none
What is mean 0x8000 flag in WINTRUST_DATA (signature verification) RRS feed

  • Question

  • Hi,

    Microsoft SignTool uses undocumented 0x8000 flag on dwProvFlags field of WINTRUST_DATA  in call to WinVerifyTrust for checking digital signature of driver:

    signtool /kp "file.sys"

    What does that flag mean?

    Thank you,

    Alex.


    Saturday, August 18, 2018 2:48 PM

Answers

  • In wintrust.h, the dwProvFlags flag values are defined. Here is the flag value in question:

    #       define WTD_CODE_INTEGRITY_DRIVER_MODE           0x00008000 // Code Integrity driver mode

    • Marked as answer by Dragokas Thursday, September 27, 2018 3:24 PM
    Thursday, August 23, 2018 7:14 PM

All replies

  • In wintrust.h, the dwProvFlags flag values are defined. Here is the flag value in question:

    #       define WTD_CODE_INTEGRITY_DRIVER_MODE           0x00008000 // Code Integrity driver mode

    • Marked as answer by Dragokas Thursday, September 27, 2018 3:24 PM
    Thursday, August 23, 2018 7:14 PM
  • Nice. Thank you.

    In fact it would be nice to know the detailed description. But now at least I know it's something directly related to verifying signature of the driver.


    • Edited by Dragokas Thursday, September 27, 2018 3:37 PM
    Thursday, September 27, 2018 3:29 PM
  • It would perhaps be even better if Windows was open source. I don't have any more information/insight, but having used the WINTRUST_DATA myself (in a "verify trust" test program), the definition name itself was useful enough (given the context within which I saw it)...
    Thursday, September 27, 2018 7:14 PM