Jump to content

Completely disabling DriverSigningPolicy.

Bâshrat the Sneaky

By Bâshrat the Sneaky
in Device Drivers

 Share

Recommended Posts

Bâshrat the Sneaky

Bâshrat the Sneaky

Posted
Posted

I've been thinking... (hehe yes I do think :P ) And I'm convinced it must be possible to entirely disable DriverSigningPolicy. (so no more AutoIt script that automatically clicks 'continue anyway' when a WHQL violation screen pops up.

The facts:

1. Windows looks in the registry how it should react when you try to install a driver that's not WHQL signed. It looks in the HKCU and HKLM registers (also HKU\.Default?) The safest value is used.

2. Driver Signing Policy Is Automatically Elevated for Unsigned Drivers

This behavior occurs because your computer is configured to display a warning message whenever an installation program tries to install a device driver that does not have a digital signature. Windows automatically raises the driver signing policy from Ignore to Warn whenever an installation program tries to install a device driver that does not have a digital signature. This is a function of Windows File Protection to promote the overall stability of the operating system.

source

Conclusion:

So we'd have to disable WFP completely in order to install _any_driver_ without problems.

So how could we do that? Raverod provides a patched SFCOS.dll :D Here's the topic

Or just use nLite to patch it!

Now the question: am I really missing some point here or hasn't anyone noticed this option?

Link to comment
Share on other sites

Readiosys

Readiosys

Posted
Posted

Do you mean it actually works or did you not test it yet ?

It would be really interesting.

For example, apply the patch during the Windows installation and then restore the original version after the drivers have been installed.

Link to comment
Share on other sites
Bâshrat the Sneaky

Bâshrat the Sneaky

Posted
  • Author
Posted
Do you mean it actually works or did you not test it yet ?

It would be really interesting.

For example, apply the patch during the Windows installation and then restore the original version after the drivers have been installed.

I did not test this yet. It's pure theory. Read the blue text :P.

Do you understand me? I think I *have* to be wrong, because it 'look' so obvious... So I think I must be missing something.

Edit: if THIS works, then I've got some other things to make this a completely new method. :P

Link to comment
Share on other sites
Bâshrat the Sneaky

Bâshrat the Sneaky

Posted
  • Author
Posted
This method is not going to work!

I have my WFP disabled and have tried installing ATI Beta drivers with one of my previous slipstreamed DVD's. It installs every other driver except the video driver since the beta drivers are not WHQL compliant.

And did you only disable WFP or did you also disable DriverSigningPolicy? You have to do both... WFP just prevents that you can disable DriverSigningPolicy in a easy way.

Link to comment
Share on other sites
Bâshrat the Sneaky

Bâshrat the Sneaky

Posted
  • Author
Posted
Yes, Driversigning is disabled in winnt.sif and I use the hacked sfc_os.dll to disable WFP.

But you can disable the DriverSigningPolicy in another way as well, at least that's what I think. (came up with this myself, read nowhere about it, so I'm not sure, not tested yet)

Windows XP searches the setting for DriverSigninPolicy. It looks in the HKCU and HKLM registers (also HKU\.Default?) The safest value is used. So what if we would change this default value? That would be possible: editing the HIVEDEF.INF and the HIVESFT.INF files in your I386 directory.

That might make the difference IMO...

Link to comment
Share on other sites
Bâshrat the Sneaky

Bâshrat the Sneaky

Posted
  • Author
Posted
Hmmm, that may be possible. I can test it out later this evening and see if that actually works.

Thank you very much for testing!

Here are the entries you should add/change:

change:

from

HKLM,"SOFTWARE\Microsoft\Driver Signing",,0x00000010
HKLM,"SOFTWARE\Microsoft\Non-Driver Signing",,0x00000010

to

HKLM,"SOFTWARE\Microsoft\Driver Signing",,0x00000000
HKLM,"SOFTWARE\Microsoft\Non-Driver Signing",,0x00000000

if not working, try to add these:

HKCU,"SOFTWARE\Microsoft\Driver Signing",,0x00000000
HKCU,"SOFTWARE\Microsoft\Non-Driver Signing",,0x00000000
HKU,".DEFAULT\SOFTWARE\Microsoft\Driver Signing",,0x00000000
HKU,".DEFAULT\SOFTWARE\Microsoft\Non-Driver Signing",,0x00000000
HKCU,"SOFTWARE\Policies\Microsoft\Windows NT\Driver Signing\BehaviorOnFailedVerify",,0x000000

a question to the registry-experts: in the registry it's in fact this key:

HKLM,"SOFTWARE\Microsoft\Driver Signing\Policy",,0x00000010

then why is it

HKLM,"SOFTWARE\Microsoft\Driver Signing",,0x00000010

in the HIVESFT.INF?

Link to comment
Share on other sites
Bâshrat the Sneaky

Bâshrat the Sneaky

Posted
  • Author
Posted

I've got another idea: Windows prefers the drivers in driver.cab over the ones we add, because sometimes the .cat file is missing, right?

Then, what if we would remove every cat file out of driver.cab? Then Windows would choose our drivers! Because Windows choose drivers to install like this: (highest rule = first rule)

1. Driver signed

2. Driver version

Do I sound like a fool now? Or is this again something nobody has ever noticed before?

Link to comment
Share on other sites
  • 4 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...