Jump to content

Force Windows XP to treat signed and unsigned drivers equally?

LoneCrusader

By LoneCrusader
in Windows XP

 Share

Recommended Posts

D.Draker

D.Draker

Posted
Posted
5 hours ago, LoneCrusader said:

Hmm.. looks like our Russian friends have already solved this issue long ago. Digging through an old RyanVM thread for information on Signing/Certificates inadvertently led me back around to here, and then to a thread on the OSZone Russian forum. Unfortunately I can't speak or read Russian, but a Google translate of paragraph #3 of post #10 refers to "Patch in Setupapi.dll, turning off the lowering of the rank of unsigned drivers when choosing the most suitable driver for the device."

Now the problem is sorting out what patch does what exactly, and if there are any differences in different versions of the DLLs involved, and how to port it all to XP x64. All things I know nothing about. Fun! :unsure:

One doesn't have to understand Russia's language to figure out (or translate) the two words in the first post added by the forum admin. Those say - the programme was wiped out/deleted by the author. There's a link to archive.org given, but it doesn't allow to download the patch.

 
2

Tripredacus

Tripredacus

Posted
Posted

Maybe a better question would be, can you make XP ignore all signatures on drivers? This would make signed and unsigned equal, if the OS doesn't look at them at all.

un user

un user

Posted
Posted

Yes, but only after setup is complete.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] "OptionValue"=dword:1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}] "$Function"="SoftpubCleanup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}] "$Function"="SoftpubCleanup"

 

LoneCrusader

LoneCrusader

Posted
  • Author
Posted
23 hours ago, D.Draker said:

There's a link to archive.org given, but it doesn't allow to download the patch.

Luckily, someone uploaded a copy of it. Check the last few posts in the thread.

But @Acheron also posted the patch bytes in the thread here at MSFN, which appears to be more helpful at the moment unless one needs the other things provided by the original package.

17 hours ago, Tripredacus said:

Maybe a better question would be, can you make XP ignore all signatures on drivers? This would make signed and unsigned equal, if the OS doesn't look at them at all.

Could be another way of approaching the issue. I hadn't thought about it that way, assuming that all paths to solve it would be similar. Based on un user's next post and an examination of that section in the registry it looks like one might get at the issue from that direction...

I think that the approximate same result is achieved with one of the patches listed by Acheron; I tested them and while XP x86 still recognizes whether or not a driver is signed, it does not "prefer" one or the other on its own anymore, which solves the issue at hand. Now I just have to find someone with the know-how to port them to x64.

2 hours ago, un user said:

Yes, but only after setup is complete.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] "OptionValue"=dword:1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}] "$Function"="SoftpubCleanup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}] "$Function"="SoftpubCleanup"

Interesting.. is there any available documentation on this?

And, I assume since you specified that it works only after setup is complete, that an attempt has been made to add these entries to the source files prior to setup?

D.Draker

D.Draker

Posted
Posted
3 hours ago, LoneCrusader said:

Check the last few posts in the thread.

Well, I translated the most interesting parts from that forum, translation into French is indeed much better than to English, most likely because Russian has many French words and grammar. 

I don't like what I see, so far. Why?

1 - The patch works with files loaded into RAM, during setup, one would need to have at least some primitive skills to see what it really does, besides the advertised functions.

2 - Some wrote it didn't work with certain parametres. A poster hadn't been able to patch uxtheme.dll, for example.

3 - It patches several system files, namely sfc_os.dll, syssetup.dll, setupapi.dll 

4 - Registry is patched to SfcDisable=0xFFFFFF9D.

5 - It switches OFF Windows system files protection.

6 - It changes default Windows environment paths.

and so on ...

In all, I don't like the whole idea of patching Windows system files with tools from unknown entities.

2
un user

un user

Posted
Posted
23 hours ago, LoneCrusader said:

Interesting.. is there any available documentation on this?

And, I assume since you specified that it works only after setup is complete, that an attempt has been made to add these entries to the source files prior to setup?

No.

Those values are added after setup is complete and, crypto dll's are registered.

 

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...