Techly NewsGet the app

Get the latest tech news

Windows dynamic linking depends on the active code page


ullprogram.com/blog/2024/10/07/ Windows paths have been WTF-16-encoded for decades, but module names in the import tables of Portable Executable are octets. If a name contains values beyond ASCII — technically out of spec — then the dynamic linker must somehow decode those octets into Unicode in order to construct a lookup path.

If a name contains values beyond ASCII — technically out of spec — then the dynamic linker must somehow decode those octets into Unicode in order to construct a lookup path. Constructing the import library can be tricky because you must consider how the toolchain, editors, and shells decode and encode text, which may involve the build system’s code page. Malware could use it to trick inspection tools and scanners that decode module names differently than the dynamic linker.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of active code page

active code page

« NLRB accuses Apple of illegally restricting employee Slack and social media use
Why do systems fail? Tandem NonStop system and fault tolerance »