Drop support for Windows XP and Vista

It is no longer possible to obtain SHA-1 Kernel Mode Code Signing
certificate. When installing on Windows 7, quit if SHA-2 support
update (KB3033929 or KB4474419) is not installed.

appveyor_build.bat

@@ -18,13 +18,13 @@ if errorlevel 1 goto error
 ::Consider the build a success even if test signing fails
 ::Actual signing that matter is release one which for obvious reasons
 ::is done using non-public keys
-%_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA1% %USBPcap_builddir%\USBPcap.sys
+%_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA256% %USBPcap_builddir%\USBPcap.sys
 Inf2cat.exe /driver:%USBPcap_builddir%\ /os:%USBPcap_OS%
 
 copy %USBPcap_builddir%\USBPcap.sys %2
 copy %USBPcap_builddir%\USBPcap.inf %2
 copy %USBPcap_builddir%\%USBPcap_catalog% %2
-%_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA1% %2\%USBPcap_catalog%
+%_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA256% %2\%USBPcap_catalog%
 
 exit /B 0
 

build_release.bat

@@ -3,29 +3,17 @@ cd %~dp0
 ::Remove the Release directory if it exists
 if exist Release RMDIR /S /Q Release
 
-::build for Windows XP, Vista and 7
-mkdir Release\XP\x86
-mkdir Release\XP\x64
-
-mkdir Release\Vista\x86
-mkdir Release\Vista\x64
-
+::build for Windows 7
 mkdir Release\Windows7\x86
 mkdir Release\Windows7\x64
 
-call cmd.exe /c driver_build.bat x86 WXP Release\XP\x86
-call cmd.exe /c driver_build.bat x64 WNET Release\XP\x64
-
-::Copy the USBPcapCMD.exe
-copy USBPcapCMD\objfre_wxp_x86\i386\USBPcapCMD.exe Release\USBPcapCMD_x86.exe
-copy USBPcapCMD\objfre_wnet_amd64\amd64\USBPcapCMD.exe Release\USBPcapCMD_x64.exe
-
-call cmd.exe /c driver_build.bat x86 WLH Release\Vista\x86
-call cmd.exe /c driver_build.bat x64 WLH Release\Vista\x64
-
 call cmd.exe /c driver_build.bat x86 WIN7 Release\Windows7\x86
 call cmd.exe /c driver_build.bat x64 WIN7 Release\Windows7\x64
 
+::Copy the USBPcapCMD.exe
+copy USBPcapCMD\objfre_win7_x86\i386\USBPcapCMD.exe Release\USBPcapCMD_x86.exe
+copy USBPcapCMD\objfre_win7_amd64\amd64\USBPcapCMD.exe Release\USBPcapCMD_x64.exe
+
 ::Build for Windows 8
 mkdir Release\Windows8\x86
 mkdir Release\Windows8\x64

config.bat

@@ -7,7 +7,6 @@
 set _USBPCAP_SIGNTOOL="C:\Program Files (x86)\Windows Kits\8.1\bin\x64\signtool.exe"
 
 ::Development build - on x64 you have to use TESTSIGNING to load driver
-set _USBPCAP_SIGN_OPTS_SHA1=sign /v /fd sha1 /f %~dp0certificates\USBPcapTestCert.pfx /t https://timestamp.verisign.com/scripts/timstamp.dll
 set _USBPCAP_SIGN_OPTS_SHA256=sign /as /v /fd sha256 /f %~dp0certificates\USBPcapTestCert.pfx /tr https://sha256timestamp.ws.symantec.com/sha256/timestamp /td sha256
 ::Release build. Keep in mind you would have to replace the certificate
 ::name with your personal/company certificate.
@@ -16,8 +15,7 @@ set _USBPCAP_SIGN_OPTS_SHA256=sign /as /v /fd sha256 /f %~dp0certificates\USBPca
 ::
 ::For more information check out the Kernel-Mode Code Signing Walkthrough
 ::https://msdn.microsoft.com/en-us/library/windows/hardware/gg487328.aspx
-::set _USBPCAP_SIGN_OPTS_SHA1=sign /v /fd sha1 /ac "%~dp0certificates\Certum Trusted Network CA.crt" /n "Tomasz" /sha1 eb5953d4be69f30c80a87482f9f143ffc4070943 /t https://timestamp.verisign.com/scripts/timstamp.dll
-::set _USBPCAP_SIGN_OPTS_SHA256=sign /as /v /fd sha256 /ac "%~dp0certificates\Certum Trusted Network CA.crt" /n "Tomasz" /sha1 dffde5a56df4acac5a819150e3c0d8df236ddefe /tr https://sha256timestamp.ws.symantec.com/sha256/timestamp /td sha256
+::set _USBPCAP_SIGN_OPTS_SHA256=sign /as /v /fd sha256 /ac "%~dp0certificates\Certum Trusted Network CA.crt" /n "Tomasz" /tr https://sha256timestamp.ws.symantec.com/sha256/timestamp /td sha256
 
 ::_USBPCAP_VERSION specifies version of the installer.
 ::To update driver version edit USBPcapDriver\USBPcap.rc and

driver_build.bat

@@ -1,6 +1,6 @@
 ::Parameters:
 :: %1 - x86 or x64
-:: %2 - WXP, WLH or WIN7
+:: %2 - WIN7
 :: %3 - target directory
 
 call C:\WinDDK\7600.16385.1\bin\setenv.bat C:\WinDDK\7600.16385.1\ fre %1 %2
@@ -37,11 +37,8 @@ build -ceZg
 if exist build%BUILD_ALT_DIR%.err goto error
 
 ::Sign the USBPcapCMD.exe, it is not critical so do not fail on error
-%_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA1% USBPcapCMD\obj%BUILD_ALT_DIR%\%USBPcap_arch%\USBPcapCMD.exe
 %_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA256% USBPcapCMD\obj%BUILD_ALT_DIR%\%USBPcap_arch%\USBPcapCMD.exe
 
-%_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA1% USBPcapDriver\obj%BUILD_ALT_DIR%\%USBPcap_arch%\USBPcap.sys
-if errorlevel 1 goto error
 %_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA256% USBPcapDriver\obj%BUILD_ALT_DIR%\%USBPcap_arch%\USBPcap.sys
 if errorlevel 1 goto error
 
@@ -60,8 +57,7 @@ copy USBPcapDriver\obj%BUILD_ALT_DIR%\%USBPcap_arch%\USBPcap.sys %3
 copy USBPcapDriver\obj%BUILD_ALT_DIR%\%USBPcap_arch%\USBPcap.pdb %3
 copy USBPcapDriver\obj%BUILD_ALT_DIR%\%USBPcap_arch%\USBPcap.inf %3
 copy USBPcapDriver\obj%BUILD_ALT_DIR%\%USBPcap_arch%\%USBPcap_catalog% %3
-%_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA1% %3\%USBPcap_catalog%
-if errorlevel 1 goto error
 %_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA256% %3\%USBPcap_catalog%
+if errorlevel 1 goto error
 
 exit /B 0

driver_build_win7_64bit.bat

@@ -26,8 +26,6 @@ CALL config.bat
 build -ceZg
 if exist build%BUILD_ALT_DIR%.err goto error
 
-%_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA1% USBPcapDriver\obj%BUILD_ALT_DIR%\%USBPcap_arch%\USBPcap.sys
-if errorlevel 1 goto error
 %_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA256% USBPcapDriver\obj%BUILD_ALT_DIR%\%USBPcap_arch%\USBPcap.sys
 if errorlevel 1 goto error
 

driver_build_win8.bat

@@ -22,8 +22,6 @@ if exist %USBPcap_builddir% RMDIR /S /Q %USBPcap_builddir%
 Nmake2MsBuild dirs
 MSBuild dirs.sln /p:Configuration="Win8 Release"
 
