why do i see salextx86.dll loaded into chrome broker process

Discussion of bugs and problems found in Altap Salamander. In your reports, please be as descriptive as possible, and report one incident per report. Do not post crash reports here, send us the generated bug report by email instead, please.
svyr
Posts: 10
Joined: 26 Aug 2009, 11:59

why do i see salextx86.dll loaded into chrome broker process

Post by svyr » 28 May 2014, 17:01

Hi,

I noticed salextx86.dll is for some reason loaded into the chrome broker process (not the renderer child ones, but the main one). This looks to happen both on my Win7 and win8 laptops. (as soon as the process starts)

Furthermore, the dll does not appear to be compiled with ASLR enabled.

a)Any idea why/b)is it possible to recompile it with ALSR enabled?
c)is it possible to compile salamander 3.01+ with ASLR (along with its modules). While it's not exactly a browser or anything it does have doc preview for many formats, etc.

therube
Posts: 612
Joined: 14 Dec 2006, 06:22

Re: why do i see salextx86.dll loaded into chrome broker pro

Post by therube » 28 May 2014, 22:46

> I noticed salextx86.dll is for some reason loaded into the chrome broker process

Confirmed.

> While it's not exactly a browser or anything it does have doc preview for many formats, etc

Agreed.
And even more so now as it relates to XP (& the lack of updates therein).
WinXP Pro SP3 or Win7 x86 | SS 2.54

svyr
Posts: 10
Joined: 26 Aug 2009, 11:59

Re: why do i see salextx86.dll loaded into chrome broker pro

Post by svyr » 29 May 2014, 07:03

pretty sure the xp is gone security wise even without EoL for updates
XP doesn't support ASLR (and by extension the win8 aslr improvements, or include heap hardening (7/8), mandatory code signing for os files (8) and others). Doesn't support bitlocker for data at rest either (that said - truecrypt). SEHOP support is missing as well. (see emet 4.1 manual for more detail and the win7/8 security improvement ms articles )
Pretty sure XP doesn't support integrity levels and UAC either (meaning no IE protected mode, but no one would use it on xp without updates and the chrome sandbox works without integrity levels (not that using chrome on an unsupported OS is good).

anyhow, hopefully we can get a clarification re ASLR for win7/8 above, specifically for the DLL in question (and what it does), and for salamander and bundled modules in general.

User avatar
Ether
Posts: 1459
Joined: 10 May 2007, 16:08
Location: Czech Republic
Contact:

Re: why do i see salextx86.dll loaded into chrome broker pro

Post by Ether » 29 May 2014, 08:42

Autoruns discovers that it's registered as a copy hook handler (it's used for drag'n'dropping to/from plugin filesystems and archives).
Ελληνικά rulez.

Jan Rysavy
ALTAP Staff
ALTAP Staff
Posts: 5138
Joined: 08 Dec 2005, 06:34
Location: Novy Bor, Czech Republic
Contact:

Re: why do i see salextx86.dll loaded into chrome broker pro

Post by Jan Rysavy » 29 May 2014, 09:07

Interesting, I will look at ASLR and DEP. If it will be compatible with Windows 2000 and XP without SP, we can release it with AS 3.02 this week.

According to Windows ISV Software Security Defenses ASLR and DEP are only effective when used together; therefore ISVs should opt-in for both defenses (/DYNAMICBASE and /NXCOMPAT) for all binaries.

AS shell extension description:
This DLL is registered as a shell extension in the Windows registry. It provides support for Drag & Drop and Cut / Copy & Paste from archives and plugin file-systems to Windows Explorer. It can be locked by Windows, so it may not be possible to delete it directly. If you have uninstalled Altap Salamander, you should restart Windows to remove this DLL (this DLL will be removed on next start of Windows). If you want to uninstall this DLL manually, open Command Prompt (run cmd.exe or command.com), run "regsvr32 /u salextx86.dll", restart Windows, and try to delete this DLL again (it should not be registered as the shell extension, so it should be possible to delete it).

therube
Posts: 612
Joined: 14 Dec 2006, 06:22

Re: why do i see salextx86.dll loaded into chrome broker pro

Post by therube » 29 May 2014, 18:38

> This DLL is registered as a shell extension...

I guess the question is why Chrome picks up on that (where Mozilla does not, IOW salextx86.dll is not in the firefox.exe process space).

If I drag a "text" file into either browser, it displays it.

