Search found 1166 matches

by Kukulkan
Wed Mar 20, 2024 11:53 am
Forum: Coding Questions
Topic: WebViewGadget deployment and other questions
Replies: 10
Views: 405

Re: WebViewGadget deployment and other questions

The dependencies for webview are detailed on github. Wait a second, Fred is using this webview project for implementing the WebView? :shock: Are you 100% sure that this is used and Fred did not implement it by himself? This webview project is currently version 0.10 with no official stable release y...
by Kukulkan
Wed Mar 20, 2024 10:26 am
Forum: Coding Questions
Topic: WebViewGadget deployment and other questions
Replies: 10
Views: 405

Re: WebViewGadget deployment and other questions

Thanks. But isn't there the issue that the webkit engine on Linux and Mac is not there by default? At least for Linux I believe I have to add some dependency. So is it libQt5WebKit5 or libwebkit2gtk or webkit2gtk3 or webkit2gtk4 ? Proxy is a problem on Linux and macOS. In the past my app had it's ow...
by Kukulkan
Wed Mar 20, 2024 9:30 am
Forum: Coding Questions
Topic: WebViewGadget deployment and other questions
Replies: 10
Views: 405

Re: WebViewGadget deployment and other questions

Thanks! I updated my question above with your answers. Still a lot questions open...
by Kukulkan
Tue Mar 19, 2024 12:43 pm
Forum: Coding Questions
Topic: WebViewGadget deployment and other questions
Replies: 10
Views: 405

WebViewGadget deployment and other questions

Hi, I just consider using the new WebViewGadget as the basis for a new cross platform app. Unfortunatelly, I found no details about how the WebViewGadget works. What is the underlying technology on Windows, Linux (QT/GTK) and MacOS? -> Linux webkit, macOS webkit, windows Edge webview2 What are the d...
by Kukulkan
Tue Dec 12, 2023 3:08 pm
Forum: Bugs - Windows
Topic: [Done] DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?
Replies: 58
Views: 5098

Re: [Done] DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?

It affects everything compiled for Windows with PB 6.03 (x86 and x64) and earlier.
by Kukulkan
Wed Nov 29, 2023 12:39 pm
Forum: Applications - Feedback and Discussion
Topic: Command line manifest replacement tool (PB source, Windows only)
Replies: 0
Views: 993

Command line manifest replacement tool (PB source, Windows only)

[UPDATE] 05. Dec. 2023: Fixed bugs regarding the UpdateResource_ Windows API call. Added automatic trimming of imported manifest files (remove any leading or trailing CR, LF, TAB or space). Add compiler warning if not compiled in console mode. Please use the updated code from this post. ___________...
by Kukulkan
Fri Nov 24, 2023 5:25 pm
Forum: Bugs - Windows
Topic: [Done] DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?
Replies: 58
Views: 5098

Re: DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?

Okay, mate. It's all good. Still friends, right? :shock: Sure. All good :wink: Unfortunately this is only the easy way to do injection, there is also a way to do injection without any local file - purely by replacing dll in the process memory. Thanks for pointing out. I think the method you describ...
by Kukulkan
Fri Nov 24, 2023 12:57 pm
Forum: Bugs - Windows
Topic: [Done] DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?
Replies: 58
Views: 5098

Re: DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?

- I will stop discussion here now. Thanks for everybody that participated. I have shown all sources, wrote all my arguments and provided sourcecode and executables (exe and dll) for your own tests. If you don't believe me that there's a problem or you cannot reproduce it, then that's okay. Just carr...
by Kukulkan
Fri Nov 24, 2023 12:30 pm
Forum: Bugs - Windows
Topic: [Done] DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?
Replies: 58
Views: 5098

Re: DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?

I can't reproduce that here either. Can you put everything in a zip file so I can download and just run it to see it, because maybe I'm compiling it all wrong? Here you go: https://www.filemail.com/d/qrshogupxgkxzsq If it does not work, maybe calc.exe is not on your path? Maybe some AV is fixing it...
by Kukulkan
Fri Nov 24, 2023 12:24 pm
Forum: Bugs - Windows
Topic: [Done] DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?
Replies: 58
Views: 5098

Re: DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?

I used https://angusj.com/resourcehacker/ and edited the embedded manifest of a vulnerable executable to make it load the uxtheme.dll from system32 folder. Indeed, it seems to help on this. Therefore, if this is done for all files that might become loaded by the PureBasic executable, it seems a legi...
by Kukulkan
Fri Nov 24, 2023 12:04 pm
Forum: Bugs - Windows
Topic: [Done] DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?
Replies: 58
Views: 5098

Re: DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?

Just tried it (PB 6.03 x86 to make the exe), and Calculator didn't start. Just the window opened. Also tried making the exe with x64 and no Calc. Don't know what is wrong here. I suggest to use Process Monitor to find out whats different. Funny, I put the uxtheme.dll into my %TEMP% folder and then ...
by Kukulkan
Fri Nov 24, 2023 11:36 am
Forum: Bugs - Windows
Topic: [Done] DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?
Replies: 58
Views: 5098

Re: DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?

How neurotic, stop scaring people with security issue you don't understand. Your "problem" can be fixed in the manifest of the exe. Add a line like this: <file name="uxtheme.dll" loadFrom="%SystemRoot%\system32\uxtheme.dll" /> I'm not neurotic. If that works it is the ...
by Kukulkan
Fri Nov 24, 2023 11:05 am
Forum: Bugs - Windows
Topic: [Done] DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?
Replies: 58
Views: 5098

Re: DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?

I uploaded the dll: https://www.filemail.com/d/tnznmnzziuggzwx Just compile my example from above in PureBasic (x86!) and run the executable in the same folder with this dll... Feel free to use this for testing your other apps. If you place this dll into the same folder as some x86 app of yours and ...
by Kukulkan
Fri Nov 24, 2023 10:51 am
Forum: Bugs - Windows
Topic: [Done] DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?
Replies: 58
Views: 5098

Re: DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?

Your example cannot work. Your caller is never executing ByeByeFiles() . Instead of a function ByeByeFiles() your library (DLL) must implement the execution in DLL_PROCESS_ATTACH to become executed. I don't know how to do in PB and I found no downloadable exploit DLL in the internet but in C such DL...
by Kukulkan
Fri Nov 24, 2023 9:13 am
Forum: Bugs - Windows
Topic: [Done] DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?
Replies: 58
Views: 5098

Re: DLL hijacking on uxtheme.dll. Many PB programs affected? Fix?

Finally, even if all PB users together consider this not beeing a serious issue, security experts think it is. I'm currenty somehow blackmailed by the finders of the vulnerability in my applications. If I don't fix the issue soon, we will have some open CVE saying that my software is vulnerable to ...