Prevent DLL hijacking by setting default DLL directories on initialization (#4207)

* Prevent DLL hijacking by setting default DLL directories on initialization * Updated the changelog * Added DLLSearchPaths option to control DLL search paths on Windows * Changed the order of the execution for uxtheme.go and consts.go * Init uxtheme.go and consts.go once the dll path is set --------- Co-authored-by: Lea Anthony <lea.anthony@gmail.com>
2026-03-14 14:45:49 +01:00 · 2025-09-24 01:44:58 -04:00 · 2025-09-24 01:44:58 -04:00 · dfff549002
commit dfff549002
parent 855dcadd79
5 changed files with 42 additions and 2 deletions
--- a/v2/internal/frontend/desktop/windows/frontend.go
+++ b/v2/internal/frontend/desktop/windows/frontend.go
@ -28,11 +28,13 @@ import (
 	"github.com/wailsapp/wails/v2/internal/frontend/originvalidator"
 	wailsruntime "github.com/wailsapp/wails/v2/internal/frontend/runtime"
 	"github.com/wailsapp/wails/v2/internal/logger"
+	w32consts "github.com/wailsapp/wails/v2/internal/platform/win32"
 	"github.com/wailsapp/wails/v2/internal/system/operatingsystem"
 	"github.com/wailsapp/wails/v2/pkg/assetserver"
 	"github.com/wailsapp/wails/v2/pkg/assetserver/webview"
 	"github.com/wailsapp/wails/v2/pkg/options"
 	"github.com/wailsapp/wails/v2/pkg/options/windows"
+	w "golang.org/x/sys/windows"
 )

 const startURL = "http://wails.localhost/"
@ -75,6 +77,13 @@ func NewFrontend(ctx context.Context, appoptions *options.App, myLogger *logger.
 	// Get Windows build number
 	versionInfo, _ := operatingsystem.GetWindowsVersionInfo()

+	// Apply DLL search path settings if specified
+	if appoptions.Windows != nil && appoptions.Windows.DLLSearchPaths != 0 {
+		w.SetDefaultDllDirectories(appoptions.Windows.DLLSearchPaths)
+	}
+	// Now initialize packages that load DLLs
+	w32.Init()
+	w32consts.Init()
 	result := &Frontend{
 		frontendOptions: appoptions,
 		logger:          myLogger,
--- a/v2/internal/frontend/desktop/windows/winc/w32/uxtheme.go
+++ b/v2/internal/frontend/desktop/windows/winc/w32/uxtheme.go
@ -69,7 +69,7 @@ var (
 	setWindowTheme      uintptr
 )

-func init() {
+func Init() {
 	// Library
 	libuxtheme = MustLoadLibrary("uxtheme.dll")

--- a/v2/internal/platform/win32/consts.go
+++ b/v2/internal/platform/win32/consts.go
@ -80,7 +80,7 @@ ShouldSystemUseDarkMode = bool () // ordinal 138
 SetPreferredAppMode = PreferredAppMode (PreferredAppMode appMode) // ordinal 135, since 18334
 IsDarkModeAllowedForApp = bool () // ordinal 139
 */
-func init() {
+func Init() {
 	if IsWindowsVersionAtLeast(10, 0, 18334) {

 		// AllowDarkModeForWindow is only available on Windows 10+
--- a/v2/pkg/options/windows/windows.go
+++ b/v2/pkg/options/windows/windows.go
@ -1,5 +1,9 @@
 package windows

+import (
+	"golang.org/x/sys/windows"
+)
+
 type Theme int

 type Messages struct {
@ -35,6 +39,27 @@ const (
 	Tabbed  BackdropType = 4
 )

+const (
+	// Default is 0, which means no changes to the default Windows DLL search behavior
+	DLLSearchDefault uint32 = 0
+	// LoadLibrary flags for determining from where to search for a DLL
+	DLLSearchDontResolveDllReferences uint32 = windows.DONT_RESOLVE_DLL_REFERENCES               // 0x1
+	DLLSearchAsDataFile               uint32 = windows.LOAD_LIBRARY_AS_DATAFILE                  // 0x2
+	DLLSearchWithAlteredPath          uint32 = windows.LOAD_WITH_ALTERED_SEARCH_PATH             // 0x8
+	DLLSearchIgnoreCodeAuthzLevel     uint32 = windows.LOAD_IGNORE_CODE_AUTHZ_LEVEL              // 0x10
+	DLLSearchAsImageResource          uint32 = windows.LOAD_LIBRARY_AS_IMAGE_RESOURCE            // 0x20
+	DLLSearchAsDataFileExclusive      uint32 = windows.LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE        // 0x40
+	DLLSearchRequireSignedTarget      uint32 = windows.LOAD_LIBRARY_REQUIRE_SIGNED_TARGET        // 0x80
+	DLLSearchDllLoadDir               uint32 = windows.LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR          // 0x100
+	DLLSearchApplicationDir           uint32 = windows.LOAD_LIBRARY_SEARCH_APPLICATION_DIR       // 0x200
+	DLLSearchUserDirs                 uint32 = windows.LOAD_LIBRARY_SEARCH_USER_DIRS             // 0x400
+	DLLSearchSystem32                 uint32 = windows.LOAD_LIBRARY_SEARCH_SYSTEM32              // 0x800
+	DLLSearchDefaultDirs              uint32 = windows.LOAD_LIBRARY_SEARCH_DEFAULT_DIRS          // 0x1000
+	DLLSearchSafeCurrentDirs          uint32 = windows.LOAD_LIBRARY_SAFE_CURRENT_DIRS            // 0x2000
+	DLLSearchSystem32NoForwarder      uint32 = windows.LOAD_LIBRARY_SEARCH_SYSTEM32_NO_FORWARDER // 0x4000
+	DLLSearchOsIntegrityContinuity    uint32 = windows.LOAD_LIBRARY_OS_INTEGRITY_CONTINUITY      // 0x8000
+)
+
 func RGB(r, g, b uint8) int32 {
 	col := int32(b)
 	col = col<<8 | int32(g)
@ -122,6 +147,11 @@ type Options struct {

 	// Class name for the window. If empty, 'wailsWindow' will be used.
 	WindowClassName string
+
+	// DLLSearchPaths controls which directories are searched when loading DLLs
+	// Set to 0 for default behavior, or combine multiple flags with bitwise OR
+	// Example: DLLSearchApplicationDir | DLLSearchSystem32
+	DLLSearchPaths uint32
 }

 func DefaultMessages() *Messages {