From 36a5cc7446d0f5efd55f2adbe03509dc4c8afcb5 Mon Sep 17 00:00:00 2001 From: David Sparer Date: Fri, 21 Apr 2017 08:27:23 -0600 Subject: [PATCH 1/7] update changelog --- CHANGELOG.TXT | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.TXT b/CHANGELOG.TXT index c5b20df9..e36ddd79 100644 --- a/CHANGELOG.TXT +++ b/CHANGELOG.TXT @@ -5,6 +5,10 @@ Features/Enhancements: Added more logging/notifications options #429: Added Czech translation +General Changes: +---------------- +Improved compatability between environments when building mRemoteNG from source + 1.75.7005 (2017-04-XX) From a9fcdd33417c2ea349040b2c999dffc3d7db6a5d Mon Sep 17 00:00:00 2001 From: David Sparer Date: Fri, 21 Apr 2017 12:13:54 -0600 Subject: [PATCH 2/7] extracted a new script for finding a vstool (such as editbin.exe) --- Tools/find_vstool.ps1 | 41 +++++++++++++++++++++++++++++++++ Tools/set_LargeAddressAware.ps1 | 10 +------- 2 files changed, 42 insertions(+), 9 deletions(-) create mode 100644 Tools/find_vstool.ps1 diff --git a/Tools/find_vstool.ps1 b/Tools/find_vstool.ps1 new file mode 100644 index 00000000..3e85f060 --- /dev/null +++ b/Tools/find_vstool.ps1 @@ -0,0 +1,41 @@ +param ( + [string] + # Name of the file to find + $FileName +) + +# Returns the first full path to the $FileName that our search can find + +$rootSearchPaths = @( + [System.IO.Directory]::EnumerateFileSystemEntries("C:\Program Files", $FileName, [System.IO.SearchOption]::AllDirectories), + [System.IO.Directory]::EnumerateFileSystemEntries("C:\Program Files (x86)", $FileName, [System.IO.SearchOption]::AllDirectories) +) + + +function EditBinCertificateIsValid() { + param ( + [string] + $Path + ) + + # Verify file certificate + $microsoft_cert_thumbprint = "3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC" + $file_signature = Get-AuthenticodeSignature -FilePath $Path + if (($file_signature.Status -ne "Valid") -or ($file_signature.SignerCertificate.Thumbprint -ne $microsoft_cert_thumbprint)) { + Write-Warning "Could not validate the signature of $Path" + return $false + } else { + return $true + } +} + + +foreach ($searchPath in $rootSearchPaths) { + foreach ($entry in $searchPath) { + if (EditBinCertificateIsValid -Path $entry) { + return $entry + } + } +} + +Write-Error "Could not find any valid file by the name $FileName." -ErrorAction Stop \ No newline at end of file diff --git a/Tools/set_LargeAddressAware.ps1 b/Tools/set_LargeAddressAware.ps1 index ba785aea..2f68f2d1 100644 --- a/Tools/set_LargeAddressAware.ps1 +++ b/Tools/set_LargeAddressAware.ps1 @@ -11,15 +11,7 @@ param ( Write-Output "===== Beginning $($PSCmdlet.MyInvocation.MyCommand) =====" # Find editbin.exe -$path_editBin = @((Resolve-Path -Path "C:\Program Files*\Microsoft Visual Studio*\VC\bin\editbin.exe").Path)[0] - -# Verify editbin certificate -$microsoft_cert_thumbprint = "3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC" -$editbin_signature = Get-AuthenticodeSignature -FilePath $path_editBin -if (($editbin_signature.Status -ne "Valid") -or ($editbin_signature.SignerCertificate.Thumbprint -ne $microsoft_cert_thumbprint)) { - Write-Error "Could not validate the signature of editbin.exe - we can not set LargeAddressAware" -ErrorAction Stop -} - +$path_editBin = & "$PSScriptRoot\find_vstool.ps1" -FileName "editbin.exe" $path_outputExe = Join-Path -Path $TargetDir -ChildPath $TargetFileName From f2c65314b4e868ff1bdb593b6c84bb88b47da329 Mon Sep 17 00:00:00 2001 From: David