From d68b9546bd36fa34093b8592d3927ba581fc8e59 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Sun, 3 Sep 2023 00:58:34 +0200
Subject: Windows: simpler and more robust safe dll loading combined with delay
 loading thanks to Windows 7 being minimum supported version.

We also block execution on Windows versions older than Windows 7.
A lot of code was removed thanks to this.
---
 src/SetupDLL/Setup.c          | 272 ------------------------------------------
 src/SetupDLL/SetupDLL.vcxproj |   6 +-
 2 files changed, 3 insertions(+), 275 deletions(-)

(limited to 'src/SetupDLL')

diff --git a/src/SetupDLL/Setup.c b/src/SetupDLL/Setup.c
index f7c04315..a4bf6520 100644
--- a/src/SetupDLL/Setup.c
+++ b/src/SetupDLL/Setup.c
@@ -68,108 +68,6 @@ typedef enum
 
 #define WAIT_PERIOD 3
 
-extern HMODULE hRichEditDll;
-extern HMODULE hComctl32Dll;
-extern HMODULE hSetupDll;
-extern HMODULE hShlwapiDll;
-extern HMODULE hProfApiDll;
-extern HMODULE hUsp10Dll;
-extern HMODULE hCryptSpDll;
-extern HMODULE hUXThemeDll;
-extern HMODULE hUserenvDll;
-extern HMODULE hRsaenhDll;
-extern HMODULE himm32dll;
-extern HMODULE hMSCTFdll;
-extern HMODULE hfltlibdll;
-extern HMODULE hframedyndll;
-extern HMODULE hpsapidll;
-extern HMODULE hsecur32dll;
-extern HMODULE hnetapi32dll;
-extern HMODULE hauthzdll;
-extern HMODULE hxmllitedll;
-extern HMODULE hmprdll;
-extern HMODULE hsppdll;
-extern HMODULE vssapidll;
-extern HMODULE hvsstracedll;
-extern HMODULE hcfgmgr32dll;
-extern HMODULE hdevobjdll;
-extern HMODULE hpowrprofdll;
-extern HMODULE hsspiclidll;
-extern HMODULE hcryptbasedll;
-extern HMODULE hdwmapidll;
-extern HMODULE hmsasn1dll;
-extern HMODULE hcrypt32dll;
-extern HMODULE hbcryptdll;
-extern HMODULE hbcryptprimitivesdll;
-extern HMODULE hMsls31;
-extern HMODULE hntmartadll;
-extern HMODULE hwinscarddll;
-extern HMODULE hmsvcrtdll;
-extern HMODULE hWinTrustLib;
-extern HMODULE hAdvapi32Dll;
-
-#define FREE_DLL(h)	if (h) { FreeLibrary (h); h = NULL;}
-
-#ifndef BASE_SEARCH_PATH_ENABLE_SAFE_SEARCHMODE
-#define BASE_SEARCH_PATH_ENABLE_SAFE_SEARCHMODE 0x00000001
-#endif
-
-#ifndef BASE_SEARCH_PATH_PERMANENT
-#define BASE_SEARCH_PATH_PERMANENT 0x00008000
-#endif
-
-#ifndef LOAD_LIBRARY_SEARCH_SYSTEM32
-#define LOAD_LIBRARY_SEARCH_SYSTEM32   0x00000800
-#endif
-
-typedef BOOL (WINAPI *SetDllDirectoryPtr)(LPCWSTR lpPathName);
-typedef BOOL (WINAPI *SetSearchPathModePtr)(DWORD Flags);
-typedef BOOL (WINAPI *SetDefaultDllDirectoriesPtr)(DWORD DirectoryFlags);
-
-typedef void (WINAPI *InitCommonControlsPtr)(void);
-typedef HIMAGELIST  (WINAPI *ImageList_CreatePtr)(int cx, int cy, UINT flags, int cInitial, int cGrow);
-typedef int         (WINAPI *ImageList_AddPtr)(HIMAGELIST himl, HBITMAP hbmImage, HBITMAP hbmMask);
-
-typedef VOID (WINAPI *SetupCloseInfFilePtr)(HINF InfHandle);
-typedef HKEY (WINAPI *SetupDiOpenClassRegKeyPtr)(CONST GUID *ClassGuid,REGSAM samDesired);
-typedef BOOL (WINAPI *SetupInstallFromInfSectionWPtr)(HWND,HINF,PCWSTR,UINT,HKEY,PCWSTR,UINT,PSP_FILE_CALLBACK_W,PVOID,HDEVINFO,PSP_DEVINFO_DATA);
-typedef HINF (WINAPI *SetupOpenInfFileWPtr)(PCWSTR FileName,PCWSTR InfClass,DWORD InfStyle,PUINT ErrorLine);
-
-typedef LSTATUS (STDAPICALLTYPE *SHDeleteKeyWPtr)(HKEY hkey, LPCWSTR pszSubKey);
-
-typedef HRESULT (STDAPICALLTYPE *SHStrDupWPtr)(LPCWSTR psz, LPWSTR *ppwsz);
-
-// ChangeWindowMessageFilter
-typedef BOOL (WINAPI *ChangeWindowMessageFilterPtr) (UINT, DWORD);
-
-typedef BOOL (WINAPI *CreateProcessWithTokenWFn)(
-    __in        HANDLE hToken,
-    __in        DWORD dwLogonFlags,
-    __in_opt    LPCWSTR lpApplicationName,
-    __inout_opt LPWSTR lpCommandLine,
-    __in        DWORD dwCreationFlags,
-    __in_opt    LPVOID lpEnvironment,
-    __in_opt    LPCWSTR lpCurrentDirectory,
-    __in        LPSTARTUPINFOW lpStartupInfo,
-    __out       LPPROCESS_INFORMATION lpProcessInformation
-      );
-
-extern SetDllDirectoryPtr SetDllDirectoryFn;
-extern SetSearchPathModePtr SetSearchPathModeFn;
-extern SetDefaultDllDirectoriesPtr SetDefaultDllDirectoriesFn;
-
-extern ImageList_CreatePtr ImageList_CreateFn;
-extern ImageList_AddPtr ImageList_AddFn;
-
-extern SetupCloseInfFilePtr SetupCloseInfFileFn;
-extern SetupDiOpenClassRegKeyPtr SetupDiOpenClassRegKeyFn;
-extern SetupInstallFromInfSectionWPtr SetupInstallFromInfSectionWFn;
-extern SetupOpenInfFileWPtr SetupOpenInfFileWFn;
-extern SHDeleteKeyWPtr SHDeleteKeyWFn;
-extern SHStrDupWPtr SHStrDupWFn;
-extern ChangeWindowMessageFilterPtr ChangeWindowMessageFilterFn;
-extern CreateProcessWithTokenWFn CreateProcessWithTokenWPtr;
-
 wchar_t InstallationPath[TC_MAX_PATH];
 
 BOOL bUninstall = FALSE;
@@ -2106,139 +2004,10 @@ BOOL InitDll (MSIHANDLE hInstaller)
 	MSILog(hInstaller, MSI_INFO_LEVEL, L"Begin InitDll");
 
 	BOOL bOK = TRUE;
-	InitCommonControlsPtr InitCommonControlsFn = NULL;	
-
-	/* remove current directory from dll search path */
-	SetDllDirectoryFn = (SetDllDirectoryPtr) GetProcAddress (GetModuleHandle(L"kernel32.dll"), "SetDllDirectoryW");
-	SetSearchPathModeFn = (SetSearchPathModePtr) GetProcAddress (GetModuleHandle(L"kernel32.dll"), "SetSearchPathMode");
-	SetDefaultDllDirectoriesFn = (SetDefaultDllDirectoriesPtr) GetProcAddress (GetModuleHandle(L"kernel32.dll"), "SetDefaultDllDirectories");
-	if (SetDllDirectoryFn)
-		SetDllDirectoryFn (L"");
-	if (SetSearchPathModeFn)
-		SetSearchPathModeFn (BASE_SEARCH_PATH_ENABLE_SAFE_SEARCHMODE | BASE_SEARCH_PATH_PERMANENT);
-	if (SetDefaultDllDirectoriesFn)
-		SetDefaultDllDirectoriesFn (LOAD_LIBRARY_SEARCH_SYSTEM32);
 
