EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CryptoAPI issue. Frozen application

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#368
Posted: 06/01/2006 07:37:50
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

Hi!,

One of my customers, have a cryptoapi that is doing weird things. When the application tries to access certificate stores, it frozes. It also happens in Internet Explorer; so i think that the problem is in WINDOWS (not in eldos). But i'm writing this to see if you know why is it happening to tell the customer to do X things.

My application generated this callstack (eurekalog):
Quote

|Dirección|Módulo |Unidad |Clase |Procedimiento/Método |Línea |
---------------------------------------------------------------------------------------------------------------------------------------------
| Thread en Excepción: ID=3080; Prioridad=0; Clase=; [Principal] |
|-------------------------------------------------------------------------------------------------------------------------------------------|
|7C91EB94 |ntdll.dll | | |KiFastSystemCall | |
|7C91E3EB |ntdll.dll | | |NtRequestWaitReplyPort | |
|77E5A713 |RPCRT4.dll | | |I_RpcSendReceive | |
|77E5A6F3 |RPCRT4.dll | | |I_RpcSendReceive | |
|77E5A742 |RPCRT4.dll | | |NdrSendReceive | |
|77E5A71F |RPCRT4.dll | | |NdrSendReceive | |
|7C921B04 |ntdll.dll | | |RtlLogStackBackTrace | |
|7C9206E6 |ntdll.dll | | |RtlAllocateHeap | |
|7C9205D4 |ntdll.dll | | |RtlAllocateHeap | |
|7C9110ED |ntdll.dll | | |RtlLeaveCriticalSection | |
|7C921AD1 |ntdll.dll | | |RtlInitializeCriticalSectionAndSpinCount| |
|77E5EE44 |RPCRT4.dll | | |RpcBindingFromStringBindingW | |
|7C9206E6 |ntdll.dll | | |RtlAllocateHeap | |
|7C9205D4 |ntdll.dll | | |RtlAllocateHeap | |
|7C9110ED |ntdll.dll | | |RtlLeaveCriticalSection | |
|0FFDED69 |rsaenh.dll | | |CPAcquireContext | |
|77DB7F96 |advapi32.dll | | |CryptAcquireContextA | |
|006161C7 |Exploradorp.exe|SBWinCertStorage.pas |TElWinCertStorage |GetCertificates |340[62] |


So the problem is in GetCertificates (obvious! ;)).

Addition information about his computer:
Quote

4.8 Procesador : Intel® Pentium® M processor 1.80GHz
4.9 Modo de pantalla : 1280 x 1024, 32 bit

Sistema Operativo:
-----------------------------------------
5.1 Tipo : Microsoft Windows XP
5.2 Build # : 2600
5.3 Actualización: Service Pack 2
5.4 Lenguaje : Spanish

---------------------------------------------------------------------------------------------------------------------------------------------

Información de Módulos:
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|Identificador/Handle|Nombre |Descripción |Versión |Tamaño |Última modificación|Ruta |
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|00000000000000400000|Exploradorp.exe |Explorador Seguro de Larraby |0.9.0.312 |4156416|2006-05-22 16:41:46|C:\Archivos de programa\Larraby\Explorador Larraby |
|00000000000002C70000|NeroDigitalExt.dll|Nero Digital Shell Extension |2.0.0.8 |1802240|2005-11-15 11:07:16|C:\Archivos de programa\Archivos comunes\Ahead\Lib |
|00000000000002FE0000|btwpimif.dll |BTWPIMIF DLL |1.4.2.10 |40960 |2003-12-01 15:15:00|C:\WINDOWS\System32 |
|00000000000003000000|btosif.dll |BTOSIF DLL |1.4.2.10 |118784 |2003-12-01 15:14:00|C:\WINDOWS\System32 |
|00000000000003020000|CSH.dll |User RunTime Communication DLL |2.0.39.0 |50176 |2002-07-15 15:58:00|C:\WINDOWS\system32 |
|00000000000003160000|BTNEIG~1.DLL |BTNeighborhood DLL |1.4.2.10 |790611 |2003-12-01 15:27:00|C:\WINDOWS\System32 |
|00000000000003230000|wbtapi.dll |WBTApi DLL |1.4.2.10 |536643 |2003-12-01 15:22:00|C:\WINDOWS\System32 |
|00000000000003300000|msi.dll |Windows Installer |3.1.4000.2435 |2890240|2005-05-04 14:45:32|C:\WINDOWS\System32 |
|000000000000035E0000|btrez.dll |btrez DLL |1.4.1.2 |2838528|2003-03-24 10:38:00|C:\WINDOWS\system32 |
|0000000000000FFD0000|rsaenh.dll |Microsoft Enhanced Cryptographic Provider |5.1.2600.2161 |152576 |2004-08-03 22:31:44|C:\WINDOWS\system32 |
|00000000000010000000|PGPhk.dll |PGP Hook Library |8.0.3.0 |36864 |2003-10-27 12:49:42|C:\WINDOWS\system32 |
|00000000000011320000|pciappctrl.dll |NetSupport Application Control DLL |9.0.0.0 |81987 |2004-11-09 19:08:20|C:\Archivos de programa\NetSupport Manager |
|00000000000020000000|xpsp2res.dll |Mensajes de Service Pack 2 |5.1.2600.2180 |2966528|2004-08-19 15:40:42|C:\WINDOWS\system32 |
|000000000000597F0000|netapi32.dll |Net Win32 API DLL |5.1.2600.2180 |332288 |2004-08-19 15:42:20|C:\WINDOWS\system32 |
|0000000000005B150000|uxtheme.dll |Biblioteca UxTheme de Microsoft |6.0.2900.2180 |220160 |2004-08-19 15:42:28|C:\WINDOWS\system32 |
|0000000000005B480000|umdmxfrm.dll |Unimodem Tranform Module |5.1.2600.0 |13312 |2002-09-24 14:00:00|C:\WINDOWS\system32 |
|0000000000005D160000|serwvdrv.dll |Controlador onda serie Unimodem |5.1.2600.0 |14848 |2002-09-24 14:00:00|C:\WINDOWS\system32 |
|0000000000005D360000|MFC71ESP.DLL |MFC Language Specific Resources |7.10.3077.0 |61440 |2003-03-18 20:44:36|C:\WINDOWS\system32 |
|0000000000005F1F0000|olepro32.dll | |5.1.2600.2180 |83456 |2004-08-19 15:42:22|C:\WINDOWS\system32 |
|00000000000061DF0000|MFC42LOC.DLL |MFC Language Specific Resources |6.0.8665.0 |57344 |2002-09-24 14:00:00|C:\WINDOWS\system32 |
|00000000000063000000|SynTPFcs.dll |SynTPFcs |7.11.6.0 |66048 |2005-10-05 19:51:00|C:\WINDOWS\system32 |
|00000000000071A20000|WS2HELP.dll |Ayuda de Windows Socket 2.0 para Windows NT |5.1.2600.2180 |19968 |2004-08-19 15:42:32|C:\WINDOWS\system32 |
|00000000000071A30000|WS2_32.dll |Windows Socket 2.0 32-Bit DLL |5.1.2600.2180 |82944 |2004-08-19 15:42:32|C:\WINDOWS\system32 |
|00000000000071A50000|wsock32.dll |Archivo DLL de 32 bits de Windows Socket |5.1.2600.2180 |25600 |2004-08-19 15:42:32|C:\WINDOWS\system32 |
|00000000000071AA0000|mpr.dll |DLL del enrutador de provisión múltiple |5.1.2600.2180 |59904 |2004-08-19 15:42:16|C:\WINDOWS\system32 |
|00000000000072C90000|msacm32.drv |Asignador de sonido de Microsoft |5.1.2600.0 |20992 |2002-09-24 14:00:00|C:\WINDOWS\system32 |
|00000000000072CA0000|wdmaud.drv |WDM Audio driver mapper |5.1.2600.2180 |23552 |2004-08-19 15:43:26|C:\WINDOWS\system32 |
|00000000000072F80000|winspool.drv |Controlador de administración de colas para Windows |5.1.2600.2180 |146944 |2004-08-19 15:43:26|C:\WINDOWS\system32 |
|00000000000073300000|zipfldr.dll |Carpetas comprimidas (en zip) |6.0.2900.2180 |339968 |2004-08-19 15:42:34|C:\WINDOWS\system32 |
|00000000000073D50000|MFC42.DLL |MFCDLL Shared Library - Retail Version |6.2.4131.0 |1028096|2004-08-19 15:42:14|C:\WINDOWS\System32 |
|000000000000746B0000|MSCTF.dll |DLL del servidor MSCTF |5.1.2600.2180 |294400 |2004-08-19 15:42:16|C:\WINDOWS\system32 |
|00000000000074A70000|CFGMGR32.dll |Configuration Manager Forwarder DLL |5.1.2600.2180 |16896 |2004-08-19 15:38:22|C:\WINDOWS\System32 |
|00000000000075DD0000|MLANG.dll |Multi Language Support DLL |6.0.2900.2180 |586240 |2004-08-19 15:42:16|C:\WINDOWS\system32 |
|00000000000076030000|MSVCP60.dll |Microsoft ® C++ Runtime Library |6.2.3104.0 |413696 |2004-08-19 15:42:18|C:\WINDOWS\System32 |
|00000000000076330000|msimg32.dll |GDIEXT Client DLL |5.1.2600.2180 |4608 |2004-08-19 15:42:16|C:\WINDOWS\system32 |
|00000000000076340000|imm32.dll |Windows XP IMM32 API Client DLL |5.1.2600.2180 |110080 |2004-08-19 15:42:10|C:\WINDOWS\system32 |
|00000000000076360000|comdlg32.dll |DLL de diálogos comunes |6.0.2900.2180 |280576 |2004-08-19 15:41:54|C:\WINDOWS\system32 |
|000000000000765B0000|CSCDLL.dll |Agente de red sin conexión |5.1.2600.2180 |102400 |2004-08-19 15:41:58|C:\WINDOWS\System32 |
|00000000000076630000|USERENV.dll |Userenv |5.1.2600.2180 |729600 |2004-08-19 15:42:28|C:\WINDOWS\system32 |
|00000000000076890000|CRYPTUI.dll |Proveedor de IU de confianza de Microsoft |5.131.2600.2180 |528384 |2004-08-19 15:41:58|C:\WINDOWS\system32 |
|00000000000076940000|LINKINFO.dll |Windows Volume Tracking |5.1.2600.2751 |19968 |2005-09-01 03:43:36|C:\WINDOWS\system32 |
|00000000000076950000|ntshrui.dll |Extensiones de interfaz para uso compartido |5.1.2600.2180 |144896 |2004-08-19 15:42:22|C:\WINDOWS\system32 |
|00000000000076AE0000|ATL.DLL |ATL Module for Windows XP (Unicode) |3.5.2284.0 |58880 |2004-08-19 15:41:46|C:\WINDOWS\system32 |
|00000000000076B00000|winmm.dll |MCI API DLL |5.1.2600.2180 |180224 |2004-08-19 15:42:32|C:\WINDOWS\system32 |
|00000000000076BB0000|PSAPI.DLL |Process Status Helper |5.1.2600.2180 |23040 |2004-08-19 15:42:22|C:\WINDOWS\system32 |
|00000000000076BF0000|WINTRUST.dll |APIs de verificación de confianza de Microsoft |5.131.2600.2180 |176640 |2004-08-19 15:42:32|C:\WINDOWS\system32 |
|00000000000076C50000|IMAGEHLP.dll |Windows NT Image Helper |5.1.2600.2180 |144384 |2004-08-19 15:42:10|C:\WINDOWS\system32 |
|00000000000076E40000|rtutils.dll |Routing Utilities |5.1.2600.2180 |44032 |2004-08-19 15:42:22|C:\WINDOWS\System32 |
|00000000000076E50000|rasman.dll |Remote Access Connection Manager |5.1.2600.2180 |61440 |2004-08-19 15:42:22|C:\WINDOWS\System32 |
|00000000000076E70000|TAPI32.dll |DLL cliente de la API de telefonía de Microsoft® Windows™|5.1.2600.2180 |181760 |2004-08-19 15:42:28|C:\WINDOWS\System32 |
|00000000000076EA0000|RASAPI32.dll |API de acceso remoto |5.1.2600.2180 |237056 |2004-08-19 15:42:22|C:\WINDOWS\System32 |
|00000000000076F20000|WLDAP32.dll |DLL de API de LDAP Win32 |5.1.2600.2180 |172544 |2004-08-19 15:42:32|C:\WINDOWS\system32 |
|00000000000076F90000|CLBCATQ.DLL | |2001.12.4414.308|498688 |2005-07-26 06:39:56|C:\WINDOWS\system32 |
|00000000000077010000|COMRes.dll | |2001.12.4414.258|837120 |2004-08-19 15:41:56|C:\WINDOWS\system32 |
|000000000000770F0000|oleaut32.dll | |5.1.2600.2180 |553472 |2004-08-19 15:42:22|C:\WINDOWS\system32 |
