Skip to content

Commit 13dd5df

Browse files
pbatardpbatard
committed
[msvc] prevent DLL side-loading by using /DEPENDENTLOADFLAG:0x800
* Fixes side-loading vulnerabilities reported by Sahil Shah. * Also force reproducible builds (/BREPRO) while we're at it. * Also fix copyright sign mangling in the .rc and apply other housekeeping.
1 parent 9b23b82 commit 13dd5df

18 files changed

+61
-26
lines changed

ChangeLog

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ o v1.5.1 (2024.06.13)
66
- libusb-win32 ARM64 driver installation support (courtesy of Peter Dons Tychsen)
77
Bugfixes:
88
- fix filter installer being potentially overwritten (courtesy of Peter Dons Tychsen)
9+
- fix UAC not being properly triggered during driver installation (courtesy of Andrew Meyer)
910
Improvements:
1011
- improve Windows edition and platform reporting
1112

_pre-commit.sh

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ s/^[ \t]*FILEVERSION[ \t]*\(.*\),\(.*\),\(.*\),.*/ FILEVERSION \1,\2,\3,@@BUILD@
3232
s/^[ \t]*PRODUCTVERSION[ \t]*\(.*\),\(.*\),\(.*\),.*/ PRODUCTVERSION \1,\2,\3,@@BUILD@@/
3333
s/^\([ \t]*\)VALUE[ \t]*"FileVersion",[ \t]*"\(.*\)\..*"/\1VALUE "FileVersion", "\2.@@BUILD@@"/
3434
s/^\([ \t]*\)VALUE[ \t]*"ProductVersion",[ \t]*"\(.*\)\..*"/\1VALUE "ProductVersion", "\2.@@BUILD@@"/
35+
s/\xef\xbf\xbd/\xa9/
3536
_EOF
3637

3738
cat > _zadig.sed <<\_EOF
@@ -40,6 +41,7 @@ s/^[ \t]*PRODUCTVERSION[ \t]*\(.*\),\(.*\),.*,0/ PRODUCTVERSION \1,\2,@@BUILD@@,
4041
s/^\([ \t]*\)VALUE[ \t]*"FileVersion",[ \t]*"\(.*\)\..*"/\1VALUE "FileVersion", "\2.@@BUILD@@"/
4142
s/^\([ \t]*\)VALUE[ \t]*"ProductVersion",[ \t]*"\(.*\)\..*"/\1VALUE "ProductVersion", "\2.@@BUILD@@"/
4243
s/^\(.*\)"Zadig \(.*\)\..*"\(.*\)/\1"Zadig \2.@@BUILD@@"\3/
44+
s/\xef\xbf\xbd/\xa9/
4345
_EOF
4446

4547
# First run sed to substitute our variable in the sed command file

_sign.cmd

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
11
@echo off
2-
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool" sign /v /sha1 3dbc3a2a0e9ce8803b422cfdbc60acd33164965d /fd SHA256 /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /td SHA256 %1
2+
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool" sign /v /sha1 fc4686753937a93fdcd48c2bb4375e239af92dcb /fd SHA256 /tr http://timestamp.acs.microsoft.com /td SHA256 %*

examples/.msvc/wdi-simple.vcxproj

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,7 @@
9494
<SubSystem>Console</SubSystem>
9595
<TargetMachine>MachineX86</TargetMachine>
9696
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
97+
<AdditionalOptions>/BREPRO /DEPENDENTLOADFLAG:0x800 %(AdditionalOptions)</AdditionalOptions>
9798
</Link>
9899
</ItemDefinitionGroup>
99100
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -118,6 +119,7 @@
118119
<ProgramDatabaseFile>$(TargetDir)$(ProjectName).pdb</ProgramDatabaseFile>
119120
<SubSystem>Console</SubSystem>
120121
<TargetMachine>MachineX64</TargetMachine>
122+
<AdditionalOptions>/BREPRO /DEPENDENTLOADFLAG:0x800 %(AdditionalOptions)</AdditionalOptions>
121123
</Link>
122124
</ItemDefinitionGroup>
123125
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -140,6 +142,7 @@
140142
<EnableCOMDATFolding>true</EnableCOMDATFolding>
141143
<TargetMachine>MachineX86</TargetMachine>
142144
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
145+
<AdditionalOptions>/BREPRO /DEPENDENTLOADFLAG:0x800 %(AdditionalOptions)</AdditionalOptions>
143146
</Link>
144147
</ItemDefinitionGroup>
145148
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -164,6 +167,7 @@
164167
<OptimizeReferences>true</OptimizeReferences>
165168
<EnableCOMDATFolding>true</EnableCOMDATFolding>
166169
<TargetMachine>MachineX64</TargetMachine>
170+
<AdditionalOptions>/BREPRO /DEPENDENTLOADFLAG:0x800 %(AdditionalOptions)</AdditionalOptions>
167171
</Link>
168172
</ItemDefinitionGroup>
169173
<ItemGroup>

