dpinst / DifX 不会静默安装签名驱动程序

发布于 2024-10-08 13:42:04 字数 191 浏览 9 评论 0原文

通过 DpInst 在 Windows 7 上安装签名驱动程序(即具有正确签名的 .CAB)时,除非它是 WHQL 签名驱动程序,否则无法静默安装。如果您在非静默模式下运行 DpInst,它会提示您信任“发布者”。如果您在静默模式下运行 DpInst,它将失败并出现与签名相关的错误代码(类似于 0x800b0109 - 检查您的 setupapi.app.log)。

When installing a signed driver (i.e. with a properly signed .CAB) on Windows 7 through DpInst, unless it's a WHQL-signed driver, you cannot install it silently. If you run DpInst in the non-silent mode, it'll prompt you to trust the "publisher". If you run DpInst in silent mode, it would fail with a signing-related error code (something like 0x800b0109 -- check your setupapi.app.log).

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

源来凯始玺欢你 2024-10-15 13:42:04

虽然 ilya 的答案很好,但 Windows 7 上的解决方案更加简单。以下命令将证书部署到当前用户和系统信任的发布者证书存储区。它需要管理权限,由 Microsoft 提供。

对于 Windows 7,

certutil.exe -addstore TrustedPublisher cert.cer

我验证了这适用于 Windows 7 64 位,可以部署已签名但未经过 WHQL 认证的驱动程序 - 无需提示用户。

Windows XP

WHQL 认证

看来,在 XP 上您仍然需要对驱动程序进行 WHQL 认证,以避免出现安装提示。

在 Windows XP 上预安装 SPC

对于 Windows XP,您需要从 Microsoft 下载 Windows Server 2003 管理工具包并提取 certutil.exe 和 certadm.dll。那么上面的命令在 XP 上也可以运行。

管理工具包:http://www.microsoft.com。 com/download/en/details.aspx?DisplayLang=en&id=16770

请注意,解压后的 msi 文件可以通过 7-zip 检查,因此您无需安装它即可获取 exe 和 dll你需要。

While ilya's answer is good, the solution on Windows 7 is even easier. The command below deploys the certificate to both the current user and the system trusted publisher certificate stores. It requires administrative privileges and is provided by Microsoft.

For Windows 7

certutil.exe -addstore TrustedPublisher cert.cer

I verified that this works on Windows 7 64-bit to deploy signed, but not WHQL-certified, drivers - without prompting the user.

Windows XP

WHQL Certification

It appears that on XP you still need to have the drivers WHQL-certified in order to avoid prompts on install.

Pre-Installing SPC on Windows XP

For Windows XP you'll need to download the Windows Server 2003 Admin Tools Pack from Microsoft and extract certutil.exe and certadm.dll. Then the command above will work on XP as well.

Admin Tools Pack: http://www.microsoft.com/download/en/details.aspx?DisplayLang=en&id=16770

Note that the extracted msi file can be inspected by 7-zip, so you don't need to install it to obtain the exe and dll you need.

煮茶煮酒煮时光 2024-10-15 13:42:04

最简单的方法是将签名证书添加到 TrustedPublishers。您可以通过编程来完成(win32Exception 的实现留给读者作为练习):

#include <windows.h>
#include <wincrypt.h>
#include "win32exception.h"

void InstallTrustedPublisherCertificate(LPCTSTR CertificateFilePath)
{
    DWORD dwContentType;
    PCCERT_CONTEXT pCertContext = NULL;
    if (!CryptQueryObject(
            CERT_QUERY_OBJECT_FILE,
            CertificateFilePath,
            CERT_QUERY_CONTENT_FLAG_ALL,
            CERT_QUERY_FORMAT_FLAG_ALL,
            0,
            NULL,
            &dwContentType,
            NULL,
            NULL,
            NULL,
            (const void **)&pCertContext))
            throw win32exception("CryptQueryObject");

    if (dwContentType != CERT_QUERY_CONTENT_CERT)
        throw exception("Incorrect content type of crypto object.");

