why do i see salextx86.dll loaded into chrome broker process
why do i see salextx86.dll loaded into chrome broker process
Hi,
I noticed salextx86.dll is for some reason loaded into the chrome broker process (not the renderer child ones, but the main one). This looks to happen both on my Win7 and win8 laptops. (as soon as the process starts)
Furthermore, the dll does not appear to be compiled with ASLR enabled.
a)Any idea why/b)is it possible to recompile it with ALSR enabled?
c)is it possible to compile salamander 3.01+ with ASLR (along with its modules). While it's not exactly a browser or anything it does have doc preview for many formats, etc.
I noticed salextx86.dll is for some reason loaded into the chrome broker process (not the renderer child ones, but the main one). This looks to happen both on my Win7 and win8 laptops. (as soon as the process starts)
Furthermore, the dll does not appear to be compiled with ASLR enabled.
a)Any idea why/b)is it possible to recompile it with ALSR enabled?
c)is it possible to compile salamander 3.01+ with ASLR (along with its modules). While it's not exactly a browser or anything it does have doc preview for many formats, etc.
Re: why do i see salextx86.dll loaded into chrome broker pro
> I noticed salextx86.dll is for some reason loaded into the chrome broker process
Confirmed.
> While it's not exactly a browser or anything it does have doc preview for many formats, etc
Agreed.
And even more so now as it relates to XP (& the lack of updates therein).
Confirmed.
> While it's not exactly a browser or anything it does have doc preview for many formats, etc
Agreed.
And even more so now as it relates to XP (& the lack of updates therein).
WinXP Pro SP3 or Win7 x86 | SS 2.54
Re: why do i see salextx86.dll loaded into chrome broker pro
pretty sure the xp is gone security wise even without EoL for updates
XP doesn't support ASLR (and by extension the win8 aslr improvements, or include heap hardening (7/8), mandatory code signing for os files (8) and others). Doesn't support bitlocker for data at rest either (that said - truecrypt). SEHOP support is missing as well. (see emet 4.1 manual for more detail and the win7/8 security improvement ms articles )
Pretty sure XP doesn't support integrity levels and UAC either (meaning no IE protected mode, but no one would use it on xp without updates and the chrome sandbox works without integrity levels (not that using chrome on an unsupported OS is good).
anyhow, hopefully we can get a clarification re ASLR for win7/8 above, specifically for the DLL in question (and what it does), and for salamander and bundled modules in general.
XP doesn't support ASLR (and by extension the win8 aslr improvements, or include heap hardening (7/8), mandatory code signing for os files (8) and others). Doesn't support bitlocker for data at rest either (that said - truecrypt). SEHOP support is missing as well. (see emet 4.1 manual for more detail and the win7/8 security improvement ms articles )
Pretty sure XP doesn't support integrity levels and UAC either (meaning no IE protected mode, but no one would use it on xp without updates and the chrome sandbox works without integrity levels (not that using chrome on an unsupported OS is good).
anyhow, hopefully we can get a clarification re ASLR for win7/8 above, specifically for the DLL in question (and what it does), and for salamander and bundled modules in general.
Re: why do i see salextx86.dll loaded into chrome broker pro
Autoruns discovers that it's registered as a copy hook handler (it's used for drag'n'dropping to/from plugin filesystems and archives).
Ελληνικά rulez.
-
- ALTAP Staff
- Posts: 5231
- Joined: 08 Dec 2005, 06:34
- Location: Novy Bor, Czech Republic
- Contact:
Re: why do i see salextx86.dll loaded into chrome broker pro
Interesting, I will look at ASLR and DEP. If it will be compatible with Windows 2000 and XP without SP, we can release it with AS 3.02 this week.
According to Windows ISV Software Security Defenses ASLR and DEP are only effective when used together; therefore ISVs should opt-in for both defenses (/DYNAMICBASE and /NXCOMPAT) for all binaries.
AS shell extension description:
This DLL is registered as a shell extension in the Windows registry. It provides support for Drag & Drop and Cut / Copy & Paste from archives and plugin file-systems to Windows Explorer. It can be locked by Windows, so it may not be possible to delete it directly. If you have uninstalled Altap Salamander, you should restart Windows to remove this DLL (this DLL will be removed on next start of Windows). If you want to uninstall this DLL manually, open Command Prompt (run cmd.exe or command.com), run "regsvr32 /u salextx86.dll", restart Windows, and try to delete this DLL again (it should not be registered as the shell extension, so it should be possible to delete it).
According to Windows ISV Software Security Defenses ASLR and DEP are only effective when used together; therefore ISVs should opt-in for both defenses (/DYNAMICBASE and /NXCOMPAT) for all binaries.
AS shell extension description:
This DLL is registered as a shell extension in the Windows registry. It provides support for Drag & Drop and Cut / Copy & Paste from archives and plugin file-systems to Windows Explorer. It can be locked by Windows, so it may not be possible to delete it directly. If you have uninstalled Altap Salamander, you should restart Windows to remove this DLL (this DLL will be removed on next start of Windows). If you want to uninstall this DLL manually, open Command Prompt (run cmd.exe or command.com), run "regsvr32 /u salextx86.dll", restart Windows, and try to delete this DLL again (it should not be registered as the shell extension, so it should be possible to delete it).