 	InitOSVersionInfo();
 	InitGlobalLocks ();
 
-	LoadSystemDll_Dll (hInstaller, L"msvcrt.dll", &hmsvcrtdll, TRUE, SRC_POS);
-	LoadSystemDll_Dll (hInstaller, L"ntmarta.dll", &hntmartadll, TRUE, SRC_POS);
-	LoadSystemDll_Dll (hInstaller, L"MPR.DLL", &hmprdll, TRUE, SRC_POS);
-	if (IsOSAtLeast (WIN_7))
-	{
-		LoadSystemDll_Dll (hInstaller, L"ProfApi.DLL", &hProfApiDll, TRUE, SRC_POS);
-		LoadSystemDll_Dll (hInstaller, L"cryptbase.dll", &hcryptbasedll, TRUE, SRC_POS);
-		LoadSystemDll_Dll (hInstaller, L"sspicli.dll", &hsspiclidll, TRUE, SRC_POS);
-	}
-	LoadSystemDll_Dll (hInstaller, L"psapi.dll", &hpsapidll, TRUE, SRC_POS);
-	LoadSystemDll_Dll (hInstaller, L"secur32.dll", &hsecur32dll, TRUE, SRC_POS);
-	LoadSystemDll_Dll (hInstaller, L"msasn1.dll", &hmsasn1dll, TRUE, SRC_POS);
-	LoadSystemDll_Dll (hInstaller, L"Usp10.DLL", &hUsp10Dll, TRUE, SRC_POS);
-	if (IsOSAtLeast (WIN_7))
-		LoadSystemDll_Dll (hInstaller, L"dwmapi.dll", &hdwmapidll, TRUE, SRC_POS);
-	LoadSystemDll_Dll (hInstaller, L"UXTheme.dll", &hUXThemeDll, TRUE, SRC_POS);   
-
-	LoadSystemDll_Dll (hInstaller, L"msls31.dll", &hMsls31, TRUE, SRC_POS);	
-	LoadSystemDll_Dll (hInstaller, L"SETUPAPI.DLL", &hSetupDll, FALSE, SRC_POS);
-	LoadSystemDll_Dll (hInstaller, L"SHLWAPI.DLL", &hShlwapiDll, FALSE, SRC_POS);	
-
-	LoadSystemDll_Dll (hInstaller, L"userenv.dll", &hUserenvDll, TRUE, SRC_POS);
-	LoadSystemDll_Dll (hInstaller, L"rsaenh.dll", &hRsaenhDll, TRUE, SRC_POS);
-
-	if (nCurrentOS < WIN_7)
-	{
-		if (nCurrentOS == WIN_XP)
-		{
-			LoadSystemDll_Dll (hInstaller, L"imm32.dll", &himm32dll, TRUE, SRC_POS);
-			LoadSystemDll_Dll (hInstaller, L"MSCTF.dll", &hMSCTFdll, TRUE, SRC_POS);
-			LoadSystemDll_Dll (hInstaller, L"fltlib.dll", &hfltlibdll, TRUE, SRC_POS);
-			LoadSystemDll_Dll (hInstaller, L"wbem\\framedyn.dll", &hframedyndll, TRUE, SRC_POS);
-		}
-
-		if (IsOSAtLeast (WIN_VISTA))
-		{					
-			LoadSystemDll_Dll (hInstaller, L"netapi32.dll", &hnetapi32dll, TRUE, SRC_POS);
-			LoadSystemDll_Dll (hInstaller, L"authz.dll", &hauthzdll, TRUE, SRC_POS);
-			LoadSystemDll_Dll (hInstaller, L"xmllite.dll", &hxmllitedll, TRUE, SRC_POS);
-		}
-	}
-
-	if (IsOSAtLeast (WIN_VISTA))
-	{					
-		LoadSystemDll_Dll (hInstaller, L"atl.dll", &hsppdll, TRUE, SRC_POS);
-		LoadSystemDll_Dll (hInstaller, L"vsstrace.dll", &hvsstracedll, TRUE, SRC_POS);
-		LoadSystemDll_Dll (hInstaller, L"vssapi.dll", &vssapidll, TRUE, SRC_POS);
-		LoadSystemDll_Dll (hInstaller, L"spp.dll", &hsppdll, TRUE, SRC_POS);
-	}
-
-	LoadSystemDll_Dll (hInstaller, L"crypt32.dll", &hcrypt32dll, TRUE, SRC_POS);
-	
-	if (IsOSAtLeast (WIN_7))
-	{
-		LoadSystemDll_Dll (hInstaller, L"CryptSP.dll", &hCryptSpDll, TRUE, SRC_POS);
-
-		LoadSystemDll_Dll (hInstaller, L"cfgmgr32.dll", &hcfgmgr32dll, TRUE, SRC_POS);