-%_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA1% %USBPcap_builddir%\USBPcap.sys
-if errorlevel 1 goto error
 %_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA256% %USBPcap_builddir%\USBPcap.sys
 if errorlevel 1 goto error
 
@@ -41,8 +39,6 @@ copy %USBPcap_builddir%\USBPcap.sys %2
 copy %USBPcap_builddir%\USBPcap.pdb %2
 copy %USBPcap_builddir%\USBPcap.inf %2
 copy %USBPcap_builddir%\%USBPcap_catalog% %2
-%_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA1% %2\%USBPcap_catalog%
-if errorlevel 1 goto error
 %_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA256% %2\%USBPcap_catalog%
 if errorlevel 1 goto error
 

nsis/USBPcap.nsi

@@ -44,7 +44,6 @@ RequestExecutionLevel admin
 
  ; That will have written an uninstaller binary for us. Now we sign it
  ; with your favourite code signing tool.
- !system '$%_USBPCAP_SIGNTOOL% $%_USBPCAP_SIGN_OPTS_SHA1% $%TEMP%\Uninstall.exe' = 0
  !system '$%_USBPCAP_SIGNTOOL% $%_USBPCAP_SIGN_OPTS_SHA256% $%TEMP%\Uninstall.exe' = 0
 
  ; Good. Now we can carry on writing the real installer.
@@ -78,6 +77,29 @@ Page instfiles
 UninstPage uninstConfirm
 UninstPage instfiles
 
+Function EnsureSHA2IsSupported
+ push $0
+ push $1
+ push $2
+
+ StrCpy $2 0
+
+ System::Call "kernel32::LoadLibrary(t 'wintrust.dll') p .r1"
+ ${If} $1 != 0
+ System::Call "kernel32::GetProcAddress(p r1, t 'CryptCATAdminAcquireContext2') p .r2"
+ System::Call "kernel32::FreeLibrary(p r1)"
+ ${EndIf}
+
+ ${If} $2 == 0
+ MessageBox MB_OK|MB_ICONEXCLAMATION "Windows 7 without updates does not support SHA-2.$\nInstall KB3033929 or KB4474419 before installing USBPcap."
+ Quit
+ ${EndIf}
+
+ pop $2
+ pop $1
+ pop $0
+FunctionEnd
+
 Function .onInit
 !ifdef INNER
  ; If INNER is defined, then we aren't supposed to do anything except write
@@ -89,6 +111,19 @@ Function .onInit
  Quit ; just bail out quickly when running the "inner" installer
 !endif
 
+ ; It is no longer possible to get SHA-1 Kernel Mode Code Signing certificate
+ ; Windows 8 and later contain SHA-2 support built-in.
+ ; Windows 7 supports SHA-2 when KB3033929 or KB4474419 is installed.
+ ; Older Windows versions do not support SHA-2.
+ ${IfNot} ${AtLeastWin7}
+ MessageBox MB_OK "Unsupported Windows version. Only Windows 7, 8 and 10 are supported.$\nThe last USBPcap release supporting Windows XP and Vista was 1.5.3.0."
+ Quit
+ ${EndIf}
+
+ ${IfNot} ${AtLeastWin8}
+ Call EnsureSHA2IsSupported
+ ${EndIf}
+
  ${If} ${RunningX64}
  ${DisableX64FSRedirection}
  SetRegView 64
@@ -117,11 +152,6 @@ not_installed:
  Abort
 
