From 384b795dd8486aca318a4df7acda81f48ef7d6c7 Mon Sep 17 00:00:00 2001 From: Disconnect3d Date: Wed, 18 Jun 2025 14:48:29 +0200 Subject: [PATCH] dll_windows.go: update docs about secure way to load system DLLs Before this change, the documentation of the `syscall.LazyDLL` states to use `windows.LazyDLL` for secure loading of system DLLs. However, this is only secure if the user does it through the `windows.NewLazySystemDLL` function or if they use `windows.NewLazyDLL` with an absolute path. Given all this, I think it is better to point to `windows.NewLazySystemDLL` instead of `windows.LazyDLL` in here. --- src/syscall/dll_windows.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/syscall/dll_windows.go b/src/syscall/dll_windows.go index a7873e6ad8c93e..d6bb6c0efa8379 100644 --- a/src/syscall/dll_windows.go +++ b/src/syscall/dll_windows.go @@ -175,7 +175,7 @@ func (p *Proc) Call(a ...uintptr) (uintptr, uintptr, error) { // LazyDLL is subject to the same DLL preloading attacks as documented // on [LoadDLL]. // -// Use LazyDLL in golang.org/x/sys/windows for a secure way to +// Use NewLazySystemDLL in golang.org/x/sys/windows for a secure way to // load system DLLs. type LazyDLL struct { mu sync.Mutex