none
Programming and deploying kernel drivers has a cost, did you know that ? RRS feed

  • General discussion

  • It's actually wrote here:
    https://docs.microsoft.com/en-us/windows-hardware/drivers/develop/signing-a-driver-for-public-release
    https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/create-a-new-hardware-submission

    "Before you release a driver package to the public, we recommend that you submit the package for certification. "
    "To submit a driver package for certification, you must sign the package with a certificate that you obtain from a trusted certification authority like VeriSign."

    And here's what VeriSign and GlobalSign mean:
    If you are searching in internet with the keywords: VeriSign/GlobalSign certification price

    You actually need to pay for, like 300 or 400usd per year.

    It's like the USB VID/PID thing, need to pay to deploy an USB driver and device.

    One word: Scandalous ^^


    Thursday, August 29, 2019 6:34 PM

All replies

  • Why is it scandalous?  Drivers cost money and time, even if they are for your own use.   Even though now you can get a minimal set of driver development tools for free it used to be you had to pay for a Visual C license plus an MSDN license for the DDK, if you wanted to develop file system stuff you paid an additional $1000 for a few files with no documentation.  

    Getting a certificate means that someone can know who developed the driver, and if it turns out the developer is producing malware the certificate can be invalidated to stop the spread of the bad software.   You can always test sign your driver for free, then tell people who want to use it they have to enable test signing, this will avoid the cost.   Wake up, if you are going to be a professional in almost any field you are going to pay something for your tools.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Thursday, August 29, 2019 7:32 PM
  • I am just an hobbyist programmer and this kind of politics prevent me learning the programming field I want to study, just sayin ^^

    That's why I say it's scandalous.


    • Edited by wqaxs36 Thursday, August 29, 2019 7:37 PM
    Thursday, August 29, 2019 7:35 PM
  • Why is it scandalous?  Drivers cost money and time, even if they are for your own use.   Even though now you can get a minimal set of driver development tools for free it used to be you had to pay for a Visual C license plus an MSDN license for the DDK, if you wanted to develop file system stuff you paid an additional $1000 for a few files with no documentation.  

    Getting a certificate means that someone can know who developed the driver, and if it turns out the developer is producing malware the certificate can be invalidated to stop the spread of the bad software.   You can always test sign your driver for free, then tell people who want to use it they have to enable test signing, this will avoid the cost.   Wake up, if you are going to be a professional in almost any field you are going to pay something for your tools.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    whats next? i will have to pay to be able to make a program that works on real windows version like XP... not that bullshit useless crap you call whatever 10? then what? i will have to pay to code any app that will force me to install it just to try it? as if it was not retarded enough the spread of OOP and .NET for all this bunch of programmers... thats exactly why you get hacked so much... and frankly you deserve it... for creating retarded programmers that can't code anything without being babysit by an useless bloated framework.... 

    Thursday, August 29, 2019 7:45 PM
  • No you can program all you want, and develop a driver, it is just if you want to distribute it with forcing test signing then you need to sign the driver.   I've developed probably 100 drivers for companies, and I never owned a cert, I provided the customer a script to sign the driver after they received it from me.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Friday, August 30, 2019 12:03 AM
  • Nonsense.  You can learn all you want, and you can do all the testing you want on your own systems, no cost.  But if you expect to release your driver into the public, where your malicious intent or incompetence could cause genuine damage to someone else's computer, then you have to have provable certification so you can be held liable.  Remember, when a computer crashes and data is lost, people don't blame a driver writer.  They blame Microsoft.


    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Friday, August 30, 2019 5:03 AM
  • Exact, I want to publish my driver and source code to the public with the codeproject website :)

    And I don't see myself telling people to turn their computer into test machine just to use my driver :D

    By the way my driver is just a mouse driver with an extra function that will allow user to use a mouse smoothing function.

    So it's not a big deal if I can borrow the same certificate than the actual certificate used for mouse and keyboard (mousehid.sys + keyboardhid.sys)

    I've already taken the same PID and VID from an existent keyboard/mouse for my own keyboard/mouse made with arduino.

    So I don't know why we cannot do the same with certificate.

    BTW I've inspected the PID and VID from random aliexpress keyboard/mouse and the result was weird (the owner isn't easy to find) and I am sure that they do not pay for that and take the same numbers because a keyboard is a keyboard and a mouse is a mouse.

    Doesn't need a tons of classification for a same hardware, just sayin.









    • Edited by wqaxs36 Friday, August 30, 2019 9:49 AM
    Friday, August 30, 2019 7:56 AM
  • Actually it is a very big deal.  There is a "improved mouse/keyboard" driver out there that is a key stroke logger.  So you feel you should have the right to do the same thing, and have no way for a poor smuck to know that it is not the Microsoft driver. 

