OpenedFilesView on x64 system – when driver signing test mode is turned on
A few months ago, I posted some information about moving to x64 system and explained the problem with creating 64-bit version of OpenedFilesView.
A few users that read my Blog post suggested that I use the trick described in the following article: Solving 64-Bit Windows' "I Only Want Signed Drivers!" Tantrums.
After checking this method, I found out that some information in this article is inaccurate, but in the end I managed to get it work. First, this article suggest to use 'bcdedit /set testsigning on' command in order to turn on the mode that allows to load drivers that are not signed by Microsoft. However, this article doesn't mention that this command takes effect only after system restart. Also, this article says that I must install the certificate on the computer that I want to load the driver. In fact, I found out that I can load my driver even without installing the certificate, as long as I sign my driver with my dummy signature, and the driver signing test mode is turned on.
Although many users may not want to turn on the driver signing test mode just to use my OpenedFilesView utility, I decided to create unofficial release of OpenFilesView/x64 that can be used when the test mode is on. I also added a few lines of code that automatically offer the user to turn on this test mode when the driver cannot be loaded.
You can download the x64 release of OpenedFilesView from here.
In the first time that you try to run it, OpenedFilesView will ask you if you want to turn on the driver test mode. If you choose 'Yes', you'll have to manually reboot your system in order to start using OpenedFilesView. After reboot, your system will be loaded in test mode, which allows OpenedFilesView to load the driver and work properly.
Be aware that Windows continue to work in this test mode even after reboot. If you want to turn off this test mode, you can choose 'Help->Turn Off Test Mode' in the menu bar of OpenedFilesView, and then restart the computer.
OpenedFilesView in Windows 7/x64
January 10th, 2010 at 2:16 pm
Don't forget about us 64-bit XP/2003 users. The signed driver enforcement (combined with Patchgaurd and DRM) is why I switched back to XP. Thanks for all your 64-bit versions.
January 28th, 2010 at 9:20 am
http://www.nirsoft.net/utils/opened_files_view.html doesn't have a link to http://www.nirsoft.net/utils/ofview-x64.zip
February 13th, 2010 at 2:40 am
I've heard that you can get a code signing certificate (which supports Vista/7 kernel-mode signing) through Tucows for $75 (which is a lot cheaper than $500 that Verisign wants) - maybe you could ask for donations for the certificate?
September 22nd, 2010 at 6:26 pm
I used this in test driver mode. After restart and shutting off test mode, my computer could no longer map drives on the netowrk (ones that had been succesfully mapped just prior to running this app).....beware....real bummer.
January 24th, 2011 at 2:57 pm
Just would like to add here, since there's no specific page to report problems :
ProcessActivityView v1.11 x64
.... still crashes EVERY program you give it, on Win7 64bit.
Don't really know if this may have anything related to it, but Comodo IS was installed on my system.
Tested processes (all crashed badly) :
firefox.exe
dopus.exe
handycache.exe
January 26th, 2011 at 3:10 am
In your fourth sentence: "suggested to use" is incorrect. "suggested using" is correct. "Suggest" should never be used with a "to" without an object. Like in the following where "Ron" is the object: "He suggested to Ron that he wear pants to the wedding."
So when you write "suggested to use" it sounds like there's a person named "use", or that you've mis-typed "us". But I know you didn't mis-type "us" since in this context it would have to be followed by "that".
Et voila! You're welcome.
February 19th, 2011 at 8:18 am
For future reference, BCD stands for Boot Configuration Data. If you edit the Boot Configuration Data, nothing happens until next time you boot.
Putting a bit more information on wha the option does would be handy just a line like:
"You will (still/no longer) be prompted before unsigned drivers are installed" in the message box. Delete as appropriate - I haven't checked which it is.
May 19th, 2011 at 5:48 am
I will have to say bye to one of my favorite utilities. Run Nothing in test mode.
August 27th, 2011 at 1:33 am
Am I the only one who sees how wack this is? The premise of this utility is awesome. But this 64bit implementation defeats the purpose of this program. Every issue this app fixes can be resolved with a reboot. Its purpose is to allow you to NOT have to reboot your machine and still fix your issues.
Keeping your system running in test mode day after day just to have this program available for use it not wise. It then becomes an anti-security application.
Get the code signing certificate! Ask for donations if you must (i'll give some, hell u got my email to contact).
September 1st, 2011 at 9:46 am
Not that I detract from a great utility, but if seeing a list of the open file handles is what you want. You can do this with the SysInternals Resource Monitor as described here: http://www.sevenforums.com/tutorials/12531-resource-monitor-view-handles-modules.html
Its not as clean and as neat a solution as the OpenFilesView but does not required the hacks that may open ones system up to the sorts of vulnerabilities which driver signing is intended to thwart.
November 5th, 2011 at 8:07 am
I clicked through doing this before I read some of these comments (and before I realized that the reason I was doing what I was doing did not require me to look at the open files). So now I want to revert it.
What's the name of the certificate that the program creates?
February 1st, 2012 at 10:27 pm
Hmm - just installed this to try and solve a problem I am having.
Two issues - I can't turn off the TestMode as the menu item is greyed out. And when I run I get an error Error in loading the opened files list Error Code 100002 and no files displayed. This is on 64bit Win 7
March 5th, 2012 at 12:47 pm
Hello all, I found OpenedFilesView yesterday, searching for a REAL solution for capturing (or something like that) closed files, in a delphi program I'm writing.
unfortunately, on 64bit Windows 7 the program doesn't list all files opened, like pictures or txt files.
Btw, great utility...tnx NirSoft
alex
May 9th, 2012 at 12:55 pm
tandblekninng med laser...
[...]2 Hi there, I found your web site via Google while searching for a related to nr[...]...
May 29th, 2012 at 11:42 am
I tripped the "driver signing test mode" to on and restarted my system. Unfortunately, this breaks the BitLocker software on my computer. After entering the Recovery Password for BitLocker I turned the mode off and restarted. This didn't fix the problem and I don't know where to go from here. Are there any suggestions on how I can make BitLocker return to normal operation?
Thanks,
Nick
March 23rd, 2013 at 8:45 am
Is there a way to get the 32-bit software to run on my Win7 64bit? I dont wanna use Test Mode or restart my system everytime i need this tool, i tryed running the 32-bit tool but it always gioves me an error, any solutions for this? kind regards