Hi Hao,
Thanks for replying to this query.
I'm afraid that I simply don't have the scope to go through a binutils
change request. I was hoping that a link script might work to inject the
binary section manually. If it is simply not possible for GNU binutils
to inject custom PE directory entry data at all (which I assert is what
you are implying) then I guess I'll just have to continue to make do
with delay-loaded DLLs (and hope that someone else also eventually takes
a stab at fixing https://sourceware.org/bugzilla/show_bug.cgi?id=14339
for binutils).
Regards,
/Pete
On 2025.03.04 03:37, LIU Hao wrote:
在 2025-03-04 01:14, Pete Batard via Mingw-w64-public 写道:
Considering that the current approach to fighting DLL side-loading
vulnerabilities for MinGW generated executables is to manually run
them through something like procmon, to see if they attempt to load
DLLs from nonsystem dirs, and if so, manually apply delay-loading to
the DLLs (that is when delay-loading works, because while I didn't
have an issue with other DLLs --outside of binutils needing an
annoying DECLSPEC_IMPORT redef-- I have been entirely unable to make
it work with cfgmgr32 [1]), being able to use a simple flag that tells
Windows: "Hey, this application is designed to *not* to ever need to
load anything but system DLLs" would be a real godsend.
However, applying that flag requires the GNU PE toolchain that can
generate a 'Load Configuration' PE directory entry, and arbitrarily
set some the attributes there. And from what I can see, while LLVM has
recently introduced an option that adds such a section to set the
relevant flag, I don't expect gcc to do so anytime soon, so I would
very much like a workaround for it...
Unsurprisingly, this topic is far too advanced for ChatGPT to produce
anything useful. I am therefore asking the MinGW experts if they have
a solution for this kind of additional PE entry generation.
I believe at the moment there's no support for load config directories
in GNU LD. You will have to modify GNU LD source:
In 'binutils-gdb/bfd/peXXigen.c' there is code which sets up the TLS
directory (keyword: `PE_TLS_TABLE`). You can also see that while the
constant `PE_LOAD_CONFIG_TABLE` is defined, it's unused elsewhere. So an
executable that is created by GNU LD doesn't have a load config directory.
Perhaps you can take that as a reference and implement it. Microsoft
LINK and LLD-LINK look for the external variable `_load_config_used` and
point the load config directory to it, same way with how they look for
`_tls_used` and set up the TLS directory. The difference is that the
load config directory is of a variable length, as recorded in its `Size`
field.
Once that is done, you can add an option to GNU LD to override the
`DependentLoadFlags` field.
_______________________________________________
Mingw-w64-public mailing list
Mingw-w64-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
