Application doesnt work after SP1

mccainz2
mccainz2 used Ask the Experts™
on
We have an application which we compile on a win2k box with sp2 and Visual Studio SP5.

Now with a flat install of XP proffessional (no service packs or hotfixes) the application works fine.

With the 19 recomended hotfixes from windows update the application still works fine. However, after installation of SP1 it fails. The point of failure occurs when we validate that an html file that we ship with the product has not been altered in any way (such as a user entering their own html). This is accomplished using the CAPICOM security library in our code. We hash the html file against a pregenerated (here on our build machine) bak file. If the hash fails then we throw a security warning and close the app. This is what is occuring after installation of SP1. With the same installation on the same box prior to SP1 everything is golden. Using restore points we can regenerate this behaivour consistently.

(BTW: CAPICOM.dll is the same version before and after SP1).

List of our Setup Files...

[Setup1 Files]
File1=@printlabel.lwt,$(AppPath),,,3/8/02 3:31:28 AM,562,0.0.0.0
File2=@asialogin.bak,$(AppPath)\dencom_web,,,6/12/02 2:25:35 PM,3280,0.0.0.0
File3=@login_bg_new.gif,$(AppPath)\dencom_web,,,2/27/02 3:32:21 PM,28864,0.0.0.0
File4=@europelogin.htm,$(AppPath)\dencom_web,,,6/12/02 2:25:35 PM,1781,0.0.0.0
File5=@europelogin.bak,$(AppPath)\dencom_web,,,6/12/02 2:25:35 PM,3300,0.0.0.0
File6=@conuslogin.htm,$(AppPath)\dencom_web,,,6/12/02 2:25:35 PM,1777,0.0.0.0
File7=@conuslogin.bak,$(AppPath)\dencom_web,,,6/12/02 2:25:35 PM,3292,0.0.0.0
File8=@asialogin.htm,$(AppPath)\dencom_web,,,6/12/02 2:25:35 PM,1773,0.0.0.0
File9=@transparent.gif,$(AppPath)\dencom_web,,,2/27/02 3:32:21 PM,807,0.0.0.0
File10=@MDAC_TYP.EXE,$(AppPath),,,1/20/00 1:00:00 AM,7856352,25.0.4403.12
File11=@MSINET.OCX,$(WinSysPath),$(DLLSelfRegister),$(Shared),5/22/00 1:00:00 AM,115920,6.0.88.62
File12=@MSMASK32.OCX,$(WinSysPath),$(DLLSelfRegister),$(Shared),5/22/00 1:00:00 AM,166600,6.0.84.18
File13=@msvcrt.dll,$(WinSysPathSysFile),,,10/30/01 7:57:00 AM,290869,6.1.9359.0
File14=@Cal32x30.ocx,$(WinSysPath),$(DLLSelfRegister),$(Shared),2/3/00 3:29:14 PM,562616,3.0.0.0
File15=@asFTabs.ocx,$(WinSysPath),$(DLLSelfRegister),$(Shared),2/16/00 12:02:34 AM,151552,1.2.0.5
File16=@asFBtns.ocx,$(WinSysPath),$(DLLSelfRegister),$(Shared),3/29/01 11:43:28 PM,348160,1.3.0.18
File17=@COMDLG32.OCX,$(WinSysPath),$(DLLSelfRegister),$(Shared),5/22/00 1:00:00 AM,140488,6.0.84.18
File18=@MSCAL.OCX,$(WinSysPath),$(DLLSelfRegister),$(Shared),6/26/98 1:00:00 AM,89600,8.0.0.5007
File19=@MSFLXGRD.OCX,$(WinSysPath),$(DLLSelfRegister),$(Shared),5/22/00 1:00:00 AM,244416,6.0.84.18
File20=@MSWINSCK.OCX,$(WinSysPath),$(DLLSelfRegister),$(Shared),12/6/00 1:00:00 AM,109248,6.0.89.88
File21=@MSCOMCTL.OCX,$(WinSysPath),$(DLLSelfRegister),$(Shared),3/13/01 3:51:08 PM,1066176,6.0.88.62
File22=@scrrun.dll,$(WinSysPath),$(DLLSelfRegister),$(Shared),5/4/01 2:05:02 PM,147512,5.1.0.5010
File23=@CapiCom.Dll,$(WinSysPath),$(DLLSelfRegister),$(Shared),1/26/01 7:38:36 PM,254392,1.0.0.1
File24=@MSSTDFMT.DLL,$(WinSysPath),$(DLLSelfRegister),$(Shared),7/15/00 1:00:00 AM,118784,6.0.88.4
File25=@MSBIND.DLL,$(WinSysPath),$(DLLSelfRegister),$(Shared),7/15/00 1:00:00 AM,77824,6.0.88.62
File26=@atl.dll,$(WinSysPathSysFile),$(DLLSelfRegister),,7/26/00 7:00:00 AM,58938,3.0.8449.0
File27=@Dpp32x30.ocx,$(WinSysPath),$(DLLSelfRegister),$(Shared),2/3/00 3:29:30 PM,865760,3.0.0.0
File28=@deersdll.dll,$(AppPath),,,11/14/00 3:36:04 PM,282693,0.0.0.0
File29=@CDA.exe,$(AppPath),,,8/19/02 5:54:17 PM,2801664,2.5.0.1
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2007

