http://bugs.winehq.org/show_bug.cgi?id=11759
--- Comment #15 from Anastasius Focht focht@gmx.net 2008-08-04 14:43:54 --- Hello,
--- quote --- I believe the wintrust bugs are gone from today's git, so it should be a gdiplus bug at this point. Anyone care to confirm? (It still doesn't work for me, even with the gdiplus override.) --- quote ---
Confirm the story is not finished? Sure ;-)
--- snip --- .. 0024:Call crypt32.CryptQueryObject(00000001,005676b8,00000400,0000000e,00000000,00000000,00000000,00000000,7ed3d7c0,7ed3d7c4,00000000) ret=0041ff02 0024:trace:crypt:CryptQueryObject (00000001, 0x5676b8, 00000400, 0000000e, 00000000, (nil), (nil), (nil), 0x7ed3d7c0, 0x7ed3d7c4, (nil)) 0024:Call KERNEL32.CreateFileW(005676b8 L"Z:\home\focht\work\silverlight\Silverlight.msi",80000000,00000001,00000000,00000003,00000080,00000000) ret=6079eb45 0024:Ret KERNEL32.CreateFileW() retval=00000090 ret=6079eb45 0024:Call KERNEL32.LoadLibraryA(607bd4e4 "imagehlp.dll") ret=607afd23 .. 0024:Ret KERNEL32.LoadLibraryA() retval=60e50000 ret=607afd23 0024:Call KERNEL32.GetProcAddress(60e50000,607bd4f1 "ImageGetCertificateData") ret=607afcf5 0024:Ret KERNEL32.GetProcAddress() retval=60e5807c ret=607afcf5 0024:Call imagehlp.ImageGetCertificateData(00000090,00000000,00000000,7ed3d688) ret=6079eb78 0024:Call KERNEL32.SetFilePointer(00000090,00000000,00000000,00000000) ret=60e58d5e 0024:Ret KERNEL32.SetFilePointer() retval=00000000 ret=60e58d5e 0024:Call KERNEL32.ReadFile(00000090,7ed3d4a8,00000040,7ed3d4e8,00000000) ret=60e58d93 0024:Ret KERNEL32.ReadFile() retval=00000001 ret=60e58d93 0024:Call KERNEL32.SetFilePointer(00000090,00000002,00000000,00000000) ret=60e58e07 0024:Ret KERNEL32.SetFilePointer() retval=00000002 ret=60e58e07 0024:Call KERNEL32.ReadFile(00000090,7ed3d3b0,000000f8,7ed3d4e8,00000000) ret=60e58e3c 0024:Ret KERNEL32.ReadFile() retval=00000001 ret=60e58e3c 0024:Call KERNEL32.SetFilePointer(00000090,ffffffff,00000000,00000000) ret=60e58f1e 0024:Ret KERNEL32.SetFilePointer() retval=ffffffff ret=60e58f1e 0024:Ret imagehlp.ImageGetCertificateData() retval=00000000 ret=6079eb78 0024:Call KERNEL32.CloseHandle(00000090) ret=6079eb94 0024:Ret KERNEL32.CloseHandle() retval=00000001 ret=6079eb94 0024:trace:crypt:CRYPT_QueryEmbeddedMessageObject returning 0 0024:trace:crypt:CryptQueryObject returning 0 0024:Ret crypt32.CryptQueryObject() retval=00000000 ret=0041ff02 .. --- snip ---
When HCRYPTMSG and HCERTSTORE for CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED type is requested you can't assume the file is a portable executable image and use imagehlp API. This won't work for other file types like cabinet images, catalogs, msi files etc. Each format requires a different procedure for retrieval.
So it might be feasible to determine the responsible provider (subject GUID) first and then use the provider to fetch the requested data (message).
Regards