-		LoadSystemDll_Dll (hInstaller, L"devobj.dll", &hdevobjdll, TRUE, SRC_POS);
-		LoadSystemDll_Dll (hInstaller, L"powrprof.dll", &hpowrprofdll, TRUE, SRC_POS);
-
-		LoadSystemDll_Dll (hInstaller, L"bcrypt.dll", &hbcryptdll, TRUE, SRC_POS);
-		LoadSystemDll_Dll (hInstaller, L"bcryptprimitives.dll", &hbcryptprimitivesdll, TRUE, SRC_POS);								
-	}	
-
-	LoadSystemDll_Dll (hInstaller, L"COMCTL32.DLL", &hComctl32Dll, FALSE, SRC_POS);
-	
-	// call InitCommonControls function
-	InitCommonControlsFn = (InitCommonControlsPtr) GetProcAddress (hComctl32Dll, "InitCommonControls");
-	ImageList_AddFn = (ImageList_AddPtr) GetProcAddress (hComctl32Dll, "ImageList_Add");
-	ImageList_CreateFn = (ImageList_CreatePtr) GetProcAddress (hComctl32Dll, "ImageList_Create");
-
-	if (InitCommonControlsFn && ImageList_AddFn && ImageList_CreateFn)
-	{
-		InitCommonControlsFn();
-	}
-	else
-	{
-		MSILog(hInstaller, MSI_ERROR_LEVEL, GetString("INIT_DLL"));
-		bOK = FALSE;
-		goto end;
-	}
-
-	LoadSystemDll_Dll (hInstaller, L"Riched20.dll", &hRichEditDll, FALSE, SRC_POS);
-	LoadSystemDll_Dll (hInstaller, L"Advapi32.dll", &hAdvapi32Dll, FALSE, SRC_POS);
-
-	// Get SetupAPI functions pointers
-	SetupCloseInfFileFn = (SetupCloseInfFilePtr) GetProcAddress (hSetupDll, "SetupCloseInfFile");
-	SetupDiOpenClassRegKeyFn = (SetupDiOpenClassRegKeyPtr) GetProcAddress (hSetupDll, "SetupDiOpenClassRegKey");
-	SetupInstallFromInfSectionWFn = (SetupInstallFromInfSectionWPtr) GetProcAddress (hSetupDll, "SetupInstallFromInfSectionW");
-	SetupOpenInfFileWFn = (SetupOpenInfFileWPtr) GetProcAddress (hSetupDll, "SetupOpenInfFileW");
-
-	if (!SetupCloseInfFileFn || !SetupDiOpenClassRegKeyFn || !SetupInstallFromInfSectionWFn || !SetupOpenInfFileWFn)
-	{
-		MSILog(hInstaller, MSI_ERROR_LEVEL, GetString("INIT_DLL"));
-		bOK = FALSE;
-		goto end;
-	}
-
-	// Get SHDeleteKeyW function pointer
-	SHDeleteKeyWFn = (SHDeleteKeyWPtr) GetProcAddress (hShlwapiDll, "SHDeleteKeyW");
-	SHStrDupWFn = (SHStrDupWPtr) GetProcAddress (hShlwapiDll, "SHStrDupW");
-	if (!SHDeleteKeyWFn || !SHStrDupWFn)
-	{
-		MSILog(hInstaller, MSI_ERROR_LEVEL, GetString("INIT_DLL"));
-		bOK = FALSE;
-		goto end;
-	}
-
-	if (IsOSAtLeast (WIN_VISTA))
-	{
-		/* Get ChangeWindowMessageFilter used to enable some messages bypasss UIPI (User Interface Privilege Isolation) */
-		ChangeWindowMessageFilterFn = (ChangeWindowMessageFilterPtr) GetProcAddress (GetModuleHandle (L"user32.dll"), "ChangeWindowMessageFilter");
-	}
-
-	// Get CreateProcessWithTokenW function pointer
-	CreateProcessWithTokenWPtr = (CreateProcessWithTokenWFn) GetProcAddress(hAdvapi32Dll, "CreateProcessWithTokenW");
-
 	SetErrorMode (SetErrorMode (0) | SEM_FAILCRITICALERRORS | SEM_NOOPENFILEERRORBOX);
 	CoInitialize (NULL);
 