 no_removal_pending:
- ${IfNot} ${AtLeastWinXP}
- MessageBox MB_OK "Unsupported Windows version. Only XP, Vista, 7, 8 and 10 are supported."
- Quit
- ${EndIf}
-
  ${If} ${RunningX64}
  StrCpy $INSTDIR "$PROGRAMFILES64\USBPcap"
  ${Else}
@@ -188,19 +218,11 @@ Section "USBPcap Driver" SEC_USBPCAPDRIVER
  File "..\Release\Windows8\x64\USBPcap.inf"
  File "..\Release\Windows8\x64\USBPcap.sys"
  File "..\Release\Windows8\x64\USBPcapamd64.cat"
- ${ElseIf} ${AtLeastWin7}
+ ${Else}
+ ; Assume 64-bit Windows 7
  File "..\Release\Windows7\x64\USBPcap.inf"
  File "..\Release\Windows7\x64\USBPcap.sys"
  File "..\Release\Windows7\x64\USBPcapamd64.cat"
- ${ElseIf} ${AtLeastWinVista}
- File "..\Release\Vista\x64\USBPcap.inf"
- File "..\Release\Vista\x64\USBPcap.sys"
- File "..\Release\Vista\x64\USBPcapamd64.cat"
- ${Else}
- ; Assume 64-bit XP
- File "..\Release\XP\x64\USBPcap.inf"
- File "..\Release\XP\x64\USBPcap.sys"
- File "..\Release\XP\x64\USBPcapamd64.cat"
  ${EndIf}
  ${Else}
  ${If} ${AtLeastWin10}
@@ -211,19 +233,11 @@ Section "USBPcap Driver" SEC_USBPCAPDRIVER
  File "..\Release\Windows8\x86\USBPcap.inf"
  File "..\Release\Windows8\x86\USBPcap.sys"
  File "..\Release\Windows8\x86\USBPcapx86.cat"
- ${ElseIf} ${AtLeastWin7}
+ ${Else}
+ ; Assume 32-bit Windows 7
  File "..\Release\Windows7\x86\USBPcap.inf"
  File "..\Release\Windows7\x86\USBPcap.sys"
  File "..\Release\Windows7\x86\USBPcapx86.cat"
- ${ElseIf} ${AtLeastWinVista}
- File "..\Release\Vista\x86\USBPcap.inf"
- File "..\Release\Vista\x86\USBPcap.sys"
- File "..\Release\Vista\x86\USBPcapx86.cat"
- ${Else}
- ; Assume 32-bit Win XP
- File "..\Release\XP\x86\USBPcap.inf"
- File "..\Release\XP\x86\USBPcap.sys"
- File "..\Release\XP\x86\USBPcapx86.cat"
  ${EndIf}
  ${EndIf}
 

nsis/build_installer.bat

@@ -26,7 +26,6 @@ if not defined nsis_compiler (
 
 if defined nsis_compiler (
  "%nsis_compiler%\makensis.exe" %~dp0USBPcap.nsi
- %_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA1% USBPcapSetup-%_USBPCAP_VERSION%.exe
  %_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA256% USBPcapSetup-%_USBPCAP_VERSION%.exe
  pause
 ) else (

wix/build.bat

@@ -7,14 +7,12 @@ if errorlevel 1 goto error
 %_WIX_PATH%\light.exe -nologo USBPcap-x86.wixobj -out USBPcap-x86.msi -ext WixUIExtension
 if errorlevel 1 goto error
 pause
-%_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA1% USBPcap-x86.msi
 %_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA256% USBPcap-x86.msi
 
 %_WIX_PATH%\candle.exe -nologo USBPcap.wxs -out USBPcap-x64.wixobj -ext WixUIExtension -arch x64 -dPlatform="x64"
 if errorlevel 1 goto error
 %_WIX_PATH%\light.exe -nologo USBPcap-x64.wixobj -out USBPcap-x64.msi -ext WixUIExtension
 if errorlevel 1 goto error
-%_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA1% USBPcap-x64.msi
 %_USBPCAP_SIGNTOOL% %_USBPCAP_SIGN_OPTS_SHA256% USBPcap-x64.msi
 
 :error