If I drag a ZIP file into Chrome, it treats it as a "downloaded" file (as if I had downloaded it from the Internet).
If I drag a ZIP file into FF, it prompts as to what I want to do with it; Open with or Save File

> Copy & Paste from archives and plugin file-systems to Windows Explorer

If I open a ZIP (in Salamander) & drag a text file from there into either Chrome or Firefox, neither browser "accepts" the file (cannot be dropped).

Would think its really an issue on the Chrome end as to why it picks up on it?
WinXP Pro SP3 or Win7 x86 | SS 2.54

Jan Rysavy
ALTAP Staff
ALTAP Staff
Posts: 5138
Joined: 08 Dec 2005, 06:34
Location: Novy Bor, Czech Republic
Contact:

Re: why do i see salextx86.dll loaded into chrome broker pro

Post by Jan Rysavy » 29 May 2014, 18:44

I have no idea. Maybe some Windows Explorer compatibility layer, some files handling.

Fortunately it is open source - not a problem to download Chrome source code and find out reason.

Jan Rysavy
ALTAP Staff
ALTAP Staff
Posts: 5138
Joined: 08 Dec 2005, 06:34
Location: Novy Bor, Czech Republic
Contact:

Re: why do i see salextx86.dll loaded into chrome broker pro

Post by Jan Rysavy » 29 May 2014, 19:45

Altap Salamander 3.02 will be compiled with /DYNAMICBASE and /NXCOMPAT options. I didn't find any compatibility problem with Windows 2000 and Windows XP without SP.

Actually some DLLs (salrtl9.dll, salrtlp9.dll, unrar.dll) were already compiled with these options in AS 3.0 and 3.01.

svyr
Posts: 10
Joined: 26 Aug 2009, 11:59

Re: why do i see salextx86.dll loaded into chrome broker pro

Post by svyr » 31 May 2014, 07:21

Thank you Jan.

[s]Do the plugins need to be re-released as well? (spl files)[/s] (ah, nvm, those look fine)

Also, for plugins\pictview\pvw32cnv.dll would you be able to liaise with the developer?

Jan Rysavy
ALTAP Staff
ALTAP Staff
Posts: 5138
Joined: 08 Dec 2005, 06:34
Location: Novy Bor, Czech Republic
Contact:

Re: why do i see salextx86.dll loaded into chrome broker pro

Post by Jan Rysavy » 31 May 2014, 20:51

I doubt it would be possible (pvw32cnv.dll is x86 only asm/delphi project), but I will ask Jan Patera - PV author - and let you know.

Another problem is bundled OpenSSL library (utils\libeay32.dll and ssleay32.dll), I have no idea why they don't use /DYNAMICBASE and /NXCOMPAT options. I tried to google some reason but found nothing.

Also UnACE and Eroiica Viewer are using third party DLLs compiled without these options.

Jan Rysavy
ALTAP Staff
ALTAP Staff
Posts: 5138
Joined: 08 Dec 2005, 06:34
Location: Novy Bor, Czech Republic
Contact:

Re: why do i see salextx86.dll loaded into chrome broker pro

Post by Jan Rysavy » 08 Jun 2014, 09:22

Note: AS 3.03 will come with /DYNAMICBASE /NXCOMPAT compiled OpenSSL.

svyr
Posts: 10
Joined: 26 Aug 2009, 11:59

Re: why do i see salextx86.dll loaded into chrome broker pro

Post by svyr » 09 Jun 2014, 06:10

Jan Rysavy wrote:Note: AS 3.03 will come with /DYNAMICBASE /NXCOMPAT compiled OpenSSL.
thanks Jan :) !

so for the pict view guys - it's a no, since they're probably not using a tool chain that supports /DYNAMICBASE /NXCOMPAT ? (delphi and asm as per above :( ?)

Jan Rysavy
ALTAP Staff
ALTAP Staff
Posts: 5138
Joined: 08 Dec 2005, 06:34
Location: Novy Bor, Czech Republic
Contact:

Re: why do i see salextx86.dll loaded into chrome broker pro

Post by Jan Rysavy » 09 Jun 2014, 08:49

PictView - yes, exactly.

It is possible to set these flags with EDITBIN, but we didn't test it.

svyr
Posts: 10
Joined: 26 Aug 2009, 11:59

Re: why do i see salextx86.dll loaded into chrome broker pro

Post by svyr » 07 Jul 2014, 17:24

Jan Rysavy wrote:PictView - yes, exactly.

It is possible to set these flags with EDITBIN, but we didn't test it.
http://msdn.microsoft.com/en-gb/en-en/l ... ddyfc.aspx does sound like good fun - might give it a go :D :twisted:

Post Reply