aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/driver (follow)
Commit message (Collapse)AuthorAgeFilesLines
* memmod: prune loaded address ranges on freeJason A. Donenfeld2026-05-191-0/+8
| | | | | | | | | | | | The RtlPcToFileHeader hook consults loadedAddressRanges to identify PCs that belong to manually-loaded modules. Entries were appended during LoadLibrary but never removed when the module was freed, so once the underlying allocation was returned to the OS and possibly reused, the hook would still claim those PCs as ours and substitute in a sentinel address, breaking unwind metadata lookup for whatever legitimate module ended up at that range. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: delete the function table on freeJason A. Donenfeld2026-05-191-1/+9
| | | | | | | | RtlAddFunctionTable keeps a kernel-side pointer into the in-image RUNTIME_FUNCTION array. Without a matching RtlDeleteFunctionTable, freeing codeBase via VirtualFree leaves that pointer dangling. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: distinguish no-exports from no-named-exportsJason A. Donenfeld2026-05-191-1/+1
| | | | | | | | The two checks collapsed into one || meant the second error message was unreachable. Drop NumberOfNames from the first check so both diagnostics are reachable for their respective cases. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: remove wintun legacy cleanupJason A. Donenfeld2026-04-191-50/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: be more resilient toward weird PE filesJason A. Donenfeld2026-04-161-8/+34
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: add new allowedip flagJason A. Donenfeld2026-03-241-1/+7
| | | | | | This also involves bumping wireguard-tools so that wg.exe is up to date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump dateJason A. Donenfeld2026-03-1816-16/+16
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump dateJason A. Donenfeld2022-01-0614-14/+14
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use syscall.SyscallNJason A. Donenfeld2021-12-163-17/+17
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: apply gofumptJason A. Donenfeld2021-12-093-8/+10
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* mod: remove x/sys forkJason A. Donenfeld2021-11-241-8/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: cleanup legacy wintunJason A. Donenfeld2021-10-291-0/+51
| | | | | | | | | | It's not good to leave cruft around from the upgrade case when people want to uninstall, so we remove wintun in the uninstaller manually (without the help of wintun.dll, which we no longer ship). But also, so that we can eventually drop that code, we also remove it opportunistically when the manager starts. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: align 64-bit argument on ARM32Jason A. Donenfeld2021-10-261-1/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: formatJason A. Donenfeld2021-10-262-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* mod: bump for x/sys changesJason A. Donenfeld2021-10-215-71/+35
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui: show driver version in about pageJason A. Donenfeld2021-10-204-0/+69
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: update naming of update onlyJason A. Donenfeld2021-10-191-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: remove old-style build tagsJason A. Donenfeld2021-10-126-6/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use unsafe.Add where possibleJason A. Donenfeld2021-10-121-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: use newer wireguard-go APIsJason A. Donenfeld2021-10-121-7/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use unsafe.Slice instead of unsafeSliceJason A. Donenfeld2021-10-112-57/+10
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: hook RtlPcToFileHeader's invocation from GetModuleHandleExJason A. Donenfeld2021-10-101-0/+84
| | | | | | | | | | | | | | | | | | | | When GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS) is called by cfgmgr32.dll's SwCreateDevice on the DLL's callback, it expects to get the module of the DLL. But of course memory loaded modules means there is none. This causes SwCreateDevice to fail. GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS) internally uses RtlPcToFileHeader. In turn, RtlPcToFileHeader looks things up in the inverted function table, which has no stable interface across OS releases. That means adding a proper module isn't going to work. So instead we hook the IAT, so that we can intercept all calls to RtlPcToFileHeader that come from GetModuleHandleEx's kernelbase.dll. If the value to look up is within the range of a module we've memory loaded, then we change the value to lookup to the hook function itself, so that it winds up returning the main module. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: use new APIJason A. Donenfeld2021-10-051-118/+32
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: document remaining functionsJason A. Donenfeld2021-09-242-0/+15
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: format with go 1.17Jason A. Donenfeld2021-09-096-0/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: split 64bit arguments into two for 32bit machinesJason A. Donenfeld2021-08-091-10/+20
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: break encapsulation and pass timestamp to ringloggerJason A. Donenfeld2021-08-081-2/+8
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: account for timestamp callback but do nothingJason A. Donenfeld2021-08-081-1/+2
| | | | | | | Go doesn't provide an easy way of passing a better timestamp to the log package. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* memmod: register exception handler tablesJason A. Donenfeld2021-08-052-0/+19
| | | | | | | | Otherwise recent WDK binaries fail on ARM64, where an exception handler is used for trapping an illegal instruction when ARMv8.1 atomics are being tested for functionality. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: introduce new module for talking with kernel driverJason A. Donenfeld2021-08-0215-0/+1886
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>