mirrors/rufus
1
0
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2025-06-05 01:03:54 -04:00
Code Issues Projects Releases Packages Wiki Activity

[misc] more MinGW DLL side loading "improvements"

Browse source 
- Side load SetupAPI.dll, as this is the DLL that was causing the CfgMgr32.dll local load.
  This reverts part of 622e60659c since we no longer have to hook into CfgMgr32.dll directly.
- Also set the redefinition of DECLSPEC_IMPORT, which we need for MinGW32 x86, in the global AM_CFLAGS
  of configure.ac, so that we no longer have to worry about forgetting to do it in a source and experience
  crashes on 32-bit as a result (See 965759f58a).
- Also delay-load crypt32.dll while we're at it.
- Also add provision for enabling /DEPENDENTLOADFLAG:0x800 on MinGW, by leaving a properly crafted entry
  in the .rdata section that can then be used with the loadcfg.py Python script.
- Sadly, per https://github.com/pbatard/rufus/issues/2701#issuecomment-2874788564 and subsequent comment,
  having DependentLoadFlags set to LOAD_LIBRARY_SEARCH_SYSTEM32 is still not enough to take care of side
  loading issues, as, ever since the introduction of wimlib support, we are seeing CRYPTBASE.DLL being
  side-loaded in MinGW, and, even with crypt32.dll being delay-loaded there is literally *nothing* we can
  do about it!
- The end result of all the above is that we will have no choice but ditch MinGW for release executables
  as it's just impossible to properly take care of side-loading vulnerabilities with MinGW (and Microsoft
  are REALLY not helping with this whole mess either, when they don't even use LOAD_LIBRARY_SEARCH_SYSTEM32
  for Windows' system DLLs).
- In preparation for this, we add UPX compression to the x86_64 and x86_32 MSVC executables.
- Finally, we also fix one last Coverity warning in xml.c and remove duplicates in .vcxproj for ARM64.
This commit is contained in:
Pete Batard 2025-05-13 20:26:46 +01:00
parent 13c6becf42
commit 4adfa4f37e
No known key found for this signature in database
GPG key ID: 38E0CF5E69EDD671
18 changed files with 179 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

6
configure vendored
View file

@ -4702,7 +4702,7 @@ fi
printf "%s\n" "enabling Large File Support (ISO support)" >&6; }
AM_CFLAGS="$AM_CFLAGS -D_FILE_OFFSET_BITS=64 -D_OFF_T_ -D_off_t=off64_t -Doff_t=off64_t -Doff32_t=long"
# check for -Wno-pointer-sign compiler support (GCC >= 4)
# Check for -Wno-pointer-sign compiler support (GCC >= 4)
saved_CFLAGS="${CFLAGS}"
CFLAGS="$CFLAGS -Wno-pointer-sign"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@ -4725,7 +4725,9 @@ fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
CFLAGS="${saved_CFLAGS}"
AM_CFLAGS="$AM_CFLAGS -DUNICODE -D_UNICODE -UNDEBUG -DCOBJMACROS -D__USE_MINGW_ANSI_STDIO=0 -std=gnu11 -Wshadow -Wall -Wformat-security -Wundef -Wunused -Wstrict-prototypes -Wno-restrict -Wno-array-bounds -Werror-implicit-function-declaration -Wbidi-chars=none $nopointersign_cflags"
# NB: The DECLSPEC_IMPORT redefinition below is a temporary(?) workaround for MinGW32 delay-loading
# See https://github.com/pbatard/rufus/pull/2513 as well as https://sourceware.org/bugzilla/show_bug.cgi?id=14339
AM_CFLAGS="$AM_CFLAGS -DUNICODE -D_UNICODE -UNDEBUG -DCOBJMACROS -D__USE_MINGW_ANSI_STDIO=0 -UDECLSPEC_IMPORT -DDECLSPEC_IMPORT=__attribute__\(\(visibility\(\\\"hidden\\\"\)\)\) -std=gnu11 -Wshadow -Wall -Wformat-security -Wundef -Wunused -Wstrict-prototypes -Wno-restrict -Wno-array-bounds -Werror-implicit-function-declaration -Wbidi-chars=none $nopointersign_cflags"