I’m creating two proxied DLLs for wintrust.dll: one for 32-bit systems and another for 64-bit systems, using the gcc compiler from the MinGW64 and MinGW32 toolchains. The goal of these DLLs is to mimic the original wintrust.dll, with the WinVerifyTrust function always returning success.
Current Setup
wintrust_proxy.def:
EXPORTS
WinVerifyTrust @1
ComputeFirstPageHash=wintrust.ComputeFirstPageHash @2
CryptCATVerifyMember=wintrust.CryptCATVerifyMember @3
CryptSIPGetInfo=wintrust.CryptSIPGetInfo @4
CryptSIPGetRegWorkingFlags=wintrust.CryptSIPGetRegWorkingFlags @5
; rest of the wintrust.dll functions…
wintrust_proxy_32.c:
#include <windows.h>
// Define Success as 0
#define WINVERIFYTRUST_SUCCESS 0
// Define the function signature based on the original WinVerifyTrust
WINAPI LONG WinVerifyTrust(
HWND hwnd,
GUID *pgActionID,
LPVOID pWVTData
) {
// Return Success enum value
return WINVERIFYTRUST_SUCCESS;
}
BOOL APIENTRY DllMain(
HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
) {
switch (ul_reason_for_call) {
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
wintrust_proxy_64.c:
Same as wintrust_proxy_32.c, but without the WINAPI calling convention
compile.bat:
@echo off
setlocal
REM Switch to mingw32 bin folder (32-bit environment)
set "PATH=C:\msys64\mingw32\bin\"
gcc "wintrust_proxy_32.c" "wintrust_proxy.def" -o "wontrust.dll" -shared -static-libgcc -Wl,--enable-stdcall-fixup
REM Switch to mingw64 bin folder (64-bit environment)
set "PATH=C:\msys64\mingw64\bin\"
gcc "wintrust_proxy_64.c" "wintrust_proxy.def" -o "womtrust.dll" -shared -static-libgcc
pause
endlocal
This setup outputs two DLL files: womtrust.dll for 64-bit systems and wontrust.dll for 32-bit systems.
How can I ensure that these DLL files will work on other older/newer Windows systems without requiring extra dependencies? Additionally, how can I confirm that both the 64-bit and 32-bit versions perform as intended?
I have checked both DLLs with a dependency tool and verified that they only seem to rely on standard DLLs located in the system32
and syswow64
folders, respectively. I’ve also used rundll32 to call some functions to confirm their existence, but I still have doubts about whether I am achieving my goals correctly, especially since this is my first experience compiling DLLs and using MSYS2.
You need to sign in to view this answers
Leave feedback about this