• XDA Forums have been migrated to XenForo. We are aware of several issues including missing threads, logins not working, and more. To discuss, use this thread.

[DEV-UTIL][19.03.2009]DriverWiz - Make signed CABs from driver DLLs that work

Chainfire

Moderator Emeritus / Senior Recognized Developer -
Oct 2, 2007
11,421
87,559
0
www.chainfire.eu
Intro
Lately I've seen a lot of posts by people who are trying to replace WM internal or driver DLLs, either for hacking/testing or to release. Aside from the possibility they are just doing something that won't work in the first place, I've seen failure a lot of times because files aren't properly signed, or if they are, the certificate in question not being in the right certificate stores for it to have any effect. On some ROMs it will still work due to patched NK.EXE, on others it won't, its just not very reliable.

So, I present you with the correct way of doing this by means of a small tool that will do this for you: DriverWiz. It will take care of most of the stuff, and leave you room for additions. You will however still need some basic knowledge of the command line, if you don't have that, you have no business doing anything like this anyways.

Background
I use this technique myself all the time. When just hacking away, replacing system DLLs to trace calls, etc. It's also the same method used for the HTC-CA drivers and the ICS installer. This method works on most stock ROMs as well, though not on all of them (in rare cases some security policies are set that will prevent CAB installation)

Usage
It's fairly simple to use. Just extract the attached zip file somewhere, open the command promt, and change directory to where the zip was extracted. That's the installation part.

Now when you actually want to build a CAB file from a DLL, you use the DriverWiz.bat file.

DriverWiz v1.0 by Chainfire

Usage:
DriverWiz.bat "Description" "CAB-name" "DLL-name-1" ["DLL-name-2" ...]

Examples:
DriverWiz.bat "New DDI" "ddi.cab" "ddi.dll"
DriverWiz.bat "Two DDIs" "ddi.cab" "ddi.dll" "ddiaux.dll"
DriverWiz will take care of signing the DLLs, inserting the certificate, etc, and you will end up with a proper CAB file for this kind of thing. Just copy it to your device and run it to install.

#1. You need to put the DLL files in the same folder as DriverWiz. Do NOT include paths in your DLL names
#2. Include the quotes in the command like in the examples!
#3. The first time you install a CAB made by DriverWiz, your phone may still give you a certificate warning. This is normal, don't worry about it.

Caveats
While this method has never failed me yet, it is possible that some files cannot be replaced this way. Just a disclaimer :)

Modifying
DriverWiz bases the inf file it will create to build a CAB from on DriverWiz.tpl. If you need to add registry entries to your CAB file, modify DriverWiz.tpl before you run the batch file. You can make other modifications too, add files, etc. Just take care that you don't break it :)

You can use your own certificates as well, instead of the supplied "Dummy" certificate that comes with DriverWiz. The files you will want to modify/replace are DriverWiz.pfx (used for signing) and DriverWiz.xml (used for injecting the certificate). I'll see about finding a reference for how to do that online and posting the URL here (someday). Creating a new certificate from scratch can be a frustrating effort - make sure you got openssl handy :)

Changelog
19.03.2009 - 1.1 - Added some file exists checks and attribute changes

Download
 

Attachments

Last edited:
  • Like
Reactions: ApkAdjust

Chainfire

Moderator Emeritus / Senior Recognized Developer -
Oct 2, 2007
11,421
87,559
0
www.chainfire.eu
That is perfectly normal behavior. The first time you install a CAB with this certificate it will not know the certificate. However, once you install it, the certificate will be injected in the right place, and the files signed with the certificate (the driver files in the CAB) will be allowed to be run.

It won't happen the second time you try it :)
 

ruskiyab

New member
Oct 4, 2007
184
20
0
So if I try to install it again, it'll work fine? is there aa soft reset required in between? I can replace these drivers manually by renaming the old ones and copying them over, the whole reason I want a cab in the first place is to facilitate the UC process when I flash a different rom
 

Chainfire

Moderator Emeritus / Senior Recognized Developer -
Oct 2, 2007
11,421
87,559
0
www.chainfire.eu
So if I try to install it again, it'll work fine? is there aa soft reset required in between? I can replace these drivers manually by renaming the old ones and copying them over, the whole reason I want a cab in the first place is to facilitate the UC process when I flash a different rom
Actually it should just work the first time. Just click OK when the certificate error appears.
 

