mirror of
https://github.com/pbatard/rufus.git
synced 2024-08-14 23:57:05 +00:00
[misc] work around Microsoft's broken SetDllDirectory()
* *THIS* is what you need to do to replace Microsoft's broken SetDllDirectory("")
implementation and mitigate DLL sideloading from local directories.
* Also fix some comment typos
This commit is contained in:
Pete Batard
parent
b80f7c0785
commit
e1d864f755
7 changed files with 128 additions and 47 deletions
|
|
@ -132,7 +132,7 @@
|
|||
<Optimization>Disabled</Optimization>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
|
|
@ -155,7 +155,7 @@
|
|||
<DisableSpecificWarnings>4091;28252;28253;%(DisableSpecificWarnings)</DisableSpecificWarnings>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
|
|
@ -180,7 +180,7 @@
|
|||
<DisableSpecificWarnings>4091;28252;28253;%(DisableSpecificWarnings)</DisableSpecificWarnings>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
|
|
@ -210,7 +210,7 @@
|
|||
<Optimization>Disabled</Optimization>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
|
|
@ -233,7 +233,7 @@
|
|||
<DisableSpecificWarnings>4091;28252;28253;%(DisableSpecificWarnings)</DisableSpecificWarnings>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
|
|
@ -256,7 +256,7 @@
|
|||
<DisableSpecificWarnings>4091;28252;28253;%(DisableSpecificWarnings)</DisableSpecificWarnings>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
|
|
@ -281,7 +281,7 @@
|
|||
<DisableSpecificWarnings>4091;28252;28253;%(DisableSpecificWarnings)</DisableSpecificWarnings>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
|
|
@ -309,7 +309,7 @@
|
|||
<DisableSpecificWarnings>4091;28252;28253;%(DisableSpecificWarnings)</DisableSpecificWarnings>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
|
|
|
|||
|
|
@ -15,4 +15,4 @@ rufus_SOURCES = badblocks.c checksum.c dev.c dos.c dos_locale.c drive.c format.c
|
|||
rufus_CFLAGS = -I./ms-sys/inc -I./syslinux/libfat -I./syslinux/libinstaller -I./syslinux/win -I./libcdio $(AM_CFLAGS)
|
||||
rufus_LDFLAGS = $(AM_LDFLAGS) -mwindows
|
||||
rufus_LDADD = rufus_rc.o bled/libbled.a ms-sys/libmssys.a syslinux/libfat/libfat.a syslinux/libinstaller/libinstaller.a syslinux/win/libwin.a \
|
||||
libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a libcdio/driver/libdriver.a -lsetupapi -lole32 -lgdi32 -lwininet -lshlwapi -lcrypt32 -lwintrust -lcomdlg32 -lcomctl32 -ldwmapi -luuid -lpsapi
|
||||
libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a libcdio/driver/libdriver.a -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lwintrust -lcomdlg32 -lcomctl32 -luuid -lpsapi
|
||||
|
|
|
|||
|
|
@ -276,7 +276,7 @@ rufus_SOURCES = badblocks.c checksum.c dev.c dos.c dos_locale.c drive.c format.c
|
|||
rufus_CFLAGS = -I./ms-sys/inc -I./syslinux/libfat -I./syslinux/libinstaller -I./syslinux/win -I./libcdio $(AM_CFLAGS)
|
||||
rufus_LDFLAGS = $(AM_LDFLAGS) -mwindows
|
||||
rufus_LDADD = rufus_rc.o bled/libbled.a ms-sys/libmssys.a syslinux/libfat/libfat.a syslinux/libinstaller/libinstaller.a syslinux/win/libwin.a \
|
||||
libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a libcdio/driver/libdriver.a -lsetupapi -lole32 -lgdi32 -lwininet -lshlwapi -lcrypt32 -lwintrust -lcomdlg32 -lcomctl32 -ldwmapi -luuid -lpsapi
