From ec1cb28ec616087a98ae9887e3ba318a5733ec42 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marius=20Negru=C8=9Biu?= <marius.negrutiu@protonmail.com>
Date: Thu, 16 Mar 2023 13:33:20 +0200
Subject: [PATCH] GH-6: Validate input parameters to avoid crashes

Prevent VirusTotal false positive detections as a result of WerFault.exe being launched as child process
---
 main.c | 8 ++++++++
 main.h | 9 +++++++++
 2 files changed, 17 insertions(+)

diff --git a/main.c b/main.c
index ebe2976..376ac85 100644
--- a/main.c
+++ b/main.c
@@ -211,6 +211,7 @@ void __cdecl Request(
 	QUEUE_REQUEST_PARAM Param;
 	PQUEUE_REQUEST pReq = NULL;
 
+	EXDLL_VALID_PARAMS();
 	EXDLL_INIT();
 	EXDLL_VALIDATE();
 
@@ -268,6 +269,7 @@ void __cdecl QueryGlobal(
 	ULONG64 iTotalRecvBytes = 0;
 	ULONG iTotalSpeed = 0;
 
+	EXDLL_VALID_PARAMS();
 	EXDLL_INIT();
 	EXDLL_VALIDATE();
 
@@ -388,6 +390,7 @@ void __cdecl Query(
 	LPTSTR pParam[30];
 	int iParamCount = 0, iDropCount = 0, i;
 
+	EXDLL_VALID_PARAMS();
 	EXDLL_INIT();
 	EXDLL_VALIDATE();
 
@@ -587,6 +590,7 @@ void __cdecl Set(
 	BOOLEAN bRemove = FALSE;
 	BOOLEAN bAbort = FALSE;
 
+	EXDLL_VALID_PARAMS();
 	EXDLL_INIT();
 	EXDLL_VALIDATE();
 
@@ -680,6 +684,7 @@ void __cdecl Enumerate(
 	REQUEST_STATUS iStatus = ANY_STATUS;
 	ULONG iPrio = ANY_PRIORITY;
 
+	EXDLL_VALID_PARAMS();
 	EXDLL_INIT();
 	EXDLL_VALIDATE();
 
@@ -816,6 +821,7 @@ void __cdecl Wait(
 	LPTSTR psz;
 	GUI_WAIT_PARAM Param;
 
+	EXDLL_VALID_PARAMS();
 	EXDLL_INIT();
 	EXDLL_VALIDATE();
 
@@ -866,6 +872,7 @@ void __cdecl Transfer(
 	GUI_WAIT_PARAM WaitParam;
 	PQUEUE_REQUEST pReq = NULL;
 
+	EXDLL_VALID_PARAMS();
 	EXDLL_INIT();
 	EXDLL_VALIDATE();
 
@@ -938,6 +945,7 @@ void __cdecl Test(
 	extra_parameters *extra
 	)
 {
+	EXDLL_VALID_PARAMS();
 	EXDLL_INIT();
 	EXDLL_VALIDATE();
 
diff --git a/main.h b/main.h
index b8cffe1..1ab2e64 100644
--- a/main.h
+++ b/main.h
@@ -24,6 +24,15 @@
 // --> NSIS plugin API
 #include <nsis/pluginapi.h>
 
+// NOTE:
+// VirusTotal "detonates" dlls by running `RunDll32.exe "<dll>",<proc>` with no parameters
+// If the function expects valid parameters the dll will likely crash creating WerFault.exe as child process
+// This is interpreted as a potential launcher, increasing the chances of the file being labeled as malitious
+// Validate input parameters to prevent this
+#define EXDLL_VALID_PARAMS() \
+    if (!parent || !IsWindow(parent) || string_size == 0 || !variables || !stacktop || !extra) \
+        return;
+
 #undef EXDLL_INIT
 #define EXDLL_INIT()           {  \
         g_stringsize=string_size; \