Captain_Throwback

Recognized Developer
Aug 22, 2008
20,068
22,335
113
The Nothing
error message

I got error messages when creating a cab from a rilphone.dll. Does it mean anything, or are these errors okay? I guess I'm specifically wondering about the SignTool error. If its okay, then my cab should be good.

EDIT: I think I found the problem. I didn't have UAC disabled in Windows 7. I tried it again, after disabling it, and it works fine now. Thanks for the easy to use tool!
 
Last edited:

Captain_Throwback

Recognized Developer
Aug 22, 2008
20,068
22,335
113
The Nothing
syntax for registry entries?

I was experimenting with creating a cab for the Rogers folks who need a specific rilphone for their Caller ID to work. There are some registry entries associated with this feature, so I was wondering what the correct syntax is for putting the registry entries into the .tpl file. I've tried a few different ways, and I've either a gotten a 'Registry section is empty' message, or a 'Registry has an unsupported registry root key' error. I'm sure its something really simple I'm missing, so any help you can offer is appreciated.

It just seems that since we now have this easy method to sign these dlls, so that they can be used in any ROM, that the Rogers people shouldn't have to jump through so many hoops to get it to work.

EDIT: Nevermind. I'm an idiot that didn't do a little bit of research. All is well now.
 
Last edited:

stepw

New member
Feb 11, 2007
589
16
0
Excellent stuff, Microsoft may rant about this way of distributing signtool and cabwiz though.

You can use your own certificates as well, instead of the supplied "Dummy" certificate that comes with DriverWiz. The files you will want to modify/replace are DriverWiz.pfx (used for signing) and DriverWiz.xml (used for injecting the certificate). I'll see about finding a reference for how to do that online and posting the URL here (someday). Creating a new certificate from scratch can be a frustrating effort - make sure you got openssl handy :)
Here's an intro to cert stores for WM:
http://msdn.microsoft.com/en-us/library/aa458010.aspx

pfx generation is a 2-liner with openssl:
# Generate a CA certificate
openssl req -new -nodes -x509 -days 9999 -newkey rsa:1024 -md5 -keyout cert.key -out cert.cer -subj "/CN=DriverWiz"
# Convert to pkcs12/PFX format
openssl pkcs12 -export -in cert.cer -out cert.pfx -inkey cert.key
 

vangrieg

New member
Jul 30, 2007
2,500
45
0
Moscow
I also get an error saying that the latest version of CAPICOM.dll is missing. The ones I can find for download from the internet are version 2.0.0, and the tool requires 2.1.0.1 or later.

Does anyone have the needed version of the dll?

EDIT: Found it, 2.1.0.2 version of the dll is in the attachment.
 

Attachments

Last edited:

Noonski

Inactive Recognized Developer / Moderator Emeritus
Apr 18, 2005
5,326
148
0
Amsterdam
noonski.nl
Thanks for the capicom.dll Even after disabling UAC in W7Rc1 it wouldn't go, so great to have it posted to.


Chainfire, which format should the Reg's be added?

I tried the default .reg formating just under:

[Registry]
[HKEY_CURRENT_USER\ControlPanel\Profiles]
@=""
"ActiveProfile"="Normal"
?

Scrap that i found the .inf format

[AddRegistry]
HKCU,"New Key","",0x00010001,1

Many thanks for this, i'll try to Point Driver replacing Sinners from now on to here.
 

Chainfire

Moderator Emeritus / Senior Recognized Developer -
Oct 2, 2007
11,421
87,559
0
www.chainfire.eu
Well INF files are a regular female dog.

If you rather use WinCE CAB Manager, the trick is easily done as well. I do not have it handy right here (I'm not at dev box), but it goes like this.

  • Put the DLL's and EXE's that need to go in the CAB into the same folder as DriverWiz
  • Execute the following command from the command prompt in the DriverWiz folder: signtool sign /f DriverWiz.pfx *.exe *.dll
  • Open your WCM/CAB with CM
  • Somewhere is an option for "Pre XML" (main screen IIRC).. click to add/edit, and load the DriverWiz.xml file
  • Save
  • signtool sign /f DriverWiz.pfx *.cab

Et voila. I should really make an update to DriverWiz to include CAPICOM and write a proper guide on how to do all this manually (including making your own certificates and such). It's easy if you know how :)

If you could insert another empty post for me at the top, that'd be great.