|
||||
libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a libcdio/driver/libdriver.a -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lwintrust -lcomdlg32 -lcomctl32 -luuid -lpsapi
|
||||
|
||||
all: all-recursive
|
||||
|
||||
|
|
|
|||
107
src/net.c
107
src/net.c
|
|
@ -59,6 +59,8 @@ const char* WinInetErrorString(void)
|
|||
{
|
||||
static char error_string[256];
|
||||
DWORD size = sizeof(error_string);
|
||||
PF_TYPE_DECL(WINAPI, BOOL, InternetGetLastResponseInfoA, (LPDWORD, LPSTR, LPDWORD));
|
||||
PF_INIT(InternetGetLastResponseInfoA, WinInet);
|
||||
|
||||
error_code = HRESULT_CODE(GetLastError());
|
||||
|
||||
|
|
@ -202,8 +204,11 @@ const char* WinInetErrorString(void)
|
|||
case ERROR_INTERNET_LOGIN_FAILURE_DISPLAY_ENTITY_BODY:
|
||||
return "Please ask Microsoft about that one!";
|
||||
case ERROR_INTERNET_EXTENDED_ERROR:
|
||||
InternetGetLastResponseInfoA(&error_code, error_string, &size);
|
||||
return error_string;
|
||||
if (pfInternetGetLastResponseInfoA != NULL) {
|
||||
pfInternetGetLastResponseInfoA(&error_code, error_string, &size);
|
||||
return error_string;
|
||||
}
|
||||
// fall through
|
||||
default:
|
||||
static_sprintf(error_string, "Unknown internet error 0x%08lX", error_code);
|
||||
return error_string;
|
||||
|
|
@ -232,6 +237,26 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
|
|||
size_t last_slash;
|
||||
int i;
|
||||
|
||||
// Can't link with wininet.lib because of sideloading issues
|
||||
PF_TYPE_DECL(WINAPI, BOOL, InternetCrackUrlA, (LPCSTR, DWORD, DWORD, LPURL_COMPONENTSA));
|
||||
PF_TYPE_DECL(WINAPI, BOOL, InternetGetConnectedState, (LPDWORD, DWORD));
|
||||
PF_TYPE_DECL(WINAPI, HINTERNET, InternetOpenA, (LPCSTR, DWORD, LPCSTR, LPCSTR, DWORD));
|
||||
PF_TYPE_DECL(WINAPI, HINTERNET, InternetConnectA, (HINTERNET, LPCSTR, INTERNET_PORT, LPCSTR, LPCSTR, DWORD, DWORD, DWORD_PTR));
|
||||
PF_TYPE_DECL(WINAPI, BOOL, InternetReadFile, (HINTERNET, LPVOID, DWORD, LPDWORD));
|
||||
PF_TYPE_DECL(WINAPI, BOOL, InternetCloseHandle, (HINTERNET));
|
||||
PF_TYPE_DECL(WINAPI, HINTERNET, HttpOpenRequestA, (HINTERNET, LPCSTR, LPCSTR, LPCSTR, LPCSTR, LPCSTR*, DWORD, DWORD_PTR));
|
||||
PF_TYPE_DECL(WINAPI, BOOL, HttpSendRequestA, (HINTERNET, LPCSTR, DWORD, LPVOID, DWORD));
|
||||
PF_TYPE_DECL(WINAPI, BOOL, HttpQueryInfoA, (HINTERNET, DWORD, LPVOID, LPDWORD, LPDWORD));
|
||||
PF_INIT_OR_OUT(InternetCrackUrlA, WinInet);
|
||||
PF_INIT_OR_OUT(InternetGetConnectedState, WinInet);
|
||||
PF_INIT_OR_OUT(InternetOpenA, WinInet);
|
||||
PF_INIT_OR_OUT(InternetConnectA, WinInet);
|
||||
PF_INIT_OR_OUT(InternetReadFile, WinInet);
|
||||
PF_INIT_OR_OUT(InternetCloseHandle, WinInet);
|
||||
PF_INIT_OR_OUT(HttpOpenRequestA, WinInet);
|
||||
PF_INIT_OR_OUT(HttpSendRequestA, WinInet);
|
||||
PF_INIT_OR_OUT(HttpQueryInfoA, WinInet);
|
||||
|
||||
DownloadStatus = 0;
|
||||
if (hProgressDialog != NULL) {
|
||||
// Use the progress control provided, if any
|
||||
|
|
@ -256,7 +281,7 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
|
|||
PrintInfo(0, MSG_085, &file[last_slash]);
|
||||
uprintf("Downloading '%s' from %s\n", &file[last_slash], url);
|
||||
|
||||
if ( (!InternetCrackUrlA(url, (DWORD)safe_strlen(url), 0, &UrlParts))
|
||||
if ( (!pfInternetCrackUrlA(url, (DWORD)safe_strlen(url), 0, &UrlParts))
|
||||
|| (UrlParts.lpszHostName == NULL) || (UrlParts.lpszUrlPath == NULL)) {
|
||||
uprintf("Unable to decode URL: %s\n", WinInetErrorString());
|
||||
goto out;
|
||||
|
|
@ -264,7 +289,7 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
|
|||
hostname[sizeof(hostname)-1] = 0;
|
||||
|
||||
// Open an Internet session
|
||||
for (i=5; (i>0) && (!InternetGetConnectedState(&dwFlags, 0)); i--) {
|
||||
for (i=5; (i>0) && (!pfInternetGetConnectedState(&dwFlags, 0)); i--) {
|
||||
Sleep(1000);
|
||||
}
|
||||
if (i <= 0) {
|
||||
|
|
@ -276,19 +301,19 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
|
|||
static_sprintf(agent, APPLICATION_NAME "/%d.%d.%d (Windows NT %d.%d%s)",
|
||||
rufus_version[0], rufus_version[1], rufus_version[2],
|
||||
nWindowsVersion>>4, nWindowsVersion&0x0F, is_x64()?"; WOW64":"");
|
||||
hSession = InternetOpenA(agent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
|
||||
hSession = pfInternetOpenA(agent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
|
||||
if (hSession == NULL) {
|
||||
uprintf("Could not open Internet session: %s\n", WinInetErrorString());
|
||||
goto out;
|
||||
}
|
||||
|
||||
hConnection = InternetConnectA(hSession, UrlParts.lpszHostName, UrlParts.nPort, NULL, NULL, INTERNET_SERVICE_HTTP, 0, (DWORD_PTR)NULL);
|
||||
hConnection = pfInternetConnectA(hSession, UrlParts.lpszHostName, UrlParts.nPort, NULL, NULL, INTERNET_SERVICE_HTTP, 0, (DWORD_PTR)NULL);
|
||||
if (hConnection == NULL) {
|
||||
uprintf("Could not connect to server %s:%d: %s\n", UrlParts.lpszHostName, UrlParts.nPort, WinInetErrorString());
|
||||
goto out;
|
||||
}
|
||||
|
||||
hRequest = HttpOpenRequestA(hConnection, "GET", UrlParts.lpszUrlPath, NULL, NULL, accept_types,
|
||||
hRequest = pfHttpOpenRequestA(hConnection, "GET", UrlParts.lpszUrlPath, NULL, NULL, accept_types,
|
||||
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP|INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS|
|
||||
INTERNET_FLAG_NO_COOKIES|INTERNET_FLAG_NO_UI|INTERNET_FLAG_NO_CACHE_WRITE|INTERNET_FLAG_HYPERLINK|
|
||||
((UrlParts.nScheme==INTERNET_SCHEME_HTTPS)?INTERNET_FLAG_SECURE:0), (DWORD_PTR)NULL);
|
||||
|
|
@ -297,7 +322,7 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
|
|||
goto out;
|
||||
}
|
||||
|
||||
if (!HttpSendRequestA(hRequest, NULL, 0, NULL, 0)) {
|
||||
if (!pfHttpSendRequestA(hRequest, NULL, 0, NULL, 0)) {
|
||||
uprintf("Unable to send request: %s\n", WinInetErrorString());
|
||||
goto out;
|
||||
}
|
||||
|
|
@ -305,14 +330,14 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
|
|||
// Get the file size
|
||||
dwSize = sizeof(DownloadStatus);
|
||||
DownloadStatus = 404;
|
||||
HttpQueryInfoA(hRequest, HTTP_QUERY_STATUS_CODE|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&DownloadStatus, &dwSize, NULL);
|
||||
pfHttpQueryInfoA(hRequest, HTTP_QUERY_STATUS_CODE|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&DownloadStatus, &dwSize, NULL);
|
||||
if (DownloadStatus != 200) {
|
||||
error_code = ERROR_INTERNET_ITEM_NOT_FOUND;
|
||||
uprintf("Unable to access file: %d\n", DownloadStatus);
|
||||
goto out;
|
||||
}
|
||||
dwSize = sizeof(dwTotalSize);
|
||||
if (!HttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_LENGTH|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&dwTotalSize, &dwSize, NULL)) {
|
||||
if (!pfHttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_LENGTH|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&dwTotalSize, &dwSize, NULL)) {
|
||||
uprintf("Unable to retrieve file length: %s\n", WinInetErrorString());
|
||||
goto out;
|
||||
}
|
||||
|
|
@ -330,7 +355,7 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
|
|||
if (IS_ERROR(FormatStatus))
|
||||
goto out;
|
||||
|
||||
if (!InternetReadFile(hRequest, buf, sizeof(buf), &dwDownloaded) || (dwDownloaded == 0))
|
||||
if (!pfInternetReadFile(hRequest, buf, sizeof(buf), &dwDownloaded) || (dwDownloaded == 0))
|
||||
break;
|
||||
dwSize += dwDownloaded;
|
||||
SendMessage(hProgressBar, PBM_SETPOS, (WPARAM)(MAX_PROGRESS*((1.0f*dwSize)/(1.0f*dwTotalSize))), 0);
|
||||
|
|
@ -371,9 +396,12 @@ out:
|
|||
lmprintf(MSG_044), MB_OK|MB_ICONERROR|MB_IS_RTL, selected_langid);
|
||||
}
|
||||
}
|
||||
if (hRequest) InternetCloseHandle(hRequest);
|
||||
if (hConnection) InternetCloseHandle(hConnection);
|
||||
if (hSession) InternetCloseHandle(hSession);
|
||||
if (hRequest)
|
||||
pfInternetCloseHandle(hRequest);
|
||||
if (hConnection)
|
||||
pfInternetCloseHandle(hConnection);
|
||||
if (hSession)
|
||||
pfInternetCloseHandle(hSession);
|
||||
|
||||
return r?dwSize:0;
|
||||
}
|
||||
|
|
@ -425,6 +453,26 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
|
|||
FILETIME FileTime;
|
||||
int64_t local_time = 0, reg_time, server_time, update_interval;
|
||||
|
||||
// Can't link with wininet.lib because of sideloading issues
|
||||
PF_TYPE_DECL(WINAPI, BOOL, InternetCrackUrlA, (LPCSTR, DWORD, DWORD, LPURL_COMPONENTSA));
|
||||
PF_TYPE_DECL(WINAPI, BOOL, InternetGetConnectedState, (LPDWORD, DWORD));
|
||||
PF_TYPE_DECL(WINAPI, HINTERNET, InternetOpenA, (LPCSTR, DWORD, LPCSTR, LPCSTR, DWORD));
|
||||
PF_TYPE_DECL(WINAPI, HINTERNET, InternetConnectA, (HINTERNET, LPCSTR, INTERNET_PORT, LPCSTR, LPCSTR, DWORD, DWORD, DWORD_PTR));
|
||||
PF_TYPE_DECL(WINAPI, BOOL, InternetReadFile, (HINTERNET, LPVOID, DWORD, LPDWORD));
|
||||
PF_TYPE_DECL(WINAPI, BOOL, InternetCloseHandle, (HINTERNET));
|
||||
PF_TYPE_DECL(WINAPI, HINTERNET, HttpOpenRequestA, (HINTERNET, LPCSTR, LPCSTR, LPCSTR, LPCSTR, LPCSTR*, DWORD, DWORD_PTR));
|
||||
PF_TYPE_DECL(WINAPI, BOOL, HttpSendRequestA, (HINTERNET, LPCSTR, DWORD, LPVOID, DWORD));
|
||||
PF_TYPE_DECL(WINAPI, BOOL, HttpQueryInfoA, (HINTERNET, DWORD, LPVOID, LPDWORD, LPDWORD));
|
||||
PF_INIT_OR_OUT(InternetCrackUrlA, WinInet);
|
||||
PF_INIT_OR_OUT(InternetGetConnectedState, WinInet);
|
||||
PF_INIT_OR_OUT(InternetOpenA, WinInet);
|
||||
PF_INIT_OR_OUT(InternetConnectA, WinInet);
|
||||
PF_INIT_OR_OUT(InternetReadFile, WinInet);
|
||||
PF_INIT_OR_OUT(InternetCloseHandle, WinInet);
|
||||
PF_INIT_OR_OUT(HttpOpenRequestA, WinInet);
|
||||
PF_INIT_OR_OUT(HttpSendRequestA, WinInet);
|
||||
PF_INIT_OR_OUT(HttpQueryInfoA, WinInet);
|
||||
|
||||
update_check_in_progress = TRUE;
|
||||
verbose = ReadSetting32(SETTING_VERBOSE_UPDATES);
|
||||
// Without this the FileDialog will produce error 0x8001010E when compiled for Vista or later
|
||||
|
|
@ -468,17 +516,17 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
|
|||
goto out;
|
||||
}
|
||||
|
||||
if ((!InternetCrackUrlA(server_url, (DWORD)safe_strlen(server_url), 0, &UrlParts)) || (!InternetGetConnectedState(&dwFlags, 0)))
|
||||
if ((!pfInternetCrackUrlA(server_url, (DWORD)safe_strlen(server_url), 0, &UrlParts)) || (!pfInternetGetConnectedState(&dwFlags, 0)))
|
||||
goto out;
|
||||
hostname[sizeof(hostname)-1] = 0;
|
||||
|
||||
static_sprintf(agent, APPLICATION_NAME "/%d.%d.%d (Windows NT %d.%d%s)",
|
||||
rufus_version[0], rufus_version[1], rufus_version[2],
|
||||
nWindowsVersion >> 4, nWindowsVersion & 0x0F, is_x64() ? "; WOW64" : "");
|
||||
hSession = InternetOpenA(agent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
|
||||
hSession = pfInternetOpenA(agent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
|
||||
if (hSession == NULL)
|
||||
goto out;
|
||||
hConnection = InternetConnectA(hSession, UrlParts.lpszHostName, UrlParts.nPort, NULL, NULL, INTERNET_SERVICE_HTTP, 0, (DWORD_PTR)NULL);
|
||||
hConnection = pfInternetConnectA(hSession, UrlParts.lpszHostName, UrlParts.nPort, NULL, NULL, INTERNET_SERVICE_HTTP, 0, (DWORD_PTR)NULL);
|
||||
if (hConnection == NULL)
|
||||
goto out;
|
||||
|
||||
|
|
@ -515,11 +563,11 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
|
|||
UrlParts.dwUrlPathLength = sizeof(urlpath);
|
||||
for (i=0; i<ARRAYSIZE(verpos); i++) {
|
||||
vvuprintf("Trying %s\n", UrlParts.lpszUrlPath);
|
||||
hRequest = HttpOpenRequestA(hConnection, "GET", UrlParts.lpszUrlPath, NULL, NULL, accept_types,
|
||||
hRequest = pfHttpOpenRequestA(hConnection, "GET", UrlParts.lpszUrlPath, NULL, NULL, accept_types,
|
||||
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP|INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS|
|
||||
INTERNET_FLAG_NO_COOKIES|INTERNET_FLAG_NO_UI|INTERNET_FLAG_NO_CACHE_WRITE|INTERNET_FLAG_HYPERLINK|
|
||||
((UrlParts.nScheme == INTERNET_SCHEME_HTTPS)?INTERNET_FLAG_SECURE:0), (DWORD_PTR)NULL);
|
||||
if ((hRequest == NULL) || (!HttpSendRequestA(hRequest, NULL, 0, NULL, 0))) {
|
||||
if ((hRequest == NULL) || (!pfHttpSendRequestA(hRequest, NULL, 0, NULL, 0))) {
|
||||
uprintf("Unable to send request: %s", WinInetErrorString());
|
||||
goto out;
|
||||
}
|
||||
|
|
@ -527,10 +575,10 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
|
|||
// Ensure that we get a text file
|
||||
dwSize = sizeof(dwStatus);
|
||||
dwStatus = 404;
|
||||
HttpQueryInfoA(hRequest, HTTP_QUERY_STATUS_CODE|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&dwStatus, &dwSize, NULL);
|
||||
pfHttpQueryInfoA(hRequest, HTTP_QUERY_STATUS_CODE|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&dwStatus, &dwSize, NULL);
|
||||
if (dwStatus == 200)
|
||||
break;
|
||||
InternetCloseHandle(hRequest);
|
||||
pfInternetCloseHandle(hRequest);
|
||||
hRequest = NULL;
|
||||
safe_strcpy(&urlpath[verpos[i]], 5, ".ver");
|
||||
}
|
||||
|
|
@ -546,7 +594,7 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
|
|||
// 'text/plain' for .ver files. Use 'curl -I' to check that you get something
|
||||
// like 'Content-Type: text/plain; charset=UTF-8' when fetching your .ver files.
