What utility/dll/program does windows 7 use to verify drivers?
Just wondering if anyone knew specifically which system file was behind the boot time verification of signed drivers under 64 bit windows 7?
March 19th, 2011 4:59am

Actually the checks are done when they are installed so that is where signing is checked Other checks are used for security in other ways My MVP is for the Windows Desktop Experience, i.e. Windows XP, Vista and Windows 7 IT Remote Assistance is available for a fee. I am best with C++ and I am learning C# using Visual Studio 2010 Developer | Windows IT | Chess | Economics | Hardcore Games | Vegan Advocate | PC Reviews
Free Windows Admin Tool Kit Click here and download it now
March 19th, 2011 7:25pm

So do you know what boot time checks windows performs on drivers and it's own files?
March 19th, 2011 11:43pm

Hi, the checks are done by a the following DLL: "C:\Windows\System32\ci.dll" This DLL includes the functions to verify signature checks. André"A programmer is just a tool which converts caffeine into code" Want to install RSAT on Windows 7 Sp1? Check my HowTo: http://www.msfn.org/board/index.php?showtopic=150221
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2011 9:15am

The integrity module is signed, does it check itself? (Seems kinda pointless -- Though I'd hope Microsoft has something checking the checker -- If it was altered maliciously I'd like to hope it would be seen)
March 20th, 2011 9:25am

The integrity module is signed, does it check itself? the Windows Kernel and other Windows DLLs call the functions from the DLL (CiFindPageHashesInCatalog, CiFindPageHashesInSignedFile,CiVerifyHashInCatalog, CiCheckSignedFile) to check the signatures. André"A programmer is just a tool which converts caffeine into code" Want to install RSAT on Windows 7 Sp1? Check my HowTo: http://www.msfn.org/board/index.php?showtopic=150221
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2011 10:10am

the Windows Kernel and other Windows DLLs call the functions from the DLL (CiFindPageHashesInCatalog, CiFindPageHashesInSignedFile,CiVerifyHashInCatalog, CiCheckSignedFile) to check the signatures. I was hoping there'd be a bit more than that -- otherwise there'd just a rootkit out there that patches those functions to always return 'true' or similar... "Signed" drivers and the rootkit-proofness (better word please?) of 64bit windows no longer seems like a great security breakthough
March 20th, 2011 10:33am

Modifying the file requires admin rights. If a malware has admin rights, everything is lost. So it doesn't matter."A programmer is just a tool which converts caffeine into code" Want to install RSAT on Windows 7 Sp1? Check my HowTo: http://www.msfn.org/board/index.php?showtopic=150221
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2011 10:41am

I really hate it when Microsoft takes that stance. I know of an existing exploit (which Microsoft knows about) that can silently elevate user code to administrator on default settings, and their excuse for not patching it is that if you are running a program that you do not fully trust "it is not your computer, hackers own it". Said exploit is an injection into explorer.exe's process and execution of a remote thread -- doesn't prompt for UAC due to a whitelist, except on max settings Back to the issue at hand, if core Operating System security (I'd say module verification is a biggie) can be broken simply by patching one dll then there is something seriously wrong with the entire security module employed by the kernel.
March 21st, 2011 4:04am

I really hate it when Microsoft takes that stance. I know of an existing exploit (which Microsoft knows about) that can silently elevate user code to administrator on default settings, that's why I always set the UAC slider to the top position to get the Vista UAC back."A programmer is just a tool which converts caffeine into code" Want to install RSAT on Windows 7 Sp1? Check my HowTo: http://www.msfn.org/board/index.php?showtopic=150221
Free Windows Admin Tool Kit Click here and download it now
March 21st, 2011 6:10pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics