703 replies to this topic

[seeteeyou]

Catalog Files and Digital Signatures

https://docs.microso...l/catalog-files

Plug and Play (PnP) device installation recognizes the signed catalog file of a driver package as the digital signature for the driver package, where each thumbprint in the catalog file corresponds to a file that is installed by the driver package. Regardless of the intended operating system, cryptographic technology is used to digitally-sign the catalog file.

 

USB Audio 2.0 Drivers - Windows drivers

https://docs.microso...0-audio-drivers

This USB Audio 2.0 class driver was developed by Thesycon and is supported by Microsoft.

 

So I was comparing the official usbaudio2.inf as mentioned above, to third party driver (i.e. Thesycon v5.30.0.exe) that's provided to Denafrips as follows

 

https://wix.anyfilea...950757131673d3d

 

Not sure why there's something called PnpLockdown=1 and I'm just wondering if that were even any making any differences, though the official usbaudio2.inf certainly didn't seem to include anything close to "Security Catalog" files since they should be meant for the digital signature

 

;

; usbaudio2.inf

;

 

[Version]

Signature="$WINDOWS NT$"

Class=MEDIA

ClassGuid={4d36e96c-e325-11ce-bfc1-08002be10318}

Provider=%MSFT%

DriverVer = 12/10/2021,10.0.22523.1000

PnpLockdown=1

 

OTOH, DENAFRIPSUsbAudio.inf is indeed tied to another DENAFRIPSUsbAudio.cat file

 

;******************************************************************************

; Version section

;------------------------------------------------------------------------------

[Version]

Signature = "$Windows NT$"

PnpLockdown = 1

DriverVer = 12/08/2021,5.30.0.21969

Provider = %S_Provider%

CatalogFile = DENAFRIPSUsbAudio.cat

Class = DENAFRIPSUsbAudio_sc

ClassGuid = {c9516c66-9988-496c-bfe6-82fda519302f}

 

Same deal with DENAFRIPSUsbAudioks.inf and DENAFRIPSUsbAudioks.cat

 

;******************************************************************************

; Version section

;------------------------------------------------------------------------------

[Version]

Signature = "$Windows NT$"

PnpLockdown = 1

DriverVer = 12/08/2021,5.30.0.21969

Provider = %S_Provider%

CatalogFile = DENAFRIPSUsbAudioks.cat

Class = MEDIA

ClassGuid = {4d36e96c-e325-11ce-bfc1-08002be10318}

 

 

 

If I weren't mistaken, maybe Windows 11 PE was acting like Captain Obvious of some sort? Unless built-in Windows drivers are working quite differently, those files usbaudio2.inf and usbaudio2.sys couldn't have been digitally signed in the first place so now what? I don't even know if we're supposed to be amused or amazed.

 

 

 

INF Version Section - Windows drivers | Microsoft Docs

https://docs.microso...version-section

PnpLockDown=0|1

Specifies whether Plug and Play (PnP) prevents applications from directly modifying the files that a driver package's INF file specifies. If the PnpLockDown directive is set to 1, PnP prevents applications from directly modifying the files that are copied by INF CopyFiles directives. Otherwise, if the directive is not included in an INF file or the value of the directive is set to zero, an application that has administrator privileges can directly modify these files. Driver files that are protected in this manner are referred to as third-party protected driver files.

 

To ensure the integrity of a PnP driver installation, applications should not directly modify driver files that are copied by the driver package INF file. Applications should only use the device installation mechanisms provided by Windows to update PnP drivers.

 

Starting with Windows Vista, a driver package should set PnpLockDown to 1 to prevent an application from directly modifying driver files. However, some existing applications that uninstall driver packages do directly delete driver files. To maintain compatibility with these applications, the PnpLockDown directive for such driver package should be set to zero.

 

Note  Although PnP on Windows Vista and later versions of Windows does not require that an INF file include a PnpLockDown directive in order to install a driver, PnP in a future version of Windows might require that INF files for PnP driver packages include the PnpLockDown directive.

 

I could only assume that shouldn't be a concern.

[internethandle]

Hi samotc,

At least in Win10PE, you are able to kill LSM but you must do so by placing it into its own process instead of sharing a Svchost process with other services - go to its entry in HKLM\SYSTEM\CurrentControlSet\Services in remote registry/offline hives and change the “Type” DWORD value from 20 to 10. When you boot in flatboot it should now be in its own Svchost process in Process Hacker, which you can right click and terminate. At least in my Win10PE, it does not matter when I do this in terms of how long after booting while terminating processes, just as long as it is in its own Svchost process.

I’ve had a busy week but have nearly exhausted all avenues for getting usbaudio2.sys to work in Win 11 PE, so will turn my attention soon back to Win10PE.

In the process of investigating, I discovered a few minor things in Win10PE, such as being able to delete a good amount of system files while in Ramdisk with no consequence to playback seemingly, and being able to suspend (but not kill/terminate) a bunch of the remaining 14 processes I have running, bizarre stuff like being able to suspend the process Windows just lists as “System” and then things sort of breaking but not really? Lol. WinPE is very strange! But in a good way…

And no need to thank me, samotc, thank you for the original idea/groundwork for using PE as an Audio OS! It’s definitely the best I’ve heard, also.

[internethandle]

Thanks for the continued thoughts, seeteeyou. I’ll give some of that a look over.

Yeah the kicker with it not working is that it’s supposed to be an in-box driver so it technically isn’t signed at all - as you mentioned, no .cat etc.

One of the few instances I can find of native drivers not working for someone with a similar signature verification error was some poor guy trying to get xHCI native drivers for W10 working in Win7 over at MyDigitalLife. He made some progress with disabling signature enforcement in the boot menu (more than me really) but Win7 wouldn’t start the driver. He pointed out you could go through with the process of test signing the driver yourself, but that process is… laborious to say the least, and I really have trouble believing it would work with a native driver in a PE environment. There’s even some evidence that PE doesn’t (or shouldn’t?) include signature verification at all!

I think it really is gonna take the PE development team at MS either becoming aware that this (or other) injected native drivers don’t work in Win 11 PE on their own or someone pointing it out to them before it can be resolvable. I’d be better off if I was dealing with a third party driver.

[seeteeyou]

No problem internethandle, maybe we could also give this Microsoft-Windows-Client-Desktop-Required-PackageXXXXXXXXXXXXXX.cat file a try?
 
http://bbs.c3.wuyou....301&pid=4101220
 
Convert usbaudio2.sys (case sensitive = lowercase only) into UTF-16 as shown below
 
https://www.branah.c...icode-converter

 

Then we're getting what we need

 

75007300620061007500640069006f0032002e00730079007300

 
Grab a copy of StringFinder.zip
 
https://down.shockin...tringFinder.zip
https://www.shocking...ringFinder.html

• Change the Type to HEX
• Point Look in: to the directory C:\Windows\System32\CatRoot
• Copy & paste 75007300620061007500640069006f0032002e00730079007300 right below HEX String: and finally hit that Search button

 

 

Hopefully we could simply include the correct (maybe we'll just copy all of them if there were more than one?) Microsoft-Windows-Client-Desktop-Required-PackageXXXXXXXXXXXXXX.cat file and then Windows 11 PE would be smart enough to pick that up.
 
 

 

Now for the flip side of the coin, there were some tools created to find the corresponding *.cat files that are associated with whole bunch of device drivers 
 
http://bbs.c3.wuyou....read&tid=421317
http://bbs.c3.wuyou....read&tid=423164
 
We could use either one to help us whenever we're trying to get rid of whatever built-in / inbox stuff that we really don't need.
 
 

 

This stuff really is so much fun, let's see how far we could go.

[internethandle]

I found the solution!!! I’m so happy I could shout from the rooftops, lol.

So, thanks to seeteeyou’s prompting, I did some more digging at the catroot folder, and stumbled upon this post from the Win10XPE thread at tenforums:

https://www.tenforum...tml#post2332655

I have just solved the issue with USBprint adding this line to the script [AddFiles] section:
\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Desktop-Shared-Drivers-*.cat

In my case I just copied all above .cat files from “normal” Win 11’s catroot folder into the catroot folder of Win11XPE’s VHD flatboot and upon booting into the VHD, my DAC connected!

Anyway, likely not too applicable for other folks given that the .inf files of third party drivers for DACs etc will install their own .cat files, but if dealing with a driver compatibility issue with Win11PE, especially native drivers, catroot would be where to look, apparently.

I don’t see any of the above .cat files in my Win10PE catroot folder, so go figure. I have not compared the two folders comprehensively enough though to see what else might have allowed for Win10PE to install and start the driver and not Win11PE.

Thanks again to seeteeyou.

[internethandle]

Hi samotc,

At least in Win10PE, you are able to kill LSM but you must do so by placing it into its own process instead of sharing a Svchost process with other services - go to its entry in HKLM\SYSTEM\CurrentControlSet\Services in remote registry/offline hives and change the “Type” DWORD value from 20 to 10. When you boot in flatboot it should now be in its own Svchost process in Process Hacker, which you can right click and terminate. At least in my Win10PE, it does not matter when I do this in terms of how long after booting while terminating processes, just as long as it is in its own Svchost process.

Samotc: wanted to mention I did just try the above method for killing/terminating LSM after boot in Win11PE just now and it works without BSOD or other issues in the same way as it did in Win10PE, if you’d like to try it.

Now that I am going at Win11PE in earnest, I’ll create an addendum post for Win11PE services/drivers I’ve been able to disable in Win10PE vs. Win11PE - already, there are differences despite a nearly identical Services sub-key in HKLM\System\CurrentControlSet\Services. It would be too easy if I could just import a .reg file from Win10PE’s settings now wouldn’t it? 🙄

[seeteeyou]

You're very welcomed internethandle, I just found that Microsoft actually made something called signtool.exe as follows
 
https://stackoverflow.com/a/52963704

 

We could either extract that from the ISO image of Windows SDK

 

https://software-dow..._WindowsSDK.iso

 

Or download lessmsi from https://lessmsi.activescott.com and then use that to extract everything from the file Windows SDK Signing Tools-x86_en-us.msi

 

https://github.com/f...74ad44c1bdc.zip

D:\>signtool.exe verify /a /v C:\Windows\System32\drivers\usbaudio2.sys

Verifying: C:\Windows\System32\drivers\usbaudio2.sys
File is signed in catalog: C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package01~31bf3856ad364e35~x86~~10.0.18362.836.cat
Hash of file (sha1): E54B2F74029151559D6AF0760FC8198CBCE2B71B

Of course it's so much easier to copy the entire C:\Windows\System32\CatRoot folder as you mentioned before, therefore signtool.exe should be meant for troubleshooting purposes in the future just in case the file might be found somewhere else.

[samotc]

Hi Internethandle, I am so glad that you have fixed your problems and now you can have your DAC on Win11XPE.

I find it very interesting, although laborious, what has happened to him, but I think this will be very useful for others who are in the same situation, it is to thank seeteeyou for all his important contributions to the subject.

I have already tried your solution to kill LSM in Win11XPE, which causes one more process of svchost.exe, so when killing LSM there are still 12 remaining processes, it is seen that it is very difficult to get below that figure. After killing the LSM service, it apparently does not bring any sonic enhancement that I can distinguish with my ears, at least on my computer / system, but it may on others.

It is a good suggestion.

[samotc]

THE STRANGE CASE OF FOOBAR 2000:

 

I want to comment on a curious fact, for a long time (Windows 7x64) I have been using 4 players for music:

 

F2K, JRMC, HQPlayer Desktop and Infinity Blade, all of windows OS.

The funny thing is that the audio quality provided by these players followed that increasing order, this was the case until Windows Server 2019 GUI.

As of Windows Server Core 2019 RAMDISK, things changed, now the increasing order would be:

 

JRMC

F2K

HQP DESKTOP

INFINITY BLADE.

 

Then WTFPlay (Linux) came out, and version 0.75 was very on par with IB in Server Core 2019 RAMDISK, I really had a hard time deciding which one I liked the best.

 

In Win10-11XPE everything changed, and the more naked you are, the more those changes are accentuated.

Now I can say without any doubt that F2K is on Win 10-11 XPE, well above both HQP (3x and 4x versions) and JRMC 26 (the last one I have registered) and WTFPlay 0.75.

 It is a shame to see that, after spending a few €, 2 totally free applications are far superior to the paid ones.

 

Right now F2K and Infinity Blade are far superior. Comparing HQP (WinServCore2019 RAMDISK) against HQP (Win10-11XPE) the latter is clearly superior, the same goes for JRMC26, it sounds much better on Win10-11XPE, but both clearly worse than F2K.

Infinity Blade in "normal" Windows is much higher than F2K, on ​​the other hand in Win10-11XPE the difference between the two is shortened enough, and if you also play the audio track from "add / send to ramdisk", the difference is still less , always, yes, in favor of Infinity Blade.

 

I would like to know if someone else has done any tests, and if his appreciations coincide with mine.

I would also like to understand why this happens, I have some theories, but that would be for another thread.

[seeteeyou]

(FYI - just a list of applications for further comparisons)

 

Subjective comparison of Software Music Player

https://audiophilest...e-music-player/

 

The best audio player

https://audiosex.pro...o-player.52032/

 

 

 

remastero -> PGGB-RT foobar component (foo-RT)

https://www.foobar20....fb2k-component

https://www.remaster...b-rt-guide.html

https://www.remastero.com/rt-faq.html

 

An alternative to the official wasapi & Asio foobar2000 outputs

https://sourceforge....2-asio2_1.1.zip

https://sourceforge....t_asio2_2.0.zip

https://sourceforge....ussion/general/

 

 

 

Jie Extreme Player

https://www.head-fi....7#post-12430316

 

 

 

MQn

https://drive.google...dlZmeDhNZ1Utbm8

 

MQn minimalist PC music player - The king of sound quality

https://grizzlyaudio...er-king-of.html

 

MQN - Beginner's Guide

http://www.tirnahifi...?p=81763#p81763

 

 

 

Junilabs Audio player

http://www.junilabs....2.20.F4_x64.exe

http://www.junilabs....oplayerfaq.html

http://www.junilabs....udioplayer.html

 

Do you hear what I hear (bit perfect files sounding different)?

https://audiophilest...ding-different/

 

 

 

Simple command line based audio file player/recorder

https://github.com/x...y_1.2_win32.zip

https://github.com/x...mment-610865560

 

 

 

PlayPcmWin

https://sourceforge....x64Portable.zip

https://sourceforge....i/PlayPcmWinEn/

 

PlayPcmWin, Opensource audio player for Windows

https://audiophilest...er-for-windows/

 

 

 

Album Player Mini

http://albumplayer.r...10-MINI_x64.zip

 

Album Player

http://albumplayer.r...2113_x64_EN.zip

http://vv.uka.ru/aplayer_eng.html

http://vv.uka.ru/readme_en.pdf

Last Updated: 2022-01-07

 

Russian Album Player

http://jplay.eu/foru...n-album-player/

 

APlayer revisited

http://jplay.eu/foru...ayer-revisited/

 

 

 

Simple Audio Player

https://github.com/m...e2aec408286.zip

https://github.com/a...rtaudio-windows

 

Pre-compiled shared libraries for PortAudio

https://github.com/s...taudio-binaries

 

 

 

Sony Music Center for PC version 2.5.0

https://info.update....setup_2.5.0.exe

https://www.sony.com...les/MC4PC020001

 

 

 

http://www.stordiau....ighEnd-211a.rar

http://www.stordiau....11a01-Tidal.rar

 

The last XXHighEnd version (2.11)

http://www.phasure.c...hp?topic=4218.0

 

XXHighEnd Model 2.11 - The Last Model

http://www.phasure.c...hp?topic=4219.0

 

Tutorial for Setting up XXhighend

https://audiophilest...g-up-xxhighend/

 

 

 

Mixbus32C / Mixbus

https://harrisoncons...ategory/mixbus/

 

讓HQPlayer成為小LP的強大雞腿：Mixbus

http://www.myav.com....readid=20480094

 

 

 

Hochwertige Playersoftware für Windows 10

https://www.aktives-...hp?f=30&t=13202

 

Steinberg WaveLab

https://www.steinberg.net/wavelab/

 

MAGIX SOUND FORGE Pro

https://www.magix.co...ound-forge-pro/

 

Adobe Audition

https://www.adobe.co...s/audition.html

 

 

 

It's quite interesting that several audio editing / DAW applications etc. turned out to sound surprisingly good for some audiophiles, though many of them really do cost an arm and a leg.

[Xp18]

I tried to redo Win10XPE following the instructions of @samotc and @Seeteeyou.

Win10XPE has not received the Combo384 usb drivers that the my DAC use.
Confirmation to "digital signature Win10XPE"

I hope this can be resolved. The Win10XPE that I made from Windows 10 21H2.

[internethandle]

Hello Xp18,

Device Manager is showing that it is attempting to start your DAC with usbaudio2.sys, the native Windows USB 2.0 driver. Does your DAC, in other versions of Windows, usually require you to download drivers and install them, or does it just work by plugging it in?

[Xp18]

Hello Xp18,

Device Manager is showing that it is attempting to start your DAC with usbaudio2.sys, the native Windows USB 2.0 driver. Does your DAC, in other versions of Windows, usually require you to download drivers and install them, or does it just work by plugging it in?

My dac uses the Combo384 Amanero driver. My dac works fine on Windows 10 Ltsc 2019. When I run flatboot Win10XPE, my DAC driver cannot be installed. It gives an error.

[seeteeyou]

I couldn't find the brand / model of your USB DAC while Allo Katana is different because it's only compatible with Raspberry Pi
 
https://audiophilest...comment-1035513

I use Katana dac with Pi 3B.

 
Is it OK to let us know what's your current USB DAC so that we could check the official site of its manufacturer? It's necessary to find out if their own driver versions for USB DAC model(s) were any different from the ones that are provided by Amanero.

[Xp18]

My DAC is Audiogd R1. It uses usb Amanero driver.Device Manager report Dac driver "not digitally signed". You can see some my pictures were posted before.

[seeteeyou]

So here comes the tricky part

 

https://amanero.com/...c2changelog.txt

Note:

The Driver Package 1.1.0.xx are in development to support firmware version CPLD_1081/CPLD_1081_DSDSWAPPED on Windows.

 

The Default firmware version CPLD_for_1080/CPLD_1080_DSDSWAPPED requires the stable driver package at https://www.amanero.com/drivers.htm

 

For now I'm just assuming that you didn't update the firmware at all, is that correct?

 

And then I'll also need to confirm whether you're actually using your LTSC 2019 version with the following driver provided by Audio-gd or not?

 

http://www.audio-gd....rs_w10_1062.rar

 

If both answers were correct, please go back to LTSC 2019 and then do a search on this particular file below

 

hifntamd64.cat

 

Once you know the exact location of that file, I hope that you'll understand how to extract that setup.exe file inside http://www.audio-gd....rs_w10_1062.rar with another tool

 

https://github.com/B...iExtractRC3.zip

 

After that setup.exe file is extracted successfully with UniExtract2, you'll find a folder called {tmp} and we'll only need two sub-folders cmb_asio and cmb_w10 afterwards.

