On Mon, 2006-08-07 at 11:44 -0700, James Hawkins wrote: > On 8/7/06, Paul Vriens <[EMAIL PROTECTED]> wrote: > > > > > When I run process explorer without tracing/debugging everything is > > fine. As soon as I add +wintrust,+heap it fails again. There is most > > likely some heap corruption somewhere (couldn't be more vague). > > > > Alexandre's patch to add more free list entries only masked the problem, > > as far as I can see from the results. > > > > Cheers and sorry for the misleading remarks, > > > > Can you explain your comment, "Process Explorer expects a correct > implementation" concerning WinVerifyTrust? When it calls > WinVerifyTrust and we return ERROR_SUCCESS, what does it do with that > information that causes the application to fail? Even if we took the > time to implement WinVerifyTrust, we would still return ERROR_SUCCESS > and the situation wouldn't be any different. In the meantime, several > installers are hanging up because of this. > It just turned out (and that makes sense of course) that when returning a real error Process Explorer uses a different code path. The calls PE uses are:
CryptCATAdminAcquireContext (stubbed) CryptCATAdminCalcHashFromFileHandle (stubbed) CryptCATAdminReleaseContext (stubbed) and then WinVerifyTrust (stubbed as well). Before Alexandre's patch it always failed when returning ERROR_SUCCESS, now it only fails when extra debugging is added. I have no clue (yet) where the heap corruption comes from. I can live btw with a default of ERROR_SUCCESS as that will work (100% ?) when run as an ordinary user. There is however something fishy going on. Cheers, Paul.
