Windows 8.1 Certification

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Windows 8.1 Certification

Maarten Mostert

Hi,

When running Microsoft's Windows certification software, I run into some issues.

 

1) As sort of expected visual.exe is allready signed by Cincom, which is nothing but normal. However attacking the executable with ressource hacker to change the icons inside the executable (something we're used to), makes the cincom signature invalid, and to overcome you need to whitelist your hacked executable with your antivirus vendor .. For as far as I can see the solution is that cincom supplies an unsigned visual.exe for deployments or otherwise you needto compile your own executable and sign it yourself. So lets say this is not a "real" problem.

 

2) More annoying however it the fact that all the exe and dll's (including Cairo SQLite etc) are compiled in a way that makes windows complaining with the following warnings:

 

Windows App Certification Kit - Test Results

Binary analyzer
  • Warning: The binary analyzer test detected the following errors:
    • File C:\Windows\System32\sqlite3.dll has failed the NXCheck check.
    • File C:\Windows\System32\sqlite3.dll has failed the DBCheck check.
    • File C:\Windows\System32\sqlite3.dll has failed the SafeSEHCheck check.
    • File C:\Program Files\StakePoint\BACKUP\sqlite3.0001 has failed the NXCheck check.
    • File C:\Program Files\StakePoint\BACKUP\sqlite3.0001 has failed the DBCheck check.
    • File C:\Program Files\StakePoint\BACKUP\sqlite3.0001 has failed the SafeSEHCheck check.
    • File C:\Program Files\StakePoint\zlib1.dll has failed the NXCheck check.
    • File C:\Program Files\StakePoint\zlib1.dll has failed the DBCheck check.
    • File C:\Program Files\StakePoint\zlib1.dll has failed the SafeSEHCheck check.
    • File C:\Program Files\StakePoint\stakepoint.exe has failed the SafeSEHCheck check.
    • File C:\Program Files\StakePoint\sqlite3.dll has failed the NXCheck check.
    • File C:\Program Files\StakePoint\sqlite3.dll has failed the DBCheck check.
    • File C:\Program Files\StakePoint\sqlite3.dll has failed the SafeSEHCheck check.
    • File C:\Program Files\StakePoint\pacparser.dll has failed the NXCheck check.
    • File C:\Program Files\StakePoint\pacparser.dll has failed the DBCheck check.
    • File C:\Program Files\StakePoint\pacparser.dll has failed the SafeSEHCheck check.
    • File C:\Program Files\StakePoint\msvcr100.dll has failed the ExecutableImportsCheck check.
    • File C:\Program Files\StakePoint\libpng15-15.dll has failed the NXCheck check.
    • File C:\Program Files\StakePoint\libpng15-15.dll has failed the DBCheck check.
    • File C:\Program Files\StakePoint\libpng15-15.dll has failed the SafeSEHCheck check.
    • File C:\Program Files\StakePoint\libpixman-1-0.dll has failed the NXCheck check.
    • File C:\Program Files\StakePoint\libpixman-1-0.dll has failed the DBCheck check.
    • File C:\Program Files\StakePoint\libpixman-1-0.dll has failed the SafeSEHCheck check.
    • File C:\Program Files\StakePoint\libcairo-2.dll has failed the NXCheck check.
    • File C:\Program Files\StakePoint\libcairo-2.dll has failed the DBCheck check.
    • File C:\Program Files\StakePoint\libcairo-2.dll has failed the SafeSEHCheck check.
  • Impact if not fixed: If the app doesn’t use the available Windows protections, it can increase the vulnerability of the customer's computer to malware.
  • How to fix: Apply the SAFESEH, DYNAMICBASE, and NXCOMPAT options when you link the app. See link below for more information:
    Fixing Binary Analyzer Errors

 

The entire report is here:

 https://www.dropbox.com/s/6g0fneeu1ed9t21/results.xml?dl=0

 

Regards,

Maarten MOSTERT

 

 

28 Av Alphonse Denis

83400 Hyères, France

+33 676411296 

http://stakepoint.com/

 

 


_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Reply | Threaded
Open this post in threaded view
|

Re: Windows 8.1 Certification

Steven Kelly

Hi,

 

The first is easy: Cincom support supply a DeleteSignature.exe file that deletes any existing signature from an exe, so you can add resources with ResHacker. You can then optionally re-sign with your own signature – obviously you can’t sign with Cincom’s signature, and nor can they after you’ve changed the exe. DeleteSignature is available as VW Resolution 96328 (ObjectStudio 8.2.0 Res98511).

 

All the best,

Steve

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of [hidden email]
Sent: Wednesday, February 25, 2015 11:57 AM
To: VWNC
Subject: [vwnc] Windows 8.1 Certification

 

Hi,

When running Microsoft's Windows certification software, I run into some issues.

 

1) As sort of expected visual.exe is allready signed by Cincom, which is nothing but normal. However attacking the executable with ressource hacker to change the icons inside the executable (something we're used to), makes the cincom signature invalid, and to overcome you need to whitelist your hacked executable with your antivirus vendor .. For as far as I can see the solution is that cincom supplies an unsigned visual.exe for deployments or otherwise you needto compile your own executable and sign it yourself. So lets say this is not a "real" problem.

 

2) More annoying however it the fact that all the exe and dll's (including Cairo SQLite etc) are compiled in a way that makes windows complaining with the following warnings:

 

Windows App Certification Kit - Test Results

Binary analyzer

·         Warning: The binary analyzer test detected the following errors:

o    File C:\Windows\System32\sqlite3.dll has failed the NXCheck check.

o    File C:\Windows\System32\sqlite3.dll has failed the DBCheck check.

o    File C:\Windows\System32\sqlite3.dll has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\BACKUP\sqlite3.0001 has failed the NXCheck check.

o    File C:\Program Files\StakePoint\BACKUP\sqlite3.0001 has failed the DBCheck check.

o    File C:\Program Files\StakePoint\BACKUP\sqlite3.0001 has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\zlib1.dll has failed the NXCheck check.

o    File C:\Program Files\StakePoint\zlib1.dll has failed the DBCheck check.

o    File C:\Program Files\StakePoint\zlib1.dll has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\stakepoint.exe has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\sqlite3.dll has failed the NXCheck check.

o    File C:\Program Files\StakePoint\sqlite3.dll has failed the DBCheck check.

o    File C:\Program Files\StakePoint\sqlite3.dll has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\pacparser.dll has failed the NXCheck check.

o    File C:\Program Files\StakePoint\pacparser.dll has failed the DBCheck check.

o    File C:\Program Files\StakePoint\pacparser.dll has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\msvcr100.dll has failed the ExecutableImportsCheck check.

o    File C:\Program Files\StakePoint\libpng15-15.dll has failed the NXCheck check.

o    File C:\Program Files\StakePoint\libpng15-15.dll has failed the DBCheck check.

o    File C:\Program Files\StakePoint\libpng15-15.dll has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\libpixman-1-0.dll has failed the NXCheck check.

o    File C:\Program Files\StakePoint\libpixman-1-0.dll has failed the DBCheck check.

o    File C:\Program Files\StakePoint\libpixman-1-0.dll has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\libcairo-2.dll has failed the NXCheck check.

o    File C:\Program Files\StakePoint\libcairo-2.dll has failed the DBCheck check.

o    File C:\Program Files\StakePoint\libcairo-2.dll has failed the SafeSEHCheck check.

·         Impact if not fixed: If the app doesn’t use the available Windows protections, it can increase the vulnerability of the customer's computer to malware.

