mirrors/rufus
1
0
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2025-05-31 06:48:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[mingw] use delay loading for DLLs that are subject to side loading

Browse source 
* This reverts much of commits f6ac559f4d and 1947266837
  so that we call the Windows APIs directly again, while ensuring that, by the time we load the DLLs,
  sideloading mitigation has already been applied by the application.
* This is a continuation of #1877, and should help prevent re-introducing side-loading issues when we
  link against new libraries, as well as allow us to drop some of the manual DLL hooking we've been
  doing to prevent it, to clean up the code.
* Note that this is a bit more complex than what the stackoverflow post suggests, because we need to
  create delayloaded libs for both 32-bit and 64-bit, which use a different calling convention and
  therefore need to use different .def files. So there's a lot of gymkhana involved, with Makefiles
  and whatnot, to get us there.
* Also simplify the use of CM_Get_DevNode_Registry_PropertyA() in dev.c since recent versions of
  MinGW now have support for it.
* Also fix 2 small issues in net.c (potential overflow) and format.c (memory leak).
This commit is contained in:
Pete Batard 2022-04-12 11:09:29 +01:00
parent 3528ca773d
commit e7b66e7e4c
No known key found for this signature in database
GPG key ID: 38E0CF5E69EDD671
27 changed files with 597 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/pki.c
View file

@ -575,8 +575,6 @@ LONG ValidateSignature(HWND hDlg, const char* path)
LONG r = TRUST_E_SYSTEM_ERROR;
WINTRUST_DATA trust_data = { 0 };
WINTRUST_FILE_INFO trust_file = { 0 };
PF_TYPE_DECL(WINAPI, long, WinVerifyTrustEx, (HWND, GUID*, WINTRUST_DATA*));
PF_INIT(WinVerifyTrustEx, WinTrust);
GUID guid_generic_verify = // WINTRUST_ACTION_GENERIC_VERIFY_V2
{ 0xaac56b, 0xcd44, 0x11d0,{ 0x8c, 0xc2, 0x0, 0xc0, 0x4f, 0xc2, 0x95, 0xee } };
char *signature_name;
@ -627,8 +625,9 @@ LONG ValidateSignature(HWND hDlg, const char* path)
trust_data.dwUnionChoice = WTD_CHOICE_FILE;
trust_data.pFile = &trust_file;
if (pfWinVerifyTrustEx != NULL)
r = pfWinVerifyTrustEx(INVALID_HANDLE_VALUE, &guid_generic_verify, &trust_data);
// NB: Calling this API will create DLL sideloading issues through 'msasn1.dll'.
// So make sure you delay-load 'wintrust.dll' in your application.
r = WinVerifyTrustEx(INVALID_HANDLE_VALUE, &guid_generic_verify, &trust_data);
safe_free(trust_file.pcwszFilePath);
switch (r) {
case ERROR_SUCCESS: