Video Screencast Help

UltraVNC Mirror Driver 1.00.22: Packaging with DIFxApp / DPInst / Devcon

Created: 16 Aug 2009 • Updated: 21 May 2010 | 12 comments

Hi everyone,

Having fun trying to package the UltraVNC Mirror Driver 1.00.22 for use with UltraVNC 1.0.6.4. I downloaded the driver from http://sc.uvnc.com/drivers.zip. Inside the 'xp\driver' folder path (XP is the target platform I'm repackaging for), there are 4 files:

  • mv2.cat
  • mv2.dll
  • mv2.inf
  • mv2.sys

The .cat, .dll and .sys files are signed by a GlobalSign issued certificate -- not Microsoft. I guess this means it has not passed "Windows Logo" testing, which is why during installation it generates the annoying Hardware Installation or Software Installation (depending on what you use) prompt:

The vendor (UltraVNC) uses a nasty setupdrv.exe file that performs unattended driver installation and prompt suppression by automatically pressing "Continue Anyway" for you -- you can see this momentarily pop up on the screen and then disappear. This is not ideal for an unattended enterprise wide deployment.

I have tried using DIFxApp, DPInst, and Devcon to perform driver installation, but they're not giving me the results I'm after.

DIFxApp

I followed Screenbert's article, https://www-secure.symantec.com/connect/articles/how-package-signed-device-driver-using-wise-package-studio, which explains how to package a signed device driver. Both an interactive or unatteded installation generates the Hardware Installation/Software Installation prompt as above ;(

However, even if I was able to somehow suppress this (e.g., I just manually clicked "Continue Anyway" for my testing), the 4 driver files get dropped into [INSTALLDIR] and %SystemRoot%\system32\DRVSTORE\mv2_51D59933D8D3C8E541AD493D042293BA1BECE904. This is different from the vendor installer (setupdrv.exe) which drops mv2.dll into %SystemRoot%\system32 and mv2.sys into %SystemRoot%\system32\drivers (which I can see configured in the mv2.inf file).

(Q1) Is this normal behaviour for DIFxApp? (i.e., it does not observe the [DestinationDirs] section in the .inf).

Additionally, what is more concerning is that the mirror driver virtual device itself, "mv video hook driver2", does not appear in the Device Manager. The vendor's installer results in the following entry under "Display adapters" but DIFxApp doesn't do the same!

(Q2) Any ideas why not? Is it because this a virtual device?

DPInst

Next, I thought about using DIFxApp as a Custom Action. Running it from the Command Prompt as a test gave me an error about the certificate being inappropriate for the requested usage. Here's the output:

C:\>DPInst.exe /Q /C /PATH C:\.

INFO:   Option set: dumping log info to console.
INFO:   Current working directory: 'C:\'
INFO:   Running on path 'C:\'
INFO:   No valid 'dpinst.xml' file provided.
INFO:   Install option set: Running in quiet mode. Suppressing Wizard and OS popups.
INFO:   Found driver package: 'C:\\mv2.inf'.
INFO:   Preinstalling 'c:\\mv2.inf' ...
INFO:   ENTER:  DriverPackagePreinstallW
INFO:   mv2.inf: checking signature with catalog 'c:\mv2.cat' ...
INFO:   Driver package 'mv2.inf' is Authenticode signed.
INFO:   Copied 'mv2.inf' to driver store...
INFO:   Copied 'mv2.cat' to driver store...
INFO:   Commiting queue...
INFO:   Copied file: 'c:\mv2.sys' -> 'C:\WINDOWS\system32\DRVSTORE\mv2_51D59933D8D3C8E541AD493D042293BA1BECE904\mv2.sys'.
INFO:   Copied file: 'c:\mv2.dll' -> 'C:\WINDOWS\system32\DRVSTORE\mv2_51D59933D8D3C8E541AD493D042293BA1BECE904\mv2.dll'.
ERROR:  Invalid signature. Possibly rejected by user. (Error code 0x800B0110: The certificate is not valid for the requested usage.)
INFO:   Removed driver package from store.
INFO:   RETURN: DriverPackagePreinstallW  (0x800B0110)
INFO:   Returning with code 0x80010000

(Q3) I inspected the vendor's certificate inside the .cat, .sys and .dll files -- they refer to one and the same certificate issued by GlobalSign. The vendor's issued certificate also has "Digital Signature (80)" under the Key Usage section. Is DPInst.exe expecting something else?

