locked
Question about blacklisted APIs

    Question

  • I am working on figuring out whether some existing networking code that uses OpenSSL, libcurl, and eglib can be ported directly to a Metro style application.  I haven't recompiled OpenSSL and libcurl for VC11 yet and am using them compiled using VC9.  I know that is bad and could cause false positives coming from the evaluation tool so I wanted to post my evaluation results to see what people think.  Here are the results:

     

    API 111 in ws2_32.dll is not supported for this application type. Application1.exe calls this API. 

    API 19 in ws2_32.dll is not supported for this application type. Application1.exe calls this API. 

    API GetLocaleInfoW in kernel32.dll is not supported for this application type. Application1.exe calls this API. 

    API GetUserDefaultLCID in kernel32.dll is not supported for this application type. Application1.exe calls this API. 

    API WaitForSingleObject in kernel32.dll is not supported for this application type. Application1.exe calls this API. 

    API CertCloseStore in crypt32.dll is not supported for this application type. Application1.exe calls this API. 

    API CertEnumCertificatesInStore in crypt32.dll is not supported for this application type. Application1.exe calls this API. 

    API CertOpenSystemStoreW in crypt32.dll is not supported for this application type. Application1.exe calls this API. 

    I have two follow-up questions from these results and one other question:
    1) Are the two errors from ws2_32.dll just false positives because I'm linking with VC9?  Or is Winsock blacklisted now?
    2) Why are certificate manipulation function calls (e.g. CertOpenSystemStoreW) blacklisted?  What am I supposed to be using instead to (a) verify server certificates against the root system CA store and (b) do SSL authentication using a client certificate that I would usually do with PCCERT_CONTEXT?
    3) No WaitForSingleObject?  It seems this thread http://social.msdn.microsoft.com/Forums/en-AU/winappswithnativecode/thread/8b047482-971c-4084-b315-da2c77a2ff69 discusses it but I couldn't find an answer.
    4) Are function calls from winscard.dll blacklisted?  For example, SCardEstablishContext and the like?
    5) Is there some master list of all blacklisted APIs to make my life easier?
    I appreciate any help that anyone can give me.  Thanks in advance.
    • Edited by Adam Gross Thursday, November 17, 2011 5:29 PM
    Thursday, November 17, 2011 5:28 PM

All replies

  • You'll probably get better answers to your wider questions about alternates for specific function areas if you ask them separately.  See this thread about certificates.

    For the general list see the docs on Win32 and COM for Metro style apps .  You can also look in the SDK header files to see if specific API are in the Desktop or Application families (only Application family API are available to Metro style apps).

    The Windows App Cert Kit will give you the definitive answer (pending future updates - this is still a developer preview).  You can validate the failures against the header files and they should match.   

    Make sure that you test the release build as debug builds will not pass.

    --Rob

    Thursday, November 17, 2011 6:06 PM
    Owner
  • That is very helpful, thanks!  It's too bad to see Winsock APIs not on there, but I guess allowing devs to support legacy code wasn't much of a priority when MS designed Metro.
    Thursday, November 17, 2011 6:46 PM
  • Actually I am thinking that Winsock may not be blacklisted, or at least not all of it.  The results that I am getting are very confusing.  I import 20 functions from ws2_32.dll and only ordinal 111 (WSAGetLastError) and ordinal 19 (send) are blacklisted.  The validation tool is not reporting any of the following functions as blacklisted: accept, bind, closesocket, connect, getaddrinfo, getnameinfo getpeername, getsockname, getsockopt, ioctlsocket, inet_addr, inet_ntoa, listen, ntohs, recv, setsockopt, socket, and gethostname.

    Is this to be expected?  Is it in purpose that send and WSAGetLastError are blacklisted but yet all of the other functions I mentioned are not?  Or is it a bug in the validation tool?

    Tuesday, November 22, 2011 9:43 PM
  • I have the same question with the list or black-list APIs.

    Instead of using the App Cert Kit to check the metro app at runtime, is there any way to find out at compilation time which APIs are not supported in Metro?

    Thanks.

    Jennifer

    Tuesday, November 22, 2011 9:45 PM
  • You will find that in all the Metro style project templates, there is the following macro defined:

     /D "WINAPI_FAMILY=2"

    If this macro is defined then all the blacklisted API are automatically hidden during compile time.

    Thanks


    Raman Sharma | Program Manager, Visual C++ | @rasharm_msft

    (if my post has answered your question, please consider using the 'mark as answer' feature in the forums to help others)
    Tuesday, November 22, 2011 10:22 PM
  • This still doesn't explain everything that I'm seeing.  If you have WINAPI_FAMILY set to 2, all of Winsock is commented out and you don't get anything.  To me, that implies that all of Winsock is blacklisted.  But that doesn't explain what I'm seeing, which is that only 2 of the 20 Winsock functions I was using are blacklisted (see my comment above for more details).  Can you comment on that?
    Wednesday, November 23, 2011 4:14 PM
  • For me the "/D WINAPI_FAMILY=2" option did not work as well.

    My test code contains the blacklisted API "CompareString()" in a win32-dll project, adding this option did not show any error/warning at compile-time.

     

    Wednesday, November 23, 2011 9:39 PM