{"id":258729,"date":"2021-10-23T00:22:00","date_gmt":"2021-10-22T22:22:00","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=258729"},"modified":"2021-10-23T08:59:42","modified_gmt":"2021-10-23T06:59:42","slug":"microsoft-signiert-windows-treiber-fr-process-hacker-nicht-mehr","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2021\/10\/23\/microsoft-signiert-windows-treiber-fr-process-hacker-nicht-mehr\/","title":{"rendered":"Microsoft signiert Windows-Treiber für Process Hacker nicht mehr"},"content":{"rendered":"

[English<\/a>]Kurze Information, die hier bei mir bereits seit August 2021 vorliegt, die ich aber noch nicht im Blog thematisiert habe. David Xanatos hat mich darauf hingewiesen, dass Microsoft ohne weitere Angabe von Gr\u00fcnden die Treibersignierung f\u00fcr den neuen Process Hacker<\/a> verweigert. Das Ganze wird auf GitHub in diesem Thread<\/a> angesprochen. Damit k\u00f6nnen neuere Versionen dieses Tools (und auch Tools wie der ProcessExplorer<\/a>) nicht mehr eingesetzt werden.<\/p>\n

<\/p>\n

\"\"Process Hacker ist ein leistungsstarkes und vielseitiges Tool, mit dem man kostenlos Systemressourcen \u00fcberwachen, Software debuggen und Malware erkennen kann. David Xanatos hatte bereits vor l\u00e4ngerem – auf meinen Hinweis – einen Kommentar im Diskussionsbereich dazu gepostet. Ich ziehe seinen Text mal hier in den Blog-Beitrag, da ich den Diskussionsbereich von Zeit zu Zeit bereinige.<\/p>\n

Viele kennen sicher das Tool ProcessHacker, ein sehr fortgeschrittener Task Manager mit sehr gew\u00f6hnungsbed\u00fcrftiger UI.
\nSo wie es aussieht hat der Entwickler des Tools massive Probleme ein neuen Treiber bei MSFT signiert zu bekommen, wie er auf einer github Diskussion berichtet<\/a>:<\/p>\n

The signing process fails each time without any error messages and Microsoft claimed \"this surpasses our support\"\u2026 They've just fucked me around endlessly until the certificates expire.<\/p>\n

[\u2026]<\/p>\n

The exact same issue happened when submitting to Microsoft Winget:<\/p>\n

I tired emailing him but never got a response about this behavior. You can also see how many times the package failed for unexplained reasons and that exact same problem happens when submitting the driver: microsoft\/winget-pkgs#373<\/p>\n

Microsoft Process Explorer has the same functionality so they don't have standing to block competitors then go and include the exact same features in their own software.<\/p>\n

Microsoft has been secretly adding more powerful features than Process Hacker via their SAC product \u2013 SAC has no security whatsoever by design \u2013 they're clearly targeting the project not because of any actual technical issues but rather because we're more popular than their products, so they're using the same (illegal and anti-competitive) tactics they used against Netscape Navigator to eliminate competition but also labeling the project malicious in an attempt to mislead the competition regulators.<\/p>\n

[\u2026]<\/p>\n

The large majority of changes by Microsoft are limited to restricting the Windows API with signature checks that block competitors software (e.g. CreateWindowInBand, NtQuerySystemInformation, NtQueryInformationProcess to name a few) rather than directly targeting the drivers themselves.<\/p>\n

The signature checks added to those functions and classes only block third-parties and this includes signed binaries. We won't be able to implement the same functionality as Task Manager and Process Explorer because of those Microsoft-only signature checks even after we sort out the submission issue.<\/p>\n

Always-on-top, Auto-elevation, DPS statistics, Default taskmgr application preferences (Microsoft hardcoded taskmgr.exe blocking competitors), GPU statistics (deliberately broken on Win10 and Win11 recently) and the DirectUI framework are some examples of features that I want to implement and are currently implemented by Task Manager but are Microsoft-only signature restricted while newer more advanced security like PPL that we desperately need are also Microsoft-only signature restricted.<\/p>\n

The only certificate allowed to use these and other functionality is now limited to Microsoft Windows certificates \u2013 the same certificates used with Task Manager and Process Explorer \u2013 while SAC has even more powerful functionality than anything else (including Process Hacker) with absolutely no security whatsoever.<\/p>\n

I've been complaining to Microsoft employees for years about this stuff but the attacks keep getting worse and I've since started demanding our competition regulator prosecute the company after they labeled the project malicious last year\u2026 Microsoft claims to love open source and be more transparent these days but the bullshit they're doing with SAC, taskmgr and procxp while attacking competitors and trying to limit competition and kill off the project is insane.<\/p>\n

[\u2026]<\/p>\n

I was around during the 90's and they killed Netscape with this exact same behavior by changing APIs and blocking Netscape from those same APIs.<\/p>\n

Windows owns the market for the simple reason it's not some locked down garbage controlled system so they need to start communicating these changes if they intend to kill off third party task managers or instead doing something about the numerous complaints and issues that I have complained about or they'll end up getting prosecuted and charged by regulators again just like last time when they did this exact same bullshit with Netscape.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

[English]Kurze Information, die hier bei mir bereits seit August 2021 vorliegt, die ich aber noch nicht im Blog thematisiert habe. David Xanatos hat mich darauf hingewiesen, dass Microsoft ohne weitere Angabe von Gr\u00fcnden die Treibersignierung f\u00fcr den neuen Process Hacker … Weiterlesen →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[301],"tags":[24,3659,3288],"class_list":["post-258729","post","type-post","status-publish","format-standard","hentry","category-windows","tag-problem","tag-tool","tag-windows-en"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/258729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=258729"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/258729\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=258729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=258729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=258729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}