Sparer Date: Fri, 21 Apr 2017 13:59:09 -0600 Subject: [PATCH 3/7] added a post build action to dump bin headers --- Tools/postbuild_mremotev1.ps1 | 1 + Tools/verify_LargeAddressAware.ps1 | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 Tools/verify_LargeAddressAware.ps1 diff --git a/Tools/postbuild_mremotev1.ps1 b/Tools/postbuild_mremotev1.ps1 index 3e1d9d09..3fca2a0d 100644 --- a/Tools/postbuild_mremotev1.ps1 +++ b/Tools/postbuild_mremotev1.ps1 @@ -41,6 +41,7 @@ Format-Table -AutoSize -Wrap -InputObject @{ & "$PSScriptRoot\copy_puttyng.ps1" -SolutionDir $SolutionDir -TargetDir $TargetDir & "$PSScriptRoot\move_help_files.ps1" -TargetDir $TargetDir & "$PSScriptRoot\set_LargeAddressAware.ps1" -TargetDir $TargetDir -TargetFileName $TargetFileName +& "$PSScriptRoot\verify_LargeAddressAware.ps1" -TargetDir $TargetDir -TargetFileName $TargetFileName & "$PSScriptRoot\tidy_files_for_release.ps1" -TargetDir $TargetDir -ConfigurationName $ConfigurationName & "$PSScriptRoot\sign_binaries.ps1" -SolutionDir $SolutionDir -TargetDir $TargetDir -CertificatePath $CertificatePath -CertificatePassword $CertificatePassword -ConfigurationName $ConfigurationName -Exclude $ExcludeFromSigning & "$PSScriptRoot\verify_binary_signatures.ps1" -TargetDir $TargetDir -ConfigurationName $ConfigurationName diff --git a/Tools/verify_LargeAddressAware.ps1 b/Tools/verify_LargeAddressAware.ps1 new file mode 100644 index 00000000..cc785b77 --- /dev/null +++ b/Tools/verify_LargeAddressAware.ps1 @@ -0,0 +1,21 @@ +param ( + [string] + [Parameter(Mandatory=$true)] + $TargetDir, + + [string] + [Parameter(Mandatory=$true)] + $TargetFileName +) + +Write-Output "===== Beginning $($PSCmdlet.MyInvocation.MyCommand) =====" + +# Find editbin.exe +$path_dumpBin = & "$PSScriptRoot\find_vstool.ps1" -FileName "dumpbin.exe" + +$path_outputExe = Join-Path -Path $TargetDir -ChildPath $TargetFileName + +# Dump exe header +& $path_dumpBin /NOLOGO /HEADERS "$path_outputExe" + +Write-Output "" \ No newline at end of file From f091817d662df6028e4d7160058dd230b9d4ee40 Mon Sep 17 00:00:00 2001 From: David Sparer Date: Fri, 21 Apr 2017 14:42:33 -0600 Subject: [PATCH 4/7] further reduce our search space this also reduces the chance we will try to access a folder which we dont have permissions for --- Tools/find_vstool.ps1 | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/Tools/find_vstool.ps1 b/Tools/find_vstool.ps1 index 3e85f060..e62af713 100644 --- a/Tools/find_vstool.ps1 +++ b/Tools/find_vstool.ps1 @@ -4,12 +4,6 @@ param ( $FileName ) -# Returns the first full path to the $FileName that our search can find - -$rootSearchPaths = @( - [System.IO.Directory]::EnumerateFileSystemEntries("C:\Program Files", $FileName, [System.IO.SearchOption]::AllDirectories), - [System.IO.Directory]::EnumerateFileSystemEntries("C:\Program Files (x86)", $FileName, [System.IO.SearchOption]::AllDirectories) -) function EditBinCertificateIsValid() { @@ -29,11 +23,19 @@ function EditBinCertificateIsValid() { } } +$rootSearchPaths = @( + [System.IO.Directory]::EnumerateFileSystemEntries("C:\Program Files", "*Visual Studio*", [System.IO.SearchOption]::TopDirectoryOnly), + [System.IO.Directory]::EnumerateFileSystemEntries("C:\Program Files (x86)", "*Visual Studio*", [System.IO.SearchOption]::TopDirectoryOnly) +) +# Returns the first full path to the $FileName that our search can find foreach ($searchPath in $rootSearchPaths) { - foreach ($entry in $searchPath) { - if (EditBinCertificateIsValid -Path $entry) { - return $entry + foreach ($visualStudioFolder in $searchPath) { + $matchingExes = [System.IO.Directory]::EnumerateFileSystemEntries($visualStudioFolder, $FileName, [System.IO.SearchOption]::AllDirectories) + foreach ($matchingExe in $matchingExes) { + if (EditBinCertificateIsValid -Path $matchingExe) { + return $matchingExe + } } } } From cd34619acd555ece2845d92cbefd9c4cdefcd764 Mon Sep 17 00:00:00 2001 From: David Sparer Date: Fri, 21 Apr 2017 14:52:40 -0600 Subject: [PATCH 5/7] added a few more known-good MS cert thumbprints --- Tools/find_vstool.ps1 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Tools/find_vstool.ps1 b/Tools/find_vstool.ps1 index e62af713..d476b69f 100644 --- a/Tools/find_vstool.ps1 +++ b/Tools/find_vstool.ps1 @@ -13,9 +13,13 @@ function EditBinCertificateIsValid() { ) # Verify file certificate - $microsoft_cert_thumbprint = "3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC" + $valid_microsoft_cert_thumbprints = @( + "3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC", + "98ED99A67886D020C564923B7DF25E9AC019DF26", + "108E2BA23632620C427C570B6D9DB51AC31387FE" + ) $file_signature = Get-AuthenticodeSignature -FilePath $Path - if (($file_signature.Status -ne "Valid") -or ($file_signature.SignerCertificate.Thumbprint -ne $microsoft_cert_thumbprint)) { + if (($file_signature.Status -ne "Valid") -or ($valid_microsoft_cert_thumbprints -notcontains $file_signature.SignerCertificate.Thumbprint)) { Write-Warning "Could not validate the signature of $Path" return $false } else { From c72d9b544e02c7c62e1df67556e0f4d523ff3b43 Mon Sep 17 00:00:00 2001 From: Sean Kaim Date: Fri, 21 Apr 2017 17:01:05 -0400 Subject: [PATCH 6/7] just a slightly more informative message --- Tools/set_LargeAddressAware.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tools/set_LargeAddressAware.ps1 b/Tools/set_LargeAddressAware.ps1 index 2f68f2d1..71018fc7 100644 --- a/Tools/set_LargeAddressAware.ps1 +++ b/Tools/set_LargeAddressAware.ps1 @@ -16,7 +16,7 @@ $path_editBin = & "$PSScriptRoot\find_vstool.ps1" -FileName "editbin.exe" $path_outputExe = Join-Path -Path $TargetDir -ChildPath $TargetFileName # Set LargeAddressAware -Write-Output "Setting LargeAddressAware on binary file `"$path_outputExe`"" +Write-Output "Setting LargeAddressAware on binary file:`n`"$path_outputExe`" `nwith:`n`"$path_editBin`"" & $path_editBin "/largeaddressaware" "$path_outputExe" Write-Output "" \ No newline at end of file From 5bfc67af4f533602a0cd50921df17b55728d253a Mon Sep 17 00:00:00 2001 From: Sean Kaim Date: Fri, 21 Apr 2017 17:20:23 -0400 Subject: [PATCH 7/7] Let's get some more clear validation --- Tools/verify_LargeAddressAware.ps1 | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/Tools/verify_LargeAddressAware.ps1 b/Tools/verify_LargeAddressAware.ps1 index cc785b77..2a3525f4 100644 --- a/Tools/verify_LargeAddressAware.ps1 +++ b/Tools/verify_LargeAddressAware.ps1 @@ -16,6 +16,17 @@ $path_dumpBin = & "$PSScriptRoot\find_vstool.ps1" -FileName "dumpbin.exe" $path_outputExe = Join-Path -Path $TargetDir -ChildPath $TargetFileName # Dump exe header -& $path_dumpBin /NOLOGO /HEADERS "$path_outputExe" +$output = & "$path_dumpBin" /NOLOGO /HEADERS $path_outputExe | Select-String large + +if ($output -eq $null) +{ + Write-Warning "Could not validate LargeAddressAware" +} +else +{ + Write-Output $output.ToString().TrimStart(" ") +} + + Write-Output "" \ No newline at end of file