OEMCertifyModule (Windows CE 5.0)

Send Feedback

This function enables the OS loader to pass the module code (for example, .dll, .exe, and .ocx) to the OEM to verify that a module can be safely run on the system.

DWORD OEMCertifyModule(LPBYTElpData,DWORD cbData );


  • lpData
    [out] Pointer to a buffer allocated by the OS that contains the code for the module being loaded.

  • cbData
    [in] Size, in bytes, of the buffer that the OS passes and that lpData points to.

    If cbData is zero, the end of the module has been reached.

Return Values

The following table shows the return values for this function.

Flag Value Description
OEM_CERTIFY_TRUST 2 The module is trusted by the OEM to perform any operation.
OEM_CERTIFY_RUN 1 The module is trusted by the OEM to run, but the module is restricted from making specific function calls.
OEM_CERTIFY_FALSE 0 The module is not trusted by the OEM and is not allowed to run.


To implement this function, assign the address of this function to pOEMLoadModule in the OEMInit function of the OEM adaptation layer (OAL).

The pOEMLoadModule global pointer is exposed by the OS in the OAL. The OS loader calls pOEMLoadModule multiple times until it reaches the end of the module.

If the loader fails to fully load a module, the OS loader might never reach the end of the module, and an OEM must be ready for pOEMLoadInit to be called before the end of the previous module is reached.

The OEM assigns trust levels to .dll and .exe files. The modules from the MODULES section of a .bin file are assumed to be trusted (OEM_CERTIFY_TRUST) and are not tested by the OEM. The OEM should test the modules from the FILES section of the .bin file and other file systems.

An .exe file is always assigned a trust level before its dependent .dll files are loaded.

When a dependent .dll file is loaded, the OEM assigns it a trust level. The kernel compares this .dll file trust level to the trust level of the .exe file. Based on this comparison, a .dll file certification level is obtained for the OS.

If necessary, the kernel reduces the trust level of the .dll file so the .dll file can run.

If the trust level of the .exe file is higher than the trust level of the .dll file, the .dll file is not loaded by the kernel.

A .dll file can use the CeGetCurrentTrust function to determine the trust level of the .exe file if a .dll file needs more control over which .exe files are able to load it.

The following table shows the resulting .dll file certification level based on the combination of OEM-assigned trust levels.

OEM certification for .exe file OEM certification for .dll file Certification level for .dll file

ROM .dll and .exe files are not certified by the OEM and are assumed to operate at an OEM_CERTIFY_TRUST level.

For information on API restrictions imposed on untrusted applications, see Trusted APIs.

The CreateProcess function debug flags, DEBUG_ONLY_THIS_PROCESS and DEBUG_PROCESS, are restricted. If these flags are used by an untrusted application, the identified process launches, but no debugging occurs.


OS Versions: Windows CE 2.10 and later.
Header: Developer defined.
Link Library: Nk.lib.

See Also

CeGetCurrentTrust | CreateProcess | OEMCertifyModuleInit | OEMInit

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.