VS2010 - Structure change in CryptoAPI - v7.0A Vs v6.0A - WinCrypt.h

Question

In C:\\Program Files\\Microsoft SDKs\\Windows\\v7.0A\\Include\\WinCrypt.h, the definition for CERT_CHAIN_ENGINE_CONFIG is

typedef          


        

Answer 1

the value of NTDDI_WIN7 which in my case is incorrect as mine is a XP SP3 machine.

As I understand it, the variables are initialized according to what system you are targeting, not what system you are compiling the code on. So you need to look at your project settings and see, what is your target platform, what headers are referenced etc. .

Answer 2

The problem which you have can be very easy explained. If you use v7.0A or v7.1 you are able to compile your project so that it will run under Windows 7. So the default value for the _WIN32_WINNT is 0x0601.

If you want co compile the program so that it will run on Windows XP you can define WINVER and _WIN32_WINNT explicitly. Typically one do this in the settings of the Visual Studio project inside of the preprocessor definitions. If you will do this the corresponding part of CERT_CHAIN_ENGINE_CONFIG structure will be displayed gray like you as want.

In the most cases and in the case of CERT_CHAIN_ENGINE_CONFIG it is not really needed. The Windows API are designed mostly so, that you will have no problems in the usage of CERT_CHAIN_ENGINE_CONFIG defined for Windows 7 in case of the start of the program on Windows XP. If you do define

#define WINVER 0x0500
#define _WIN32_WINNT 0x0500

(or 0x0501 instead of 0x0500) you will be able to run your program in the Windows 7, but you will be not able to use the hExclusiveRoot and the hExclusiveTrustedPeople members. The reason is the cbSize field which you should initialize as sizeof(CERT_CHAIN_ENGINE_CONFIG). It gives for the CertCreateCertificateChainEngine function enough information about the size of the input structure CERT_CHAIN_ENGINE_CONFIG. In case of small value of cbSize, the last HCERTSTORE members hExclusiveRoot and hExclusiveTrustedPeople will be just not used.