I noticed everything installer use LoadLibraryA to load dlls, according to microsoft's recommendations:
Where possible, use a fully qualified path name when loading a library;
Remove the current directory from the search path by using SetDLLDirectory;
Do not use SearchPath to locate a library. SearchPath was not intended to look for libraries to be loaded into the application process space, and uses an insecure search order;
Do not attempt to load libraries purely to identify the version of Windows. Instead, use GetVersionEx or a similar function offered by the Windows API.
(https://msrc-blog.microsoft.com/2010/08 ... ck-vector/)
For example, if SHFOLDER.dll is in the same directory of Everything-1.4.1.935.x86-Setup.exe/Everything-1.4.1.935.x64-Setup.exe then this SHFOLDER.dll will get executed.
load dll safely
Re: load dll safely
This is a limitation with the nsis installer.
This is not an issue with msi installer.
The plan is to use my own installer for future releases.
Thanks for the suggestion.
The installed Everything.exe will always use fully qualified names when calling LoadLibrary.
This is not an issue with msi installer.
The plan is to use my own installer for future releases.
Thanks for the suggestion.
The installed Everything.exe will always use fully qualified names when calling LoadLibrary.