EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKCS11 Cert Storage with 64 bits dll

Posted: 07/14/2011 17:31:21
by Ken Ivanov (Team)

I did some deeper investigations of the issue. While the crash is immediately caused by a missing exception handler in the proxy DLL (I've fixed this), the overall result is not that optimistic. The problem is that the LoadLibrary() call fails for the driver DLL (i.e. the DLL just can't be loaded into the address space of the process). I checked the driver with Dependency Walker, and it reported a bunch of mistakes, namely
Error: At least one module has an unresolved import due to a missing export function in an implicitly dependent module.
Error: Modules with different CPU types were found.
Warning: At least one delay-load dependency module was not found.
Warning: At least one module has an unresolved import due to a missing export function in a delay-load dependent module.

Note that I've installed the complete driver package from ActivIdentity, so all the necessary dependency DLLs should have been added to the system. For now the problem seems to be related to some driver problem for me, like a compilation issue or some missing files in the distribution.

I am attaching the fixed driver DLL that is free of the crash issue. It works fine with a number of 64 bit PKCS11 drivers (e.g. with the one from Athena) for us.

[ Download ]
Posted: 07/15/2011 04:05:22
by Jose Aznar (Standard support level)
Joined: 02/14/2008
Posts: 14

I have tested several PKCS#11 driver DLLs and the message of incorrect program format remains.

I have copied ACPKCS211RC.dll (Active identity PKCS#11 DLL) to system32 folder. Testing this DLL (with dependency walker) results no dependencies missing and no different CPU formats, so I think that's alright from this side.

The CryptoTokenDemo is x64 compiled as usual.

Could be possible that proxy DLL is for 32 bits and not for 64? How can I check if proxy dll is for 32 or 64? (dependency walker doesn't open it)

I have tested with Aladdin etoken, Active identity and spanish id card with the same results.

Posted: 07/15/2011 07:08:47
by Jose Aznar (Standard support level)
Joined: 02/14/2008
Posts: 14

I tried to attach bit4ipki.dll, the DLL which is trying to use the final customer, but it's too big.

Anyway, you can download it from:

Hope it will be useful. Thanks.
Posted: 07/15/2011 10:02:45
by Ken Ivanov (Team)

Thank you for the link. I have installed the bit4id driver and... sadly (or happily), it worked fine for me. I was unable to check it with a token, but at least the sample displayed a list of installed slots for me, indicating that the proxy DLL and the driver do work together.

Please find attached the compiled application that works fine for us. Please unpack it to some temporary location and run the executable. Then select the driver DLL and try to open it.

The driver DLL attached here has logging capabilities. If the sample won't work for you, please enable logging in the following way:
1) Create a HKEY_CURRENT_USER\Software\EldoS\PKCS11ID registry key,
2) Add a "LogFile" string value to the created key, and assign it with a path to the log file (e.g. E:\Temp\PKCS11Log.txt),
3) Start the application again and lead it to a crash. Then check the log file.

UPD: the sample is too big to be accepted by the forum. I've created a Helpdesk ticket for you and will post the file there.



Topic viewed 9203 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!