Devcon

Onto Devcon next, I tried executing "devcon.exe install mv2.inf mv_hook_display_driver2" from a Command Prompt window to test it out -- I still get the dreaded Hardware Installation prompt. However, if I do hit "Continue Anyway", the virtual device, "mv video hook driver2", does appear under "Display adapters" in the Device Manager! The mirror driver also works with UltraVNC!

(Q4) What's going on here? Why does Devcon.exe populate Device Manager, yet DIFxApp does not?

Still, I have the original problem of the Hardware Installation/Software Installation prompts! Thanks for the help in advance!

Comments 12 CommentsJump to latest comment

philbenson's picture

The screen you get is normal. This is an XP issue. You can set your XP systems to accept non-windows logo drivers and you will not get this. This is the standard setting for "larger" environments, as not all vendors go through the Windows driver logo testing (it's a right royal pain in the ar*e). As for the driver store, this is the default location for PnP drivers, which are "moved/copied" to the correct location once the hardware has been identified. As for not appearing in the device manager, that's unusual, have you actived the mirror driver in the VNC application?

Cheers
Phil

fault's picture

Hi Phil,

Thanks for the response.

I see, so when one says that a driver is "signed", they really mean it is "signed by Microsoft" -- not self signed? What's the point with the vendor (UltraVNC) self-signing their .cat, .sys, and .dll then?

I'm still confused with the signing concept, because this forum thread resolved by AngelID suggests that you can self-sign a vendor's driver if it has not been signed at all, and then use DIFxApp to install it. Even if you do this, isn't this going to generate the same Hardware Installation/Software Installation prompt?

I could disable driver code signing checks via Group Policy, but we have a security policy where this should remain enabled. If this is the case, am I out of options?

Yes, it's a very strange that DIFxApp doesn't add the virtual device into Device Manager, yet Devcon does. I can't activate the mirror driver in UltraVNC, because it thinks it's not installed. E.g., I right click the UltraVNC Notification Area icon, click Properties, tick Video Hook Driver, click Check the Video Hook Driver, and get the below message ;(

Sure enough, if I restart the computer, it still doesn't detect the presence of the mirror driver. However, if I install the driver via Devcon, since the virtual device, "mv video hook driver2", does appear in the Device Manager, UltraVNC "sees" the mirror driver now and all is well (the driver is "not active" below because there's no current VNC connection but it is installed):

Any ideas?

Cheers.

philbenson's picture

difference between "Signed" which this driver is, and "verified" (for want of a better word) for Windows compatibility which this driver is not. Without having a look at your projects I cannot see why you are having so many problems with DIFxApp... are you using the merge module? Sometimes, I set the flags column to the value "31", which causes an ICE error / warning but always successfully installs the dirver. I don't have a Wise setup at home, but I'll have a look, because I successfully packaged this before using DIFxAPP, and I can't understand why your having so many problems...

Cheers
Phil

fault's picture

Thanks for the clarification Phil. I still don't see how AngelID's method of self-signing the certificate will supress the prompt without disabling driver code signing checking on the OS. Hopefully, he/she will reply... ;)

Yes, I am definitely using the DIFxApp merge module (as per the guidelines in https://www-secure.symantec.com/connect/articles/h...). I haven't modified any "flags" columns -- I believe you're referring to the MsiDriverPackages table? Currently, the values are set to 0, but I could certainly try setting them to 31 and report back tonight.

