1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2024-08-14 23:57:05 +00:00
Commit graph

33 commits

Author SHA1 Message Date
Pete Batard
3194a4dac4
[net] drop direct hooking into wininet DLL and use delay-loading instead
* Now that we can delay-load DLLs for both MinGW and MSVC, we can remove the
  cumbersome direct DLL hooks into wininet.dll (which is vulnerable to side
  loading when not delay-loaded) and revert to using direct API calls instead.
* This reverts part of e1d864f755.
* Also attempt to silence a Coverity warning.
2022-04-12 13:35:41 +01:00
Pete Batard
e7b66e7e4c
[mingw] use delay loading for DLLs that are subject to side loading
* This reverts much of commits f6ac559f4d and 1947266837
  so that we call the Windows APIs directly again, while ensuring that, by the time we load the DLLs,
  sideloading mitigation has already been applied by the application.
* This is a continuation of #1877, and should help prevent re-introducing side-loading issues when we
  link against new libraries, as well as allow us to drop some of the manual DLL hooking we've been
  doing to prevent it, to clean up the code.
* Note that this is a bit more complex than what the stackoverflow post suggests, because we need to
  create delayloaded libs for both 32-bit and 64-bit, which use a different calling convention and
  therefore need to use different .def files. So there's a lot of gymkhana involved, with Makefiles
  and whatnot, to get us there.
* Also simplify the use of CM_Get_DevNode_Registry_PropertyA() in dev.c since recent versions of
  MinGW now have support for it.
* Also fix 2 small issues in net.c (potential overflow) and format.c (memory leak).
2022-04-12 11:09:59 +01:00
Pete Batard
3528ca773d
[iso] add support for distros using a NONSTANDARD GRUB 2.0 prefix directory
* Looking at you, openSUSE Live and GeckoLinux!
2022-04-07 01:58:22 +01:00
Pete Batard
1947266837
[pki] don't link with wintrust.lib
* WinTrust.lib is responsible for the MSASN1.dll sideloading issue described in #1877,
  so, since we only use it for WinVerifyTrustEx(), hook into that function manually.
* Closes #1877 for the MinGW side.
* Note that we will probably try to use the method suggested by @assarbad and documented at
  https://stackoverflow.com/questions/1851267/mingw-gcc-delay-loaded-dll-equivalent/70416894#70416894
  to try to put an end to the problem of DLL side loading.
2022-03-03 17:41:43 +00:00
Pete Batard
cef651c52c
[msvc] actually apply DLL delay loading to the Release builds
* ef2ff7179d was supposed to apply delay loading to our DLLs, for all MSVC builds,
  thereby preventing sideloading attacks, but the patch actually only set the DelayLoadDLLs
  property for Debug builds and not Release builds, with the result that side loading could
  still be triggered for the Release executables, as demonstrated in #1877.
* This patch therefore properly sets the DelayLoadDLLs for all builds, which should take care
  of the side loading vulnerability at least for MSVC executables.
* A subsequent patch will still be needed for MinGW, since there is no equivalent to DelayLoadDLLs.
* This addresses part of #1877.
2022-02-25 18:05:49 +00:00
Austin Wise
ef2ff7179d
[msvc] add provision to prevent DLL search order hijacking through delay loading
* Hypothetically if the user's current directory contains a malicious DLL that DLL
  could be loaded instead of the one in System32.
* Whereas the previous patch should have taken care of the one DLL referenced by
  Rufus that may be vulnerable to this attack (version.dll), we nonetheless add
  delay loading for all the libraries we reference as a precautionary measure.
* One can confirm that this works by using dumpbin.exe /IMPORTS to make sure
  a specific DLL is delay loaded. Then putting a breakpoint in the delay load
  hook should also confirm that the hook is used.
* Closes #1838
2022-01-05 18:33:59 +00:00
Pete Batard
f6ac559f4d
[iso] don't link with version.lib to prevent DLL sideloading issues
* This is part of #1838, where we need to sort the version.dll sideloading problem for MinGW.
* A subsequent patch will be applied to MSVC, to more generally delay the loading of DLLs.
* Also fix a typo with an assert expression.
2022-01-05 16:49:06 +00:00
Pete Batard
f5072e45de
[misc] update solution to VS2022
* Also fix a possible mishandling of compounded strings in safe string macros
2021-11-16 17:50:20 +00:00
Pete Batard
a10b8e8c54
[iso] add Windows ISO version report
* Use sources/compatresources.dll, when available, to try to detect the Windows ISO version and build.
* Also report what facility we use for formatting.
2021-10-08 19:24:07 +01:00
Pete Batard
83ea7103e3
[ci] set VS2019 to produce ALPHA or BETA off release 2021-09-28 20:00:59 +01:00
Pete Batard
436584fcc0
[appstore] revert AppStore version detection to rufus.app presence check
* This basically reverts the changes from 9dfa31db03.