 

Go through the same steps I mentioned before (lessmsi for SetupASIO64.msi and followed by saving the same 2 + 9 = 11 files inside the same folder, then use InjectDriversPE again for adding that driver to boot.wim of your Win10XPE Version 21H2 accordingly) but this time we might have to manually replicate the location of that hifntamd64.cat file as indicated above by copying that to the drive of Win10XPE with Version 21H2.

 

I certainly hope that we're only missing that hifntamd64.cat file while manually copying it to the right location will actually take care of that ("not digitally signed") a.k.a. digital signature problem.

 

If that weren't able to get things done, then we'll have to figure out what to do about native WASAPI driver instead.

[internethandle]

What does the “Driver” tab in the Properties section for your DAC in Device Manager look like, as well as the “Driver Details” section of the same tab? Did you use the “integrate drivers” section of Build Core in Win10XPE or did you try to install the driver after booting into WinPE instead?

[samotc]

Hi, Xp18, I guess you've already tried this:

 

bcdedit.exe /set nointegritychecks off

 

bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS

 

bcdedit.exe -set TESTSIGNING ON

 

Previously you open Registry Changes View> "Registry Data source 1"

and click "Create Registry Snapshot" button.

After executing the aforementioned commands, go to "Registry Data Source 2" and click the "Create Registry Snapshot" button in that section.

Then click on "OK" button> menu> edit> select all> menu> file> ExportSelected Items to regfile.

You save the "regfile" in a folder external to the VHD or USB flatboot, and then you import it from Remote Registry started from Strelec, or with another appropriate program that you know.

 

Alternative 2:

 

Install the driver in Windows 10, previously open Registry Changes View and repeat the steps mentioned above. Then do the import offline, in VHD Flatboot as described before.

 

Alternative 3:

 

Do the same as Internethandle did to solve your USBAudio2 driver problem.

 

Unfortunately I do not have a DAC that uses the Amanero driver, so I cannot check if the above works, because although I have installed the driver, since I do not have a "device to connect" I do not get information on whether it is correctly or incorrectly installed.

 

[seeteeyou]

https://www.whatsbes...280#post-698926

The Chord Dave uses a proprietary Amanero based USB interface we cannot do much with (we did try).

 
I verified their Windows driver and confirmed that's essentially equivalent to the ones provided by Amanero, they're simply renaming cmb to chd and and that's all
 
https://chordelectro...8KHz-driver.zip
 
 

 

And then it's already quite tricky for Server Core version of Windows Server 2019, therefore we might have to face similar challenges with Win10XPE
 
http://jplay.eu/foru...e-mode/?p=45596

• C:\Windows\System32\mmci.dll is to be copied from WS2019GUI.
• Disabling or NOT disabling driver signature enforcement made no difference in this process.

To run DAVE driver properly, WS2019 always has to be launched as "disabling driver signature enforcement".

 

I actually checked the ISO images of anywhere between 1903 and 21H2 while none of them seemed to include that mmci.dll file anymore, the very last one with mmci.dll turned out to be Windows 10 Version 1809.

 

It's also mentioned here, Server Core version of Windows Server 2016 actually needed 2 more audio drivers to be installed

 

http://jplay.eu/foru...6-core/?p=47426

 

Really sounds like such a "cool" driver to be worked on.

[internethandle]

Early days, but so far Win11PE is *significantly* sounding better than Win10PE in my system, and Win10PE was the best I'd heard. Insane clarity/extension. 

 

I'll post a post detailing differences I found in the stripping/disabling process soon, but for the most part they were very minor differences and I pretty quickly got through things once I finally resolved the usbaudio2.sys driver issue. 

 

Cheers samotc!