Re: Отключение проверки сигнатуры драйвера.

Здравствуйте, boris_, Вы писали:

_>Кто знает как программным образом деактивировать проверку сигнатуры драйвера. GUI-метод: Control Panel/System/Hardware и т.д. работает ,но увы не автоматически. Менять настройки в Registry ( даже те ,что нужно ) бесполезно — в ходе инсталляции Windы восстановят старые значения ( default или установленные GUI-методом.)
_>Спасибо.

Все дело в том, что в XP, в отличие от Win2k, настройки в реестре защищены хэшем, хранящемся в "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PrivateHash".
Значение хэша получается на основе режима проверки сигнатуры (0,1,2) и некоторой константы. Эта константа разная для разных версий XP.Хранится константа в области данных библиотеки "setupapi.dll". Я написал утилитку, которая находит эту константу и позволяет отключать проверку сигнатуры.

#include <windows.h>
#include <wincrypt.h>
#include <stdio.h>

BOOL MakeHash(DWORD dwValue, DWORD dwMagic, BYTE *pHashData);
BOOL CompareHash(BYTE *pHashData1, BYTE *pHashData2);
BOOL FindMagic(DWORD dwValue, BYTE *pHashData, DWORD& dwMagic);
BOOL BackupDriverPolicy();
BOOL RestoreDriverPolicy();
BOOL IgnoreDriverPolicy();

BOOL MakeHash(DWORD dwValue, DWORD dwMagic, BYTE *pHashData)
{
HCRYPTPROV hProv;
HCRYPTHASH hHash;
DWORD dwLen;
if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) return FALSE;
if (!CryptCreateHash(hProv, 0x8003, 0, 0, &hHash)) return FALSE;
if (!CryptHashData(hHash, (CONST BYTE*)&dwValue, 4, 0)) return FALSE;
if (!CryptHashData(hHash, (CONST BYTE*)&dwMagic, 4, 0)) return FALSE;
if (!CryptGetHashParam(hHash,HP_HASHVAL,pHashData, &dwLen, 0)) return FALSE;
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, 0);
return TRUE;
}
BOOL CompareHash(BYTE *pHashData1, BYTE *pHashData2)
{
for (int i = 0; i < 16; i++)
if (pHashData1[i] != pHashData2[i]) return FALSE;
return TRUE;
}

BOOL FindMagic(DWORD dwValue, BYTE *pHashData, DWORD& dwMagic)
{
PVOID pSetupApiBase, pRegion;
MEMORY_BASIC_INFORMATION mInfo;
BYTE TempHashData[16];
pSetupApiBase = LoadLibrary("setupapi.dll");
pRegion = pSetupApiBase;
while (VirtualQuery(pRegion, &mInfo, sizeof mInfo))
{
if (mInfo.AllocationBase != pSetupApiBase) break;
if (((mInfo.Protect & PAGE_READWRITE) != 0) ||
((mInfo.Protect & PAGE_WRITECOPY) != 0) ||
((mInfo.Protect & PAGE_EXECUTE_READWRITE) != 0) ||
((mInfo.Protect & PAGE_EXECUTE_WRITECOPY) != 0))
{
PDWORD pRegionData = (PDWORD)pRegion;
for (DWORD i =0; i < (mInfo.RegionSize >> 2) ; i++)
{
dwMagic = pRegionData[i];
MakeHash(dwValue, dwMagic, TempHashData);
if (CompareHash(pHashData, TempHashData))
{
return TRUE;
}
}

}
pRegion = (PVOID) ((DWORD)pRegion + mInfo.RegionSize );
}
return FALSE;
}
BOOL BackupDriverPolicy()
{
BYTE CurrentHashData[16];
BYTE bCurrentPolicy[4];
DWORD dwLen, dwType;
HKEY hKey;
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Driver Signing", 0, KEY_ALL_ACCESS, &hKey)!=ERROR_SUCCESS) return FALSE;
dwLen = 1;
if (RegQueryValueEx(hKey, "Policy",NULL, &dwType, bCurrentPolicy,&dwLen) != ERROR_SUCCESS) return FALSE;
if (RegSetValueEx(hKey, "OldPolicy", NULL, REG_BINARY, bCurrentPolicy, 1) != ERROR_SUCCESS) return FALSE;
RegCloseKey(hKey);

if (RegOpenKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Driver Signing", 0, KEY_ALL_ACCESS, &hKey)==ERROR_SUCCESS)
{
dwLen = 4;
if (RegQueryValueEx(hKey, "Policy",NULL, &dwType, bCurrentPolicy,&dwLen) == ERROR_SUCCESS)
RegSetValueEx(hKey, "OldPolicy", NULL, REG_DWORD, bCurrentPolicy, 4);
RegCloseKey(hKey);
}
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup", 0, KEY_ALL_ACCESS, &hKey)!=ERROR_SUCCESS) return FALSE;
dwLen = 16;
if (RegQueryValueEx(hKey, "PrivateHash",NULL, &dwType, CurrentHashData,&dwLen) != ERROR_SUCCESS) return FALSE;
if (RegSetValueEx(hKey, "OldPrivateHash", NULL, REG_BINARY, CurrentHashData, 16) != ERROR_SUCCESS) return FALSE;
RegCloseKey(hKey);
return TRUE;
}

