PureBasic Forums - English

Thanks Fred and team!

I wasn't expecting this would happen when I showed Kukulkan this manifest option.

@User_Russian
Just use a hex editor and change back the manifest template
inside pbcompiler.exe and pbcompilerc.exe (it's in plain ascii text).

fryquez wrote: Mon Dec 04, 2023 2:44 pm I wasn't expecting this would happen when I showed Kukulkan this manifest option.

Is there something I'm missing here, what's the issue ?

Fred wrote: Mon Dec 04, 2023 1:40 pm It won't be optional, you don't want your program to be explicitly vulnerable.

This manifest does not eliminate vulnerabilities.
It is still possible to inject the dll into the process.
This should be optional with the ability to turn it off.

Just use a hex editor and change back the manifest template
inside pbcompiler.exe and pbcompilerc.exe (it's in plain ascii text).

It's a joke?
Protecting against dll injection using a manifest does not at all prevent dll injection into a process, but it creates many problems due to the manifest. The manifest should not be forced into all applications! It should be optional. If you need it, turn it on, if you don't need it, turn it off. Having the manifest enabled forever is a bad solution.

I will just stop arguing with you because you obviously doesn't even try to understand what I said earlier. BTW, the manifest is always included in PB executable, there is just a few lines added in it to makes sure the official microsoft libs are loaded from the System32 path instead of the current application directory.

It's a joke?

No, I just wanted to show you a solution.

Fred wrote: Mon Dec 04, 2023 3:06 pm Is there something I'm missing here, what's the issue ?

Well, is there any others programming language that does this?
You just broke 3 supported Windows builds and properly don't even know why.

Microsoft could easily prevent all DLL Hijacking vulnerable, if they want!
But they don't do it.
To put it simply don't force security option on everyone, if you don't comprehend them.

Well, I don't pretend to know everything, so could you tell exactly what it brokes ? That's why there is a beta version.

fryquez wrote: Microsoft could easily prevent all DLL Hijacking vulnerable, if they want!
But they don't do it.

How does this insight help us here?

I did not try this manifest change yet.

Can I still use my own SQLite3.dll or other custom dll's installed in my app path?

Of course, you shouldn't see any change. If you do please post here.

Great!
Really confused why there are objections to an automatic approach to reducing possible dll hijack?
Especially if the manifest tweak can be manually edited.

skywalk wrote: Mon Dec 04, 2023 7:41 pmEspecially if the manifest tweak can be manually edited.

It needs to be edited inside the compiler (pbcompiler or pbcompilerc).
This is not an easy task.

Yes, I believe you.
But, there are tools available instead of writing your own code.
Resource Hacker wiki
Resource Hacker questions

User_Russian wrote: Mon Dec 04, 2023 3:16 pmIt is still possible to inject the dll into the process.

From what I've read, this new manifest thing just stops a malware DLL from being run when your exe initially starts; nothing more. It doesn't protect against DLL injection later while the exe is running.

User_Russian wrote: Mon Dec 04, 2023 8:57 pm

skywalk wrote: Mon Dec 04, 2023 7:41 pmEspecially if the manifest tweak can be manually edited.

It needs to be edited inside the compiler (pbcompiler or pbcompilerc).
This is not an easy task.

Don't worry, it's easy to swap the the manifest.
I'm not really looking forward to seeing XP support go in 6.10 as I still have XP boxes to support and even one that runs a public web server which has only gone offline in prolonged power cuts, I just closed the windows and it's F.I.N.E even if its (Feeling Insecure and Needs some Encouragement) but that's besides the point.