Don't allow any .dll-s near Telegram.exe

2025-04-16 22:27:20 +02:00 · 2021-06-30 18:20:49 +03:00 · 2021-06-30 18:20:49 +03:00 · 5b2db4112f
commit 5b2db4112f
parent 7cedc1f7a5
4 changed files with 152 additions and 27 deletions
--- a/Telegram/CMakeLists.txt
+++ b/Telegram/CMakeLists.txt
@ -1356,6 +1356,32 @@ endif()

 set_target_properties(Telegram PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${output_folder})

+if (WIN32)
+    target_link_options(Telegram
+    PRIVATE
+        /DELAYLOAD:secur32.dll
+        /DELAYLOAD:winmm.dll
+        /DELAYLOAD:ws2_32.dll
+        /DELAYLOAD:user32.dll
+        /DELAYLOAD:gdi32.dll
+        /DELAYLOAD:advapi32.dll
+        /DELAYLOAD:shell32.dll
+        /DELAYLOAD:ole32.dll
+        /DELAYLOAD:oleaut32.dll
+        /DELAYLOAD:shlwapi.dll
+        /DELAYLOAD:iphlpapi.dll
+        /DELAYLOAD:gdiplus.dll
+        /DELAYLOAD:version.dll
+        /DELAYLOAD:dwmapi.dll
+        /DELAYLOAD:crypt32.dll
+        /DELAYLOAD:bcrypt.dll
+        /DELAYLOAD:imm32.dll
+        /DELAYLOAD:netapi32.dll
+        /DELAYLOAD:userenv.dll
+        /DELAYLOAD:wtsapi32.dll
+    )
+endif()
+
 if ((NOT DESKTOP_APP_DISABLE_AUTOUPDATE OR APPLE) AND NOT build_macstore AND NOT build_winstore)
    add_executable(Updater WIN32)
    init_target(Updater)
@ -1372,8 +1398,19 @@ if ((NOT DESKTOP_APP_DISABLE_AUTOUPDATE OR APPLE) AND NOT build_macstore AND NOT

    set_target_properties(Updater PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${output_folder})

-    if (WIN32 AND NOT CMAKE_CXX_COMPILER_ID STREQUAL "MSVC")
-        target_link_options(Updater PRIVATE -municode)
+    if (WIN32)
+        if (CMAKE_CXX_COMPILER_ID STREQUAL "MSVC")
+            target_link_options(Updater
+            PRIVATE
+                /DELAYLOAD:user32.dll
+                /DELAYLOAD:advapi32.dll
+                /DELAYLOAD:shell32.dll
+                /DELAYLOAD:ole32.dll
+                /DELAYLOAD:shlwapi.dll
+            )
+        else()
+            target_link_options(Updater PRIVATE -municode)
+        endif()
    endif()

    if (LINUX)
--- a/Telegram/SourceFiles/_other/updater_win.cpp
+++ b/Telegram/SourceFiles/_other/updater_win.cpp
@ -7,6 +7,70 @@ https://github.com/telegramdesktop/tdesktop/blob/master/LEGAL
 */
 #include "updater.h"

+using Handle = HINSTANCE;
+
+Handle SafeLoadLibrary(const wchar_t *name, bool required = false) {
+	static const auto SystemPath = [] {
+		WCHAR buffer[MAX_PATH + 1] = { 0 };
+		return GetSystemDirectory(buffer, MAX_PATH)
+			? std::wstring(buffer)
+			: std::wstring();
+	}();
+	static const auto WindowsPath = [] {
+		WCHAR buffer[MAX_PATH + 1] = { 0 };
+		return GetWindowsDirectory(buffer, MAX_PATH)
+			? std::wstring(buffer)
+			: std::wstring();
+	}();
+	const auto tryPath = [&](const std::wstring &path) {
+		if (!path.empty()) {
+			const auto full = path + L'\\' + name;
+			if (const auto result = Handle(LoadLibrary(full.c_str()))) {
+				return result;
+			}
+		}
+		return Handle();
+	};
+	if (const auto result1 = tryPath(SystemPath)) {
+		return result1;
+	} else if (const auto result2 = tryPath(WindowsPath)) {
+		return result2;
+	} else if (required) {
+		const auto text = L"Could not load required DLL '"
+			+ std::wstring(name)
+			+ L"'!";
+		MessageBox(nullptr, text.c_str(), L"Fatal Error", MB_ICONERROR);
+	}
+	return nullptr;
+}
+
+[[nodiscard]] bool Init() {
+	// Remove the current directory from the DLL search order.
+	SetDllDirectory(L"");
+
+	const auto required = {
+		L"user32.dll",
+		L"advapi32.dll",
+		L"shell32.dll",
+		L"ole32.dll",
+		L"shlwapi.dll",
+		L"propsys.dll",
+	};
+	const auto optional = {
+		L"profapi.dll",
+		L"cryptbase.dll",
+	};
+	for (const auto lib : required) {
+		if (!SafeLoadLibrary(lib, true)) {
+			return false;
+		}
+	}
+	for (const auto lib : optional) {
+		SafeLoadLibrary(lib);
+	}
+	return true;
+}
+
 bool _debug = false;

 wstring updaterName, updaterDir, updateTo, exeName, customWorkingDir, customKeyFile;
@ -329,6 +393,10 @@ void updateRegistry() {
 }

 int APIENTRY wWinMain(HINSTANCE instance, HINSTANCE prevInstance, LPWSTR cmdParamarg, int cmdShow) {
+	if (!Init()) {
+		return -1;
+	}
+
 	openLog();

