- Forum
- Windows Programming
- Question to ask about CSP in Vista and X
Question to ask about CSP in Vista and XP
Advapi32.dll
As what I understand by reading the Microsoft Cryptographic Service Provider Development Kit manual, in order for me to perform signing I need to replace the advapi32.dll in c:\windows\system32 folder.
For Windows 2000, from the manual – I need to rename the current advapi32 to advapi32.bak. Then I expand it the appreciate advapi32.dll for the test platform and replace it in the c:\windows\system32 directory.
For Windows XP and Vista, can I do it the same way/do I also need to replace the advapi32.dll for the purpose to test the signing process?
I try to do it in Vista, but I get a warning message seems that not allowed to modify any files in c:\windows\system32 directory.
UAC in Vista
After I get stuck to replace the advapi32.dll in Vista, one of my colleague told me that it is not necessary to replace the advapi32.dll coz it is only for the purpose to test the signing. So I start to register the dll in Vista. But I got the error msg -the module “mimoscsp.dll” was loaded but the call to DllregisterServer failed with error code 0x800900006-.
I check from the net and I found out that it might be regarding the UAC in Vista. So, I’ve tried to look from net and find out that I need to create a manifest file.
So, my manifest file is like this:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
<ms_asmv2:security>
<ms_asmv2:requestedPrivileges>
<ms_asmv2:requestedExecutionLevel level="asInvoker" />
</ms_asmv2:requestedExecutionLevel>
</ms_asmv2:requestedPrivileges>
</ms_asmv2:security>
</ms_asmv2:trustInfo>
</assembly>
But I still get the same error.
I already try to run the cmd prompt in Vista-Run as Administrator – but still get the same error.
I try to run VS Studio 2005-Run as Administrator, compile the file, replace to file in c:\windows\system32 – register the dll-> but still get error.
And now I’m stuck. I’m not sure what direction should I take now. Hope you can give opinion about this. Thanks.
As what I understand by reading the Microsoft Cryptographic Service Provider Development Kit manual, in order for me to perform signing I need to replace the advapi32.dll in c:\windows\system32 folder.
For Windows 2000, from the manual – I need to rename the current advapi32 to advapi32.bak. Then I expand it the appreciate advapi32.dll for the test platform and replace it in the c:\windows\system32 directory.
For Windows XP and Vista, can I do it the same way/do I also need to replace the advapi32.dll for the purpose to test the signing process?
I try to do it in Vista, but I get a warning message seems that not allowed to modify any files in c:\windows\system32 directory.
UAC in Vista
After I get stuck to replace the advapi32.dll in Vista, one of my colleague told me that it is not necessary to replace the advapi32.dll coz it is only for the purpose to test the signing. So I start to register the dll in Vista. But I got the error msg -the module “mimoscsp.dll” was loaded but the call to DllregisterServer failed with error code 0x800900006-.
I check from the net and I found out that it might be regarding the UAC in Vista. So, I’ve tried to look from net and find out that I need to create a manifest file.
So, my manifest file is like this:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
<ms_asmv2:security>
<ms_asmv2:requestedPrivileges>
<ms_asmv2:requestedExecutionLevel level="asInvoker" />
</ms_asmv2:requestedExecutionLevel>
</ms_asmv2:requestedPrivileges>
</ms_asmv2:security>
</ms_asmv2:trustInfo>
</assembly>
But I still get the same error.
I already try to run the cmd prompt in Vista-Run as Administrator – but still get the same error.
I try to run VS Studio 2005-Run as Administrator, compile the file, replace to file in c:\windows\system32 – register the dll-> but still get error.
And now I’m stuck. I’m not sure what direction should I take now. Hope you can give opinion about this. Thanks.
I don't really know enough about the subject to say much, but I don't think you should be replacing core Windows DLLs.
To implement a CSV, you need to write your own DLL that implements (or forwards) the cryptographic API functions, and register it with windows.
The system32 directory is specifically protected because it is where the system resides. Unfettered access to it is a major security breach. Part of XP's problem was that it couldn't always prevent people from messing with that directory, so it had a hash table to determine whether or not something was modified, so that it could be automatically restored to its pre-modified state.
In order to have your CSP signed, you need to contact Microsoft. I don't know if they charge anything to do it, but the whole point of signing is that only Microsoft can do it (supposedly), so that the OS (or anyone else) can check the signature against Microsoft's public key(s) to determine its validity. Remember, the whole point of a signature is to indicate the level of trust the OS can have in the program.
Vista was redesigned to make messing with the system much more difficult --hence, more secure. Normal users (including Administrator) do not have the right to significantly modify the OS (kernel32.dll and advapi32.dll are the core modules in the OS).
Sorry I couldn't be of any help. I don't know more about Vista than that. I think that there is a certain "super-administrator" permission that you need in Vista to get access to such things.
To implement a CSV, you need to write your own DLL that implements (or forwards) the cryptographic API functions, and register it with windows.
The system32 directory is specifically protected because it is where the system resides. Unfettered access to it is a major security breach. Part of XP's problem was that it couldn't always prevent people from messing with that directory, so it had a hash table to determine whether or not something was modified, so that it could be automatically restored to its pre-modified state.
In order to have your CSP signed, you need to contact Microsoft. I don't know if they charge anything to do it, but the whole point of signing is that only Microsoft can do it (supposedly), so that the OS (or anyone else) can check the signature against Microsoft's public key(s) to determine its validity. Remember, the whole point of a signature is to indicate the level of trust the OS can have in the program.
Vista was redesigned to make messing with the system much more difficult --hence, more secure. Normal users (including Administrator) do not have the right to significantly modify the OS (kernel32.dll and advapi32.dll are the core modules in the OS).
Sorry I couldn't be of any help. I don't know more about Vista than that. I think that there is a certain "super-administrator" permission that you need in Vista to get access to such things.
Last edited on
Topic archived. No new replies allowed.