From afe859468635c5c6a11266d266a4c210aeb67eac Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 8 Oct 2021 20:19:57 -0600
Subject: memmod: hook RtlPcToFileHeader's invocation from GetModuleHandleEx

When GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS) is called
by cfgmgr32.dll's SwCreateDevice on the DLL's callback, it expects to
get the module of the DLL. But of course memory loaded modules means
there is none. This causes SwCreateDevice to fail.

GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS) internally
uses RtlPcToFileHeader. In turn, RtlPcToFileHeader looks things up in
the inverted function table, which has no stable interface across OS
releases. That means adding a proper module isn't going to work.

So instead we hook the IAT, so that we can intercept all calls to
RtlPcToFileHeader that come from GetModuleHandleEx's kernelbase.dll. If
the value to look up is within the range of a module we've memory
loaded, then we change the value to lookup to the hook function itself,
so that it winds up returning the main module.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'go.mod')

diff --git a/go.mod b/go.mod
index db521359..84d14667 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module golang.zx2c4.com/wireguard/windows
 
-go 1.16
+go 1.17
 
 require (
 	github.com/lxn/walk v0.0.0-20210112085537-c389da54e794
-- 
cgit v1.2.3-59-g8ed1b