Adds info about KB3033929 info to README and in error dialog, fixing #1

godaddy · Aug 1, 2016 · 6d36519 · 6d36519
1 parent e2dec34
commit 6d36519
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -11,6 +11,8 @@ ProcFilter is compatible with Windows 7+ and Windows Server 2008+ systems.
 # Installers
 - [ProcFilter x86/x64 Release/Debug Installers](https://github.com/godaddy/procfilter/releases)
 
+Note: Unpatched Windows 7 systems require [hotfix 3033929](https://technet.microsoft.com/en-us/library/security/3033929) to load the driver component. More information can be found [here](https://github.com/godaddy/procfilter/issues/1). 
+
 # Features
 + Block/Quarantine/Log processes based on YARA rules found in a Git repository
 + Integrated with the Windows Event Log

diff --git a/service/umdriver.cpp b/service/umdriver.cpp
@@ -161,7 +161,16 @@ LoadKernelDriver()
 	// Start the driver service
 	BOOL rc = StartService(g_hDriverService, 0, NULL);
 	DWORD dwErrorCode = GetLastError();
-	if (!rc) Die("Unable to start driver service: %u", dwErrorCode);
+	if (!rc) {
+		const WCHAR *lpszErrorInfo = ErrorText(dwErrorCode);
+		if (dwErrorCode == ERROR_INVALID_IMAGE_HASH) {
+			// Normally special cases are undesireable, however this one goes a long way towards usability for an all too
+			// frequently encountered error message
+			lpszErrorInfo = L"Error verifying driver signature. Unpatched Windows 7 require the hotfix at Microsoft Security Advisory 3033929 in order " \
+				"to load SHA-2 signed drivers. It can be downloaded from https://technet.microsoft.com/en-us/library/security/3033929.";
+		}
+		Die("Unable to start driver service %u: %ls", dwErrorCode, lpszErrorInfo);
+	}
 
 	// It's running, so open it
 	g_hDriver = CreateFileW(PROCFILTER_DEVICE_PATH, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL);