Is there a catch in this code (getting a version-specific Win32 function)?

M

Mercury132016-07-21 14:01:57

C++ / C#

Mercury13, 2016-07-21 14:01:57

The task is to get the Windows API function (Vista +), but somehow (maybe not as efficiently) work on XP +.

namespace {

    typedef BOOL WINAPI (*EvCancelIoEx) (    // ev = event
            _In_     HANDLE       hFile,
            _In_opt_ LPOVERLAPPED lpOverlapped
            );

    EvCancelIoEx cancelIoEx = NULL;

}   // anon namespace

void st::AsyncFile::detectWinVersion()   // static, вызывается из main, случай для cancelIoEx=NULL прописан
{
    HMODULE hKernel = LoadLibrary(L"kernel32.dll");
    if (hKernel) {
        cancelIoEx = reinterpret_cast<EvCancelIoEx>(GetProcAddress(hKernel, "CancelIoEx"));
    } else {
        cancelIoEx = NULL;
    }
    // We won’t free library, everyone uses kernel32!
}

Are there any security concerns? Is DLL injection possible and how to bypass it?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vladimir Martyanov, 2016-07-21
@Mercury13

Never use *_cast unless you understand exactly, completely, and completely what you are doing and why. In this case, typecasting in the style of (void *)GetProcAddress() is enough for the eyes.
Further, I would advise GetModuleHandle() instead of LoadLibrary(): surely your software imports functions from kernel32, therefore it is already loaded. And the problem of substitution is handled by the OS, not you. Well also it is not necessary to do FreeLibrary.