BenoitRen Posted December 2, 2006 Posted December 2, 2006 IE3 and up provide the Microsoft Cryptography component for Windows 95. Since I'm IE-free, I didn't have it, which made me run into bug 362404.So, I went ahead to install it manually. I inspected ohare.inf to do this.; Win95 Only CAPI System Files (NT Has CAPI installed)DIGSIG.DLL,,,32IMAGEHLP.DLL,,,32RSABASE.DLL,,,32SIGRES.EXE,,,32WINTRUST.DLL,,,32Those files were copied into the Windows\System directory.; CAPI Registry EntriesHKLM,"Software\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0","Image Path",2,"rsabase.dll"HKLM,"Software\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0","Type",3,01,00,00,00HKLM,"Software\Microsoft\Cryptography\Defaults\Provider Types\Type 001","Name",2,"Microsoft Base Cryptographic Provider v1.0"HKCU,"Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing","State",3,08,00,00,00These registry entries were created.rsabase.dll and wintrust.dll had to be registered with regsvr32.exe. I did so.Yet, the test program I got still doesn't work (the one in the bug has a mistake, I got a fixed one). So, I let Regmon loose. It finds the registry entries, then stops at:6.10455465 Capi:FFF22201 QueryValueEx 0xCB904E78\RSABASE NOTFOUNDI have no idea what it's looking for there. Some value in the memory?The second time it was this:2.61963844 Capi:FFF06F15 QueryValueEx 0xC123C34C\RSABASE NOTFOUNDAnyone know what this means?
BenoitRen Posted December 3, 2006 Author Posted December 3, 2006 But where doesn't it find it? There's just a binary address. Here is the context:2.71582723 Capi:FFF35BD9 OpenKey HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001 SUCCESS hKey: 0xC11E756C 2.71588635 Capi:FFF35BD9 QueryValueEx HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name SUCCESS 2.71594000 Capi:FFF35BD9 QueryValueEx HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name SUCCESS "Microsoft Base Cryptographic Provider v1.0" 2.71597433 Capi:FFF35BD9 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001 SUCCESS 2.71605992 Capi:FFF35BD9 OpenKey HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0 SUCCESS hKey: 0xC11E756C 2.71611214 Capi:FFF35BD9 QueryValueEx HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0\Type SUCCESS 0x1 2.71615124 Capi:FFF35BD9 QueryValueEx HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0\Image Path SUCCESS 2.71619916 Capi:FFF35BD9 QueryValueEx HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0\Image Path SUCCESS "rsabase.dll" 2.71624565 Capi:FFF35BD9 QueryValueEx HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0\Signature SUCCESS 2.71632004 Capi:FFF35BD9 QueryValueEx HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0\Signature SUCCESS 29 D2 93 D1 AF 2C C3 F1 ... 2.71635294 Capi:FFF35BD9 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0 SUCCESS 2.74032569 Capi:FFF35BD9 QueryValueEx 0xC123C34C\RSABASE NOTFOUND
Petr Posted December 3, 2006 Posted December 3, 2006 Apparently it is this one:REGEDIT4[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\KnownDLLs]"RSABASE"="RSABASE.DLL"I also don't know where to find that 0xC1CA61B0\RSABASE (in my case) means the above mentioned key and value.Petr
BenoitRen Posted December 3, 2006 Author Posted December 3, 2006 (edited) Thanks, Petr! I indeed didn't add RSABASE.DLL (and WINTRUST.DLL for that matter) to the list of Known DLLs. However, we're not there yet:3.14737034 Capi:FFF598AD QueryValueEx 0xC123C34C\RSABASE SUCCESS "RSABASE.DLL" 3.16416645 Capi:FFF598AD OpenKey HKLM\System\CurrentControlSet\Control SUCCESS hKey: 0xC11E6B90 3.16421032 Capi:FFF598AD QueryValueEx HKLM\System\CurrentControlSet\Control\Current User SUCCESS "Benoit" 3.16424489 Capi:FFF598AD CloseKey HKLM\System\CurrentControlSet\Control SUCCESS 3.16495848 Capi:FFF598AD QueryValueEx 0x0\EPbK BADKEY 3.16499853 Capi:FFF598AD QueryValueEx 0x0\EPvK BADKEY 3.16503692 Capi:FFF598AD QueryValueEx 0x0\SPvK BADKEY 3.16507435 Capi:FFF598AD QueryValueEx 0x0\SPbK BADKEY 3.16511273 Capi:FFF598AD QueryValueEx 0x0\RandSeed BADKEY 3.16571045 Capi:FFF598AD OpenKey HKLM\System\CurrentControlSet\Control SUCCESS hKey: 0xC11E6B90 3.16575122 Capi:FFF598AD QueryValueEx HKLM\System\CurrentControlSet\Control\Current User SUCCESS "Benoit" 3.16578078 Capi:FFF598AD CloseKey HKLM\System\CurrentControlSet\Control SUCCESS 3.16624403 Capi:FFF598AD OpenKey HKLM\System\CurrentControlSet\Control SUCCESS hKey: 0xC11E6B90 3.16628480 Capi:FFF598AD QueryValueEx HKLM\System\CurrentControlSet\Control\Current User SUCCESS "Benoit" 3.16631436 Capi:FFF598AD CloseKey HKLM\System\CurrentControlSet\Control SUCCESS 3.16730237 Capi:FFF598AD CloseKey 0x0 BADKEYIt already gave that before, but I thought it was because it didn't find the RSABASE key. After these, it just goes on to look for other provider types, and fails.By the way, how did you find out where that address referred to?EDIT: Hey, it turns out that Cryptography was successfully installed after all before I posted this thread! I just didn't bother to check the full output of the capi test program. The first it gives me is:Provider type = PROV_RSA_FULLloaded advapi32.dll successfullyfailed to look up RtlGenRandom: 127looked up CryptAcquireContextA successfullylooked up CryptReleaseContext successfullylooked up CryptGenRandom successfullyCryptAcquireContextA succeededCryptGenRandom succeededRNG_SystemRNG returned 1024Yay!I guess the rest are providers that aren't installed. Edited December 3, 2006 by BenoitRen
Petr Posted December 3, 2006 Posted December 3, 2006 By the way, how did you find out where that address referred to?I used REGMON on my Win98SE computer and then looked for the value using regedit search function.Petr
BenoitRen Posted December 3, 2006 Author Posted December 3, 2006 Could you explain in more detail? When I search for either hexadecimal value in Regedit, I don't find anything.
Petr Posted December 4, 2006 Posted December 4, 2006 Could you explain in more detail? When I search for either hexadecimal value in Regedit, I don't find anything.I was searching for RSABASE.DLL in RSABASE.Petr
BenoitRen Posted December 4, 2006 Author Posted December 4, 2006 Oh, so you just identified what other values had RSABASE. Okay.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now