Prevent DLL search order hijacking for VentoyPlugson.exe and VentoyVlnk.exe

diff --git a/Plugson/src/main_windows.c b/Plugson/src/main_windows.c
index e6a0bf47a0f361751e9dca618c4114d8e9976c94..066eb63bfd9784d912303d2ef733cc82a9ce5040 100644 (file)
--- a/Plugson/src/main_windows.c
+++ b/Plugson/src/main_windows.c
@@ -464,6 +464,60 @@ static int ParseCmdLine(LPSTR lpCmdLine, char *ip, char *port)
        return 0;\r
 }\r
 \r
        return 0;\r
 }\r
 \r

+\r
+\r
+//\r
+//copy from Rufus\r
+//\r
+#include <delayimp.h>\r
+// For delay-loaded DLLs, use LOAD_LIBRARY_SEARCH_SYSTEM32 to avoid DLL search order hijacking.\r
+FARPROC WINAPI dllDelayLoadHook(unsigned dliNotify, PDelayLoadInfo pdli)\r
+{\r
+       if (dliNotify == dliNotePreLoadLibrary) {\r
+               // Windows 7 without KB2533623 does not support the LOAD_LIBRARY_SEARCH_SYSTEM32 flag.\r
+               // That is is OK, because the delay load handler will interrupt the NULL return value\r
+               // to mean that it should perform a normal LoadLibrary.\r
+               return (FARPROC)LoadLibraryExA(pdli->szDll, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);\r
+       }\r
+       return NULL;\r
+}\r
+\r
+#if defined(_MSC_VER)\r
+// By default the Windows SDK headers have a `const` while MinGW does not.\r
+const\r
+#endif\r
+PfnDliHook __pfnDliNotifyHook2 = dllDelayLoadHook;\r
+\r
+typedef BOOL(WINAPI* SetDefaultDllDirectories_t)(DWORD);\r
+static void DllProtect(void)\r
+{\r
+       SetDefaultDllDirectories_t pfSetDefaultDllDirectories = NULL;\r
+\r
+       // Disable loading system DLLs from the current directory (sideloading mitigation)\r
+       // PS: You know that official MSDN documentation for SetDllDirectory() that explicitly\r
+       // indicates that "If the parameter is an empty string (""), the call removes the current\r
+       // directory from the default DLL search order"? Yeah, that doesn't work. At all.\r
+       // Still, we invoke it, for platforms where the following call might actually work...\r
+       SetDllDirectoryA("");\r
+\r
+       // For libraries on the KnownDLLs list, the system will always load them from System32.\r
+       // For other DLLs we link directly to, we can delay load the DLL and use a delay load\r
+       // hook to load them from System32. Note that, for this to work, something like:\r
+       // 'somelib.dll;%(DelayLoadDLLs)' must be added to the 'Delay Loaded Dlls' option of\r
+       // the linker properties in Visual Studio (which means this won't work with MinGW).\r
+       // For all other DLLs, use SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32).\r
+       // Finally, we need to perform the whole gymkhana below, where we can't call on\r
+       // SetDefaultDllDirectories() directly, because Windows 7 doesn't have the API exposed.\r
+       // Also, no, Coverity, we never need to care about freeing kernel32 as a library.\r
+       // coverity[leaked_storage]\r
+\r
+       pfSetDefaultDllDirectories = (SetDefaultDllDirectories_t)\r
+               GetProcAddress(LoadLibraryW(L"kernel32.dll"), "SetDefaultDllDirectories");\r
+       if (pfSetDefaultDllDirectories != NULL)\r
+               pfSetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32);\r
+}\r
+\r
+\r

 int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, INT nCmdShow)\r
 {\r
     int rc;\r
 int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, INT nCmdShow)\r
 {\r
     int rc;\r


@@ -472,6 +526,8 @@ int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLi
 \r
     UNREFERENCED_PARAMETER(hPrevInstance);\r
 \r
 \r
     UNREFERENCED_PARAMETER(hPrevInstance);\r
 \r