2021-08-01 21:50:11 +01:00
Pete Batard
8f0d248a56
[misc] add regexp engine
* From https://github.com/kokke/tiny-regex-c
2021-04-22 22:43:20 +01:00
Pete Batard
2e1833e91e
[misc] improve CoInitialize calls
* Balance with CoUninitialize and add COINIT_DISABLE_OLE1DDE
* Also add /BREPRO linker flag for reproducible VS2019 release builds
2021-04-09 12:36:30 +01:00
Pete Batard
9dfa31db03
[appstore] improve AppStore version detection
* Also fix ESP prompt no longer appearing
2021-03-31 13:21:52 +01:00
Pete Batard
d4db16a9ca
[checksum] improve performance by switching to async I/O
Yes!!! We are finally *much* faster than 7-zip for SHA-256, even though
we are also computing MD5 and SHA-1 in parallel. Here are some averaged
comparative results, against the 5.71 GB Win10_20H2_EnglishInternational_x64.iso
(SHA-256 = 08535b6dd0a4311f562e301c3c344b4aefd2e69a82168426b9971d6f8cab35e1):
* Windows' PowerShell Get-FileHash: 48s
* 7-zip's SHA-256                 : 31s
* Rufus (64-bit release version)  : 23s
2021-02-03 11:49:57 +00:00
Pete Batard
ee34bf495a
[misc] enable VS2019 String Pooling for Debug builds
* Also enable incremental linking and debug libraries for Debug builds
2020-06-02 11:50:23 +01:00
Pete Batard
65523bbdf9
[misc] fix 32-bit arithmetic overflow operation warnings
* Also disable C28251 annotation warning
2020-02-12 17:23:23 +00:00
Pete Batard
35af4cbacb
[misc] move Large FAT32 and ext formatting to their own source
* Also add randomization to test images
2020-02-10 13:04:50 +00:00
Pete Batard
88be86d3d4
[core] improve reporting of partition types
* Add GPT partition types and improve MBR partition type handling
2020-02-06 18:23:19 +00:00
Pete Batard
62dad2ef2f
[misc] update to Visual Studio 2019 2019-08-22 16:41:12 +01:00
Pete Batard
cda716c1ff
[ext2fs] initial ext2fs support 2019-04-12 21:32:40 +01:00
Pete Batard
7e21f8a60c
[misc] add /utf-8 to MSVC compiler options
* Closes #1277
2019-03-12 20:15:57 +00:00
Pete Batard
c5513447c9
[misc] update project to use latest default VS2017 SDK
* Also add missing control in localization_data.h
2019-02-27 18:47:15 +00:00
Pete Batard
7745edbb92
[misc] use COBJMACROS for COM calls 2018-11-27 11:59:19 +00:00
Pete Batard
04a5793ee7
[misc] use compilation flag to undefine NDEBUG for assert 2018-11-21 17:45:18 +00:00
Pete Batard
d90676542b [misc] report executable arch in the log
* Also update VS2017 solution to use 10.0.17134 SDK
* Also update README
2018-10-27 14:22:09 +01:00
Pete Batard
92b66e02eb [vs2017] revert to using x86/x64 for x86 output directories
* Instead of x86_32 and x86_64.
* This should aid with our appxbundle creation and if Microsoft want to
  be wholly incorrect in their arch designations, who am I to judge?...
2018-10-26 12:54:20 +01:00
Pete Batard
05f8400451 [misc] reorganize UI function calls into their own source
* Also fix ARM/ARM64 broken compilation due to missing __popcnt()
2018-07-06 05:46:36 +01:00
Pete Batard
e1d864f755 [misc] work around Microsoft's broken SetDllDirectory()
* *THIS* is what you need to do to replace Microsoft's broken SetDllDirectory("")
  implementation and mitigate DLL sideloading from local directories.
* Also fix some comment typos
2018-06-05 13:02:28 +01:00
Pete Batard
13e7b0226d [ui] improve log window positioning
* Now seriously what the $%^& is wrong with Microsoft?!?
2018-05-09 15:55:30 +01:00
Pete Batard
a44518355f [ui] UI redesign
* Better guide the user through the flow of operations
* Also follow a concept design by Fahad Al-Riyami
* Closes #117
2018-03-22 23:14:21 +00:00
Pete Batard
8dfb760cf2 [misc] set Windows SDK to 10.0.16299 2017-11-20 11:39:53 +00:00
Pete Batard
c5f4e5a2ee [misc] drop Clang support and move VS2017 project files to .vs 2017-11-11 15:41:04 +00:00
Renamed from src/.msvc/rufus.vcxproj (Browse further)