Skip to content

Commit

Permalink
[mingw] use delay loading for DLLs that are subject to side loading
Browse files Browse the repository at this point in the history 
* This reverts much of commits f6ac559 and 1947266
  so that we call the Windows APIs directly again, while ensuring that, by the time we load the DLLs,
  sideloading mitigation has already been applied by the application.
* This is a continuation of #1877, and should help prevent re-introducing side-loading issues when we
  link against new libraries, as well as allow us to drop some of the manual DLL hooking we've been
  doing to prevent it, to clean up the code.
* Note that this is a bit more complex than what the stackoverflow post suggests, because we need to
  create delayloaded libs for both 32-bit and 64-bit, which use a different calling convention and
  therefore need to use different .def files. So there's a lot of gymkhana involved, with Makefiles
  and whatnot, to get us there.
* Also simplify the use of CM_Get_DevNode_Registry_PropertyA() in dev.c since recent versions of
  MinGW now have support for it.
* Also fix 2 small issues in net.c (potential overflow) and format.c (memory leak).
  • Loading branch information
@pbatard
pbatard committed Apr 12, 2022
1 parent 3528ca7 commit e7b66e7
Show file tree
Hide file tree
Showing 27 changed files with 597 additions and 68 deletions.
31 changes: 31 additions & 0 deletions .mingw/Makefile.am
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Create delay-loaded libraries from a DLL, that aren't vulnerable to side-loading
AM_V_DLLTOOL_0 = @echo " LIB $@";$(DLLTOOL)
AM_V_DLLTOOL_1 = $(DLLTOOL)
AM_V_DLLTOOL_ = $(AM_V_DLLTOOL_$(AM_DEFAULT_VERBOSITY))
AM_V_DLLTOOL = $(AM_V_DLLTOOL_$(V))

AM_V_SED_0 = @echo " SED $<";$(SED)
AM_V_SED_1 = $(SED)
AM_V_SED_ = $(AM_V_SED_$(AM_DEFAULT_VERBOSITY))
AM_V_SED = $(AM_V_SED_$(V))

# Ah the joys of Windows DLL calling conventions, that require an @## suffix in the .def
# for x86_32 and but no @## for x86_64, thereby forcing us to strip stuff according to the
# target arch. Oh, and we can't use 'target_cpu' or AC definitions on account that we are
# switching archs when building on our local machine, and don't want to have to go though
# a costly reconf each time when we can simply issue a 'make clean'.
TUPLE := $(shell $(CC) -dumpmachine)
TARGET := $(word 1,$(subst -, ,$(TUPLE)))
DEF_SUFFIX := $(if $(TARGET:x86_64=),.def,.def64)

.PHONY: all
all: wintrust-delaylib.lib version-delaylib.lib

%.def64: %.def
$(AM_V_SED) "s/@.*//" $< >$@

%-delaylib.lib: %$(DEF_SUFFIX)
$(AM_V_DLLTOOL) --input-def $< --output-delaylib $@ --dllname $(basename $<).dll

clean:
$(RM) -rf *.lib
Loading

0 comments on commit e7b66e7

Please sign in to comment.