+       DllProtect();\r
+\r

     if (GetUserDefaultUILanguage() == 0x0804)\r
     {\r
         g_sysinfo.language = LANGUAGE_CN;\r
     if (GetUserDefaultUILanguage() == 0x0804)\r
     {\r
         g_sysinfo.language = LANGUAGE_CN;\r

diff --git a/Plugson/vs/VentoyPlugson/Release/VentoyPlugson.exe b/Plugson/vs/VentoyPlugson/Release/VentoyPlugson.exe
index 4f78da8193b61a2759538f9d779971cf220d8f90..ed09c29e8ab87fd5e7c385df7ec911f60bb025af 100644 (file)
Binary files a/Plugson/vs/VentoyPlugson/Release/VentoyPlugson.exe and b/Plugson/vs/VentoyPlugson/Release/VentoyPlugson.exe differ

diff --git a/Plugson/vs/VentoyPlugson/VentoyPlugson/VentoyPlugson.vcxproj b/Plugson/vs/VentoyPlugson/VentoyPlugson/VentoyPlugson.vcxproj
index 382d989a73aba80956c91f58d7efed25fcccde6f..38daf77d9573f1dc32786bccd4acad76ae0baaea 100644 (file)
--- a/Plugson/vs/VentoyPlugson/VentoyPlugson/VentoyPlugson.vcxproj
+++ b/Plugson/vs/VentoyPlugson/VentoyPlugson/VentoyPlugson.vcxproj
@@ -14,18 +14,19 @@
     <ProjectGuid>{321D6EE2-2AB3-4103-9F05-EC4EC67A75E1}</ProjectGuid>\r
     <Keyword>Win32Proj</Keyword>\r
     <RootNamespace>VentoyPlugson</RootNamespace>\r
     <ProjectGuid>{321D6EE2-2AB3-4103-9F05-EC4EC67A75E1}</ProjectGuid>\r
     <Keyword>Win32Proj</Keyword>\r
     <RootNamespace>VentoyPlugson</RootNamespace>\r

+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>\r

   </PropertyGroup>\r
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />\r
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">\r
     <ConfigurationType>Application</ConfigurationType>\r
     <UseDebugLibraries>true</UseDebugLibraries>\r
   </PropertyGroup>\r
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />\r
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">\r
     <ConfigurationType>Application</ConfigurationType>\r
     <UseDebugLibraries>true</UseDebugLibraries>\r

-    <PlatformToolset>v120</PlatformToolset>\r
+    <PlatformToolset>v142</PlatformToolset>\r

     <CharacterSet>MultiByte</CharacterSet>\r
   </PropertyGroup>\r
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">\r
     <ConfigurationType>Application</ConfigurationType>\r
     <UseDebugLibraries>false</UseDebugLibraries>\r
     <CharacterSet>MultiByte</CharacterSet>\r
   </PropertyGroup>\r
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">\r
     <ConfigurationType>Application</ConfigurationType>\r
     <UseDebugLibraries>false</UseDebugLibraries>\r

-    <PlatformToolset>v120</PlatformToolset>\r
+    <PlatformToolset>v142</PlatformToolset>\r

     <WholeProgramOptimization>true</WholeProgramOptimization>\r
     <CharacterSet>MultiByte</CharacterSet>\r
   </PropertyGroup>\r
     <WholeProgramOptimization>true</WholeProgramOptimization>\r
     <CharacterSet>MultiByte</CharacterSet>\r
   </PropertyGroup>\r


@@ -61,6 +62,7 @@
       <SubSystem>Windows</SubSystem>\r
       <GenerateDebugInformation>true</GenerateDebugInformation>\r
       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>\r
       <SubSystem>Windows</SubSystem>\r
       <GenerateDebugInformation>true</GenerateDebugInformation>\r
       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>\r

+      <DelayLoadDLLs>gdi32.dll;winspool.dll;comdlg32.dll;advapi32.dll;shell32.dll;ole32.dll;oleaut32.dll;uuid.dll;odbc32.dll;odbccp32.dll</DelayLoadDLLs>\r

