I'm using Pyinstaller to create a Windows standalone application (-onefile option) for users (ie. no installation, the user double clicks the application and it runs). It already fully works, DLLs are getting found and whatnot. However, what I've noticed is that my application attempts to load DLLs from the folder where the application was started from. This is a security risk, since a lot of users will be running my application from their Downloads folder as it is a standalone downloadable
The DLLs that are being searched for in these risky locations are system DLLs such as bcrypt.dll, secur32.dll, iertutil.dll, sspicli.dll, etc. These DLLs are found eventually in the System32 folder, it's just that it searches the directory that the application launched from first. The Python-specific DLLs and wxPython related DLLs are being found correctly on the first try in the special _MEIXXXX folder that Pyinstaller creates. Other system DLLs such as kernel32.dll and user32.dll are located right away in C:\Windows\System32 I've read up on DLL search order on Windows, and I suspect it's because those DLLs are dependent DLLs and therefore are searched for first in the directory that the application started from. Based on how PyInstaller works with the -onefile option, it would seem that the _MEIXXXX folder in AppData should be the directory that the application starts from. But it seems that for these dependent DLLs, the directory where the bootloader started from is the directory that the application starts from and becomes the first search path for the DLLs. I've tried these various solutions: 1) *SetDefaultDllDirectories <https://msdn.microsoft.com/en-us/library/windows/desktop/hh310515%28v=vs.85%29.aspx>* - Calling it with LOAD_LIBRARY_SEARCH_SYSTEM32 doesn't seem to do anything for dependent DLLs loaded by the DLLs loaded by my application. 2) *Application manifests with side-by-side assemblies* - This actually worked but is extremely ugly and increases my application size by 10 MB when all the DLLs are packed in. It's also not portable and I need my application to be able to run on all versions of Windows 7 and higher. Would definitely prefer to not have to do this. 3) *Using the App Paths Registry key <http://www.codeguru.com/cpp/w-p/dll/article.php/c99/Application-Specific-Paths-for-DLL-Loading.htm>* - Same as 1), it didn't seem to do anything for the dependent DLLs. My question is whether or not there's actually a way to fully control the DLL loading behavior of PyInstaller-created applications? And has anyone successfully done so without resorting to manifests and bundling a bunch of system DLLs with their application? -- You received this message because you are subscribed to the Google Groups "PyInstaller" group. To unsubscribe from this group and stop receiving emails from it, send an email to pyinstaller+unsubscr...@googlegroups.com. To post to this group, send email to pyinstaller@googlegroups.com. Visit this group at https://groups.google.com/group/pyinstaller. For more options, visit https://groups.google.com/d/optout.