    __try
    {
        HCERTSTORE hCertStore = CertOpenStore(
            CERT_STORE_PROV_SYSTEM,
            0,
            0,
            CERT_STORE_OPEN_EXISTING_FLAG |
            CERT_SYSTEM_STORE_CURRENT_USER,
            _T("TrustedPublisher"));
        if (hCertStore == NULL)
            throw win32exception("CertOpenStore");

        __try
        {
            if (CertAddCertificateContextToStore(hCertStore, pCertContext, CERT_STORE_ADD_NEWER, NULL))
            {
                // Added certificate to TrustedPublisher store.
            }
            else
            {
                DWORD err = GetLastError();
                if (err == CRYPT_E_EXISTS)
                {
                    // Certificate already exists in TrustedPublisher store.
                }
                else
                    throw win32exception("CertAddCertificateContextToStore", err);
            }
        }
        __finally
        {
            CertCloseStore (hCertStore, 0);
        }
    }
    __finally
    {
        CertFreeCertificateContext(pCertContext);
    }
}

The straightforward way to do it is to add the signing certificate to the TrustedPublishers. You can do it programatically (the implementation of win32exception is left as an exercise to the reader):

#include <windows.h>
#include <wincrypt.h>
#include "win32exception.h"

void InstallTrustedPublisherCertificate(LPCTSTR CertificateFilePath)
{
    DWORD dwContentType;
    PCCERT_CONTEXT pCertContext = NULL;
    if (!CryptQueryObject(
            CERT_QUERY_OBJECT_FILE,
            CertificateFilePath,
            CERT_QUERY_CONTENT_FLAG_ALL,
            CERT_QUERY_FORMAT_FLAG_ALL,
            0,
            NULL,
            &dwContentType,
            NULL,
            NULL,
            NULL,
            (const void **)&pCertContext))
            throw win32exception("CryptQueryObject");

    if (dwContentType != CERT_QUERY_CONTENT_CERT)
        throw exception("Incorrect content type of crypto object.");

    __try
    {
        HCERTSTORE hCertStore = CertOpenStore(
            CERT_STORE_PROV_SYSTEM,
            0,
            0,
            CERT_STORE_OPEN_EXISTING_FLAG |
            CERT_SYSTEM_STORE_CURRENT_USER,
            _T("TrustedPublisher"));
        if (hCertStore == NULL)
            throw win32exception("CertOpenStore");

        __try
        {
            if (CertAddCertificateContextToStore(hCertStore, pCertContext, CERT_STORE_ADD_NEWER, NULL))
            {
                // Added certificate to TrustedPublisher store.
            }
            else
            {
                DWORD err = GetLastError();
                if (err == CRYPT_E_EXISTS)
                {
                    // Certificate already exists in TrustedPublisher store.
                }
                else
                    throw win32exception("CertAddCertificateContextToStore", err);
            }
        }
        __finally
        {
            CertCloseStore (hCertStore, 0);
        }
    }
    __finally
    {
        CertFreeCertificateContext(pCertContext);
    }
}
要走就滚别墨迹 2024-10-15 13:42:04

问题是?如果驱动程序未经过 WHQL 认证,则无法静默安装。这是Windows 的一项安全措施。

And the question is? If the driver is not WHQL-certified, it can't be installed silently. This is a security measure of Windows.

薄暮涼年 2024-10-15 13:42:04

驱动程序必须通过 WHQL 认证,以避免出现任何类型的未签名弹出窗口。

如果您正在寻找任何第三方 WHQLTesting 服务提供商,请告诉我们,我们很乐意在这方面为您提供帮助。

The Drivers have to go through WHQL Certification to avoid any kind of un-signed pop-ups.

If you are looking for any third-party WHQLTesting Service providers let us know, we would be happy to help you in this regards.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文