examples/.msvc/zadig.vcxproj

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,7 @@
9393
<GenerateDebugInformation>true</GenerateDebugInformation>
9494
<SubSystem>Windows</SubSystem>
9595
<TargetMachine>MachineX86</TargetMachine>
96+
<AdditionalOptions>/BREPRO /DEPENDENTLOADFLAG:0x800 %(AdditionalOptions)</AdditionalOptions>
9697
</Link>
9798
</ItemDefinitionGroup>
9899
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -117,6 +118,7 @@
117118
<GenerateDebugInformation>true</GenerateDebugInformation>
118119
<SubSystem>Windows</SubSystem>
119120
<TargetMachine>MachineX64</TargetMachine>
121+
<AdditionalOptions>/BREPRO /DEPENDENTLOADFLAG:0x800 %(AdditionalOptions)</AdditionalOptions>
120122
</Link>
121123
</ItemDefinitionGroup>
122124
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -140,6 +142,7 @@
140142
<OptimizeReferences>true</OptimizeReferences>
141143
<EnableCOMDATFolding>true</EnableCOMDATFolding>
142144
<TargetMachine>MachineX86</TargetMachine>
145+
<AdditionalOptions>/BREPRO /DEPENDENTLOADFLAG:0x800 %(AdditionalOptions)</AdditionalOptions>
143146
</Link>
144147
</ItemDefinitionGroup>
145148
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -166,6 +169,7 @@
166169
<OptimizeReferences>true</OptimizeReferences>
167170
<EnableCOMDATFolding>true</EnableCOMDATFolding>
168171
<TargetMachine>MachineX64</TargetMachine>
172+
<AdditionalOptions>/BREPRO /DEPENDENTLOADFLAG:0x800 %(AdditionalOptions)</AdditionalOptions>
169173
</Link>
170174
</ItemDefinitionGroup>
171175
<ItemGroup>

examples/getopt/.msvc/getopt.vcxproj

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,7 @@
8282
</ClCompile>
8383
<Lib>
8484
<IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
85+
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
8586
</Lib>
8687
</ItemDefinitionGroup>
8788
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -97,6 +98,7 @@
9798
</ClCompile>
9899
<Lib>
99100
<IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
101+
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
100102
</Lib>
101103
</ItemDefinitionGroup>
102104
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -109,6 +111,7 @@
109111
</ClCompile>
110112
<Lib>
111113
<IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
114+
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
112115
</Lib>
113116
</ItemDefinitionGroup>
114117
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -123,6 +126,7 @@
123126
</ClCompile>
124127
<Lib>
125128
<IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
129+
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
126130
</Lib>
127131
</ItemDefinitionGroup>
128132
<ItemGroup>

examples/wdi-simple.rc

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@
77
#endif
88

99
VS_VERSION_INFO VERSIONINFO
10-
FILEVERSION 1,5,1,788
11-
PRODUCTVERSION 1,5,1,788
10+
FILEVERSION 1,5,1,789
11+
PRODUCTVERSION 1,5,1,789
1212
FILEFLAGSMASK 0x17L
1313
#ifdef _DEBUG
1414
FILEFLAGS 0x1L
@@ -25,13 +25,13 @@ BEGIN
2525
BEGIN
2626
VALUE "CompanyName", "akeo.ie"
2727
VALUE "FileDescription", "WDI-Simple"
28-
VALUE "FileVersion", "1.5.1.788"
28+
VALUE "FileVersion", "1.5.1.789"
2929
VALUE "InternalName", "WDI-Simple"
30-
VALUE "LegalCopyright", "� 2010-2023 Pete Batard (LGPL v3)"
31-
VALUE "LegalTrademarks", "https://www.gnu.org/copyleft/lesser.html"
30+
VALUE "LegalCopyright", "� 2010-2025 Pete Batard (LGPL v3)"
31+
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/lgpl-3.0.html"
3232
VALUE "OriginalFilename", "wdi-simple.exe"
3333
VALUE "ProductName", "WDI-Simple"
34-
VALUE "ProductVersion", "1.5.1.788"
34+
VALUE "ProductVersion", "1.5.1.789"
3535
VALUE "Comments", "http://libwdi.akeo.ie"
3636
END
3737
END