@@ -2251,7 +2020,6 @@ BOOL InitDll (MSIHANDLE hInstaller)
 	_set_invalid_parameter_handler (InvalidParameterHandler);
 	RemoteSession = GetSystemMetrics (SM_REMOTESESSION) != 0;
 
-end:
 	MSILog(hInstaller, MSI_INFO_LEVEL, L"End InitDll");
 	return bOK;
 }
@@ -2365,46 +2133,6 @@ void VC_CustomAction_Cleanup ()
 
 	FinalizeGlobalLocks ();
 
-	FREE_DLL (hRichEditDll);
-	FREE_DLL (hComctl32Dll);
-	FREE_DLL (hSetupDll);
-	FREE_DLL (hShlwapiDll);
-	FREE_DLL (hProfApiDll);
-	FREE_DLL (hUsp10Dll);
-	FREE_DLL (hCryptSpDll);
-	FREE_DLL (hUXThemeDll);
-	FREE_DLL (hUserenvDll);
-	FREE_DLL (hRsaenhDll);
-	FREE_DLL (himm32dll);
-	FREE_DLL (hMSCTFdll);
-	FREE_DLL (hfltlibdll);
-	FREE_DLL (hframedyndll);
-	FREE_DLL (hpsapidll);
-	FREE_DLL (hsecur32dll);
-	FREE_DLL (hnetapi32dll);
-	FREE_DLL (hauthzdll);
-	FREE_DLL (hxmllitedll);
-	FREE_DLL (hmprdll);
-	FREE_DLL (hsppdll);
-	FREE_DLL (vssapidll);
-	FREE_DLL (hvsstracedll);
-	FREE_DLL (hCryptSpDll);
-	FREE_DLL (hcfgmgr32dll);
-	FREE_DLL (hdevobjdll);
-	FREE_DLL (hpowrprofdll);
-	FREE_DLL (hsspiclidll);
-	FREE_DLL (hcryptbasedll);
-	FREE_DLL (hdwmapidll);
-	FREE_DLL (hmsasn1dll);
-	FREE_DLL (hcrypt32dll);
-	FREE_DLL (hbcryptdll);
-	FREE_DLL (hbcryptprimitivesdll);
-	FREE_DLL (hMsls31);
-	FREE_DLL (hntmartadll);
-	FREE_DLL (hwinscarddll);
-	FREE_DLL (hmsvcrtdll);
-	FREE_DLL (hAdvapi32Dll);
-
 	//MSILog(hInstaller, MSI_INFO_LEVEL, L"End VC_CustomAction_Cleanup");
 }
 