 	_oldWndExceptionFilter = SetUnhandledExceptionFilter(_exceptionFilter);
--- a/Telegram/SourceFiles/platform/win/windows_dlls.cpp
+++ b/Telegram/SourceFiles/platform/win/windows_dlls.cpp
@ -25,30 +25,55 @@ void init() {
 	if (inited) return;
 	inited = true;

-	// Remove the current directory from the DLL search order.
-	::SetDllDirectory(L"");
+	base::Platform::CheckDynamicLibraries();

-	const auto list = {
+	// Remove the current directory from the DLL search order.
+	SetDllDirectory(L"");
+
+	const auto required = {
+		u"secur32.dll"_q,
+		u"winmm.dll"_q,
+		u"ws2_32.dll"_q,
+		u"user32.dll"_q,
+		u"gdi32.dll"_q,
+		u"advapi32.dll"_q,
+		u"shell32.dll"_q,
+		u"ole32.dll"_q,
+		u"oleaut32.dll"_q,
+		u"shlwapi.dll"_q,
+		u"iphlpapi.dll"_q,
+		u"gdiplus.dll"_q,
+		u"version.dll"_q,
+		u"dwmapi.dll"_q,
+		u"crypt32.dll"_q,
+		u"bcrypt.dll"_q,
+		u"imm32.dll"_q,
+		u"netapi32.dll"_q,
+		u"userenv.dll"_q,
+		u"wtsapi32.dll"_q,
+		u"propsys.dll"_q,
+		u"psapi.dll"_q,
+		u"uxtheme.dll"_q,
+	};
+	const auto optional = {
 		u"dbghelp.dll"_q,
 		u"dbgcore.dll"_q,
-		u"propsys.dll"_q,
 		u"winsta.dll"_q,
-		u"textinputframework.dll"_q,
 		u"uxtheme.dll"_q,
 		u"igdumdim32.dll"_q,
 		u"amdhdl32.dll"_q,
-		u"wtsapi32.dll"_q,
-		u"propsys.dll"_q,
 		u"combase.dll"_q,
-		u"dwmapi.dll"_q,
 		u"rstrtmgr.dll"_q,
-		u"psapi.dll"_q,
-		u"user32.dll"_q,
 		u"d3d9.dll"_q,
 		u"d3d11.dll"_q,
 		u"dxgi.dll"_q,
+		u"profapi.dll"_q,
+		u"cryptbase.dll"_q,
 	};
-	for (const auto &lib : list) {
+	for (const auto &lib : required) {
+		SafeLoadLibrary(lib, true);
+	}
+	for (const auto &lib : optional) {
 		SafeLoadLibrary(lib);
 	}
 }
@ -83,19 +108,17 @@ void start() {
 	//	}
 	//}

-	if (IsWindowsVistaOrGreater()) {
-		const auto LibWtsApi32 = SafeLoadLibrary(u"wtsapi32.dll"_q);
-		LOAD_SYMBOL(LibWtsApi32, WTSRegisterSessionNotification);
-		LOAD_SYMBOL(LibWtsApi32, WTSUnRegisterSessionNotification);
+	const auto LibWtsApi32 = SafeLoadLibrary(u"wtsapi32.dll"_q);
+	LOAD_SYMBOL(LibWtsApi32, WTSRegisterSessionNotification);
+	LOAD_SYMBOL(LibWtsApi32, WTSUnRegisterSessionNotification);

-		const auto LibPropSys = SafeLoadLibrary(u"propsys.dll"_q);
-		LOAD_SYMBOL(LibPropSys, PropVariantToString);
-		LOAD_SYMBOL(LibPropSys, PSStringFromPropertyKey);
+	const auto LibPropSys = SafeLoadLibrary(u"propsys.dll"_q);
+	LOAD_SYMBOL(LibPropSys, PropVariantToString);
+	LOAD_SYMBOL(LibPropSys, PSStringFromPropertyKey);

-		const auto LibDwmApi = SafeLoadLibrary(u"dwmapi.dll"_q);
-		LOAD_SYMBOL(LibDwmApi, DwmIsCompositionEnabled);
-		LOAD_SYMBOL(LibDwmApi, DwmSetWindowAttribute);
-	}
+	const auto LibDwmApi = SafeLoadLibrary(u"dwmapi.dll"_q);
+	LOAD_SYMBOL(LibDwmApi, DwmIsCompositionEnabled);
+	LOAD_SYMBOL(LibDwmApi, DwmSetWindowAttribute);

 	const auto LibPsApi = SafeLoadLibrary(u"psapi.dll"_q);
 	LOAD_SYMBOL(LibPsApi, GetProcessMemoryInfo);
--- a/Telegram/SourceFiles/platform/win/windows_dlls.h
+++ b/Telegram/SourceFiles/platform/win/windows_dlls.h
@ -25,9 +25,6 @@ namespace Dlls {
 void init();
 void start();

-// KERNEL32.DLL
-inline BOOL(__stdcall *SetDllDirectory)(LPCWSTR lpPathName);
-
 // UXTHEME.DLL
 inline HRESULT(__stdcall *SetWindowTheme)(
 	HWND hWnd,