Perhaps it will help if I supply you with my source files + WPS project (.wsi)? There's not much to them -- it's a relatively simple project! I'm happy to upload this somewhere tonight. Appreciate the help!

philbenson's picture

does help alot, esp. if deleivering driver packages that do not have any signing in an enterprise environment. What you can do is only allow the installation / usage of signed drivers, but dis-allow signed drivers that have not passed Windows Logo Verification. Right click on the My Computer Icon on the deskop, Choose "Properties" and then select the "Hardware" tab. From that page, clic kthe button "Driver Signing". There you will see the options taht are specific for "Windows Logo". Send me the link for the VNC driver package and I will have a look. Perhaps they have changed since I last packaged these.

Cheers
Phil

VBScab's picture

FWIW, DifXApp is DPInst with some CAs wrapped up in a merge module.

Don't know why 'x' happened? Want to know why 'y' happened? Use ProcMon and it will tell you.
Think about using http://www.google.com before posting.

fault's picture

VBScab, thanks for the confirmation. I thought they seemed similar for two products from Microsoft. And Phil, thanks for the clarification again. I understand what you mean now. Good explanation.

Here's my WSI project with the source files for UltraVNC 1.0.6.4 with the UltraVNC Mirror Driver 1.00.22: http://www.filefactory.com/file/ah19419/n/UltraVNC_1_0_6_4_zip

  • UltraVNC Mirror Driver 1.00.22 is an additional child feature, "Mirror Driver", beneath the parent "Complete"
  • The DIFFxApp merge module is included in the "Mirror Driver" feature
  • The mv2.inf file been selected in Files > Details > Driver tab to "Use DIFxApp to install this driver file"; "Prompt for missing device" has been unticked (I don't know if this causes problems with virtual devices but I tried leaving it ticked and it still doesn't install anyway!)
  • UltraVNC files are copied to Program Files\UltraVNC [INSTALLDIR]
  • UltraVNC Mirror Driver files are copied to Program Files\UltraVNC\Mirror Driver
  • There are no registry keys at all (there used to be with older versions of UltraVNC; it has since all moved into an ultravnc.INI file)
  • The mentioned ultravnc.INI file gets copied to [INSTALLDIR]. It contains all the config. One of the lines is EnableDriver=1 which is meant to enable the Mirror Driver.
  • I have two custom actions: one on INSTALL to install the WinVNC server to make it run as a Windows service (winvnc.exe -install) and one on REMOVE to stop the WinVNC service (winvnc.exe -stop) and uninstall the WinVNC service(winvnc.exe -uninstall). You can see these in the MSI Script > Execute Deferred section.
  • I have two shortcuts: one to run regular vncviewer.exe (UltraVNC Viewer) and another to run vncviewer.exe with encryption (i.e., with the /dsmplugin MSRC4Plugin.dsm switch) (UltraVNC Viewer - RC4 Encryption). They rc4.key in [INSTALLDIR] contains the key for testing.
  • The VNC password is 'test' if you want to try and connect to the VNC server. You need to copy the rc4.key file into your own C:\Program Files\UltraVNC folder and tick UseDSMPlugin in UltraVNC Viewer to enable encryption before attempting to connect, otherwise you will receive a protocol error.

To install once compiled, I run msiexec /i "UltraVNC 1.0.6.4.msi" /passive /norestart (you'll get interrupted by the Software Installation prompt). To uninstall, I run msiexec /uninstall {37F33FA6-8915-422A-AA2E-9F5429C22728} /passive /norestart.

As mentioned, UltraVNC itself installs fine. You can connect (with encryption) without a problem. It's just the darn Mirror Driver!

Cheers and good luck! Hopefully, you (or someone else) will have more lucky than I did :)

philbenson's picture

had a look yet, but going by what you have written, there's no need to use custom actions to install, start and stop the service, you can use the MSI tables for that. When creating the service, just make sure that you activate the check box, "service interacts with desktop" otherwise you cannot connect after entering the password for the remote machine. I'll have a look at the project tonight.

Cheers
Phil

fault's picture

Oh right, thanks for the advice. I will give that a try to clean up the package on the side.

Cheers.

philbenson's picture

I have not (yet) got round to having a look. Have downloaded the files. Sorry, will see if I can have a look tonight.

Cheers
Phil