GpgEX
Closed, ResolvedPublic

Description

GpgEX is crashing Windows Explorer (per window) when opening the context menu
for any File.

GpgEX has no executable details and as such no publisher or version information.
As of it's date it has been created on 28.05.2013, from a downloaded package
Gpg4win v2.1.1.

Actually I like the UI, but because I was digging now an hour or two around
importing new Bundesnetzagentur certificates (wich I discovered now using Google
on trustcenter.de and not using the builtin ldap search), I'd like to say that
it is way too damn complicated to get started with these applications!

Details

Version
28.05.2013
metadings set Version to 28.05.2013.Jun 15 2013, 5:35 PM
metadings added projects: gpgex, Bug Report.
metadings added a subscriber: metadings.
werner added a subscriber: werner.Jun 18 2013, 10:42 AM

Please give more details. What OS are you using, what other explorer extensions
are used and so on. Do you use other software which might have been build using
gcc (mingw)?

Regarding the UI: Welcome to the strange world of S/MIME and X.509
certificates. I can't count the hours I spend looking for a certain certificate
:-(.

I'm running Win7 x86 HomePremium German. I installed by a mingw release by
extracting somewhere, but don't use it. I'm usually using VS2010 for C#/Web.

The issue was (the unsigned) gpgex library, registered for File and Directory
context menus in Windows Explorer. Without disabling the extension, this rendered
Windows Explorer unusable.

For users will be no other option than uninstalling.

Look here for actually valid certificates:
http://www.trustcenter.de/en/infocenter/root_certificates_601.htm

Gruß

Here I found some documents that may help, but I don't know if this is actually the
crash failure.

How to Digitally Sign Microsoft Files (.exe, .cab, .dll, .ocx, .msi, .xpi)
http://www.thegeekstuff.com/2010/03/microsoft-digital-signatures/

Making Your Application UAC Aware
http://www.codeproject.com/Articles/17968/Making-Your-Application-UAC-Aware

PS: Only other non-default extensions I'm using are 7-Zip, FileZilla, Hermann
Schinagl's LinkShellExtension and Malwarebytes. However disabling GpgEx.dll solved the
problem.

It is possible that GpgEx picks up wrong versions of the GCC support dlls
libstdc++-6.dll and libgcc_s_sjlj-1.dll. They might have been installed by some
other software. Thus my question whether you use any software which has been
build with gcc.

The problem is that we are not able to define the order of DLL searches for the
explorer plugin. Experiments with a Manifest didn't reveal a solution either.

For that reason the next version will link those support libraries static. The
new 64 bit GpgEX posted to the devel list already uses this.

That could it be. I got an error log that I deemed not to be that interesting,
however it says

LoadedModule[147]=C:\Program Files\GNU\GnuPG\gpgex.dll
File change date: 28.05.2013 18:46

LoadedModule[148]=C:\Program Files\GNU\GnuPG\libgcc_s_sjlj-1.dll
File change date: 28.05.2013 16:34

LoadedModule[149]=C:\Program Files\GtkSharp\2.12\bin\libstdc++-6.dll
File change date: 27.11.2012 06:56

Actually I found some version string in the binary libpngxxx.dll using Notepad,
but no luck in these three files. It would be very useful if you would compile a
VERSIONINFO structure into your binaries. On Windows, using Explorer and also
tools like SysInternals's autoruns (where I disabled the ext) this is really
helpful to find fast and easily a version and publisher info (when overlooking
the system for malicious files, that's a good indicator).

Found a good answer on stackoverflow:

http://stackoverflow.com/questions/598633/gcc-on-windows-set-description-field-
of-c-executable

-----

Sig[0].Name=Anwendungsname
Sig[0].Value=explorer.exe
Sig[1].Name=Anwendungsversion
Sig[1].Value=6.1.7601.17567
Sig[2].Name=Anwendungszeitstempel
Sig[2].Value=4d6727a7
Sig[3].Name=Fehlermodulname
Sig[3].Value=libstdc++-6.dll
Sig[4].Name=Fehlermodulversion
Sig[4].Value=0.0.0.0
Sig[5].Name=Fehlermodulzeitstempel
Sig[5].Value=50b4b868
Sig[6].Name=Ausnahmecode
Sig[6].Value=c0000005
Sig[7].Name=Ausnahmeoffset
Sig[7].Value=0007aed1
DynamicSig[1].Name=Betriebsystemversion
DynamicSig[1].Value=6.1.7601.2.1.0.768.3
DynamicSig[2].Name=Gebietsschema-ID
DynamicSig[2].Value=1031
DynamicSig[22].Name=Zusatzinformation 1
DynamicSig[22].Value=ef31
DynamicSig[23].Name=Zusatzinformation 2
DynamicSig[23].Value=ef31968b50046133f9fdd00fc890a1a4
DynamicSig[24].Name=Zusatzinformation 3
DynamicSig[24].Value=1008
DynamicSig[25].Name=Zusatzinformation 4
DynamicSig[25].Value=1008829529ade9726731888a07d92dae

werner added a comment.Jul 1 2013, 9:01 PM

Last week I posted a revamped version og GpgEX 64 and 32 bit to the gnupg-users
mailing list. You may want to try that one. It is also possible to build a
complete new Gpg4win installer with gpgex 32 and 64 bit. We will release a beta
next week.

Most DLLS and exe files have versioninfos - some where not instantly displayed
due to missing language information.

Most DLLS and exe files have versioninfos - some where not instantly displayed

due to missing language information.

Yes, I'm also used to discover that "the" version info of an assembly must be
EN-US (or default) regardless of the what I wanted to.

I'm now subscriber to the mailing list, although I hate these mailman mailing
lists, because I found out that they're storing passwords in plaintext in their
database (isn't that weird when developing strong encryption tools?)

werner closed this task as Resolved.Jul 16 2013, 12:59 PM
werner claimed this task.

We released a new Beta yesterday and due to a build glich we will update that
today. Thus I close this bug.

The mailman passwords are by design weak and the web page explictly mentions
that you should not use a valuable password. The admin can anyway see everything.