Patching in your own kernel signing certificate

Kerlingen · #2 09-25-2024, 17:51

Quote:

I attached a kernel debugger to my VM and tried to load the driver with devcon

This is already the first mistake made in the article: As soon as a kernel debugger is attached, many of the kernel protection features are automatically disabled, including the kernel signature verification. Drivers do not even need a test signed certificate in this case, they will load even without any signature.

Quote:

manually added my root certificate to the trusted roots store the normal way

This is also total nonsense. The root certificates for kernel signing are hard-coded in the executable files, they are never read from the trusted roots store. The whole article seems to focus on removing certificate warnings in the GUI, a part which has absolutely nothing to do with the decision if a kernel driver is permitted to load or not.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Signing a Windows Kernel driver without using Microsoft	Stingered	General Discussion	21	02-17-2023 22:09
Hades:Windows kernel driver lets reverse engineers monitor user and kernel mode code	sh3dow	Source Code	0	05-12-2016 03:15

The Following 3 Users Say Thank You to Kerlingen For This Useful Post:
SofTw0rm (09-25-2024), tame_mpeg (09-25-2024), tonyweb (09-29-2024)