Re: why do i see salextx86.dll loaded into chrome broker pro
> This DLL is registered as a shell extension...
I guess the question is why Chrome picks up on that (where Mozilla does not, IOW salextx86.dll is not in the firefox.exe process space).
If I drag a "text" file into either browser, it displays it.
If I drag a ZIP file into Chrome, it treats it as a "downloaded" file (as if I had downloaded it from the Internet).
If I drag a ZIP file into FF, it prompts as to what I want to do with it; Open with or Save File
> Copy & Paste from archives and plugin file-systems to Windows Explorer
If I open a ZIP (in Salamander) & drag a text file from there into either Chrome or Firefox, neither browser "accepts" the file (cannot be dropped).
Would think its really an issue on the Chrome end as to why it picks up on it?
I guess the question is why Chrome picks up on that (where Mozilla does not, IOW salextx86.dll is not in the firefox.exe process space).
If I drag a "text" file into either browser, it displays it.
If I drag a ZIP file into Chrome, it treats it as a "downloaded" file (as if I had downloaded it from the Internet).
If I drag a ZIP file into FF, it prompts as to what I want to do with it; Open with or Save File
> Copy & Paste from archives and plugin file-systems to Windows Explorer
If I open a ZIP (in Salamander) & drag a text file from there into either Chrome or Firefox, neither browser "accepts" the file (cannot be dropped).
Would think its really an issue on the Chrome end as to why it picks up on it?
WinXP Pro SP3 or Win7 x86 | SS 2.54
-
- ALTAP Staff
- Posts: 5231
- Joined: 08 Dec 2005, 06:34
- Location: Novy Bor, Czech Republic
- Contact:
Re: why do i see salextx86.dll loaded into chrome broker pro
I have no idea. Maybe some Windows Explorer compatibility layer, some files handling.
Fortunately it is open source - not a problem to download Chrome source code and find out reason.
Fortunately it is open source - not a problem to download Chrome source code and find out reason.
-
- ALTAP Staff
- Posts: 5231
- Joined: 08 Dec 2005, 06:34
- Location: Novy Bor, Czech Republic
- Contact:
Re: why do i see salextx86.dll loaded into chrome broker pro
Altap Salamander 3.02 will be compiled with /DYNAMICBASE and /NXCOMPAT options. I didn't find any compatibility problem with Windows 2000 and Windows XP without SP.
Actually some DLLs (salrtl9.dll, salrtlp9.dll, unrar.dll) were already compiled with these options in AS 3.0 and 3.01.
Actually some DLLs (salrtl9.dll, salrtlp9.dll, unrar.dll) were already compiled with these options in AS 3.0 and 3.01.
Re: why do i see salextx86.dll loaded into chrome broker pro
Thank you Jan.
[s]Do the plugins need to be re-released as well? (spl files)[/s] (ah, nvm, those look fine)
Also, for plugins\pictview\pvw32cnv.dll would you be able to liaise with the developer?
[s]Do the plugins need to be re-released as well? (spl files)[/s] (ah, nvm, those look fine)
Also, for plugins\pictview\pvw32cnv.dll would you be able to liaise with the developer?
-
- ALTAP Staff
- Posts: 5231
- Joined: 08 Dec 2005, 06:34
- Location: Novy Bor, Czech Republic
- Contact:
Re: why do i see salextx86.dll loaded into chrome broker pro
I doubt it would be possible (pvw32cnv.dll is x86 only asm/delphi project), but I will ask Jan Patera - PV author - and let you know.
Another problem is bundled OpenSSL library (utils\libeay32.dll and ssleay32.dll), I have no idea why they don't use /DYNAMICBASE and /NXCOMPAT options. I tried to google some reason but found nothing.
Also UnACE and Eroiica Viewer are using third party DLLs compiled without these options.
Another problem is bundled OpenSSL library (utils\libeay32.dll and ssleay32.dll), I have no idea why they don't use /DYNAMICBASE and /NXCOMPAT options. I tried to google some reason but found nothing.
Also UnACE and Eroiica Viewer are using third party DLLs compiled without these options.
-
- ALTAP Staff
- Posts: 5231
- Joined: 08 Dec 2005, 06:34
- Location: Novy Bor, Czech Republic
- Contact:
Re: why do i see salextx86.dll loaded into chrome broker pro
Note: AS 3.03 will come with /DYNAMICBASE /NXCOMPAT compiled OpenSSL.
Re: why do i see salextx86.dll loaded into chrome broker pro
thanks Jan !Jan Rysavy wrote:Note: AS 3.03 will come with /DYNAMICBASE /NXCOMPAT compiled OpenSSL.
so for the pict view guys - it's a no, since they're probably not using a tool chain that supports /DYNAMICBASE /NXCOMPAT ? (delphi and asm as per above ?)
-
- ALTAP Staff
- Posts: 5231
- Joined: 08 Dec 2005, 06:34
- Location: Novy Bor, Czech Republic
- Contact:
Re: why do i see salextx86.dll loaded into chrome broker pro
http://msdn.microsoft.com/en-gb/en-en/l ... ddyfc.aspx does sound like good fun - might give it a goJan Rysavy wrote:PictView - yes, exactly.
It is possible to set these flags with EDITBIN, but we didn't test it.