    You can run 32-bit drivers without a signature, you can use a 64-bit driver with test signing.   You can post your source code, and someone has the choice of compiling and signing your driver for themselves.   What you can't do is have your driver signed without owning a cert, this would be the same as claiming that your code came from Microsoft.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Friday, August 30, 2019 9:44 PM
  • - I hate 32-bit OS

    - I don't want to test signing (I want to do things in a proper way)

    - I will not post my code on internet if I cannot use it myself (it's not fair)

    - Oh you mean we can do it ? :o

    ( I don't care about legal stuff, if I cared about that, I will not be able to be what am I actually :) )

    - And what you said about it's a big deal, no it's not, just look at all those keyboard/mouse user driver that we can freely download from internet and can do amazing things for your mouse and keyboard ;)

    (like autohotkey, mouse management in video game, N64 controller, ...)

    - Just saying, if I need to do a kernel driver it's because I need to desync the cursor (mouse coordinate sent to all users application) with the raw mouse coordinate in order to do my coordinate modification.

    And we cannot do this with WinAPI, FeelsBad

    I found this: https://resources.infosecinstitute.com/cybercrime-exploits-digital-certificates/

    Maybe it will help me to get a free certificate :)

    Just a question, does Linux require signed certificate like Windows ?

    https://security.stackexchange.com/questions/82150/how-to-extract-a-valid-digital-certificate-and-put-it-on-other-program

    "So now to what you (and the NSA, and the entire Russian criminal underworld) want to do. You want to pass off a signed file as having a valid digital signature using a digital signature you found somewhere else. Okay. There are two things you can do:"

    Hacking learning is probably the way to fix my problem :D

    "When users gain assisting and peace, the developers are paying for it of their own freedom of creation"

    My new quote :D



    • Edited by wqaxs36 Saturday, August 31, 2019 5:50 PM
    Saturday, August 31, 2019 8:02 AM
  • (I want to do things in a proper way

    Here. Your own words. So go do things in a proper way.

    I don't care about legal stuff

    Better do care. Stealing a certificate (if you manage to...) is a real crime, that will warrant you a quality jail time. 

    Just a question, does Linux require signed certificate like Windows ?

    In a word, no it does not. So you can switch to Linux as well. There's only a tiny thing remaining: instead of telling your users to enable test mode, you'll convince them to install Linux.

    Hacking learning is probably the way to fix my problem

    O! Finally, a good idea! Learn hacking, get a nicely paid job, dominate the world. Silly Windows drivers are waste of time. If only someone had explained this to me some 30 years ago.

    -- pa


    • Edited by Pavel A Sunday, September 1, 2019 12:05 AM
    Saturday, August 31, 2019 11:26 PM
  • So I have identified the driver responsible of the mouse behavior and it's mouclass.sys

    Ironically, mouhid.sys is useless, I've deleted it and nothing bad happen and mouse still works :D

    I've identified this driver by renaming by own driver to mouclass.sys and the mouse didn't worked anymore.

    So I've found a security breach in Windows, being able to pretend to be an official driver while not hehe

    Will I go to jail is I am doing that ? :D

    Now the second task is to have the source code of mouclass.sys, add my feature and the job is done :)

    Sunday, September 1, 2019 6:39 PM
  • Will I go to jail is I am doing that ? :D

    Yes. if ignorance is a crime :D

    -- pa

    Sunday, September 1, 2019 9:10 PM
  • Now the second task is to have the source code of mouclass.sys, add my feature and the job is done :)

    There exists mouclass sample in Windows Driver Kit version 7.1.0

    No warranty
    With kind regards


    Tuesday, September 3, 2019 1:54 PM
  • > Exact, I want to publish my driver and source code to the public with the 
    > codeproject website. :)

    You can do that, but the people who download and build your driver either have to use "test mode" or use their own certificate.  That's just the way it is in Windows today.  Windows is no longer a playground.  It drives corporate America.  Corporate America wants guarantees about what gets installed.

    > So it's not a big deal if I can borrow the same certificate than the actual
    > certificate used for mouse and keyboard...

    Yes, it's a huge deal.  Microsoft's drivers are signed with Microsoft's certificates.  Those certificates carry the same kind of legal authority as the signature on a check.  In order to use it, you would have to have stolen Microsoft's private key.  If you wouldn't forge a Microsoft check, then you shouldn't be trying to forge Microsoft's signing certificate.

    > I've already taken the same PID and VID from an existent keyboard/mouse
    > for my own keyboard/mouse made with arduino.

    That's also illegal.

    > BTW I've inspected the PID and VID from random aliexpress keyboard/mouse

    That's a Chinese company.  They, of course, are notorious for violating international licensing and intellectual property agreements.


    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Tuesday, September 3, 2019 5:33 PM
  • wqaxs36 what you are really doing is acting totally unprofessionally.   Whether you like it or not, there are rules to operating systems, whether it be Windows or Linux, or any of the thousands of operating systems that came before them.  You complain about the rules, saying they don't allow you to do what you want, but bottom line an operating system is about setting rules.   Go find a new profession such as collecting garbage, because if you can understand the basics, you are certainly going to fail in the computer industry.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Tuesday, September 3, 2019 6:14 PM