OpenedFilesView on x64 system – when driver signing test mode is turned on

A few months ago, I posted some information about moving to x64 system and explained the problem with creating 64-bit version of OpenedFilesView.
A few users that read my Blog post suggested that I use the trick described in the following  article:  Solving 64-Bit Windows' "I Only Want Signed Drivers!" Tantrums.
After checking this method, I found out that some information in this article is inaccurate, but in the end I managed to get it work. First, this article suggest to use 'bcdedit /set testsigning on' command in order to turn on the mode that allows to load drivers that are not signed by Microsoft. However, this article doesn't mention that this command takes effect only after system restart.  Also, this article says that I must install the certificate on the computer that I want to load the driver. In fact, I found out that I can load my driver even without installing the certificate, as long as I sign my driver with my dummy signature, and the driver signing test mode is turned on.

Although many users may not want to turn on the driver signing test mode just to use my OpenedFilesView utility, I decided to create unofficial release of OpenFilesView/x64 that can be used when the test mode is on. I also added a few lines of code that automatically offer the user to turn on this test mode when the driver cannot be loaded.

You can download the x64 release of OpenedFilesView from here.

In the first time that you try to run it, OpenedFilesView will ask you if you want to turn on the driver test mode. If you choose 'Yes', you'll have to manually reboot your system in order to start using OpenedFilesView.  After reboot, your system will be loaded in test mode, which allows OpenedFilesView to load the driver and work properly.

Be aware that Windows continue to work in this test mode even after reboot. If you want to turn off this test mode, you can choose 'Help->Turn Off Test Mode'  in the menu bar of  OpenedFilesView, and then restart the computer.

OpenedFilesView in Windows 7/x64

OpenedFilesView in Windows 7/x64

18 Responses to “OpenedFilesView on x64 system – when driver signing test mode is turned on”

  1. senate Says:

    Don't forget about us 64-bit XP/2003 users. The signed driver enforcement (combined with Patchgaurd and DRM) is why I switched back to XP. Thanks for all your 64-bit versions.

  2. Craig Prichard Says:

    http://www.nirsoft.net/utils/opened_files_view.html doesn't have a link to http://www.nirsoft.net/utils/ofview-x64.zip

  3. ender Says:

    I've heard that you can get a code signing certificate (which supports Vista/7 kernel-mode signing) through Tucows for $75 (which is a lot cheaper than $500 that Verisign wants) - maybe you could ask for donations for the certificate?

  4. JR Says:

    I used this in test driver mode. After restart and shutting off test mode, my computer could no longer map drives on the netowrk (ones that had been succesfully mapped just prior to running this app).....beware....real bummer.

  5. Jan Pieter Says:

    Just would like to add here, since there's no specific page to report problems :

    ProcessActivityView v1.11 x64

    .... still crashes EVERY program you give it, on Win7 64bit.
    Don't really know if this may have anything related to it, but Comodo IS was installed on my system.

    Tested processes (all crashed badly) :

    firefox.exe
    dopus.exe
    handycache.exe

  6. Uncle Fred Says:

    In your fourth sentence: "suggested to use" is incorrect. "suggested using" is correct. "Suggest" should never be used with a "to" without an object. Like in the following where "Ron" is the object: "He suggested to Ron that he wear pants to the wedding."

    So when you write "suggested to use" it sounds like there's a person named "use", or that you've mis-typed "us". But I know you didn't mis-type "us" since in this context it would have to be followed by "that".

    Et voila! You're welcome.

  7. Graham Says:

    For future reference, BCD stands for Boot Configuration Data. If you edit the Boot Configuration Data, nothing happens until next time you boot.

    Putting a bit more information on wha the option does would be handy just a line like:
    "You will (still/no longer) be prompted before unsigned drivers are installed" in the message box. Delete as appropriate - I haven't checked which it is.

  8. George Worley Says:

    I will have to say bye to one of my favorite utilities. Run Nothing in test mode.

  9. mastapat11 Says:

    Am I the only one who sees how wack this is? The premise of this utility is awesome. But this 64bit implementation defeats the purpose of this program. Every issue this app fixes can be resolved with a reboot. Its purpose is to allow you to NOT have to reboot your machine and still fix your issues.
    Keeping your system running in test mode day after day just to have this program available for use it not wise. It then becomes an anti-security application.
    Get the code signing certificate! Ask for donations if you must (i'll give some, hell u got my email to contact).

  10. Ken Baltrinic Says:

    Not that I detract from a great utility, but if seeing a list of the open file handles is what you want. You can do this with the SysInternals Resource Monitor as described here: http://www.sevenforums.com/tutorials/12531-resource-monitor-view-handles-modules.html

    Its not as clean and as neat a solution as the OpenFilesView but does not required the hacks that may open ones system up to the sorts of vulnerabilities which driver signing is intended to thwart.

  11. MOster Says:

    I clicked through doing this before I read some of these comments (and before I realized that the reason I was doing what I was doing did not require me to look at the open files). So now I want to revert it.

    What's the name of the certificate that the program creates?

  12. Dave Says:

    Hmm - just installed this to try and solve a problem I am having.

    Two issues - I can't turn off the TestMode as the menu item is greyed out. And when I run I get an error Error in loading the opened files list Error Code 100002 and no files displayed. This is on 64bit Win 7

  13. Alex Says:

    Hello all, I found OpenedFilesView yesterday, searching for a REAL solution for capturing (or something like that) closed files, in a delphi program I'm writing.
    unfortunately, on 64bit Windows 7 the program doesn't list all files opened, like pictures or txt files.

    Btw, great utility...tnx NirSoft
    alex

  14. tandblekninng med laser Says:

    tandblekninng med laser...

    [...]2 Hi there, I found your web site via Google while searching for a related to nr[...]...

  15. Nick Says:

    I tripped the "driver signing test mode" to on and restarted my system. Unfortunately, this breaks the BitLocker software on my computer. After entering the Recovery Password for BitLocker I turned the mode off and restarted. This didn't fix the problem and I don't know where to go from here. Are there any suggestions on how I can make BitLocker return to normal operation?

    Thanks,

    Nick

  16. Michael Says:

    Is there a way to get the 32-bit software to run on my Win7 64bit? I dont wanna use Test Mode or restart my system everytime i need this tool, i tryed running the 32-bit tool but it always gioves me an error, any solutions for this? kind regards

  17. Jdonnner Says:

    Stop being such an ass and fix the bloody tool, the X86 version doesn't work on Windows 7 X64 and I'm not the only one who noticed that (read the comments!).

  18. Bhushan Says:

    Dear developer, I don't want to put my computers into Test Mode as its not ideal. Could you please advise me the cost of signing the software drivers which will work on any windows 7/8 computers without putting them on Test Mode? I am ready to pay for the certificate and your labor cost if its not too high. You have my email! Cheers!!

Leave a Reply