Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Better delay load urlmon and move official build to GH Actions #1807

Merged
merged 5 commits into from May 31, 2022

Conversation

robmen
Copy link
Contributor

@robmen robmen commented May 31, 2022

A small "bug fix" and build process improvements

  • Simplify DllHijack mitigation and ensure urlmon is delay loaded
  • Update NuGet submodule to point into Squirrel org
  • Move official build to GitHub Actions

@robmen robmen self-assigned this May 31, 2022
@robmen robmen force-pushed the robmen/urlmon-ghactions branch 3 times, most recently from 2a62c38 to 3cab6d4 Compare May 31, 2022 01:17
First update the project to reduce the number of linked libraries
and ensure the most likely non-OS loaded DLLS are delay loaded. Then
simplify the DLL hijack mitigation to always dynamically link to
SetDefaultDllDirectories in case Squirrel is used on and old Win7
that is missing the necessary KB.
@robmen robmen force-pushed the robmen/urlmon-ghactions branch 4 times, most recently from 0048184 to ceefe59 Compare May 31, 2022 01:47
@anaisbetts
Copy link
Contributor

Try to add a PR description for every PR, but otherwise :shipit:

The "build_official.cmd" now creates all of the build artifacts and
the "devbuild.cmd" is a quick way for developers to get a build from
the command-line. With these two batch files in place, move the
official build pipeline from Azure DevOps to GitHub Actions.
@robmen robmen merged commit a1eb63a into develop May 31, 2022
1 check passed
@robmen robmen deleted the robmen/urlmon-ghactions branch May 31, 2022 18:20
@YoelRT
Copy link

YoelRT commented May 8, 2023

A small "bug fix" and build process improvements

  • Simplify DllHijack mitigation and ensure urlmon is delay loaded
  • Update NuGet submodule to point into Squirrel org
  • Move official build to GitHub Actions

Any soon update to solve:
The squirrel.windows package is vulnerable to DLL Hijacking attacks ??

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants