AnsweredAssumed Answered

amdihk64.dll not signed (causing EAC / anticheat issues in games)

Question asked by m105 on Jun 19, 2019
Latest reply on Aug 23, 2019 by doktord90

AMD Adrenalin ships an unsigned driver file (amdihk64.dll) which is placed into /system32/ folder.


Certain anti-cheats kick the player from game because of "untrusted system file", for example EAC does so for the game Rust since a recent update. It seems to be at the game developers' discretion, as some EAC-powered games have suffered from amdihk DLL in the past.

 

There are good technical reasons for anti-cheats of a variety of games to desire blocking unsigned/untrusted driver files in the system32 and system driver folders. I can know, as an anticheat developer (from another game) myself.

 

AMD, or any driver publisher, should NEVER ship unsigned driver files. "AMDIHK64" (AMD DVR component) is, as far I know, the only of such file that lacks a digital signing certificate. It's not just not valid, but completely absent, throughout recent releases of Radeon software.

 

The SHA256 hash of affected file, as Radeon Software version 19.6.2 installs to my PC, is 5ecf02b6de23f8c6736b3e757a273520ce926a8e1aa9e41d492933fc7cba75d6
The SHA256 hash of previous Radeon software (19.6.1) which was also affected, is 9d9790a63831f32596fcea09c7bd6365e0c58a0f587d2cd6da877775811f225c

 

Its not just anti-cheats that are affected, there are obvious reasons why DLL files of known, major (driver) software that are placed in system folders need to be signed. A lot of software can do trust checks and eventually fail. For the anti-cheat of popular games using EAC, you have now impacted hundreds of thousands of users, and they may decide to manually remove amdihk DLL file in safemode, leading to them not benefitting from AMD DVR functionality.. just in a bid to play the game. This isn't ideal.

 

Again, software/driver publishers should have developers that know what proper project practise is. Shipping out 99% valid signed DLLs and a single or a few unsigned files, is bad practise. Under correct practise, no issues like the anticheat one would arise. The solution is obvious.

 

I hope that this issue is forwarded, so that it can be resolved. You can find more past occurences of issues caused by AMD in this way, by going to: https://www.google.com/search?q=amdihk64.dll+eac

 

Please note that I was able to reproduce the problem by a clean install of Windows 10 build 1903 and immediately installing the latest Radeon Adrenalin software package; ATI drivers really place that unsigned file into your system32 folder, it's not corrupted or infected, it's not our PC's, it is AMD doing that by mistake.

 

I will personally solve it by removing the DLL file in windows safe mode, but I realize tons of other people are affected, so it needs to be reported. Note: I attached the latest version of the mentioned problematic file into this topic. It got included in the official driver update of 2 days ago, and lacks a digital signature entirely. I don't know if amdihk32.dll is also affected, since I don't have it.

Attachments

Outcomes