     </Link>\r
     <Manifest>\r
       <AdditionalManifestFiles>$(ProjectDir)\Res\Plugson32.manifest %(AdditionalManifestFiles)</AdditionalManifestFiles>\r
     </Link>\r
     <Manifest>\r
       <AdditionalManifestFiles>$(ProjectDir)\Res\Plugson32.manifest %(AdditionalManifestFiles)</AdditionalManifestFiles>\r


@@ -84,6 +86,7 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>\r
       <OptimizeReferences>true</OptimizeReferences>\r
       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>\r
       <EnableCOMDATFolding>true</EnableCOMDATFolding>\r
       <OptimizeReferences>true</OptimizeReferences>\r
       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>\r

+      <DelayLoadDLLs>gdi32.dll;winspool.dll;comdlg32.dll;advapi32.dll;shell32.dll;ole32.dll;oleaut32.dll;uuid.dll;odbc32.dll;odbccp32.dll</DelayLoadDLLs>\r

     </Link>\r
     <Manifest>\r
       <AdditionalManifestFiles>$(ProjectDir)\Res\Plugson32.manifest %(AdditionalManifestFiles)</AdditionalManifestFiles>\r
     </Link>\r
     <Manifest>\r
       <AdditionalManifestFiles>$(ProjectDir)\Res\Plugson32.manifest %(AdditionalManifestFiles)</AdditionalManifestFiles>\r


@@ -151,7 +154,7 @@
   <ItemGroup>\r
     <ResourceCompile Include="VentoyPlugson.rc" />\r
   </ItemGroup>\r
   <ItemGroup>\r
     <ResourceCompile Include="VentoyPlugson.rc" />\r
   </ItemGroup>\r

-  <ItemGroup>   \r
+  <ItemGroup>\r

     <Image Include="Res\plugson.ico" />\r
   </ItemGroup>\r
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />\r
     <Image Include="Res\plugson.ico" />\r
   </ItemGroup>\r
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />\r

diff --git a/Plugson/vs/VentoyPlugson/VentoyPlugson/VentoyPlugson.vcxproj.filters b/Plugson/vs/VentoyPlugson/VentoyPlugson/VentoyPlugson.vcxproj.filters
index 9f7786610f01223c2ce0ba99ae1e8bf34a32b174..b272f9fe003ec1be441c3446fd1b4ba0df8ad76e 100644 (file)
--- a/Plugson/vs/VentoyPlugson/VentoyPlugson/VentoyPlugson.vcxproj.filters
+++ b/Plugson/vs/VentoyPlugson/VentoyPlugson/VentoyPlugson.vcxproj.filters
@@ -167,7 +167,7 @@
     </ResourceCompile>\r
   </ItemGroup>\r
   <ItemGroup>\r
     </ResourceCompile>\r
   </ItemGroup>\r
   <ItemGroup>\r

-    <Image Include="Res\refresh.ico">\r
+    <Image Include="Res\plugson.ico">\r

       <Filter>资源文件</Filter>\r
     </Image>\r
   </ItemGroup>\r
       <Filter>资源文件</Filter>\r
     </Image>\r
   </ItemGroup>\r

diff --git a/Vlnk/src/main_windows.c b/Vlnk/src/main_windows.c
index 089512026cd9d8ac9da8bae36db974fe059369d4..d2f2c3c2b1795fe8954461264d69a048eed8a773 100644 (file)
--- a/Vlnk/src/main_windows.c
+++ b/Vlnk/src/main_windows.c
@@ -831,6 +831,58 @@ static int ParseCmdLine(LPSTR lpCmdLine)
     return argc;\r
 }\r
 \r
     return argc;\r
 }\r
 \r

+\r
+//\r
+//copy from Rufus\r
+//\r
+#include <delayimp.h>\r
+// For delay-loaded DLLs, use LOAD_LIBRARY_SEARCH_SYSTEM32 to avoid DLL search order hijacking.\r
+FARPROC WINAPI dllDelayLoadHook(unsigned dliNotify, PDelayLoadInfo pdli)\r
+{\r
+    if (dliNotify == dliNotePreLoadLibrary) {\r
+        // Windows 7 without KB2533623 does not support the LOAD_LIBRARY_SEARCH_SYSTEM32 flag.\r
+        // That is is OK, because the delay load handler will interrupt the NULL return value\r
+        // to mean that it should perform a normal LoadLibrary.\r
+        return (FARPROC)LoadLibraryExA(pdli->szDll, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);\r
+    }\r
+    return NULL;\r
+}\r
+\r
+#if defined(_MSC_VER)\r
+// By default the Windows SDK headers have a `const` while MinGW does not.\r
+const\r
+#endif\r
+PfnDliHook __pfnDliNotifyHook2 = dllDelayLoadHook;\r
+\r
+typedef BOOL(WINAPI *SetDefaultDllDirectories_t)(DWORD);\r
+static void DllProtect(void)\r
+{\r
+    SetDefaultDllDirectories_t pfSetDefaultDllDirectories = NULL;\r
+\r
+    // Disable loading system DLLs from the current directory (sideloading mitigation)\r
+    // PS: You know that official MSDN documentation for SetDllDirectory() that explicitly\r
+    // indicates that "If the parameter is an empty string (""), the call removes the current\r
+    // directory from the default DLL search order"? Yeah, that doesn't work. At all.\r
+    // Still, we invoke it, for platforms where the following call might actually work...\r
+    SetDllDirectoryA("");\r
+\r
+    // For libraries on the KnownDLLs list, the system will always load them from System32.\r
+    // For other DLLs we link directly to, we can delay load the DLL and use a delay load\r
+    // hook to load them from System32. Note that, for this to work, something like:\r
+    // 'somelib.dll;%(DelayLoadDLLs)' must be added to the 'Delay Loaded Dlls' option of\r
+    // the linker properties in Visual Studio (which means this won't work with MinGW).\r
+    // For all other DLLs, use SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32).\r
+    // Finally, we need to perform the whole gymkhana below, where we can't call on\r
+    // SetDefaultDllDirectories() directly, because Windows 7 doesn't have the API exposed.\r
+    // Also, no, Coverity, we never need to care about freeing kernel32 as a library.\r
+    // coverity[leaked_storage]\r
+\r
+    pfSetDefaultDllDirectories = (SetDefaultDllDirectories_t)\r
+        GetProcAddress(LoadLibraryW(L"kernel32.dll"), "SetDefaultDllDirectories");\r
+    if (pfSetDefaultDllDirectories != NULL)\r
+        pfSetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32);\r
+}\r
+\r

 int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, INT nCmdShow)\r
 {\r
     DWORD dwAttrib;\r
 int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, INT nCmdShow)\r
 {\r
     DWORD dwAttrib;\r


@@ -838,6 +890,8 @@ int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLi
 \r
     UNREFERENCED_PARAMETER(hPrevInstance);\r
 \r
 \r
     UNREFERENCED_PARAMETER(hPrevInstance);\r
 \r

+    DllProtect();\r
+\r

     if (GetUserDefaultUILanguage() == 0x0804)\r
     {\r
         g_msg_lang = g_msg_cn;\r
     if (GetUserDefaultUILanguage() == 0x0804)\r
     {\r
         g_msg_lang = g_msg_cn;\r

diff --git a/Vlnk/vs/VentoyVlnk/Release/VentoyVlnk.exe b/Vlnk/vs/VentoyVlnk/Release/VentoyVlnk.exe
index 0f479e1053d6ab21c2cc38b48ce01bff2c03cdc1..e633e3b11d95bb47a042f86f9defa2b049b0e2bb 100644 (file)
Binary files a/Vlnk/vs/VentoyVlnk/Release/VentoyVlnk.exe and b/Vlnk/vs/VentoyVlnk/Release/VentoyVlnk.exe differ

