2020-07-03 12:26:06 +02:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0
|
|
|
|
*
|
2021-01-30 16:45:26 +01:00
|
|
|
* Copyright (C) 2018-2021 WireGuard LLC. All Rights Reserved.
|
2020-07-03 12:26:06 +02:00
|
|
|
*/
|
|
|
|
|
2020-10-31 11:55:26 +01:00
|
|
|
#include "logger.h"
|
2021-07-28 20:20:09 +02:00
|
|
|
#include "adapter.h"
|
|
|
|
#include "main.h"
|
2020-10-31 11:55:26 +01:00
|
|
|
#include "namespace.h"
|
2021-07-28 20:20:09 +02:00
|
|
|
#include "registry.h"
|
|
|
|
#include "ntdll.h"
|
2020-10-31 11:55:26 +01:00
|
|
|
|
|
|
|
#include <Windows.h>
|
|
|
|
#include <delayimp.h>
|
|
|
|
#include <sddl.h>
|
2021-07-23 18:19:00 +02:00
|
|
|
#include <winefs.h>
|
|
|
|
#include <stdlib.h>
|
2020-07-03 12:26:06 +02:00
|
|
|
|
|
|
|
HINSTANCE ResourceModule;
|
2020-10-24 22:12:47 +02:00
|
|
|
HANDLE ModuleHeap;
|
2020-10-30 13:26:36 +01:00
|
|
|
SECURITY_ATTRIBUTES SecurityAttributes = { .nLength = sizeof(SECURITY_ATTRIBUTES) };
|
2021-06-24 12:12:13 +02:00
|
|
|
BOOL IsLocalSystem;
|
2021-07-28 20:20:09 +02:00
|
|
|
USHORT NativeMachine = IMAGE_FILE_PROCESS;
|
|
|
|
BOOL IsWindows10;
|
2020-07-03 12:26:06 +02:00
|
|
|
|
2020-11-03 12:29:34 +01:00
|
|
|
static FARPROC WINAPI
|
|
|
|
DelayedLoadLibraryHook(unsigned dliNotify, PDelayLoadInfo pdli)
|
2020-10-30 11:43:47 +01:00
|
|
|
{
|
|
|
|
if (dliNotify != dliNotePreLoadLibrary)
|
|
|
|
return NULL;
|
|
|
|
HMODULE Library = LoadLibraryExA(pdli->szDll, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
|
|
|
|
if (!Library)
|
|
|
|
abort();
|
|
|
|
return (FARPROC)Library;
|
|
|
|
}
|
|
|
|
|
|
|
|
const PfnDliHook __pfnDliNotifyHook2 = DelayedLoadLibraryHook;
|
2020-11-16 20:53:07 +01:00
|
|
|
|
2021-07-28 20:20:09 +02:00
|
|
|
static BOOL InitializeSecurityObjects(VOID)
|
2021-06-24 12:12:13 +02:00
|
|
|
{
|
|
|
|
BYTE LocalSystemSid[MAX_SID_SIZE];
|
|
|
|
DWORD RequiredBytes = sizeof(LocalSystemSid);
|
|
|
|
HANDLE CurrentProcessToken;
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
TOKEN_USER MaybeLocalSystem;
|
|
|
|
CHAR LargeEnoughForLocalSystem[MAX_SID_SIZE];
|
|
|
|
} TokenUserBuffer;
|
|
|
|
BOOL Ret = FALSE;
|
|
|
|
|
|
|
|
if (!CreateWellKnownSid(WinLocalSystemSid, NULL, LocalSystemSid, &RequiredBytes))
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &CurrentProcessToken))
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
if (!GetTokenInformation(CurrentProcessToken, TokenUser, &TokenUserBuffer, sizeof(TokenUserBuffer), &RequiredBytes))
|
|
|
|
goto cleanupProcessToken;
|
|
|
|
|
|
|
|
IsLocalSystem = EqualSid(TokenUserBuffer.MaybeLocalSystem.User.Sid, LocalSystemSid);
|
|
|
|
Ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(
|
|
|
|
IsLocalSystem ? L"O:SYD:P(A;;GA;;;SY)(A;;GA;;;BA)S:(ML;;NWNRNX;;;HI)"
|
|
|
|
: L"O:BAD:P(A;;GA;;;SY)(A;;GA;;;BA)S:(ML;;NWNRNX;;;HI)",
|
|
|
|
SDDL_REVISION_1,
|
|
|
|
&SecurityAttributes.lpSecurityDescriptor,
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
cleanupProcessToken:
|
|
|
|
CloseHandle(CurrentProcessToken);
|
|
|
|
return Ret;
|
|
|
|
}
|
|
|
|
|
2021-07-28 20:20:09 +02:00
|
|
|
static VOID EnvInit(VOID)
|
|
|
|
{
|
|
|
|
DWORD MajorVersion;
|
|
|
|
RtlGetNtVersionNumbers(&MajorVersion, NULL, NULL);
|
|
|
|
IsWindows10 = MajorVersion >= 10;
|
|
|
|
|
|
|
|
#ifdef MAYBE_WOW64
|
|
|
|
typedef BOOL(WINAPI * IsWow64Process2_t)(
|
|
|
|
_In_ HANDLE hProcess, _Out_ USHORT * pProcessMachine, _Out_opt_ USHORT * pNativeMachine);
|
|
|
|
HANDLE Kernel32;
|
|
|
|
IsWow64Process2_t IsWow64Process2;
|
|
|
|
USHORT ProcessMachine;
|
|
|
|
if ((Kernel32 = GetModuleHandleW(L"kernel32.dll")) == NULL ||
|
|
|
|
(IsWow64Process2 = (IsWow64Process2_t)GetProcAddress(Kernel32, "IsWow64Process2")) == NULL ||
|
|
|
|
!IsWow64Process2(GetCurrentProcess(), &ProcessMachine, &NativeMachine))
|
|
|
|
{
|
|
|
|
BOOL IsWoW64;
|
|
|
|
NativeMachine =
|
|
|
|
IsWow64Process(GetCurrentProcess(), &IsWoW64) && IsWoW64 ? IMAGE_FILE_MACHINE_AMD64 : IMAGE_FILE_PROCESS;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2020-07-03 12:26:06 +02:00
|
|
|
BOOL APIENTRY
|
|
|
|
DllMain(_In_ HINSTANCE hinstDLL, _In_ DWORD fdwReason, _In_ LPVOID lpvReserved)
|
|
|
|
{
|
|
|
|
switch (fdwReason)
|
|
|
|
{
|
|
|
|
case DLL_PROCESS_ATTACH:
|
|
|
|
ResourceModule = hinstDLL;
|
2020-10-24 22:12:47 +02:00
|
|
|
ModuleHeap = HeapCreate(0, 0, 0);
|
2020-10-31 08:15:52 +01:00
|
|
|
if (!ModuleHeap)
|
|
|
|
return FALSE;
|
2021-06-24 12:12:13 +02:00
|
|
|
if (!InitializeSecurityObjects())
|
|
|
|
{
|
|
|
|
HeapDestroy(ModuleHeap);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2021-07-28 20:20:09 +02:00
|
|
|
EnvInit();
|
2020-07-03 16:49:47 +02:00
|
|
|
NamespaceInit();
|
|
|
|
break;
|
|
|
|
|
2020-07-03 12:26:06 +02:00
|
|
|
case DLL_PROCESS_DETACH:
|
2020-11-03 12:29:34 +01:00
|
|
|
NamespaceDone();
|
2020-10-30 13:26:36 +01:00
|
|
|
LocalFree(SecurityAttributes.lpSecurityDescriptor);
|
2020-10-24 22:12:47 +02:00
|
|
|
HeapDestroy(ModuleHeap);
|
2020-07-03 12:26:06 +02:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
return TRUE;
|
|
|
|
}
|