On Fri, Apr 03, 2020 at 14:56:05 -0400, Nathan Stratton Treadway wrote:
> However, when I search under c:\windwos\, the tap0901.sys files found
> are different:
>
> =====
> C:\Windows>dir /s tap0901.*
> Volume in drive C is Windows
> Volume Serial Number is 0687-5D0C
>
> Directory of C:\Windows\System32\drivers
> 10/31/2019 02:09 AM 30,720 tap0901.sys
> 1 File(s) 30,720 bytes
>
> Directory of
> C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_6d4bec28a2ef0cdf
> 10/31/2019 02:11 AM 10,042 tap0901.cat
> 10/31/2019 02:09 AM 30,720 tap0901.sys
> 2 File(s) 40,762 bytes
>
> Total Files Listed:
> 3 File(s) 71,482 bytes
> 0 Dir(s) 79,828,119,552 bytes free
> =====
>
Just to wrap up some a few loose ends: the 10,042-byte tap0901.cat file
from the DriverStore... directory _does_ seem to have the unwanted
"OpenVPN, Inc." signature:
=====
$ ls -l failed_DriverStore_oemvista.inf_amd64_6d4bec28a2ef0cdf_tap0901.cat
-rw-rw-r-- 1 nathanst nathanst 10042 Apr 3 16:22
failed_DriverStore_oemvista.inf_amd64_6d4bec28a2ef0cdf_tap0901.cat
$ sha1sum failed_DriverStore_oemvista.inf_amd64_6d4bec28a2ef0cdf_tap0901.cat
d99e38968de1ca1850971a2b81bfdab49626aaed
failed_DriverStore_oemvista.inf_amd64_6d4bec28a2ef0cdf_tap0901.cat
$ strings failed_DriverStore_oemvista.inf_amd64_6d4bec28a2ef0cdf_tap0901.cat |
grep "OpenVPN\|Code Sign"
"DigiCert EV Code Signing CA (SHA2)0
OpenVPN Inc.1
OpenVPN Inc.0
"DigiCert EV Code Signing CA (SHA2)0
"DigiCert EV Code Signing CA (SHA2)
=====
As I mentioned in the previous email, the
emvista.inf_amd64_6d4bec28a2ef0cdf has a timestamp which coincides with
the moment that the OpenVPN installer was being run.
However, I noticed that the oem43.inf file does have an earlier
timestamp:
=====
Directory of c:\windows\inf
03/26/2020 04:03 PM 7,537 oem43.inf
03/27/2020 11:09 AM 8,828 oem43.PNF
=====
... though weirdly Windows on that box was reinstalled in the _morning_ of
3/26, and 16:03 doesn't correspond to any entries at all in the
setupapi.dev.log file (which jumps from 2020/03/26 12:30:18 in one entry
to 2020/03/27 07:50:45 in the next). So it doesn't quite seem like
oem43.inf would have been created during the initial reinstall of
Windows, but I also don't know what would have created it later that
day...
The c:\windows\inf\oem43.inf file is identical to the one in C:\Program
Files\TAP-Windows\driver:
=====
$ sha1sum failed_windows-inf_oem43.inf failed_program-files_OemVista.inf
d85f4e65fe10f13ded1780ddbd074edfc75f2d25 failed_windows-inf_oem43.inf
d85f4e65fe10f13ded1780ddbd074edfc75f2d25 failed_program-files_OemVista.inf
=====
... but I suppose that might just indicate that the Win7 and Win10
versions of that file are identical (if in fact the \windows\inf\ copy
came from the Win7 drivers somehow).
Nathan
----------------------------------------------------------------------------
Nathan Stratton Treadway - [email protected] - Mid-Atlantic region
Ray Ontko & Co. - Software consulting services - http://www.ontko.com/
GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239
Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
