top | item 42630415

(no title)

Randor | 1 year ago

Some horrible code in there too:

https://searchfox.org/mozilla-central/source/toolkit/xre/dll...

Indiscriminate blocking of any DLL in the world with 12/6 hex digit filenames.

discuss

kimixa|1 year ago

Reading the bug report https://bugzilla.mozilla.org/show_bug.cgi?id=973138 feels reasonable.

It must be hard to be in a position to be blamed for someone else's bad code - or even malware - one comment said it was 1/3 of the total crashes on Vista at the time.

As a GPU driver dev I 100% understand this position - no user cares that gamedevs are hacking things left and right, they care if it runs.

ack_complete|1 year ago

There's plenty of blame to go around, really. My current project has a workaround for a user-mode graphics driver that sets the thread name without checking if D3D11_CREATE_DEVICE_SINGLETHREADED is set -- so there's code to detect this and call SetThreadDescription() to change it back so the main thread can be found in the debugger again.

There also used to be a problem with a release DLL in Windows 10 that would output to OutputDebugString() with an encoding mismatch, thus spamming the debug output window with random kanji.

I've heard that the Office team has resorted to detouring SetUnhandledExceptionFilter() since even they had problems with third party DLLs unhooking their in-process crash handler.

pjc50|1 year ago

Anyone naming their DLL with random hex digits is definitely up to no good.

Randor|1 year ago

It's a very common security technique to avoid being targeted by malware. I believe even the Microsoft KSLDriver drops randomly named DLL and device drivers along with creating a randomly named system service. Uses 8 hex characters.

Several third-party vendors use the same technique, mostly security vendors.