|
阅读:7902回复:7
有inf文件的驱动之签名
1. 需要生成 cat文件,需要inf2cat 工具
Inf2Cat /driver:.\vnn /os:2000,XP_X86,Server2003_X86,Vista_X86 .\vnn 就是驱动程序目录,里面包括inf及sys文件 注意修改inf中的version 段 日期要修改得近点,还要指定cat文件名 DriverVer =10/01/2007,6.0.5019.0 CatalogFile=vnn.cat vnn.cat是cat文件名,可以根据驱动改,改完再用 inf2cat命令行生成cat文件 2. 签sys文件,签cat文件 用你的verisign证书对sys及cat进行签名 3.工具下载 http://bbs.driverdevelop.com/htm_data/111/0806/111684.html |
|
|
|
沙发#
发布于:2008-06-11 18:43
首先,签了sys文件
znsoft(马勇) -- 态度决定一切,性格决定命运! 说: 再改inf文件,两个都要改 znsoft(马勇) -- 态度决定一切,性格决定命运! 说: 一样的,然后用工具生成cat znsoft(马勇) -- 态度决定一切,性格决定命运! 说: 再对cat签名,收工 |
|
|
|
板凳#
发布于:2008-06-11 18:45
1, 修改inf,在version段增加
CatalogFile=vnn.cat 2,签名sys 3,用工具生成cat 4,对cat签名 |
|
|
|
地板#
发布于:2008-06-11 18:46
好多年没有人跟我抢沙发了...
|
|
|
|
地下室#
发布于:2008-06-11 20:14
http://msdn.microsoft.com/en-us/library/bb931742.aspx
Windows Driver Kit: Device Installation Inf2Cat Tool Inf2Cat (Inf2Cat.exe) is a command-line tool that determines whether a driver package INF file can be digitally signed for a specified list of Windows versions, and, if so, generates the unsigned catalog files that apply to the specified Windows versions. Inf2Cat /driver:PackagePath /os:WindowsVersionList [/nocat] [/verbose] [/?] [other options] Parameters and Options /driver:PackagePath Supplies the path to the directory that contains the INF file for a driver package. /os:WindowsVersionList Configures Inf2Cat to verify that a driver package INF file complies with the signing requirements for the Windows versions that are specified by WindowsVersionList. WindowsVersionList is a comma-separated list of one or more of the following version identifiers. Windows version Version identifier Windows Server 2008 x64 Edition Server2008_X64 Windows Server 2008 Itanium Edition Server2008_IA64 Windows Server 2008 x86 Edition Server2008_X86 Windows Vista x64 Edition Vista_X64 Windows Vista x86 Edition Vista_X86 Windows Server 2003 x64 Edition Server2003_X64 Windows Server 2003 Itanium Edition Server2003_IA64 Windows Server 2003 x86 Edition Server2003_X86 Windows XP x64 Edition XP_X64 Windows XP x86 Edition XP_X86 Windows 2000 2000 Inf2Cat ignores the case of the alphabetic characters of the version identifier strings. For example, vista_x64 and Vista_X64 are both valid identifiers for Windows Vista x64 Edition. /nocat Configures Inf2Cat only to verify that the driver package complies with the signing requirements for the specified Windows versions, but not to generate a catalog files. /verbose Configures Inf2Cat to display detailed information in a command window. /? Configures Inf2Cat to display help information in a command window. other options Configures Inf2Cat to add a DRM level catalog attribute or a PE catalog attribute to files, or to add page hashes to files. For more information, use the /? option. Comments The Inf2Cat tool replaces the Signability tool that was included in versions of the WDK prior to Windows Server 2008. To use Inf2Cat, a user must be a member of the Administrators group on the system and run the command from an elevated command prompt. Inf2Cat checks driver package INF files for structural errors and verifies that a driver package can be digitally signed. A driver package can be signed only if all of the files that are referenced in an INF file are present and the source files are in the correct location. If