Enable DLL preloading protection by default on >= 6.10

Quin · Post by **Quin** » Fri Jul 12, 2024 5:36 pm

When the DLL protection checkbox was added, its default state was set to unchecked for Windows XP support. I can't find the topic now, but I thought Fred said this would be changed after XP support was dropped. But, at least in 6.10, it's still unchecked by default

Is it possible to have it checked by default on any version that doesn't support XP (I for one always check it for every project).
Thanks.

Little John · Post by **Little John** » Fri Jul 12, 2024 7:12 pm

You can enable this by default in the IDE preferences under “Compiler” > “Standards”.
As far as I can see, this setting is independent of the setting for modern theme support (for Windows XP and newer).

Post by **Fred** » Fri Jul 12, 2024 9:17 pm

No I don't think we won't enable it by default as it is not done in other mainstream languages (C/C++) so it should have a good reason for that. I don't have enough experience on this topic to force this behaviour to every PB programs.

BarryG · Post by **BarryG** » Sat Jul 13, 2024 3:30 am

Is this feature even needed if I hard-code the path to system DLLs in my app? That's what I'm currently doing, in addition to enabling it. But maybe enabling it isn't necessary when hard-coding?

jacdelad · Post by **jacdelad** » Sat Jul 13, 2024 3:41 am

If it's hard-coded, it doesn't matter. It's more about system DLLs potentially being replaced/rerouted by malicious pendants.

BarryG · Post by **BarryG** » Sat Jul 13, 2024 4:13 am

Good to know! Thanks.

Post by **Fred** » Sat Jul 13, 2024 7:12 am

The patch is done before any code is executed, using full path at runtime isn't enough

BarryG · Post by **BarryG** » Sat Jul 13, 2024 9:39 am

Interesting. So I could remove my hard-coded paths, then, since they're not effective? Just use the DLL filename (like "kernel32.dll")?

jacdelad · Post by **jacdelad** » Sat Jul 13, 2024 2:02 pm

Ouch!

Post by **Fred** » Sat Jul 13, 2024 9:44 pm

BarryG wrote: Sat Jul 13, 2024 9:39 am Interesting. So I could remove my hard-coded paths, then, since they're not effective? Just use the DLL filename (like "kernel32.dll")?

I didn't said it's not effective, but not enough as all the DLL loaded before the code is run are not cover by this. Load library() now takes care of this automatically so it's not needed to use a full path (but you still can it won't hurt)

Thorium · Post by **Thorium** » Mon Aug 26, 2024 7:42 am

I don't think it's good to use it on every app. There are downsides to it as there are legit reasons to preload another DLL.
For example to fix compatibility issues on older apps. Your apps will grow old eventually.

It makes sense if your app is expected to run under admin. In this case it prevents elevation of privileges. But if your app runs under user there is nothing to gain for an attacker. As it already has user access to your system at that point, otherwise it could not perform the attack.

PureBasic Forums - English

Enable DLL preloading protection by default on >= 6.10

Enable DLL preloading protection by default on >= 6.10

Re: Enable DLL preloading protection by default on >= 6.10

Re: Enable DLL preloading protection by default on >= 6.10

Re: Enable DLL preloading protection by default on >= 6.10

Re: Enable DLL preloading protection by default on >= 6.10

Re: Enable DLL preloading protection by default on >= 6.10

Re: Enable DLL preloading protection by default on >= 6.10

Re: Enable DLL preloading protection by default on >= 6.10

Re: Enable DLL preloading protection by default on >= 6.10

Re: Enable DLL preloading protection by default on >= 6.10

Re: Enable DLL preloading protection by default on >= 6.10