| 41 | | After lots of googling about what this error means, I have finally tracked it down to the IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY flag in the DLL's optional PE header which causes it to be validated upon load just like I've seen in the Process Monitor. Validating it with `signtool /kp` (with Kernel Model Signing Policy) confirms that without that flag, the valiation succeeds but with it, it fails. |
| 42 | | Indeed, if I remove that flag with a PE editor, the DLL loads successfully. |
| | 41 | After lots of googling about what this error means, I have finally tracked it down to the IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY flag in the DLL's optional PE header which causes it to be validated upon load just like I've seen in the Process Monitor. Validating it with `signtool verify /kp` (with Kernel Model Signing Policy) confirms that without the `/kp` switch, the valiation succeeds but with it, it fails. |
| | 42 | Indeed, if I remove the integrity flag from the DLL with a PE editor, the DLL loads successfully. |