Kernel-mode headers

[maharmstone]

Thanks for this, very cool!

Do you know of any way to get the kernel-mode headers as well? There should be a km directory, alongside um and shared, containing ntifs.h and the like (i.e. what's in /usr/include/ddk for mingw). I had a brief look in Microsoft's package listing but couldn't see anything obvious.

[mstorsjo]

Sorry, no idea actually. If it exists as part of the packages that we can select among here, it’d be straightforward, but I dunno if those headers are part of a standalone installer only.

[maharmstone]

No worries. I'll do some digging and will submit a patch if I find anything.

[Biswa96]

It is possible to download an Windows Driver Kit ISO file but I am not sure if wine can handle the installer. e.g. https://software-download.microsoft.com/download/sg/22000.1.210604-1628.co_release_amd64fre_WDK.iso

[maharmstone]

Thanks @Biswa96, that was helpful. The files are in Installers/Windows Driver Kit Headers and Libs-x86_en-us.msi and Installers/Windows Driver Kit ARM Headers and Libs-x86_en-us.msi of the ISO.

[maharmstone]

Thanks Martin and @ravenexp for this - I'll give it a go. It should make my workflow a lot simpler.

[ravenexp]

Thanks Martin and @ravenexp for this - I'll give it a go. It should make my workflow a lot simpler.

The main remaining blocking issue for me is that I can not sign the drivers I build on Linux. Both inf2cat.exe and signtool.exe do not work in WINE yet.

There are OSS alternatives such as https://github.com/LINBIT/generate-cat-file and https://github.com/mtrojnar/osslsigncode, but I still haven't got around to try them. If you have any success with these tools, then we could maybe add links to them to the README.

[maharmstone]

The main remaining blocking issue for me is that I can not sign the drivers I build on Linux. Both inf2cat.exe and signtool.exe do not work in WINE yet.

There are OSS alternatives such as https://github.com/LINBIT/generate-cat-file and https://github.com/mtrojnar/osslsigncode, but I still haven't got around to try them. If you have any success with these tools, then we could maybe add links to them to the README.

Yes, this was something that was always problematic for me in the past. I could never get osslsigncode to work. I'd not heard of generate-cat-file, but it looks like it only does SHA1 hashes, and IIRC some versions of Windows require SHA256.

[maharmstone]

I couldn't find any free way to make cat files, so ended up making my own clone of Microsoft's makecat: https://github.com/maharmstone/nyan.

[ravenexp]

I couldn't find any free way to make cat files, so ended up making my own clone of Microsoft's makecat: https://github.com/maharmstone/nyan.

Wow, this is great news! I was thinking of trying to hack osslsigncode to make it output .cat files, since it already knows how to calculate Authenticode PE hashes. Unfortunately, I don't have any free time for this atm...

BTW, the current version of osslsigncode can sign .cat files out of the box. Does this work for you when used together with nyan? I'm only really interested in test signing with self-signed certificates. I'll try to test it myself as soon as I can, but it won't happen until next week or even next month.

[maharmstone]

BTW, the current version of osslsigncode can sign .cat files out of the box. Does this work for you when used together with nyan?

Yes. I've got a CI job on my private Gitea server that produces signed files that can be installed on a clean Windows installation. You might want to crib from https://github.com/maharmstone/btrfs/blob/master/.github/workflows/build.yml, it was a bit tricky to get right.

[ravenexp]

You might want to crib from https://github.com/maharmstone/btrfs/blob/master/.github/workflows/build.yml, it was a bit tricky to get right.

Thanks for the tip! I'll give it a try ASAP.