| 修订版 | aa98a2157bd9549eb0a8027cf81df20dfe909d93 (tree) |
|---|---|
| 时间 | 2018-02-18 21:17:17 |
| 作者 |  LoRd_MuldeR <mulder2@gmx....> |
| Commiter | LoRd_MuldeR |
Some more work to prevent DLL pre-loading attacks. Full protection is only enabled in "static" builds. Non-static builds require that we allow DLL loading from application install directory (e.g. to load the Qt plug-ins).
src/ErrorHandler_Win32.cpp (diff)| @@ -55,6 +55,33 @@ static LONG WINAPI my_exception_handler(struct _EXCEPTION_POINTERS *ExceptionInf | ||
| 55 | 55 | } |
| 56 | 56 | |
| 57 | 57 | /////////////////////////////////////////////////////////////////////////////// |
| 58 | +// DEFAULT DLL DIRECTORIES | |
| 59 | +/////////////////////////////////////////////////////////////////////////////// | |
| 60 | + | |
| 61 | +//Flags | |
| 62 | +#define MY_LOAD_LIBRARY_SEARCH_APPLICATION_DIR 0x200 | |
| 63 | +#define MY_LOAD_LIBRARY_SEARCH_USER_DIRS 0x400 | |
| 64 | +#define MY_LOAD_LIBRARY_SEARCH_SYSTEM32 0x800 | |
| 65 | + | |
| 66 | +#ifdef MUTILS_STATIC_LIB | |
| 67 | +#define MY_LOAD_LIBRARY_FLAGS (MY_LOAD_LIBRARY_SEARCH_SYSTEM32 | MY_LOAD_LIBRARY_SEARCH_USER_DIRS) | |
| 68 | +#else | |
| 69 | +#define MY_LOAD_LIBRARY_FLAGS (MY_LOAD_LIBRARY_SEARCH_SYSTEM32 | MY_LOAD_LIBRARY_SEARCH_USER_DIRS | MY_LOAD_LIBRARY_SEARCH_APPLICATION_DIR) | |
| 70 | +#endif | |
| 71 | + | |
| 72 | +static void set_default_dll_directories(void) | |
| 73 | +{ | |
| 74 | + typedef BOOL(__stdcall *MySetDefaultDllDirectories)(const DWORD DirectoryFlags); | |
| 75 | + if (const HMODULE kernel32 = GetModuleHandleW(L"kernel32")) | |
| 76 | + { | |
| 77 | + if (const MySetDefaultDllDirectories pSetDefaultDllDirectories = (MySetDefaultDllDirectories)GetProcAddress(kernel32, "SetDefaultDllDirectories")) | |
| 78 | + { | |
| 79 | + pSetDefaultDllDirectories(MY_LOAD_LIBRARY_FLAGS); | |
| 80 | + } | |
| 81 | + } | |
| 82 | +} | |
| 83 | + | |
| 84 | +/////////////////////////////////////////////////////////////////////////////// | |
| 58 | 85 | // SETUP ERROR HANDLERS |
| 59 | 86 | /////////////////////////////////////////////////////////////////////////////// |
| 60 | 87 |
| @@ -64,15 +91,17 @@ void MUtils::ErrorHandler::initialize(void) | ||
| 64 | 91 | SetUnhandledExceptionFilter(my_exception_handler); |
| 65 | 92 | SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_ABOVE_NORMAL); |
| 66 | 93 | _set_invalid_parameter_handler(my_invalid_param_handler); |
| 67 | - SetDllDirectoryW(L""); /*don'tload DLL from "current" directory*/ | |
| 68 | - | |
| 94 | + | |
| 95 | + /*to prevent DLL pre-loading attacks*/ | |
| 96 | + set_default_dll_directories(); | |
| 97 | + SetDllDirectoryW(L""); | |
| 98 | + | |
| 69 | 99 | static const int signal_num[6] = { SIGABRT, SIGFPE, SIGILL, SIGINT, SIGSEGV, SIGTERM }; |
| 70 | 100 | |
| 71 | 101 | for(size_t i = 0; i < 6; i++) |
| 72 | 102 | { |
| 73 | 103 | signal(signal_num[i], my_signal_handler); |
| 74 | 104 | } |
| 75 | - | |
| 76 | 105 | } |
| 77 | 106 | |
| 78 | 107 | /////////////////////////////////////////////////////////////////////////////// |
Fork