GOverlay Forum

Get signer.exe and makecert.exe (from Windows SDK, can copy them some place and remove SDK afterwards as the tools are stand-alone).

https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
https://docs.microsoft.com/en-us/windows/desktop/seccrypto/makecert

Create a `sign.bat` file:
Code:

Code: Select all

@echo off &title SelfSign helper &pushd %~dp0
dir /b *.sys;*.dll;*.exe;*.inf &echo.

set/p file="Enter filename to self-sign:"

del /f/q _CA.cer >2nul &del /f/q _SS.cer >2nul
makecert -r -pe -b 03/03/2018 -e 03/03/2019 -sky signature -cy authority -ss CA -n "CN=%COMPUTERNAME% %USERNAME% Selfsigning" _CA.cer
makecert -pe -b 03/03/2018 -e 03/03/2019 -sky signature -cy end -is CA -ic _CA.cer -ss CA -n "CN=%COMPUTERNAME% %USERNAME% App" _SS.cer
signtool sign /a /s CA /n "%COMPUTERNAME% %USERNAME% App" /t http://timestamp.verisign.com/scripts/timstamp.dll /d %file% %file%
echo.
echo Press any key to import self-signed certificates now, or click [X] to quit
pause>nul
certutil -addstore -f -user Root _CA.cer
rem certutil -addstore -f -user Intermediate _CA.cer
certutil -addstore -f -user Intermediate _SS.cer
rem certutil -addstore -f -user Personal _SS.cer
echo Done. to manage certificates, use: certmgr.msc
pause
exit

Place all files in the same folder with your unsigned file, run the script as administrator - it will do everything for you, just follow instructions.

Note that depending on your driver you might need to also run the signing tools over the inf/cat (see "catdb" option in documentation for signtool) - but that's usually for vga and storage drivers, you might get away without it.

Had some issues signing the driver without having the user install certificates, but do contact me to support@goverlay.com if you are willing to shed some light into it

TheLaGmAn wrote:Had some issues signing the driver without having the user install certificates, but do contact me to support@goverlay.com if you are willing to shed some light into it

Hi, I haven't signed any drivers yet.
I think you need to generate .cer file so we can import it before the install. At least this is how I think Fernando at win-raid (Usb 3 modded drivers) does it.
I just saw a thread on mydigitallife about unsigned drivers and I thought I'd mention it here.

hey!,
is there still reason to sign drivers? i had some troubles first,but then i found it works great with zadig in winusb mode,so why bother?
(its the new 3.5" display,but i would guess it should work with older display?)
i think it should be noted in faq with link to https://zadig.akeo.ie/

or am i missing something?works great for me

check this version to see if it allows to install the driver without hassle

viewtopic.php?f=3&t=724

TheLaGmAn wrote:check this version to see if it allows to install the driver without hassle

viewtopic.php?f=3&t=724

I'm so sorry for missing your reply. The only PC related thing in the past month, was working on my custom case.



Thank you for your great work, it's appreciated.