PPLRunner icon indicating copy to clipboard operation
PPLRunner copied to clipboard
verified publisher icon pathtofile

Signature Error

Open jonny-jhnson opened this issue 4 years ago • 9 comments

Hey! Thanks for the awesome project. I am utilizing the binaries within "Releases" and am getting the following:

PS C:\Tools\Random> .\ppl_runner.exe install
[PPL_RUNNER] main: Start
[PPL_RUNNER] setting up ELAM stuff...
[PPL_RUNNER] install_elam_cert: Opening driver file: elam_driver.sys
[PPL_RUNNER] install_elam_cert: Installed ELAM driver cert
[PPL_RUNNER] Installing Service...
[PPL_RUNNER] install_service: install_service: Created Service: C:\Tools\Random\ppl_runner.exe service
[PPL_RUNNER] install_service: Run 'net start ppl_runner' to start the service
PS C:\Tools\Random> net start ppl_runner
System error 577 has occurred.

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source

Generated a new cert via the .ps1 and signed - sealighter.exe, ppl_runner.exe, elam_driver.sys.

Test Signing is turned on.

Thanks in advance!

jonny-jhnson avatar Sep 14 '21 22:09 jonny-jhnson

I happened the same problem, can you tell me how to solve it ;)

01ChenQing avatar Jan 24 '22 05:01 01ChenQing

Hey @jsecurity101 and @MuFengYing, have you tried building and signing your own versions? You could also try disabling all integrity checks with the nointegritychecks flag

pathtofile avatar Jan 25 '22 05:01 pathtofile

thx bro XD.

01ChenQing avatar Jan 25 '22 06:01 01ChenQing

Hi @MuFengYing @jsecurity101 , do you still have an issue?

pathtofile avatar Mar 15 '22 04:03 pathtofile

no other issue, thx for you project.

01ChenQing avatar Mar 15 '22 05:03 01ChenQing

win 11 home, test mode 111

Luisfan avatar Mar 16 '22 06:03 Luisfan

@Luisfan , I haven't tested it on Windows 11, I suspect you'll need to at least build the project from source and target the Windows 11 WDK and SDK.

However also as I note in the README, that error code is expected - PLLRunner purposfully pretends it failed to start, so you can easily re-run it - If the service started sucessfully, only another PPL Process could stop it (or reboot the machine).

Use Process Explorer to check to see if the child process is actualy running, and check the "Protection" column to see if the child is marked as Protected, e.g.:

image

pathtofile avatar Mar 17 '22 04:03 pathtofile

@pathtofile everything is OK , I have build the project from source. I made a mistake. Thanks for your reply!

Luisfan avatar Mar 17 '22 04:03 Luisfan

Also, Processes started as PPL this way won't be visible in the GUI, but you can use DebugOutput and WinDBG to check if things are working (see the child_example code in this repo)

pathtofile avatar Mar 17 '22 04:03 pathtofile