Commented:
Strange.

1) Have you tried checking for registry changes after sp1, perhaps security on the registry or even IE settings.

2) What other DLL's does CAPICOM depend on ?

3) Have you tried compiling and running on XP, before and after SP1 to see if it makes any difference.

I hope this helps !

Commented:
Maybe you need to use the 2.0 version of the file
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/capicom_versions.asp

Or perhaps the file just needs to reregistered with the system my unregistering it first regsvr32 TheFile /U and then reregistering it.

The Crazy One

Author

Commented:
CrazyOne,

Tried those permutations with regsvr32.

Cant find a Capicom 2.0 redistributable as that has been yanked from Msofts site.
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

Commented:
>>>Cant find a Capicom 2.0 redistributable as that has been yanked from Msofts site.

Yeah I just noticed that too. MS has been reconfiguring their support site so it may be available again sometime in the near future. Or you could contact MS and see how one goes about getting it.

Author

Commented:
I have just discovered a juicy clue. Our app also generates encrypted error logs using capicom. Seems that an error log generated before SP1 install on that box cannot be decrypted after sp1 install (using our decryption tool installed on that same machine). I am thinking I will have to recreate the bak files under sp1 on XP. Will take time to test.

Author

Commented:
Yup, for posterity sake here is the problem...

Files encrypted using Capicom before XP SP1 cannot be decrypted by capicom after XP SP1 even using the same key.

Resolution: Re-encrypt the file on a machine with XP SP1.

Commented:
Odd for sure. :>)

Author

Commented:
We have a microsoft consultant onsite whose ,miracles of miracles, team lead was the Capicom team lead. Weirder still the consultant has his 1 on 1 with that fellow tomorrow. Ive asked him to broach it with the man. Will post in this thread sometime tomorrow what comes out of this. Our microsoft consultant seems fairly concerned about it especially because the encrypted files are not backwards compatible.

Commented:
Cool. Yeah there seems to be a lot of issues concerning SP1 and XP. Seems strange why the decryption key becomes unusable after applying a service patch. On a hunch I suspect it has more to do with IE for some reason.

Author

Commented:
Havent abandoned....
In the process of email tag. The Microsoft lead keeps sending us a URL which basically indicates he doesnt understand our issue. Plus our Microsoft contractor just went on vacation until the 13th of Jan :(
Commented:
Ok thanks for the update. To bad you have to wait. I imagine your eager to get this resolved.

Author

Commented:
Ok, news from the Capicom group, and its all bad. XP SP1 capicom in not backword compatible with anything encrypted before XP SP1, and vice versa. Resolution: work around it however you can. Have a nice day. ARGHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH.


Author

Commented:
Thanks for the help CrazyOne.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial