Page 1 of 1
Enable DLL preloading protection by default on >= 6.10
Posted: Fri Jul 12, 2024 5:36 pm
by Quin
When the DLL protection checkbox was added, its default state was set to unchecked for Windows XP support. I can't find the topic now, but I thought Fred said this would be changed after XP support was dropped. But, at least in 6.10, it's still unchecked by default
Is it possible to have it checked by default on any version that doesn't support XP (I for one always check it for every project).
Thanks.
Re: Enable DLL preloading protection by default on >= 6.10
Posted: Fri Jul 12, 2024 7:12 pm
by Little John
You can enable this by default in the IDE preferences under “Compiler” > “Standards”.
As far as I can see, this setting is independent of the setting for modern theme support (for Windows XP and newer).
Re: Enable DLL preloading protection by default on >= 6.10
Posted: Fri Jul 12, 2024 9:17 pm
by Fred
No I don't think we won't enable it by default as it is not done in other mainstream languages (C/C++) so it should have a good reason for that. I don't have enough experience on this topic to force this behaviour to every PB programs.
Re: Enable DLL preloading protection by default on >= 6.10
Posted: Sat Jul 13, 2024 3:30 am
by BarryG
Is this feature even needed if I hard-code the path to system DLLs in my app? That's what I'm currently doing, in addition to enabling it. But maybe enabling it isn't necessary when hard-coding?
Re: Enable DLL preloading protection by default on >= 6.10
Posted: Sat Jul 13, 2024 3:41 am
by jacdelad
If it's hard-coded, it doesn't matter. It's more about system DLLs potentially being replaced/rerouted by malicious pendants.
Re: Enable DLL preloading protection by default on >= 6.10
Posted: Sat Jul 13, 2024 4:13 am
by BarryG
Good to know! Thanks.
Re: Enable DLL preloading protection by default on >= 6.10
Posted: Sat Jul 13, 2024 7:12 am
by Fred
The patch is done before any code is executed, using full path at runtime isn't enough
Re: Enable DLL preloading protection by default on >= 6.10
Posted: Sat Jul 13, 2024 9:39 am
by BarryG
Interesting. So I could remove my hard-coded paths, then, since they're not effective? Just use the DLL filename (like "kernel32.dll")?
Re: Enable DLL preloading protection by default on >= 6.10
Posted: Sat Jul 13, 2024 2:02 pm
by jacdelad
Ouch!
Re: Enable DLL preloading protection by default on >= 6.10
Posted: Sat Jul 13, 2024 9:44 pm
by Fred
BarryG wrote: Sat Jul 13, 2024 9:39 am
Interesting. So I could remove my hard-coded paths, then, since they're not effective? Just use the DLL filename (like "kernel32.dll")?
I didn't said it's not effective, but not enough as all the DLL loaded before the code is run are not cover by this. Load library() now takes care of this automatically so it's not needed to use a full path (but you still can it won't hurt)
Re: Enable DLL preloading protection by default on >= 6.10
Posted: Mon Aug 26, 2024 7:42 am
by Thorium
I don't think it's good to use it on every app. There are downsides to it as there are legit reasons to preload another DLL.
For example to fix compatibility issues on older apps. Your apps will grow old eventually.
It makes sense if your app is expected to run under admin. In this case it prevents elevation of privileges. But if your app runs under user there is nothing to gain for an attacker. As it already has user access to your system at that point, otherwise it could not perform the attack.