From 5b2db4112fc4d5c9759685bb457ec0106b3bba1a Mon Sep 17 00:00:00 2001 From: John Preston Date: Wed, 30 Jun 2021 18:20:49 +0300 Subject: [PATCH] Don't allow any .dll-s near Telegram.exe --- Telegram/CMakeLists.txt | 41 ++++++++++- Telegram/SourceFiles/_other/updater_win.cpp | 68 +++++++++++++++++++ .../SourceFiles/platform/win/windows_dlls.cpp | 67 ++++++++++++------ .../SourceFiles/platform/win/windows_dlls.h | 3 - 4 files changed, 152 insertions(+), 27 deletions(-) diff --git a/Telegram/CMakeLists.txt b/Telegram/CMakeLists.txt index db827d37a1..13523aa3c6 100644 --- a/Telegram/CMakeLists.txt +++ b/Telegram/CMakeLists.txt @@ -1356,6 +1356,32 @@ endif() set_target_properties(Telegram PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${output_folder}) +if (WIN32) + target_link_options(Telegram + PRIVATE + /DELAYLOAD:secur32.dll + /DELAYLOAD:winmm.dll + /DELAYLOAD:ws2_32.dll + /DELAYLOAD:user32.dll + /DELAYLOAD:gdi32.dll + /DELAYLOAD:advapi32.dll + /DELAYLOAD:shell32.dll + /DELAYLOAD:ole32.dll + /DELAYLOAD:oleaut32.dll + /DELAYLOAD:shlwapi.dll + /DELAYLOAD:iphlpapi.dll + /DELAYLOAD:gdiplus.dll + /DELAYLOAD:version.dll + /DELAYLOAD:dwmapi.dll + /DELAYLOAD:crypt32.dll + /DELAYLOAD:bcrypt.dll + /DELAYLOAD:imm32.dll + /DELAYLOAD:netapi32.dll + /DELAYLOAD:userenv.dll + /DELAYLOAD:wtsapi32.dll + ) +endif() + if ((NOT DESKTOP_APP_DISABLE_AUTOUPDATE OR APPLE) AND NOT build_macstore AND NOT build_winstore) add_executable(Updater WIN32) init_target(Updater) @@ -1372,8 +1398,19 @@ if ((NOT DESKTOP_APP_DISABLE_AUTOUPDATE OR APPLE) AND NOT build_macstore AND NOT set_target_properties(Updater PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${output_folder}) - if (WIN32 AND NOT CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") - target_link_options(Updater PRIVATE -municode) + if (WIN32) + if (CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") + target_link_options(Updater + PRIVATE + /DELAYLOAD:user32.dll + /DELAYLOAD:advapi32.dll + /DELAYLOAD:shell32.dll + /DELAYLOAD:ole32.dll + /DELAYLOAD:shlwapi.dll + ) + else() + target_link_options(Updater PRIVATE -municode) + endif() endif() if (LINUX) diff --git a/Telegram/SourceFiles/_other/updater_win.cpp b/Telegram/SourceFiles/_other/updater_win.cpp index 41d23ead66..8da2af4c82 100644 --- a/Telegram/SourceFiles/_other/updater_win.cpp +++ b/Telegram/SourceFiles/_other/updater_win.cpp @@ -7,6 +7,70 @@ https://github.com/telegramdesktop/tdesktop/blob/master/LEGAL */ #include "updater.h" +using Handle = HINSTANCE; + +Handle SafeLoadLibrary(const wchar_t *name, bool required = false) { + static const auto SystemPath = [] { + WCHAR buffer[MAX_PATH + 1] = { 0 }; + return GetSystemDirectory(buffer, MAX_PATH) + ? std::wstring(buffer) + : std::wstring(); + }(); + static const auto WindowsPath = [] { + WCHAR buffer[MAX_PATH + 1] = { 0 }; + return GetWindowsDirectory(buffer, MAX_PATH) + ? std::wstring(buffer) + : std::wstring(); + }(); + const auto tryPath = [&](const std::wstring &path) { + if (!path.empty()) { + const auto full = path + L'\\' + name; + if (const auto result = Handle(LoadLibrary(full.c_str()))) { + return result; + } + } + return Handle(); + }; + if (const auto result1 = tryPath(SystemPath)) { + return result1; + } else if (const auto result2 = tryPath(WindowsPath)) { + return result2; + } else if (required) { + const auto text = L"Could not load required DLL '" + + std::wstring(name) + + L"'!"; + MessageBox(nullptr, text.c_str(), L"Fatal Error", MB_ICONERROR); + } + return nullptr; +} + +[[nodiscard]] bool Init() { + // Remove the current directory from the DLL search order. + SetDllDirectory(L""); + + const auto required = { + L"user32.dll", + L"advapi32.dll", + L"shell32.dll", + L"ole32.dll", + L"shlwapi.dll", + L"propsys.dll", + }; + const auto optional = { + L"profapi.dll", + L"cryptbase.dll", + }; + for (const