* [Wintun] DEPENDENTLOADFLAG for wintun.dll?
@ 2021-02-10 14:02 Brad Spencer
2021-02-10 14:43 ` Jason A. Donenfeld
0 siblings, 1 reply; 4+ messages in thread
From: Brad Spencer @ 2021-02-10 14:02 UTC (permalink / raw)
To: WireGuard mailing list
Would it make sense to link the official wintun.dll with the MSVC
linker's -DEPENDENTLOADFLAG:0x800 option?
https://docs.microsoft.com/en-us/cpp/build/reference/dependentloadflag
Doing so restricts the search path for immediate dependencies to the
%windows%\system32\ directory, and I think all of the DLLs Wintun needs
are there.
--
Brad Spencer
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Wintun] DEPENDENTLOADFLAG for wintun.dll?
2021-02-10 14:02 [Wintun] DEPENDENTLOADFLAG for wintun.dll? Brad Spencer
@ 2021-02-10 14:43 ` Jason A. Donenfeld
2021-02-10 14:57 ` Stefan Kanthak
0 siblings, 1 reply; 4+ messages in thread
From: Jason A. Donenfeld @ 2021-02-10 14:43 UTC (permalink / raw)
To: Brad Spencer; +Cc: WireGuard mailing list, Stefan Kanthak
Hi Brad,
On Wed, Feb 10, 2021 at 3:04 PM Brad Spencer <bspencer@blackberry.com> wrote:
>
> Would it make sense to link the official wintun.dll with the MSVC
> linker's -DEPENDENTLOADFLAG:0x800 option?
>
> https://docs.microsoft.com/en-us/cpp/build/reference/dependentloadflag
>
> Doing so restricts the search path for immediate dependencies to the
> %windows%\system32\ directory, and I think all of the DLLs Wintun needs
> are there.
That flag is a bit of a can of worms, which I haven't been too
inclined to open. See:
https://skanthak.homepage.t-online.de/snafu.html
Instead, wintun.dll uses delay loading for all DLLs except for
kernel32.dll and ntdll.dll, and then forces the delay loader hook
through LoadLibraryEx. See:
https://git.zx2c4.com/wintun/tree/api/entry.c#n25 You can see this in
action by putting wintun.dll into depends:
https://data.zx2c4.com/depends-for-wintun-dll-feb-2021.png
(CCing Stefan, in case he's curious. The DLLs in question are
https://www.wintun.net/builds/wintun-0.10.1.zip )
Jason
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Wintun] DEPENDENTLOADFLAG for wintun.dll?
2021-02-10 14:43 ` Jason A. Donenfeld
@ 2021-02-10 14:57 ` Stefan Kanthak
2021-02-10 17:52 ` Brad Spencer
0 siblings, 1 reply; 4+ messages in thread
From: Stefan Kanthak @ 2021-02-10 14:57 UTC (permalink / raw)
To: Jason A. Donenfeld, Brad Spencer; +Cc: WireGuard mailing list
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:
> Hi Brad,
>
> On Wed, Feb 10, 2021 at 3:04 PM Brad Spencer <bspencer@blackberry.com> wrote:
>>
>> Would it make sense to link the official wintun.dll with the MSVC
>> linker's -DEPENDENTLOADFLAG:0x800 option?
>>
>> https://docs.microsoft.com/en-us/cpp/build/reference/dependentloadflag
>>
>> Doing so restricts the search path for immediate dependencies to the
>> %windows%\system32\ directory, and I think all of the DLLs Wintun needs
>> are there.
This flag is supported only on current versions of Windows 10.
Since Wireguard still supports Windows 7 and 8 you but need the "classic"
mitigation there, i.e. delay-loading and your own delay-loading routine, as
Jason writes below.
> That flag is a bit of a can of worms, which I haven't been too
> inclined to open. See:
> https://skanthak.homepage.t-online.de/snafu.html
This flag also doesn't help with exports forwarded to "unknown" DLLs,
neither with /DEPENDENTLOADFLAG:... nor with LoadLibraryEx(): see
https://skanthak.homepage.t-online.de/detour.html
> Instead, wintun.dll uses delay loading for all DLLs except for
> kernel32.dll and ntdll.dll, and then forces the delay loader hook
> through LoadLibraryEx. See:
> https://git.zx2c4.com/wintun/tree/api/entry.c#n25 You can see this in
> action by putting wintun.dll into depends:
> https://data.zx2c4.com/depends-for-wintun-dll-feb-2021.png
Stefan
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Wintun] DEPENDENTLOADFLAG for wintun.dll?
2021-02-10 14:57 ` Stefan Kanthak
@ 2021-02-10 17:52 ` Brad Spencer
0 siblings, 0 replies; 4+ messages in thread
From: Brad Spencer @ 2021-02-10 17:52 UTC (permalink / raw)
To: Stefan Kanthak, Jason A. Donenfeld; +Cc: WireGuard mailing list
On 2021-02-10 10:57 a.m., Stefan Kanthak wrote:
> This flag is supported only on current versions of Windows 10.
> Since Wireguard still supports Windows 7 and 8 you but need the "classic"
> mitigation there, i.e. delay-loading and your own delay-loading routine, as
> Jason writes below.
Thanks. I have actually read your pages previously, Stefan, but I
neglected to dig in to how wintun.dll loads its dependencies already.
Thanks to you both for the comprehensive replies.
--
Brad Spencer
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-02-10 17:53 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-10 14:02 [Wintun] DEPENDENTLOADFLAG for wintun.dll? Brad Spencer
2021-02-10 14:43 ` Jason A. Donenfeld
2021-02-10 14:57 ` Stefan Kanthak
2021-02-10 17:52 ` Brad Spencer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).