BOOL RestoreDriverPolicy()
{
BYTE CurrentHashData[16];
BYTE bCurrentPolicy[4];
DWORD dwLen, dwType;
HKEY hKey;
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Driver Signing", 0, KEY_ALL_ACCESS, &hKey)!=ERROR_SUCCESS) return FALSE;
dwLen = 1;
if (RegQueryValueEx(hKey, "OldPolicy",NULL, &dwType, bCurrentPolicy,&dwLen) != ERROR_SUCCESS) return FALSE;
if (RegSetValueEx(hKey, "Policy", NULL, REG_BINARY, bCurrentPolicy, 1) != ERROR_SUCCESS) return FALSE;
RegDeleteValue(hKey, "OldPolicy");
RegCloseKey(hKey);

if (RegOpenKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Driver Signing", 0, KEY_ALL_ACCESS, &hKey)==ERROR_SUCCESS)
{
dwLen = 4;
if (RegQueryValueEx(hKey, "OldPolicy",NULL, &dwType, bCurrentPolicy,&dwLen) == ERROR_SUCCESS)
{
RegSetValueEx(hKey, "Policy", NULL, REG_DWORD, bCurrentPolicy, 4);
RegDeleteValue(hKey, "OldPolicy");
}
RegCloseKey(hKey);
}
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup", 0, KEY_ALL_ACCESS, &hKey)!=ERROR_SUCCESS) return FALSE;
dwLen = 16;
if (RegQueryValueEx(hKey, "OldPrivateHash",NULL, &dwType, CurrentHashData,&dwLen) != ERROR_SUCCESS) return FALSE;
if (RegSetValueEx(hKey, "PrivateHash", NULL, REG_BINARY, CurrentHashData, 16) != ERROR_SUCCESS) return FALSE;
RegDeleteValue(hKey, "OldPrivateHash");
RegCloseKey(hKey);
return TRUE;
}

BOOL IgnoreDriverPolicy()
{
BYTE CurrentHashData[16], NewHashData[16];
BYTE bCurrentPolicy[4];
DWORD dwLen, dwType, dwMagic, dwCurrentPolicy;
HKEY hKey;

// Load Current Policy
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Driver Signing", 0, KEY_ALL_ACCESS, &hKey)!=ERROR_SUCCESS) return FALSE;
dwLen = 1;
if (RegQueryValueEx(hKey, "Policy",NULL, &dwType, bCurrentPolicy,&dwLen) != ERROR_SUCCESS) return FALSE;
RegCloseKey(hKey);
dwCurrentPolicy = bCurrentPolicy[0] << 8;

if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup", 0, KEY_ALL_ACCESS, &hKey)!=ERROR_SUCCESS) return FALSE;
dwLen = 16;
if (RegQueryValueEx(hKey, "PrivateHash",NULL, &dwType, CurrentHashData,&dwLen) != ERROR_SUCCESS) return FALSE;
RegCloseKey(hKey);

// Find Magic
if (!FindMagic(dwCurrentPolicy, CurrentHashData, dwMagic)) return FALSE;
if (!MakeHash(0, dwMagic, NewHashData)) return FALSE;

// Set New Policy
ZeroMemory(bCurrentPolicy, 4);

if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup", 0, KEY_ALL_ACCESS, &hKey)!=ERROR_SUCCESS) return FALSE;
dwLen = 16;
if (RegSetValueEx(hKey, "PrivateHash", NULL, REG_BINARY, NewHashData, 16) != ERROR_SUCCESS) return FALSE;
RegCloseKey(hKey);

if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Driver Signing", 0, KEY_ALL_ACCESS, &hKey)!=ERROR_SUCCESS) return FALSE;
dwLen = 1;
if (RegSetValueEx(hKey, "Policy", NULL, REG_BINARY, bCurrentPolicy, 1) != ERROR_SUCCESS) return FALSE;
RegCloseKey(hKey);

if (RegCreateKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Driver Signing", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, NULL)!=ERROR_SUCCESS) return FALSE;
dwLen = 4;
if (RegSetValueEx(hKey, "Policy", NULL, REG_DWORD, bCurrentPolicy, 4) != ERROR_SUCCESS) return FALSE;
RegCloseKey(hKey);
return TRUE;
}

int main(int argc, char* argv[])
{
if (argc < 2)
{
printf("Usage:\n\n");
printf(" DriverSigningPolicy /ignore\n");
printf(" sets driver signing policy to \"Ignore\"\n\n");
printf(" DriverSigningPolicy /restore\n");
printf(" restores previous driver signing policy\n");
return 0;
}
if (stricmp(argv[1], "/ignore")==0)
{
if (!BackupDriverPolicy())
{
printf("Can not back up driver signing policy settings\n");
return -1;
}
if (!IgnoreDriverPolicy())
{
printf("Can not set driver signing policy to \"Ignore\"\n");
return -1;
}
printf("Driver signing policy successfully changed to \"Ignore\"\n");
return 0;
}
if (stricmp(argv[1], "/restore")==0)
{
if (!RestoreDriverPolicy())
{
printf("Can not restore previous driver signing policy settings\n");
return -1;
}
printf("Previous driver signing policy settings successfully restored\n");
return 0;
}
return -1;
}

С уважением, Василий.

	От:	Никишаев Василий
	Дата:	12.05.05 06:18
	Оценка:	43 (6)