![]() ![]() '.and do the other things, not because they are easy, but because they are hard.' JFK I do not know why it failed to decrypt you files, but if you are no longer willing to use then program in the future then I wish you all the best. Now if you just left the drive letter in then surely the program is working? You asked it to encrypt the whole drive and that is what it did, now if you didn't want the behaviour then why didn't you hit the abort button? Secondly as for it encrypting you're whole drive I am not quite sure how this happened, if there are no entries in the list of files for Toucan to en/decrypt then it wont do anything, infact it'll pop up a little message box to tell you that there are no files/folders selected. Indeed I would say that about 20 people have posted with issues and yet the program has had over 40,000 downloads in its first month, so it can't all be that bad, can it? Now I'm not going to deny that there are issues in the program, but I would ask you to look at the facts. Now if you look in the forum there are really very few issues for a completely new program. Knowing the crypto APIs will hopefully be enough to figure out how to access the public key in the PFX file.I hate to disagree with you here but there are a few points that I would like to make.įirstly you seem to be making a bit of an attack on my program. Step into that handler and see what crypto APIs it calls. Therefore it should exit the comparison loop and go to a handler for that verb. It should be in the middle of comparing the verb in question. It will probably be in a loop comparing the verb specified on the command line with each verb within the program. ![]() When the read breakpoint triggers, start stepping through the code that read the string. Put a read breakpoint within the DLL's memory on the first byte/word of the string containing that verb. Set the command line in the debugger to use the verb you found as well as your test PFX file. Then load rundll32.exe into a debugger (ie Windbg). Hopefully you'll figure out which is the right verb. Try running rundll32.exe using the verb(s) you pick with a PFX as input. Determine which verb(s) is most likely to support opening PFX files. You should see the various verbs indicated above. Dump the ASCII/UNICODE strings in the file. Here are a couple of suggestions on reverse engineering cryptext.dll to see how it works. The fact that it is a COM component means it is (almost surely) using unmanaged crypto APIs. So there's no obvious way to programmatically access it from. Based on OLEVIEW, it only implements the IUnknown interface. Although it contains an embedded typelib, using TLBIMP to create an interop assembly doesn't provide access to any interesting methods or properties. From the registry you can see which verb is associated with each file type.Ĭryptext.dll is a COM component. It is invoked using rundll32.exe along with a "verb". If you search the registry for cryptext.dll you'll see that it handles a lot of different file types (CERs, CRLs, crypto store, etc.). What I found is that cryptext.dll is the "Crypto Shell Extensions" and handles PFX files. I looked into this a while to see if I could determine how the Cert Manager is able to open a PFX file. ![]()
0 Comments
Leave a Reply. |