch as mentioned above for automatically strip of write permission in our development environment (VS2012)? 

    Looks like they are, er, busy with something else...

    Until an official patch is available, try this small utility to fix the image attributes. Get source from here and compile with VC++ 2013 or 2015 (sorry I don't have 2012 anymore)

    Regards,

     - pa

    Tuesday, September 6, 2016 7:36 PM