examples/zadig.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/*
22
* Zadig: Automated Driver Installer for USB devices (GUI version)
3-
* Copyright (c) 2010-2023 Pete Batard <[email protected]>
3+
* Copyright (c) 2010-2025 Pete Batard <[email protected]>
44
* For more info, please visit http://libwdi.akeo.ie
55
*
66
* This program is free software: you can redistribute it and/or modify

examples/zadig.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/*
22
* Zadig: Automated Driver Installer for USB devices (GUI version)
3-
* Copyright (c) 2010-2023 Pete Batard <[email protected]>
3+
* Copyright (c) 2010-2025 Pete Batard <[email protected]>
44
*
55
* This program is free software: you can redistribute it and/or modify
66
* it under the terms of the GNU General Public License as published by
@@ -60,7 +60,7 @@
6060
#define FIELD_ORANGE RGB(255,240,200)
6161
#define ARROW_GREEN RGB(92,228,65)
6262
#define ARROW_ORANGE RGB(253,143,56)
63-
#define APP_VERSION "Zadig 2.9.788"
63+
#define APP_VERSION "Zadig 2.9.789"
6464

6565
// These are used to flag end users about the driver they are going to replace
6666
enum driver_type {

examples/zadig.rc

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@ BEGIN
151151
LTEXT "WCID",IDC_STATIC_WCID,14,84,18,9,SS_NOTIFY
152152
EDITTEXT IDC_WCID_BOX,40,82,14,14,ES_READONLY | NOT WS_TABSTOP
153153
EDITTEXT IDC_WCID,55,82,44,14,ES_READONLY | NOT WS_VISIBLE | NOT WS_TABSTOP,WS_EX_TRANSPARENT
154-
LTEXT "",IDC_RARR,142,44,17,14,SS_NOTIFY | SS_CENTERIMAGE | NOT WS_VISIBLE
154+
LTEXT "",IDC_RARR,142,44,17,14,SS_NOTIFY | SS_CENTERIMAGE | NOT WS_VISIBLE
155155
EDITTEXT IDC_TARGET,162,44,98,14,ES_READONLY | NOT WS_TABSTOP
156156
CONTROL "",IDC_TARGETSPIN,"msctls_updown32",UDS_ARROWKEYS,260,44,11,14,WS_EX_TRANSPARENT
157157
CONTROL IDB_ZADIG,IDC_THIS_SPACE_FOR_RENT,"Static",SS_BITMAP | SS_CENTERIMAGE | SS_REALSIZEIMAGE,278,37,97,66
@@ -246,8 +246,8 @@ END
246246
//
247247

248248
VS_VERSION_INFO VERSIONINFO
249-
FILEVERSION 2,9,788,0
250-
PRODUCTVERSION 2,9,788,0
249+
FILEVERSION 2,9,789,0
250+
PRODUCTVERSION 2,9,789,0
251251
FILEFLAGSMASK 0x17L
252252
#ifdef _DEBUG
253253
FILEFLAGS 0x1L
@@ -264,13 +264,13 @@ BEGIN
264264
BEGIN
265265
VALUE "CompanyName", "akeo.ie"
266266
VALUE "FileDescription", "Zadig"
267-
VALUE "FileVersion", "2.9.788"
267+
VALUE "FileVersion", "2.9.789"
268268
VALUE "InternalName", "Zadig"
269-
VALUE "LegalCopyright", "� 2010-2023 Pete Batard (GPL v3)"
270-
VALUE "LegalTrademarks", "https://www.gnu.org/copyleft/gpl.html"
269+
VALUE "LegalCopyright", "� 2010-2025 Pete Batard (GPL v3)"
270+
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
271271
VALUE "OriginalFilename", "zadig.exe"
272272
VALUE "ProductName", "Zadig"
273-
VALUE "ProductVersion", "2.9.788"
273+
VALUE "ProductVersion", "2.9.789"
274274
VALUE "Comments", "https://zadig.akeo.ie"
275275
END
276276
END

0 commit comments

Comments
 (0)