Simplify DllHijack mitigation and ensure urlmon is delay loaded

First update the project to reduce the number of linked libraries and ensure the most likely non-OS loaded DLLS are delay loaded. Then simplify the DLL hijack mitigation to always dynamically link to SetDefaultDllDirectories in case Squirrel is used on and old Win7 that is missing the necessary KB.
Squirrel · May 31, 2022 · 0bad6df · anaisbetts · Jan 3, 2023 · robmen
1 parent 16521f3
commit 0bad6df
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 10 deletions.
diff --git a/src/Setup/Setup.vcxproj b/src/Setup/Setup.vcxproj
@@ -64,8 +64,8 @@
     <Link>
       <SubSystem>Windows</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
-      <AdditionalDependencies>kernel32.lib;user32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;urlmon.lib</AdditionalDependencies>
-      <DelayLoadDLLs>user32.dll;advapi32.dll;shell32.dll;ole32.dll;oleaut32.dll;urlmon.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
+      <AdditionalDependencies>urlmon.lib</AdditionalDependencies>
+      <DelayLoadDLLs>comctl32.dll;shell32.dll;shlwapi.dll;urlmon.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
     </Link>
     <Manifest>
       <AdditionalManifestFiles>compat.manifest</AdditionalManifestFiles>
@@ -91,8 +91,8 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <UACExecutionLevel>AsInvoker</UACExecutionLevel>
-      <AdditionalDependencies>kernel32.lib;user32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;urlmon.lib</AdditionalDependencies>
-      <DelayLoadDLLs>user32.dll;advapi32.dll;shell32.dll;ole32.dll;oleaut32.dll;urlmon.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
+      <AdditionalDependencies>urlmon.lib</AdditionalDependencies>
+      <DelayLoadDLLs>comctl32.dll;shell32.dll;shlwapi.dll;urlmon.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
     </Link>
     <Manifest>
       <AdditionalManifestFiles>compat.manifest</AdditionalManifestFiles>

diff --git a/src/Setup/winmain.cpp b/src/Setup/winmain.cpp
@@ -23,22 +23,26 @@ void PreloadLibs()
 	std::wstring version = (std::wstring(sys32Folder) + L"\\version.dll");
 	std::wstring logoncli = (std::wstring(sys32Folder) + L"\\logoncli.dll");
 	std::wstring sspicli = (std::wstring(sys32Folder) + L"\\sspicli.dll");
+	std::wstring urlmon = (std::wstring(sys32Folder) + L"\\urlmon.dll");
 
 	LoadLibrary(version.c_str());
 	LoadLibrary(logoncli.c_str());
 	LoadLibrary(sspicli.c_str());
+	LoadLibrary(urlmon.c_str());
 }
 
 void MitigateDllHijacking()
 {
 	// Set the default DLL lookup directory to System32 for ourselves and kernel32.dll
-	SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32);
-
 	HMODULE hKernel32 = LoadLibrary(L"kernel32.dll");
-	ATLASSERT(hKernel32 != NULL);
-
-	SetDefaultDllDirectoriesFunction pfn = (SetDefaultDllDirectoriesFunction)GetProcAddress(hKernel32, "SetDefaultDllDirectories");
-	if (pfn) { (*pfn)(LOAD_LIBRARY_SEARCH_SYSTEM32); }
+	if (hKernel32)
+	{
+		SetDefaultDllDirectoriesFunction pfn = (SetDefaultDllDirectoriesFunction)GetProcAddress(hKernel32, "SetDefaultDllDirectories");
+		if (pfn)
+		{
+			(*pfn)(LOAD_LIBRARY_SEARCH_SYSTEM32);
+		}
+	}
 
 	PreloadLibs();
 }