dpinst / DifX 不会静默安装签名驱动程序

发布于 2024-10-08 13:42:04 字数 191 浏览 2 评论 0原文

通过 DpInst 在 Windows 7 上安装签名驱动程序（即具有正确签名的 .CAB）时，除非它是 WHQL 签名驱动程序，否则无法静默安装。如果您在非静默模式下运行 DpInst，它会提示您信任“发布者”。如果您在静默模式下运行 DpInst，它将失败并出现与签名相关的错误代码（类似于 0x800b0109 - 检查您的 setupapi.app.log）。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

源来凯始玺欢你 2024-10-15 13:42:04

虽然 ilya 的答案很好，但 Windows 7 上的解决方案更加简单。以下命令将证书部署到当前用户和系统信任的发布者证书存储区。它需要管理权限，由 Microsoft 提供。

对于 Windows 7，

certutil.exe -addstore TrustedPublisher cert.cer

我验证了这适用于 Windows 7 64 位，可以部署已签名但未经过 WHQL 认证的驱动程序 - 无需提示用户。

Windows XP

WHQL 认证

看来，在 XP 上您仍然需要对驱动程序进行 WHQL 认证，以避免出现安装提示。

在 Windows XP 上预安装 SPC

对于 Windows XP，您需要从 Microsoft 下载 Windows Server 2003 管理工具包并提取 certutil.exe 和 certadm.dll。那么上面的命令在 XP 上也可以运行。

管理工具包：http://www.microsoft.com。 com/download/en/details.aspx?DisplayLang=en&id=16770

请注意，解压后的 msi 文件可以通过 7-zip 检查，因此您无需安装它即可获取 exe 和 dll你需要。

While ilya's answer is good, the solution on Windows 7 is even easier. The command below deploys the certificate to both the current user and the system trusted publisher certificate stores. It requires administrative privileges and is provided by Microsoft.

For Windows 7

certutil.exe -addstore TrustedPublisher cert.cer

I verified that this works on Windows 7 64-bit to deploy signed, but not WHQL-certified, drivers - without prompting the user.

Windows XP

WHQL Certification

It appears that on XP you still need to have the drivers WHQL-certified in order to avoid prompts on install.

Pre-Installing SPC on Windows XP

For Windows XP you'll need to download the Windows Server 2003 Admin Tools Pack from Microsoft and extract certutil.exe and certadm.dll. Then the command above will work on XP as well.

Admin Tools Pack: http://www.microsoft.com/download/en/details.aspx?DisplayLang=en&id=16770

Note that the extracted msi file can be inspected by 7-zip, so you don't need to install it to obtain the exe and dll you need.

回复收藏 0 原文

煮茶煮酒煮时光 2024-10-15 13:42:04

最简单的方法是将签名证书添加到 TrustedPublishers。您可以通过编程来完成（win32Exception 的实现留给读者作为练习）：

#include <windows.h>
#include <wincrypt.h>
#include "win32exception.h"

void InstallTrustedPublisherCertificate(LPCTSTR CertificateFilePath)
{
    DWORD dwContentType;
    PCCERT_CONTEXT pCertContext = NULL;
    if (!CryptQueryObject(
            CERT_QUERY_OBJECT_FILE,
            CertificateFilePath,
            CERT_QUERY_CONTENT_FLAG_ALL,
            CERT_QUERY_FORMAT_FLAG_ALL,
            0,
            NULL,
            &dwContentType,
            NULL,
            NULL,
            NULL,
            (const void **)&pCertContext))
            throw win32exception("CryptQueryObject");

    if (dwContentType != CERT_QUERY_CONTENT_CERT)
        throw exception("Incorrect content type of crypto object.");

    __try
    {
        HCERTSTORE hCertStore = CertOpenStore(
            CERT_STORE_PROV_SYSTEM,
            0,
            0,
            CERT_STORE_OPEN_EXISTING_FLAG |
            CERT_SYSTEM_STORE_CURRENT_USER,
            _T("TrustedPublisher"));
        if (hCertStore == NULL)
            throw win32exception("CertOpenStore");

        __try
        {
            if (CertAddCertificateContextToStore(hCertStore, pCertContext, CERT_STORE_ADD_NEWER, NULL))
            {
                // Added certificate to TrustedPublisher store.
            }
            else
            {
                DWORD err = GetLastError();
                if (err == CRYPT_E_EXISTS)
                {
                    // Certificate already exists in TrustedPublisher store.
                }
                else
                    throw win32exception("CertAddCertificateContextToStore", err);
            }
        }
        __finally
        {
            CertCloseStore (hCertStore, 0);
        }
    }
    __finally
    {
        CertFreeCertificateContext(pCertContext);
    }
}

The straightforward way to do it is to add the signing certificate to the TrustedPublishers. You can do it programatically (the implementation of win32exception is left as an exercise to the reader):

#include <windows.h>
#include <wincrypt.h>
#include "win32exception.h"

void InstallTrustedPublisherCertificate(LPCTSTR CertificateFilePath)
{
    DWORD dwContentType;
    PCCERT_CONTEXT pCertContext = NULL;
    if (!CryptQueryObject(
            CERT_QUERY_OBJECT_FILE,
            CertificateFilePath,
            CERT_QUERY_CONTENT_FLAG_ALL,
            CERT_QUERY_FORMAT_FLAG_ALL,
            0,
            NULL,
            &dwContentType,
            NULL,
            NULL,
            NULL,
            (const void **)&pCertContext))
            throw win32exception("CryptQueryObject");

    if (dwContentType != CERT_QUERY_CONTENT_CERT)
        throw exception("Incorrect content type of crypto object.");

    __try
    {
        HCERTSTORE hCertStore = CertOpenStore(
            CERT_STORE_PROV_SYSTEM,
            0,
            0,
            CERT_STORE_OPEN_EXISTING_FLAG |
            CERT_SYSTEM_STORE_CURRENT_USER,
            _T("TrustedPublisher"));
        if (hCertStore == NULL)
            throw win32exception("CertOpenStore");

        __try
        {
            if (CertAddCertificateContextToStore(hCertStore, pCertContext, CERT_STORE_ADD_NEWER, NULL))
            {
                // Added certificate to TrustedPublisher store.
            }
            else
            {
                DWORD err = GetLastError();
                if (err == CRYPT_E_EXISTS)
                {
                    // Certificate already exists in TrustedPublisher store.
                }
                else
                    throw win32exception("CertAddCertificateContextToStore", err);
            }
        }
        __finally
        {
            CertCloseStore (hCertStore, 0);
        }
    }
    __finally
    {
        CertFreeCertificateContext(pCertContext);
    }
}

回复收藏 0 原文