an INF file cannot be signed or if it contains structural errors, the driver package might not be installed correctly or might incorrectly display a driver signing warning dialog box during installation. Inf2Cat generates a catalog file only if the catalog file is specified in the driver package INF file and the catalog file applies to one or more of the specified Windows versions. If the INF Version section of an INF file supplies only a CatalogFile=filename.cat directive, that catalog file applies to the entire driver package. To support cross-platform installations, the INF file should include CatalogFile.PlatformExtension=unique-filename.cat directives. For more information about Inf2Cat, see the Microsoft Inf2Cat FAQ Web site. The Inf2Cat tool is located in the ..\bin\SelfSign folder of the WDK. Examples In the following example, c:/MyDriver contains a driver package whose INF file is MyInfFile.inf and the INF Version section in the INF file includes only the following CatalogFile directive: [Version] . . . CatalogFile=MyCatalogFile.cat . . . For this example, the following Inf2Cat command would verify whether the driver package can be signed for Windows 2000 and for the x86 versions of Windows Vista, Windows Server 2003, and Windows XP. If the package can be signed for these versions, Inf2Cat would create the unsigned catalog file MyCatalogFile.cat. Inf2Cat /driver:C:\MyDriver /os:2000,XP_X86,Server2003_X86,Vista_X86 In the following example, c:/MyDriver contains a driver package whose INF file is MyInfFile.inf and the INF Version section in the INF file includes only the following two CatalogFile directives with platform extensions: [Version] . . . CatalogFile.ntx86=MyCatalogFileX86.cat CatalogFile.ntamd64=MyCatalogFileX64.cat . . . For this example, the following Inf2Cat command would verify whether the driver package can be signed for Windows 2000 and the x86 versions of Windows Vista, Windows Server 2003, and Windows XP. In addition, the command would verify whether the driver package can be signed for the x64 editions of Windows Vista, Windows Server 2003, and Windows XP. If the package can be signed for all of these versions, Inf2Cat will create the unsigned catalog files MyCatalogFileX86.cat and MyCatalogFileX64.cat. Inf2Cat /driver:C:\MyDriver /os:2000,XP_X86,XP_X64,Server2003_X86,Server2003_X64,Vista_X86,Vista_X64 For more information about how to use Inf2Cat to create a catalog file, see Creating a Catalog File for a PnP Driver Package. |
|
|
|
5楼#
发布于:2009-02-24 15:51
哦。志宁和老胡都在呢。老胡什么时候回来的?听说你出国一段时间? 哈哈。我好久没有上来了。有点羞于见大家呢。
有个问题哦。 我现在有个NDIS Protocol驱动想在Windows 2008 SP1 X86平台上跑,但是装驱动的时候会弹出一个对话框“Windows can't verify the publisher of this driver software”。我必须点“install it anyway”才行。这到客户那里肯定不行。我查了很多方法想去掉这东西,可是每一个能用的。唉。 值得说明的一点是,我已经有了verisign的数字证书,二级根是VeriSign Class 3 Code Signing 2004 CA,有好多二进制程序都是用它来签的名。我查看了一下顶级根,应该是在MS的那个证书列表里面的。(http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx 签名数据是一样的) 我不想做什么WHQL的测试,那太麻烦。我只想不让操作系统弹出那该死的对话框。是不是用我现有的证书做code signing就可以啊? 两位大哥不要嫌烦,给个答案吧,是或者否,否的话怎么做。谢喽。 |
|
|
6楼#
发布于:2009-03-31 17:58
"我不想做什么WHQL的测试,那太麻烦。我只想不让操作系统弹出那该死的对话框。是不是用我现有的证书做code signing就可以啊?"
当然不可以。只有WHQL的签名才被Windows认可。 |
|
|
7楼#
发布于:2009-04-04 19:34
引用第5楼goodbarrow于2009-02-24 15:51发表的 : 你的企业证书不是Trusted Pubulisher,驱动安装的时候会检查这个 基本上self-sign的驱动安装时很难绕过这个 |
|
|