auto lib : required) { + if (!SafeLoadLibrary(lib, true)) { + return false; + } + } + for (const auto lib : optional) { + SafeLoadLibrary(lib); + } + return true; +} + bool _debug = false; wstring updaterName, updaterDir, updateTo, exeName, customWorkingDir, customKeyFile; @@ -329,6 +393,10 @@ void updateRegistry() { } int APIENTRY wWinMain(HINSTANCE instance, HINSTANCE prevInstance, LPWSTR cmdParamarg, int cmdShow) { + if (!Init()) { + return -1; + } + openLog(); _oldWndExceptionFilter = SetUnhandledExceptionFilter(_exceptionFilter); diff --git a/Telegram/SourceFiles/platform/win/windows_dlls.cpp b/Telegram/SourceFiles/platform/win/windows_dlls.cpp index c4a51ffa7f..9fcc078f25 100644 --- a/Telegram/SourceFiles/platform/win/windows_dlls.cpp +++ b/Telegram/SourceFiles/platform/win/windows_dlls.cpp @@ -25,30 +25,55 @@ void init() { if (inited) return; inited = true; - // Remove the current directory from the DLL search order. - ::SetDllDirectory(L""); + base::Platform::CheckDynamicLibraries(); - const auto list = { + // Remove the current directory from the DLL search order. + SetDllDirectory(L""); + + const auto required = { + u"secur32.dll"_q, + u"winmm.dll"_q, + u"ws2_32.dll"_q, + u"user32.dll"_q, + u"gdi32.dll"_q, + u"advapi32.dll"_q, + u"shell32.dll"_q, + u"ole32.dll"_q, + u"oleaut32.dll"_q, + u"shlwapi.dll"_q, + u"iphlpapi.dll"_q, + u"gdiplus.dll"_q, + u"version.dll"_q, + u"dwmapi.dll"_q, + u"crypt32.dll"_q, + u"bcrypt.dll"_q, + u"imm32.dll"_q, + u"netapi32.dll"_q, + u"userenv.dll"_q, + u"wtsapi32.dll"_q, + u"propsys.dll"_q, + u"psapi.dll"_q, + u"uxtheme.dll"_q, + }; + const auto optional = { u"dbghelp.dll"_q, u"dbgcore.dll"_q, - u"propsys.dll"_q, u"winsta.dll"_q, - u"textinputframework.dll"_q, u"uxtheme.dll"_q, u"igdumdim32.dll"_q, u"amdhdl32.dll"_q, - u"wtsapi32.dll"_q, - u"propsys.dll"_q, u"combase.dll"_q, - u"dwmapi.dll"_q, u"rstrtmgr.dll"_q, - u"psapi.dll"_q, - u"user32.dll"_q, u"d3d9.dll"_q, u"d3d11.dll"_q, u"dxgi.dll"_q, + u"profapi.dll"_q, + u"cryptbase.dll"_q, }; - for (const auto &lib : list) { + for (const auto &lib : required) { + SafeLoadLibrary(lib, true); + } + for (const auto &lib : optional) { SafeLoadLibrary(lib); } } @@ -83,19 +108,17 @@ void start() { // } //} - if (IsWindowsVistaOrGreater()) { - const auto LibWtsApi32 = SafeLoadLibrary(u"wtsapi32.dll"_q); - LOAD_SYMBOL(LibWtsApi32, WTSRegisterSessionNotification); - LOAD_SYMBOL(LibWtsApi32, WTSUnRegisterSessionNotification); + const auto LibWtsApi32 = SafeLoadLibrary(u"wtsapi32.dll"_q); + LOAD_SYMBOL(LibWtsApi32, WTSRegisterSessionNotification); + LOAD_SYMBOL(LibWtsApi32, WTSUnRegisterSessionNotification); - const auto LibPropSys = SafeLoadLibrary(u"propsys.dll"_q); - LOAD_SYMBOL(LibPropSys, PropVariantToString); - LOAD_SYMBOL(LibPropSys, PSStringFromPropertyKey); + const auto LibPropSys = SafeLoadLibrary(u"propsys.dll"_q); + LOAD_SYMBOL(LibPropSys, PropVariantToString); + LOAD_SYMBOL(LibPropSys, PSStringFromPropertyKey); - const auto LibDwmApi = SafeLoadLibrary(u"dwmapi.dll"_q); - LOAD_SYMBOL(LibDwmApi, DwmIsCompositionEnabled); - LOAD_SYMBOL(LibDwmApi, DwmSetWindowAttribute); - } + const auto LibDwmApi = SafeLoadLibrary(u"dwmapi.dll"_q); + LOAD_SYMBOL(LibDwmApi, DwmIsCompositionEnabled); + LOAD_SYMBOL(LibDwmApi, DwmSetWindowAttribute); const auto LibPsApi = SafeLoadLibrary(u"psapi.dll"_q); LOAD_SYMBOL(LibPsApi, GetProcessMemoryInfo); diff --git a/Telegram/SourceFiles/platform/win/windows_dlls.h b/Telegram/SourceFiles/platform/win/windows_dlls.h index 0a31aaba2f..e60e40676a 100644 --- a/Telegram/SourceFiles/platform/win/windows_dlls.h +++ b/Telegram/SourceFiles/platform/win/windows_dlls.h @@ -25,9 +25,6 @@ namespace Dlls { void init(); void start(); -// KERNEL32.DLL -inline BOOL(__stdcall *SetDllDirectory)(LPCWSTR lpPathName); - // UXTHEME.DLL inline HRESULT(__stdcall *SetWindowTheme)( HWND hWnd,