![]() The hotfix should probably actually provide some protection by globally disabling some form of CWD loading. By the time Windows 8 rolls around, the default is to disable CWD. With Windows 7 SP1, the default is to leave CWD turned on. There needs to be Group Policy settings and a GUI for manipulating these registry keys along the lines of the DEP compatibility with radio buttons like “Turn on loading libraries from CWD” and “Turn off loading libraries from CWD except for those I select". They need to roll it out like they did DEP. Microsoft should encourage this by formally deprecating loading DLLs from CWD with Windows 7 SP1. (Yes this is a PITA and it might break stuff on your box but you can suck it up and white list apps that are broken.) If your apps are broken by this then you need to fix them. I think all developers and testers should install KB2264107 and globally disable loading from CWD. They probably didn’t realize the implications and it is insidious because it is the default. I was really stunned to realize that Chrome was using this CWD load behavior. Developers Should Disable Loading DLLs from CWD I had a similar problem with the Apple Update program failing when it tried to install the latest version of QuickTime. Better, is to create a KEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe key with a CWDIllegalInDllSearch DWORD value of 2 (and remember to delete this when Chrome 6 goes stable). To fix this you can either dial the global CWDIllegalInDllSearch down to 2 which indicates CWD is allowed to be searched only if it is a local folder. Chrome 6 beta doesn’t do this which is why I didn’t notice the problem. This isn’t a part of the normal DLL search path and it seems like Chrome 5 is working around this by setting CWD to the directory which contains the DLLs before calling LoadLibrary(). ![]() Chrome keeps its DLLs in a version-numbered subdirectory of the one containing Chrome.exe. The second computer I tried this on had a problem where Google Chrome 5 was unable to find avutil-50.dll. I’m running Windows 7 圆4 with no legacy 16-bit apps. ![]() This globally disables the use of CWD for loading libraries. The simplest option is to create a new DWORD value of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager key called CWDIllegalInDllSearch and set it to 0xffffffff. KB2264107 is a patch that allows you to set registry keys to change the circumstances under which CWD is considered. The best and simplest way to make sure you application won’t load a DLL just because it was in the same directory as a document is to call SetDllDirectory() with emtpy string as its argument there are also the option to implement the search yourself instead of letting Windows do it for you. I can’t imagine why any application would legitimately need to load a DLL from CWD. Developers can turn this behavior off but it is the default and you a) have to know that you need to turn it off and b) know how to turn it off. Your application doesn’t have to search CWD but it is the default for reasons of backwards compatibility.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |