Windows Warning popups for libcef.dll and chrome_elf.dll

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

Windows Warning popups for libcef.dll and chrome_elf.dll

Postby diveecco63 » Wed Jul 14, 2021 7:59 pm

We are using Cef libraries for a WPF windows application and a few months ago we began to get pop up warnings whenever we launched the application which state the following:

sdk.dll is using chrome_elf.dll from an unknown publisher. Are you sure you want to run this software.

We were installing in C:ProgramFiles(x86) and thought maybe moving to %APP_DATA% would resolve the issues, but it has not.

What (if anything) can we do to eliminate these?

Thanks
diveecco63
Newbie
 
Posts: 7
Joined: Thu Jun 10, 2021 11:47 am

Re: Windows Warning popups for libcef.dll and chrome_elf.dll

Postby magreenblatt » Wed Jul 14, 2021 8:19 pm

What software is showing the warning? You could code sign the binaries.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: Windows Warning popups for libcef.dll and chrome_elf.dll

Postby diveecco63 » Mon Jul 19, 2021 7:17 am

We actually do go ahead and code sign the binaries with the same SHA2 cert we use for our own binary. Didn't seem to help at all. Our application integrates with the Zoom sdk, and even though the Zoom sdk does not use or touch the cef binaries, it "looks" like Zoom is the software throwing up the warning (the header in the dialog says Zoom). It's very strange, and it does not seem to matter exactly what we do to adjust things, these popups intermittently (say about 70% of the time) continue to jump up.
diveecco63
Newbie
 
Posts: 7
Joined: Thu Jun 10, 2021 11:47 am

Re: Windows Warning popups for libcef.dll and chrome_elf.dll

Postby ndesktop » Mon Jul 19, 2021 7:19 am

Is it on Windows 7? If so, there are changes regarding SHA2 certificates on Win7.
ndesktop
Master
 
Posts: 750
Joined: Thu Dec 03, 2015 10:10 am

Re: Windows Warning popups for libcef.dll and chrome_elf.dll

Postby diveecco63 » Tue Jul 20, 2021 11:54 am

Nope - we only support Windows 10
diveecco63
Newbie
 
Posts: 7
Joined: Thu Jun 10, 2021 11:47 am

Re: Windows Warning popups for libcef.dll and chrome_elf.dll

Postby ndesktop » Wed Jul 21, 2021 4:27 am

diveecco63 wrote:We actually do go ahead and code sign the binaries with the same SHA2 cert we use for our own binary. Didn't seem to help at all. Our application integrates with the Zoom sdk, and even though the Zoom sdk does not use or touch the cef binaries, it "looks" like Zoom is the software throwing up the warning (the header in the dialog says Zoom). It's very strange, and it does not seem to matter exactly what we do to adjust things, these popups intermittently (say about 70% of the time) continue to jump up.

They might have hooked dll load (perhaps via LdrLoadDll or kernel32!LoadLibraryXXX family in-memory patching) in order to pre-verify the binary loaded (CertXXX calls to verify the integrity of a dll to be loaded in their processes) and their check might fail due to certain constraints.

I am not familiar with Zoom SDK, and on a quick look I do not see an interface controlling the dll loading.

If you go to the route of reverse eng, I suggest to use rohitab's API monitor or similar tools and watch certain calls (crypt32, kernel32, user32 etc.) in order to see who ends up in the MessageBoxW(A) call. Then you can see back what dll from what call invokes it and get a better conclusion.
In the end, you might need to contact Zoom and open some form of ticket or use their forum.
ndesktop
Master
 
Posts: 750
Joined: Thu Dec 03, 2015 10:10 am

Re: Windows Warning popups for libcef.dll and chrome_elf.dll

Postby diveecco63 » Thu Jul 22, 2021 2:46 pm

Good idea - I will see if I can figure out why it's doing that - for the life of me I don't know why Zoom would care one way or the other about the dlls our client app uses.
diveecco63
Newbie
 
Posts: 7
Joined: Thu Jun 10, 2021 11:47 am

Re: Windows Warning popups for libcef.dll and chrome_elf.dll

Postby ndesktop » Fri Jul 23, 2021 12:08 am

diveecco63 wrote:Good idea - I will see if I can figure out why it's doing that - for the life of me I don't know why Zoom would care one way or the other about the dlls our client app uses.

They might not want to let unsigned dlls to be loaded along their api.
I know I am doing this for various reasons, including
- custom code to prevent loading certain *legit* dlls having bugs, as a dreaded certificate extension of SPanish police having the habit of crashing processes
- hooked PPAPI flash player which launched a console if CEF is used with sandbox disabled (yes, really, they are/were execing a "cmd.exe /c "echo SANDBOX disabled"", unpleasantly flying over at startup)
etc.

And even your dll is signed, they might have custom code looking for certain certificate signatures and yours might not be emitted by an authority recognized by their code, who knows.
ndesktop
Master
 
Posts: 750
Joined: Thu Dec 03, 2015 10:10 am


Return to Support Forum

Who is online

Users browsing this forum: Google [Bot] and 34 guests