memmod: disable protected delayed load for now

Probably a bad idea, but we don't currently support it, and those huge
windows.NewCallback trampolines make juicer targets anyway.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

1 files changed, 11 insertions, 2 deletions

diff --git a/tun/wintun/memmod/memmod_windows.go b/tun/wintun/memmod/memmod_windows.go
index c75de5a..6eb022d 100644
--- a/tun/wintun/memmod/memmod_windows.go
+++ b/tun/wintun/memmod/memmod_windows.go
@@ -41,12 +41,12 @@ func (module *Module) headerDirectory(idx int) *IMAGE_DATA_DIRECTORY {
 	return &module.headers.OptionalHeader.DataDirectory[idx]
 }
 
-func (module *Module) copySections(address uintptr, size uintptr, old_headers *IMAGE_NT_HEADERS) error {
+func (module *Module) copySections(address uintptr, size uintptr, oldHeaders *IMAGE_NT_HEADERS) error {
 	sections := module.headers.Sections()
 	for i := range sections {
 		if sections[i].SizeOfRawData == 0 {
 			// Section doesn't contain data in the dll itself, but may define uninitialized data.
-			sectionSize := old_headers.OptionalHeader.SectionAlignment
+			sectionSize := oldHeaders.OptionalHeader.SectionAlignment
 			if sectionSize == 0 {
 				continue
 			}
@@ -491,6 +491,15 @@ func LoadLibrary(data []byte) (module *Module, err error) {
 		return
 	}
 
+	// Disable protected delayed load for now. TODO: We should support this properly at some point.
+	if IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG < module.headers.OptionalHeader.NumberOfRvaAndSizes {
+		directory := module.headerDirectory(IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG)
+		if directory.Size != 0 && directory.VirtualAddress != 0 {
+			loadConfig := (*IMAGE_LOAD_CONFIG_DIRECTORY)(a2p(module.codeBase + uintptr(directory.VirtualAddress)))
+			loadConfig.GuardFlags &^= IMAGE_GUARD_PROTECT_DELAYLOAD_IAT
+		}
+	}
+
 	// Mark memory pages depending on section headers and release sections that are marked as "discardable".
 	err = module.finalizeSections()
 	if err != nil {