|00000000000077180000|WININET.dll |Extensiones de Internet para Win32 |6.0.2900.2781 |660992 |2005-10-21 05:41:08|C:\WINDOWS\system32 |
|000000000000773A0000|comctl32.dll |User Experience Controls Library |6.0.2900.2180 |1050624|2004-08-19 15:38:10|C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9|
|000000000000774B0000|ole32.dll |Microsoft OLE para Windows |5.1.2600.2726 |1284608|2005-07-26 06:40:00|C:\WINDOWS\system32 |
|00000000000077730000|shdocvw.dll |Biblioteca del control y el objeto documento de Shell |6.0.2900.2805 |1492992|2005-12-01 06:01:16|C:\WINDOWS\system32 |
|000000000000778F0000|SETUPAPI.dll |API de instalación de Windows |5.1.2600.2180 |999424 |2004-08-19 15:42:26|C:\WINDOWS\system32 |
|000000000000779F0000|cscui.dll |IU de la caché en el lado cliente |5.1.2600.2180 |332800 |2004-08-19 15:41:58|C:\WINDOWS\System32 |
|00000000000077A50000|crypt32.dll |Crypto API32 |5.131.2600.2180 |603648 |2004-08-19 15:41:56|C:\WINDOWS\system32 |
|00000000000077AF0000|MSASN1.dll |ASN.1 Runtime APIs |5.1.2600.2180 |57344 |2004-08-19 15:42:16|C:\WINDOWS\system32 |
|00000000000077B10000|appHelp.dll |Application Compatibility Client Library |5.1.2600.2180 |126976 |2004-08-19 15:41:44|C:\WINDOWS\system32 |
|00000000000077BA0000|midimap.dll |Mapeador Microsoft MIDI |5.1.2600.2180 |18944 |2004-08-19 15:42:14|C:\WINDOWS\system32 |
|00000000000077BB0000|MSACM32.dll |Filtro de sonido ACM de Microsoft |5.1.2600.2180 |72192 |2004-08-19 15:42:16|C:\WINDOWS\system32 |
|00000000000077BD0000|version.dll |Version Checking and File Installation Libraries |5.1.2600.2180 |18944 |2004-08-19 15:42:28|C:\WINDOWS\system32 |
|00000000000077BE0000|msvcrt.dll |Windows NT CRT DLL |7.0.2600.2180 |343040 |2004-08-19 15:42:18|C:\WINDOWS\system32 |
|00000000000077D10000|user32.dll |DLL de cliente USER API de Windows XP |5.1.2600.2622 |578048 |2005-03-02 20:10:34|C:\WINDOWS\system32 |
|00000000000077DA0000|advapi32.dll |API base de Windows 32 avanzado |5.1.2600.2180 |684544 |2004-08-19 15:41:42|C:\WINDOWS\system32 |
|00000000000077E50000|RPCRT4.dll |Remote Procedure Call Runtime |5.1.2600.2180 |581120 |2004-08-19 15:42:22|C:\WINDOWS\system32 |
|00000000000077EF0000|GDI32.dll |GDI Client DLL |5.1.2600.2818 |280064 |2005-12-29 04:56:04|C:\WINDOWS\system32 |
|00000000000077F40000|SHLWAPI.dll |Biblioteca de utilidades de Shell |6.0.2900.2781 |474112 |2005-10-21 05:41:08|C:\WINDOWS\system32 |
|00000000000077FC0000|secur32.dll |Security Support Provider Interface |5.1.2600.2180 |55808 |2004-08-19 15:42:24|C:\WINDOWS\system32 |
|0000000000007C140000|MFC71.DLL |MFCDLL Shared Library - Retail Version |7.10.3077.0 |1060864|2003-03-19 06:20:00|C:\Archivos de programa\Archivos comunes\Ahead\Lib |
|0000000000007C340000|MSVCR71.dll |Microsoft® C Runtime Library |7.10.3052.4 |348160 |2003-02-21 14:42:22|C:\Archivos de programa\Archivos comunes\Ahead\Lib |
|0000000000007C3A0000|MSVCP71.dll |Microsoft® C++ Runtime Library |7.10.3077.0 |499712 |2003-03-19 06:14:52|C:\Archivos de programa\Archivos comunes\Ahead\Lib |
|0000000000007C800000|kernel32.dll |DLL de cliente API BASE de Windows NT |5.1.2600.2180 |1036800|2004-08-19 15:42:14|C:\WINDOWS\system32 |
|0000000000007C910000|ntdll.dll |DLL de la capa de Windows NT |5.1.2600.2180 |732672 |2004-08-19 15:41:32|C:\WINDOWS\system32 |
|0000000000007C9D0000|shell32.dll |DLL común del shell de Windows |6.0.2900.2763 |8492544|2005-09-23 05:06:56|C:\WINDOWS\system32 |
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Registros:
-----------------------------
EAX: 0012F014 EDI: 0012F0F8
EBX: 00204EB0 ESI: 0012F124
ECX: 0012F124 ESP: 0012F070
EDX: 77A73E0A EIP: 7C91EB94

