Make Windows system-DLL P/Invokes use only DllImportSearchPath.System32#129588
Open
elinor-fung wants to merge 3 commits into
Open
Make Windows system-DLL P/Invokes use only DllImportSearchPath.System32#129588elinor-fung wants to merge 3 commits into
DllImportSearchPath.System32#129588elinor-fung wants to merge 3 commits into
Conversation
Add [DefaultDllImportSearchPaths(DllImportSearchPath.System32)] to every P/Invoke targeting a Windows system DLL under Common/src/Interop/Windows (advapi32, bcrypt, crypt32, kernel32, ntdll, ole32, oleaut32, secur32, shell32, user32, normaliz, ucrtbase, ws2_32, winhttp, etc., plus api-set forwarders). By default these resolve via the assembly/app directory before System32, which lets a DLL planted next to the application win the search (DLL hijacking). Restricting the search to System32 (LOAD_LIBRARY_SEARCH_SYSTEM32) closes that vector. All targeted DLLs are OS components resident in %windir%\System32. App-local native libraries (hostpolicy, System.Globalization.Native, System.IO.Compression.Native, msquic) live outside these folders and are intentionally left unchanged. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…okes Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
Tagging subscribers to this area: @dotnet/interop-contrib |
elinor-fung
changed the title
DllImportSearchPath.System32
Member
|
I wonder if it is worth discussion of adding some feature for this that doesn't require annotating every p/invoke. Some thoughts are:
CC. @AaronRobinsonMSFT, @dotnet/interop-contrib -- I don't think it's worth blocking this PR over, but this does seem like a more general problem that would be worth tackling. It would also reduce risk for future P/Invokes added and reduce burden on user binding libraries. |
jkotas
reviewed
Jun 18, 2026
jkotas
reviewed
Jun 18, 2026
Co-authored-by: Jan Kotas <jkotas@microsoft.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
This pull request was authored with the assistance of GitHub Copilot.
Adds
[DefaultDllImportSearchPaths(DllImportSearchPath.System32)]to every P/Invoke that targets a Windows operating-system library undersrc/libraries/Common/src/Interop/Windows/(advapi32, bcrypt, crypt32, kernel32, ntdll, ole32, oleaut32, secur32, shell32, user32, normaliz, ucrtbase, ws2_32, winhttp, the api-set forwarders, etc.).SPCL and libraries specify
DllImportSearchPath.AssemblyandDllImportSearchPath.System32. The assembly directory (application directory for single-file) is always searched first. For correctness, we can restrict Windows system DLL p/invokes to System32.