|
||||
dwSize = sizeof(mime);
|
||||
HttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_TYPE, (LPVOID)&mime, &dwSize, NULL);
|
||||
pfHttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_TYPE, (LPVOID)&mime, &dwSize, NULL);
|
||||
if (strncmp(mime, "text/plain", sizeof("text/plain")-1) != 0)
|
||||
goto out;
|
||||
|
||||
|
|
@ -555,7 +603,7 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
|
|||
// On the other hand, if local clock is set way back in the past, we will never check.
|
||||
dwSize = sizeof(ServerTime);
|
||||
// If we can't get a date we can trust, don't bother...
|
||||
if ( (!HttpQueryInfoA(hRequest, HTTP_QUERY_DATE|HTTP_QUERY_FLAG_SYSTEMTIME, (LPVOID)&ServerTime, &dwSize, NULL))
|
||||
if ( (!pfHttpQueryInfoA(hRequest, HTTP_QUERY_DATE|HTTP_QUERY_FLAG_SYSTEMTIME, (LPVOID)&ServerTime, &dwSize, NULL))
|
||||
|| (!SystemTimeToFileTime(&ServerTime, &FileTime)) )
|
||||
goto out;
|
||||
server_time = ((((int64_t)FileTime.dwHighDateTime)<<32) + FileTime.dwLowDateTime) / 10000000;
|
||||
|
|
@ -571,7 +619,7 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
|
|||
}
|
||||
|
||||
dwSize = sizeof(dwTotalSize);
|
||||
if (!HttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_LENGTH|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&dwTotalSize, &dwSize, NULL))
|
||||
if (!pfHttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_LENGTH|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&dwTotalSize, &dwSize, NULL))
|
||||
goto out;
|
||||
|
||||
safe_free(buf);
|
||||
|
|
@ -579,7 +627,7 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
|
|||
buf = (char*)calloc(dwTotalSize+1, 1);
|
||||
if (buf == NULL) goto out;
|
||||
// This is a version file - we should be able to gulp it down in one go
|
||||
if (!InternetReadFile(hRequest, buf, dwTotalSize, &dwDownloaded) || (dwDownloaded != dwTotalSize))
|
||||
if (!pfInternetReadFile(hRequest, buf, dwTotalSize, &dwDownloaded) || (dwDownloaded != dwTotalSize))
|
||||
goto out;
|
||||
|
||||
status++;
|
||||
|
|
@ -600,9 +648,12 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
|
|||
|
||||
out:
|
||||
safe_free(buf);
|
||||
if (hRequest) InternetCloseHandle(hRequest);
|
||||
if (hConnection) InternetCloseHandle(hConnection);
|
||||
if (hSession) InternetCloseHandle(hSession);
|
||||
if (hRequest)
|
||||
pfInternetCloseHandle(hRequest);
|
||||
if (hConnection)
|
||||
pfInternetCloseHandle(hConnection);
|
||||
if (hSession)
|
||||
pfInternetCloseHandle(hSession);
|
||||
switch(status) {
|
||||
case 1:
|
||||
PrintInfoDebug(3000, MSG_244);
|
||||
|
|
|
|||
|
|
@ -556,7 +556,7 @@ LONG ValidateSignature(HWND hDlg, const char* path)
|
|||
// This is done to prevent the use of an officially signed, but older binary, as potential attack vector.
|
||||
current_ts = GetSignatureTimeStamp(NULL);
|
||||
if (current_ts == 0ULL) {
|
||||
uprintf("PKI: Cannot retreive the current binary's timestamp - Aborting update");
|
||||
uprintf("PKI: Cannot retrieve the current binary's timestamp - Aborting update");
|
||||
r = TRUST_E_TIME_STAMP;
|
||||
} else {
|
||||
update_ts = GetSignatureTimeStamp(path);
|
||||
|
|
|
|||
36
src/rufus.c
36
src/rufus.c
|
|
@ -2356,7 +2356,7 @@ static void PositionControls(HWND hDlg)
|
|||
section_vpos[2] = rc.top + 2 * sz.cy / 3;
|
||||
|
||||
// Seriously, who designed this bullshit API call where you pass a SIZE
|
||||
// struct but can only retreive one of cx or cy at a time?!?
|
||||
// struct but can only retrieve one of cx or cy at a time?!?
|
||||
SendMessage(hMultiToolbar, TB_GETIDEALSIZE, (WPARAM)FALSE, (LPARAM)&sz);
|
||||
GetWindowRect(GetDlgItem(hDlg, IDC_ABOUT), &rc);
|
||||
MapWindowPoints(NULL, hDlg, (POINT*)&rc, 2);
|
||||
|
|
@ -3040,6 +3040,9 @@ static INT_PTR CALLBACK MainCallback(HWND hDlg, UINT message, WPARAM wParam, LPA
|
|||
case IDC_LOG:
|
||||
// Place the log Window to the right (or left for RTL) of our dialog on first display
|
||||
if (first_log_display) {
|
||||
// Can't link to dwmapi.lib since it sideloads dwapi.dll *before* we get a chance
|
||||
// to prevent local directory lookup (Sideloading mitigation).
|
||||
PF_TYPE_DECL(WINAPI, HRESULT, DwmGetWindowAttribute, (HWND, DWORD, PVOID, DWORD));
|
||||
GetClientRect(GetDesktopWindow(), &DesktopRect);
|
||||
GetWindowRect(hLogDialog, &DialogRect);
|
||||
nWidth = DialogRect.right - DialogRect.left;
|
||||
|
|
@ -3047,11 +3050,14 @@ static INT_PTR CALLBACK MainCallback(HWND hDlg, UINT message, WPARAM wParam, LPA
|
|||
GetWindowRect(hDlg, &DialogRect);
|
||||
offset = GetSystemMetrics(SM_CXBORDER);
|
||||
if (nWindowsVersion >= WINDOWS_10) {
|
||||
PF_INIT(DwmGetWindowAttribute, Dwmapi);
|
||||
// See https://stackoverflow.com/a/42491227/1069307
|
||||
// I agree with Stephen Hazel: Whoever at Microsoft thought it would be a great idea to
|
||||
// add a *FRIGGING INVISIBLE BORDER* in Windows 10 should face the harshest punishment!
|
||||
DwmGetWindowAttribute(hDlg, DWMWA_EXTENDED_FRAME_BOUNDS, &rc, sizeof(RECT));
|
||||
offset += 2 * (DialogRect.left - rc.left);
|
||||
if (pfDwmGetWindowAttribute != NULL) {
|
||||
pfDwmGetWindowAttribute(hDlg, DWMWA_EXTENDED_FRAME_BOUNDS, &rc, sizeof(RECT));
|
||||
offset += 2 * (DialogRect.left - rc.left);
|
||||
}
|
||||
}
|
||||
if (right_to_left_mode)
|
||||
Point.x = max(DialogRect.left - offset - nWidth, 0);
|
||||
|
|
@ -3723,6 +3729,7 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
|
|||
#endif
|
||||
{
|
||||
const char* rufus_loc = "rufus.loc";
|
||||
wchar_t kernel32_path[MAX_PATH];
|
||||
int i, opt, option_index = 0, argc = 0, si = 0, lcid = GetUserDefaultUILanguage();
|
||||
int wait_for_mutex = 0;
|
||||
FILE* fd;
|
||||
|
|
@ -3734,6 +3741,7 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
|
|||
char *tmp, *locale_name = NULL, **argv = NULL;
|
||||
wchar_t **wenv, **wargv;
|
||||
PF_TYPE_DECL(CDECL, int, __wgetmainargs, (int*, wchar_t***, wchar_t***, int, int*));
|
||||
PF_TYPE_DECL(WINAPI, BOOL, SetDefaultDllDirectories, (DWORD));
|
||||
HANDLE mutex = NULL, hogmutex = NULL, hFile = NULL;
|
||||
HWND hDlg = NULL;
|
||||
HDC hDC;
|
||||
|
|
@ -3749,8 +3757,30 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
|
|||
};
|
||||
|
||||
// Disable loading system DLLs from the current directory (sideloading mitigation)
|
||||
// PS: You know that official MSDN documentation for SetDllDirectory() that explicitly
|
||||
// indicates that "If the parameter is an empty string (""), the call removes the current
|
||||
// directory from the default DLL search order"? Yeah, that doesn't work. At all.
|
||||
// Still, we invoke it, for platforms where the following call might not work...
|
||||
SetDllDirectoryA("");
|
||||
|
||||
// Also, even if you use SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32), you're
|
||||
// still going to be brought down if you link to wininet.lib or dwmapi.lib, as these two
|
||||
// perform their DLL invocations before you've had a chance to execute anything.
|
||||
// Of course, this is not something that security "researchers" will bother looking into
|
||||
// to try to help fellow developers, when they can get an ego fix by simply throwing
|
||||
// generic URLs around and deliberately refusing to practice *responsible disclosure*...
|
||||
// Finally, we need to perform the whole gymkhana below, where we can't call on
|
||||
// SetDefaultDllDirectories() directly, because Windows 7 doesn't have the API exposed.
|
||||
GetSystemDirectoryW(kernel32_path, ARRAYSIZE(kernel32_path));
|
||||
wcsncat(kernel32_path, L"\\kernel32.dll", ARRAYSIZE(kernel32_path) - wcslen(kernel32_path) - 1);
|
||||
// NB: Because kernel32 should already be loaded, what we do above to ensure that we
|
||||
// (re)pick the system one is mostly unnecessary. But since for a hammer everything is
|
||||
// a nail...
|
||||
pfSetDefaultDllDirectories = (SetDefaultDllDirectories_t)
|
||||
GetProcAddress(LoadLibraryW(kernel32_path), "SetDefaultDllDirectories");
|
||||
if (pfSetDefaultDllDirectories != NULL)
|
||||
pfSetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32);
|
||||
|
||||
uprintf("*** " APPLICATION_NAME " init ***\n");
|
||||
|
||||
// Reattach the console, if we were started from commandline
|
||||
|
|
|
|||
10
src/rufus.rc
10
src/rufus.rc
|
|
@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
|
|||
IDD_DIALOG DIALOGEX 12, 12, 232, 326
|
||||
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
||||
EXSTYLE WS_EX_ACCEPTFILES
|
||||
CAPTION "Rufus 3.0.1307"
|
||||
CAPTION "Rufus 3.0.1308"
|
||||
FONT 9, "Segoe UI Symbol", 400, 0, 0x0
|
||||
BEGIN
|
||||
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
|
||||
|
|
@ -389,8 +389,8 @@ END
|
|||
//
|
||||
|
||||
VS_VERSION_INFO VERSIONINFO
|
||||
FILEVERSION 3,0,1307,0
|
||||
PRODUCTVERSION 3,0,1307,0
|
||||
FILEVERSION 3,0,1308,0
|
||||
PRODUCTVERSION 3,0,1308,0
|
||||
FILEFLAGSMASK 0x3fL
|
||||
#ifdef _DEBUG
|
||||
FILEFLAGS 0x1L
|
||||
|
|
@ -407,13 +407,13 @@ BEGIN
|
|||
BEGIN
|
||||
VALUE "CompanyName", "Akeo Consulting (http://akeo.ie)"
|
||||
VALUE "FileDescription", "Rufus"
|
||||
VALUE "FileVersion", "3.0.1307"
|
||||
VALUE "FileVersion", "3.0.1308"
|
||||
VALUE "InternalName", "Rufus"
|
||||
VALUE "LegalCopyright", "© 2011-2018 Pete Batard (GPL v3)"
|
||||
VALUE "LegalTrademarks", "http://www.gnu.org/copyleft/gpl.html"
|
||||
VALUE "OriginalFilename", "rufus.exe"
|
||||
VALUE "ProductName", "Rufus"
|
||||
VALUE "ProductVersion", "3.0.1307"
|
||||
VALUE "ProductVersion", "3.0.1308"
|
||||
END
|
||||
END
|
||||
BLOCK "VarFileInfo"
|
||||
|
|
|
|||
Loading…
Reference in a new issue