diff --git a/Vlnk/vs/VentoyVlnk/VentoyVlnk/VentoyVlnk.vcxproj b/Vlnk/vs/VentoyVlnk/VentoyVlnk/VentoyVlnk.vcxproj
index 62de30c43c4838ae3059bc5e690a628df609f4ca..108c3938fb9faa01c83bf8c892d0a097d9f0bc0e 100644 (file)
--- a/Vlnk/vs/VentoyVlnk/VentoyVlnk/VentoyVlnk.vcxproj
+++ b/Vlnk/vs/VentoyVlnk/VentoyVlnk/VentoyVlnk.vcxproj
@@ -14,18 +14,19 @@
     <ProjectGuid>{9987D9FE-1A40-4C5F-835C-D66B0FEADA26}</ProjectGuid>\r
     <Keyword>Win32Proj</Keyword>\r
     <RootNamespace>VentoyVlnk</RootNamespace>\r
     <ProjectGuid>{9987D9FE-1A40-4C5F-835C-D66B0FEADA26}</ProjectGuid>\r
     <Keyword>Win32Proj</Keyword>\r
     <RootNamespace>VentoyVlnk</RootNamespace>\r

+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>\r

   </PropertyGroup>\r
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />\r
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">\r
     <ConfigurationType>Application</ConfigurationType>\r
     <UseDebugLibraries>true</UseDebugLibraries>\r
   </PropertyGroup>\r
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />\r
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">\r
     <ConfigurationType>Application</ConfigurationType>\r
     <UseDebugLibraries>true</UseDebugLibraries>\r

-    <PlatformToolset>v120</PlatformToolset>\r
+    <PlatformToolset>v142</PlatformToolset>\r

     <CharacterSet>Unicode</CharacterSet>\r
   </PropertyGroup>\r
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">\r
     <ConfigurationType>Application</ConfigurationType>\r
     <UseDebugLibraries>false</UseDebugLibraries>\r
     <CharacterSet>Unicode</CharacterSet>\r
   </PropertyGroup>\r
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">\r
     <ConfigurationType>Application</ConfigurationType>\r
     <UseDebugLibraries>false</UseDebugLibraries>\r

-    <PlatformToolset>v120</PlatformToolset>\r
+    <PlatformToolset>v142</PlatformToolset>\r

     <WholeProgramOptimization>true</WholeProgramOptimization>\r
     <CharacterSet>Unicode</CharacterSet>\r
   </PropertyGroup>\r
     <WholeProgramOptimization>true</WholeProgramOptimization>\r
     <CharacterSet>Unicode</CharacterSet>\r
   </PropertyGroup>\r


@@ -61,6 +62,7 @@
       <SubSystem>Windows</SubSystem>\r
       <GenerateDebugInformation>true</GenerateDebugInformation>\r
       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>\r
       <SubSystem>Windows</SubSystem>\r
       <GenerateDebugInformation>true</GenerateDebugInformation>\r
       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>\r

+      <DelayLoadDLLs>gdi32.dll;winspool.dll;comdlg32.dll;advapi32.dll;shell32.dll;ole32.dll;oleaut32.dll;uuid.dll;odbc32.dll;odbccp32.dll</DelayLoadDLLs>\r

     </Link>\r
     <Manifest>\r
       <AdditionalManifestFiles>$(ProjectDir)\Res\Vlnk32.manifest %(AdditionalManifestFiles)</AdditionalManifestFiles>\r
     </Link>\r
     <Manifest>\r
       <AdditionalManifestFiles>$(ProjectDir)\Res\Vlnk32.manifest %(AdditionalManifestFiles)</AdditionalManifestFiles>\r


@@ -84,6 +86,7 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>\r
       <OptimizeReferences>true</OptimizeReferences>\r
       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>\r
       <EnableCOMDATFolding>true</EnableCOMDATFolding>\r
       <OptimizeReferences>true</OptimizeReferences>\r
       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>\r

+      <DelayLoadDLLs>gdi32.dll;winspool.dll;comdlg32.dll;advapi32.dll;shell32.dll;ole32.dll;oleaut32.dll;uuid.dll;odbc32.dll;odbccp32.dll</DelayLoadDLLs>\r

     </Link>\r
     <Manifest>\r
       <AdditionalManifestFiles>$(ProjectDir)\Res\Vlnk32.manifest %(AdditionalManifestFiles)</AdditionalManifestFiles>\r
     </Link>\r
     <Manifest>\r
       <AdditionalManifestFiles>$(ProjectDir)\Res\Vlnk32.manifest %(AdditionalManifestFiles)</AdditionalManifestFiles>\r