diff --git a/src/SetupDLL/SetupDLL.vcxproj b/src/SetupDLL/SetupDLL.vcxproj
index 02d64e2d..7eb24a66 100644
--- a/src/SetupDLL/SetupDLL.vcxproj
+++ b/src/SetupDLL/SetupDLL.vcxproj
@@ -91,7 +91,7 @@
       <AdditionalDependencies>version.lib;msi.lib;libcmtd.lib;atlsd.lib;mpr.lib;..\Common\Debug\Zip.lib;..\Crypto\Debug\crypto.lib;..\Common\Debug\lzma.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <OutputFile>$(OutDir)VeraCryptSetup.dll</OutputFile>
       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
-      <DelayLoadDLLs>user32.dll;gdi32.dll;advapi32.dll;shell32.dll;ole32.dll;oleaut32.dll;mpr.dll;bcrypt.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
+      <DelayLoadDLLs>mpr.dll;bcrypt.dll;user32.dll;gdi32.dll;comdlg32.dll;advapi32.dll;shell32.dll;ole32.dll;oleaut32.dll;shlwapi.dll;setupapi.dll;wintrust.dll;comctl32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <ProgramDatabaseFile>$(OutDir)Setup.pdb</ProgramDatabaseFile>
       <SubSystem>Windows</SubSystem>
@@ -130,7 +130,7 @@ copy Debug\VeraCryptSetup.dll "..\Debug\Setup Files\VeraCryptSetup.dll" &gt;NUL:
       <AdditionalDependencies>version.lib;msi.lib;mpr.lib;..\Common\Release\Zip.lib;..\Crypto\Release\crypto.lib;..\Common\Release\lzma.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <OutputFile>$(OutDir)VeraCryptSetup.dll</OutputFile>
       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
-      <DelayLoadDLLs>user32.dll;gdi32.dll;advapi32.dll;shell32.dll;ole32.dll;oleaut32.dll;mpr.dll;bcrypt.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
+      <DelayLoadDLLs>mpr.dll;bcrypt.dll;user32.dll;gdi32.dll;comdlg32.dll;advapi32.dll;shell32.dll;ole32.dll;oleaut32.dll;shlwapi.dll;setupapi.dll;wintrust.dll;comctl32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <GenerateMapFile>true</GenerateMapFile>
       <SubSystem>Windows</SubSystem>
@@ -169,7 +169,7 @@ copy Debug\VeraCryptSetup.dll "..\Debug\Setup Files\VeraCryptSetup.dll" &gt;NUL:
       <AdditionalDependencies>version.lib;msi.lib;mpr.lib;..\Common\Release\Zip.lib;..\Crypto\Release\crypto.lib;..\Common\Release\lzma.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <OutputFile>$(OutDir)VeraCryptSetup.exe</OutputFile>
       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
-      <DelayLoadDLLs>user32.dll;gdi32.dll;advapi32.dll;shell32.dll;ole32.dll;oleaut32.dll;mpr.dll;bcrypt.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
+      <DelayLoadDLLs>mpr.dll;bcrypt.dll;user32.dll;gdi32.dll;comdlg32.dll;advapi32.dll;shell32.dll;ole32.dll;oleaut32.dll;shlwapi.dll;setupapi.dll;wintrust.dll;comctl32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <GenerateMapFile>true</GenerateMapFile>
       <SubSystem>Windows</SubSystem>
-- 
cgit v1.2.3