Pila: Volcado de memoria:
------------------ ---------------------------------------------------------------------------
0012F070: 7C91E3ED 7C91EB94: C3 8D A4 24 00 00 00 00 8D 64 24 00 90 90 90 90 ...$.....d$.....
0012F074: 77E5C968 7C91EBA4: 90 8D 54 24 08 CD 2E C3 55 8B EC 9C 81 EC D0 02 ..T$....U.......
0012F078: 000003BC 7C91EBB4: 00 00 89 85 DC FD FF FF 89 8D D8 FD FF FF 8B 45 ...............E
0012F07C: 001F9408 7C91EBC4: 08 8B 4D 04 89 48 0C 8D 85 2C FD FF FF 89 88 B8 ..M..H...,......
0012F080: 001F9408 7C91EBD4: 00 00 00 89 98 A4 00 00 00 89 90 A8 00 00 00 89 ................
0012F084: 0012F0F8 7C91EBE4: B0 A0 00 00 00 89 B8 9C 00 00 00 8D 4D 0C 89 88 ............M...
0012F088: 0012F124 7C91EBF4: C4 00 00 00 8B 4D 00 89 88 B4 00 00 00 8B 4D FC .....M........M.
0012F08C: 00000001 7C91EC04: 89 88 C0 00 00 00 8C 88 BC 00 00 00 8C 98 98 00 ................
0012F090: 00000000 7C91EC14: 00 00 8C 80 94 00 00 00 8C A0 90 00 00 00 8C A8 ................
0012F094: 0017D180 7C91EC24: 8C 00 00 00 8C 90 C8 00 00 00 C7 00 07 00 01 00 ................
0012F098: 00000000 7C91EC34: 6A 01 50 FF 75 08 E8 13 F6 FF FF 83 EC 20 89 04 j.P.u........ ..
0012F09C: 00000000 7C91EC44: 24 C7 44 24 04 01 00 00 00 C7 44 24 10 00 00 00 $.D$......D$....
0012F0A0: 0012F124 7C91EC54: 00 8B 45 08 89 44 24 08 8B C4 50 E8 48 FF FF FF ..E..D$...P.H...
0012F0A4: 001ED540 7C91EC64: CC CC CC CC CC CC 90 90 90 90 90 8B 4C 24 08 57 ............L$.W
0012F0A8: 00000000 7C91EC74: 53 56 8A 11 8B 7C 24 10 84 D2 74 66 8A 71 01 84 SV...|$...tf.q..
0012F0AC: 77A73DFA 7C91EC84: F6 74 4F 8B F7 8B 4C 24 14 8A 07 46 3A C2 74 15 .tO...L$...F:.t.



Thanks,
#369
Posted: 06/01/2006 09:20:39
by Eugene Mayevski (EldoS Corp.)

Most likely the user has some custom CSP installed, and this CSP doesn't behave correctly. Ask him if he installed any drivers for smart cards or USB tokens. If yes, he needs to upgrade them or just uninstall.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 3809 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!