对使用Winusb.sys作为内核模式代码的cat文件进行签名 [英] Sign cat file that uses Winusb.sys as kernel-mode code
问题描述
我正在尝试使USB驱动程序可在Windows 8中安装,该USB驱动程序仅使用
I'm trying to make an USB driver to be installable in Windows 8, this USB driver uses only WinUSB.
根据此帖子 Signed INF驱动程序可在其所在的计算机上运行已签名,未签名
其他,还有这个网站实用的Windows代码和驱动程序签名,我要做的就是生成.inf文件,生成.cat文件并对此.cat文件签名,但是我在签名部分遇到麻烦,其他步骤都可以.
According to this post Signed INF driver works on the computer where it was signed, not
others and also this website Practical Windows Code and Driver Signing all I have to do is to generate an .inf file, to generate a .cat file and sign this .cat file, but I'm having trouble with the signing part, the other steps are ok.
我在上面列出的站点清楚地表明,无需从任何授权的证书颁发机构购买任何证书,就不必对驱动程序仅使用WinUSB的目录文件进行签名.
The sites I listed above makes clear that to sign a catalog file which the driver uses only WinUSB is not necessary to purchase any certification from any authorized Certification Authority.
您使用的内核模块已经由Microsoft签名. 而且您将毫不费力地将它们加载到内核之后 驱动程序包已安装.
The kernel modules you are using have already been signed by Microsoft and you will have no trouble getting them loaded into the kernel after the driver package is installed.
我将SignTool.exe和mscvr-cross-gdroot-g2.crt放在一个文件夹中.在子文件夹中,假设MyFolder我有我的驱动程序包.
I have the SignTool.exe in a folder along with the mscvr-cross-gdroot-g2.crt. In a subfolder, let's say MyFolder I have my driver package.
MyFolder
├─ remsir.cat
├─ remsir.inf
│
├─┐ amd64\
│ ├ WdfCoInstaller01011.dll
│ ├ WinUSBCoInstaller2.dll
│ ├ WUDFUpdate_01011.dll
│
└─┐ i386\
├ WdfCoInstaller01011.dll
├ WinUSBCoInstaller2.dll
├ WUDFUpdate_01011.dll
所以,基本上我被困在这一点上:
So, basically I'm stuck at this point:
SignTool.exe sign /v /ac "mscvr-cross-gdroot-g2.crt" /n "Pololu Corporation" /t http://tsa.starfieldtech.com MyFolder\remsir.cat
此命令行是从其他问题中复制而来的,但是对我而言不起作用.我尝试更改某些参数,但仍然没有成功,我总是收到错误消息没关系,我该怎么做:
This command line was copied from the other questions, but it isn't working for me. I tried to change some of the parameters but still without success, it doesn't matter what I do I always get the error message:
SignTool错误:未找到符合所有给定条件的证书.
SignTool Error: No certificates were found that met all the given criteria.
首先,我不确定是否应该从此命令行更改任何参数.他们对我来说真的不是什么意思.
First of all, I not really sure if I should change any of the parameters from this command line. They aren't really clear for me what they mean.
所以..我必须在该命令行中更改任何参数吗?我是否必须安装mscvr-cross-gdroot-g2.crt甚至Pololu Corporation?如果是,怎么办?
So.. Do I have to change any of the parameters in that command line? Do I have to install the mscvr-cross-gdroot-g2.crt or even the Pololu Corporation? If yes, how?
推荐答案
目标:
Install an .inf file that uses WinUSB as kernel-mode code.
解决方案:
我解决了我的问题,与我最初对.cat文件签名的想法完全不同.
I solved my problem, not exactly as my initial idea of signing the .cat file.
对于大多数人来说,我的答案可能会令人失望,并且我可能因未使用最佳实践等而受到很多批评.这是不雅观的,听起来更像是一种解决方法,而不是真正的解决方案.但是考虑到公司的主要业务以及急于在Windows 8中使用驱动程序的情况,我已经找到了一个使公司满意的解决方案.
My answer may be disappointing for most of people and I may receive lots of critics for not using the best practices and etc. It's inelegant and sounds more like an workaround than a really solution. But considering the main business of the company and the hurry for using the driver in Windows 8 I've reached a solution that is satisfactory for the company.
在谈论安装未签名的驱动程序时,Windows 7与Windows 8之间的主要区别在于Windows 7会显示一条令人讨厌的红色警告消息,建议用户不要安装未签名的驱动程序,而在正常情况下,Windows 8不会这样做.还是要安装它.
The main difference between Windows 7 to Windows 8 when talking about installing an unsigned driver is that Windows 7 shows an annoying red warning message that recommends the user to not install the unsigned driver, and Windows 8, under normal circumstances just doesn't install it anyway.
我们一直在Windows 7中与该警告共存,所以我要做的是将Windows 8重新配置为类似于Windows 7.
We coexisted all this time with this warning in Windows 7, so what I've done is to reconfigure Windows 8 to act like Windows 7.
第1步:
在我的软件安装结束时,安装程序将运行一个验证Windows版本的程序,如果是Windows 8,则会提示一个对话框,询问安装驱动程序的建议,并提示需要重新启动Windows.如果用户同意,它将运行一个执行以下操作的批处理文件:
At the end of my software's installation the installer runs a program that verifies the Windows' version, if it is Windows 8 it prompts a dialog asking for installing the drivers and advices that it will demand to reboot the Windows. If the user agrees, it will run a batch file that does:
- 添加到 HKLM..RunOnce 批处理文件2的路径
- 禁用驱动程序签名强制
- 重新启动计算机
- Adds to HKLM..RunOnce a path for Batch File 2
- Disable Driver Signature Enforcement
- Restart the computer
第2步:
当用户登录时,它将运行第二个批处理文件,该文件被设置为运行到RunOnce中.它将做到:
When the user logs on it will run the second batch file, that was set to run into the RunOnce. It will do:
- 运行DPInst.exe
- 启用驱动程序签名执法
- 重新启动计算机.
这时将安装驱动程序并恢复原始设置.就像Windows 7中一样,令人讨厌的红色警告消息仍然存在,并且生活还在继续.
At this point the driver will be installed and the original settings are restored. The annoying red warning message remains, just like it was in Windows 7, and life goes on..
这篇关于对使用Winusb.sys作为内核模式代码的cat文件进行签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
