Sign in to follow this  
Followers 0
MadBoy

Driver Signing Policy

6 posts in this topic

Hej, I'm not sure if it will be the best forum to ask for this, but a lot of ppl probably have experience in this issue. Driver signing. I used RegMon to monitor what registry changes happens when you Turn it On or Off thru My Computer -> Properties -> Hardware - > Driver Signing.

Everywhere i looked those 3 keys are always mentioned as supposed to work for Driver Signing OFF.

Func DriverSigningOff(); Sets Driver Singning to OFF.
    If @ProcessorArch = "X86" Then $HKLM = "HKEY_LOCAL_MACHINE"
    If @ProcessorArch = "X64" Then $HKLM = "HKEY_LOCAL_MACHINE64"
    RegWrite($HKLM & "\SOFTWARE\Microsoft\Driver Signing", "Policy", "REG_BINARY", "00")
    RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Driver Signing", "Policy", "REG_DWORD", "0")
    RegWrite("HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Driver Signing", "BehaviorOnFailedVerify", "REG_DWORD", "00000000")
EndFunc

Problem is.. they don't. I noticed that besides those 2 first keys.. (3rd key doesn't get set at all) when i set: Driver Signing to OFF private Hash changed to:

HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\PrivateHash 01 32 A3 68 55 C2 D2 00 ...

Driver Signing to ON private Hash changed to:

HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\PrivateHash 15 CA EF C3 34 E8 C8 78 ...

Of course on each computer Private Hash is diffrent. Question is how that private hash is generated. Some ppl said on diffrent forums it's Windows version dependant but I have 2 Windows XP Sp2 PL version and those keys are diffrent. Any help would be appreciated :)


My little company: Evotec (PL version: Evotec)

Share this post


Link to post
Share on other sites



Might work--unless your computers are on a domain:

$title = "System Properties"

Run("control.exe sysdm.cpl")
WinWait($title)

ControlCommand($title, "", "SysTabControl321", "TabRight", "")
ControlCommand($title, "", "SysTabControl321", "TabRight", "")
ControlClick($title, "", "Driver &Signing")

ControlClick("Driver Signing Options", "", "&Ignore - Install the software anyway and don't ask for my approval")
ControlClick("Driver Signing Options", "", "OK")

ControlClick($title, "", "OK")

Use Mozilla | Take a look at My Disorganized AutoIt stuff | Very very old: AutoBuilder 11 Jan 2005 prototype I need to update my sig!

Share this post


Link to post
Share on other sites

Tnx, seems bad news for me. It can be done manually in Windows thought it can be done by registry but like they said in one of the articles it can be used by malware i guess. Maybe it can be done by some DllCall? I haven't yet played with that at all besides seeing ppl using it sometimes? Can that be solution in that case.. for fastest way to change that policy settings. I wouldn't like user or anyone that will use the script to see the process of AutoIT clicking My Computer waiting for next GUI to open and doing all the things on by one?


My little company: Evotec (PL version: Evotec)

Share this post


Link to post
Share on other sites

@cyberslug - problem in case of your script is that it's language related, domain related :) I'm trying to prepare multi language, driver installing program for all administrators out there and it's preety much needed to be totally unattended + language independant.


My little company: Evotec (PL version: Evotec)

Share this post


Link to post
Share on other sites

This is what Microsoft has to say about it.

http://support.microsoft.com/?kbid=298503

Also if you don't actually need to turn it off, but just have it ignore when the driver isn't signed try this.

http://www.winguides.com/registry/display.php/1298/

As you might have noticed in my script i have added:

RegWrite("HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Driver Signing", "BehaviorOnFailedVerify", "REG_DWORD", "00000000")

which is exactly what they suggest in that post :/ But it doesn't seems to work, at least not in case using SetupCopyOemInf. Haven't had problem with DevicePath registry entries.. but maybe just drivers i used were signed.


My little company: Evotec (PL version: Evotec)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0