·         How to fix: Apply the SAFESEH, DYNAMICBASE, and NXCOMPAT options when you link the app. See link below for more information:
Fixing Binary Analyzer Errors

 

The entire report is here:

 https://www.dropbox.com/s/6g0fneeu1ed9t21/results.xml?dl=0

 

Regards,

Maarten MOSTERT

 

 

28 Av Alphonse Denis

83400 Hyères, France

+33 676411296 

http://stakepoint.com/

 

 


_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Reply | Threaded
Open this post in threaded view
|

Re: Windows 8.1 Certification

Henrik Høyer
In reply to this post by Maarten Mostert

Regarding 1)

 

Altering an exe will *allways* break any signing. If you need to do this then:

 

1) remove the existing signature

2) alter the binary

3) sign with your own certificate

 

 

 


Henrik Høyer
Chief Software Architect
[hidden email] • (+45) 4029 2092
Tigervej 27 • 4600 Køge
www.sPeople.dk • (+45) 7023 7775


From: [hidden email] [mailto:[hidden email]] On Behalf Of [hidden email]
Sent: 25. februar 2015 10:57
To: VWNC
Subject: [vwnc] Windows 8.1 Certification

 

Hi,

When running Microsoft's Windows certification software, I run into some issues.

 

1) As sort of expected visual.exe is allready signed by Cincom, which is nothing but normal. However attacking the executable with ressource hacker to change the icons inside the executable (something we're used to), makes the cincom signature invalid, and to overcome you need to whitelist your hacked executable with your antivirus vendor .. For as far as I can see the solution is that cincom supplies an unsigned visual.exe for deployments or otherwise you needto compile your own executable and sign it yourself. So lets say this is not a "real" problem.

 

2) More annoying however it the fact that all the exe and dll's (including Cairo SQLite etc) are compiled in a way that makes windows complaining with the following warnings:

 

Windows App Certification Kit - Test Results

Binary analyzer

·         Warning: The binary analyzer test detected the following errors:

o    File C:\Windows\System32\sqlite3.dll has failed the NXCheck check.

o    File C:\Windows\System32\sqlite3.dll has failed the DBCheck check.

o    File C:\Windows\System32\sqlite3.dll has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\BACKUP\sqlite3.0001 has failed the NXCheck check.

o    File C:\Program Files\StakePoint\BACKUP\sqlite3.0001 has failed the DBCheck check.

o    File C:\Program Files\StakePoint\BACKUP\sqlite3.0001 has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\zlib1.dll has failed the NXCheck check.

o    File C:\Program Files\StakePoint\zlib1.dll has failed the DBCheck check.

o    File C:\Program Files\StakePoint\zlib1.dll has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\stakepoint.exe has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\sqlite3.dll has failed the NXCheck check.

o    File C:\Program Files\StakePoint\sqlite3.dll has failed the DBCheck check.

o    File C:\Program Files\StakePoint\sqlite3.dll has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\pacparser.dll has failed the NXCheck check.

o    File C:\Program Files\StakePoint\pacparser.dll has failed the DBCheck check.

o    File C:\Program Files\StakePoint\pacparser.dll has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\msvcr100.dll has failed the ExecutableImportsCheck check.

o    File C:\Program Files\StakePoint\libpng15-15.dll has failed the NXCheck check.

o    File C:\Program Files\StakePoint\libpng15-15.dll has failed the DBCheck check.

o    File C:\Program Files\StakePoint\libpng15-15.dll has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\libpixman-1-0.dll has failed the NXCheck check.

o    File C:\Program Files\StakePoint\libpixman-1-0.dll has failed the DBCheck check.

o    File C:\Program Files\StakePoint\libpixman-1-0.dll has failed the SafeSEHCheck check.

o    File C:\Program Files\StakePoint\libcairo-2.dll has failed the NXCheck check.

o    File C:\Program Files\StakePoint\libcairo-2.dll has failed the DBCheck check.

o    File C:\Program Files\StakePoint\libcairo-2.dll has failed the SafeSEHCheck check.

·         Impact if not fixed: If the app doesn’t use the available Windows protections, it can increase the vulnerability of the customer's computer to malware.

·         How to fix: Apply the SAFESEH, DYNAMICBASE, and NXCOMPAT options when you link the app. See link below for more information:
Fixing Binary Analyzer Errors

 

The entire report is here:

 https://www.dropbox.com/s/6g0fneeu1ed9t21/results.xml?dl=0

 

Regards,

Maarten MOSTERT

 

 

28 Av Alphonse Denis

83400 Hyères, France

+33 676411296 

http://stakepoint.com/

 

 


_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc