Dll hijacking fixes: Windows version check + SetDllDirectory("").

2025-03-25 04:38:23 +00:00 · 2016-08-14 21:55:59 +03:00 · 2016-08-14 21:55:59 +03:00 · 50b10ba0bf
commit 50b10ba0bf
parent 994576375e
3 changed files with 42 additions and 11 deletions
--- a/Telegram/SourceFiles/platform/win/windows_dlls.cpp
+++ b/Telegram/SourceFiles/platform/win/windows_dlls.cpp
@ -24,6 +24,23 @@ Copyright (c) 2014-2016 John Preston, https://desktop.telegram.org
 namespace Platform {
 namespace Dlls {

+f_SetDllDirectory SetDllDirectory;
+
+HINSTANCE LibKernel32;
+
+void init() {
+	static bool inited = false;
+	if (inited) return;
+	inited = true;
+
+	LibKernel32 = LoadLibrary(L"KERNEL32.DLL");
+	load(LibKernel32, "SetDllDirectoryW", SetDllDirectory);
+	if (SetDllDirectory) {
+		// Remove the current directory from the DLL search order.
+		SetDllDirectory(L"");
+	}
+}
+
 f_SetWindowTheme SetWindowTheme;
 f_OpenAs_RunDLL OpenAs_RunDLL;
 f_SHOpenWithDialog SHOpenWithDialog;
@ -45,8 +62,7 @@ HINSTANCE LibPropSys;
 HINSTANCE LibComBase;

 void start() {
-	LibUxTheme = LoadLibrary(L"UXTHEME.DLL");
-	load(LibUxTheme, "SetWindowTheme", SetWindowTheme);
+	init();

 	LibShell32 = LoadLibrary(L"SHELL32.DLL");
 	load(LibShell32, "SHAssocEnumHandlers", SHAssocEnumHandlers);
@ -56,17 +72,25 @@ void start() {
 	load(LibShell32, "SHQueryUserNotificationState", SHQueryUserNotificationState);
 	load(LibShell32, "SetCurrentProcessExplicitAppUserModelID", SetCurrentProcessExplicitAppUserModelID);

-	LibWtsApi32 = LoadLibrary(L"WTSAPI32.DLL");
-	load(LibWtsApi32, "WTSRegisterSessionNotification", WTSRegisterSessionNotification);
-	load(LibWtsApi32, "WTSUnRegisterSessionNotification", WTSUnRegisterSessionNotification);
+	auto version = QSysInfo::windowsVersion();
+	if (version >= QSysInfo::WV_VISTA) {
+		LibUxTheme = LoadLibrary(L"UXTHEME.DLL");
+		load(LibUxTheme, "SetWindowTheme", SetWindowTheme);

-	LibPropSys = LoadLibrary(L"PROPSYS.DLL");
-	load(LibPropSys, "PropVariantToString", PropVariantToString);
+		LibWtsApi32 = LoadLibrary(L"WTSAPI32.DLL");
+		load(LibWtsApi32, "WTSRegisterSessionNotification", WTSRegisterSessionNotification);
+		load(LibWtsApi32, "WTSUnRegisterSessionNotification", WTSUnRegisterSessionNotification);

-	LibComBase = LoadLibrary(L"COMBASE.DLL");
-	load(LibComBase, "RoGetActivationFactory", RoGetActivationFactory);
-	load(LibComBase, "WindowsCreateStringReference", WindowsCreateStringReference);
-	load(LibComBase, "WindowsDeleteString", WindowsDeleteString);
+		LibPropSys = LoadLibrary(L"PROPSYS.DLL");
+		load(LibPropSys, "PropVariantToString", PropVariantToString);
+
+		if (version >= QSysInfo::WV_WINDOWS8) {
+			LibComBase = LoadLibrary(L"COMBASE.DLL");
+			load(LibComBase, "RoGetActivationFactory", RoGetActivationFactory);
+			load(LibComBase, "WindowsCreateStringReference", WindowsCreateStringReference);
+			load(LibComBase, "WindowsDeleteString", WindowsDeleteString);
+		}
+	}
 }

 } // namespace Dlls
--- a/Telegram/SourceFiles/platform/win/windows_dlls.h
+++ b/Telegram/SourceFiles/platform/win/windows_dlls.h
@ -27,6 +27,12 @@ Copyright (c) 2014-2016 John Preston, https://desktop.telegram.org
 namespace Platform {
 namespace Dlls {

+void init();
+
+// KERNEL32.DLL
+typedef BOOL (FAR STDAPICALLTYPE *f_SetDllDirectory)(LPCWSTR lpPathName);
+extern f_SetDllDirectory SetDllDirectory;
+
 void start();

 template <typename Function>
--- a/Telegram/SourceFiles/pspecific_win.cpp
+++ b/Telegram/SourceFiles/pspecific_win.cpp
@ -737,6 +737,7 @@ void psShowInFolder(const QString &name) {
 namespace Platform {

 void start() {
+	Dlls::init();
 }

 void finish() {