From 0d13339892903effbaf07b38c62326b716ebf29a Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Thu, 25 Apr 2019 14:36:00 +0200
Subject: main: forbid wow64 executions

---
 zsyscall_windows.go | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

(limited to 'zsyscall_windows.go')

diff --git a/zsyscall_windows.go b/zsyscall_windows.go
index d78d0ea3..dc9f9ffc 100644
--- a/zsyscall_windows.go
+++ b/zsyscall_windows.go
@@ -37,11 +37,13 @@ func errnoErr(e syscall.Errno) error {
 }
 
 var (
-	moduser32  = windows.NewLazySystemDLL("user32.dll")
-	modshell32 = windows.NewLazySystemDLL("shell32.dll")
+	moduser32   = windows.NewLazySystemDLL("user32.dll")
+	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
+	modshell32  = windows.NewLazySystemDLL("shell32.dll")
 
-	procMessageBoxExW = moduser32.NewProc("MessageBoxExW")
-	procShellExecuteW = modshell32.NewProc("ShellExecuteW")
+	procMessageBoxExW  = moduser32.NewProc("MessageBoxExW")
+	procIsWow64Process = modkernel32.NewProc("IsWow64Process")
+	procShellExecuteW  = modshell32.NewProc("ShellExecuteW")
 )
 
 func messageBoxEx(hwnd windows.Handle, text *uint16, title *uint16, typ uint, languageId uint16) {
@@ -49,6 +51,18 @@ func messageBoxEx(hwnd windows.Handle, text *uint16, title *uint16, typ uint, la
 	return
 }
 
+func isWow64Process(handle windows.Handle, isWow64 *bool) (err error) {
+	r1, _, e1 := syscall.Syscall(procIsWow64Process.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(isWow64)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = errnoErr(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
 func shellExecute(hwnd windows.Handle, verb *uint16, file *uint16, args *uint16, cwd *uint16, showCmd int) (err error) {
 	r1, _, e1 := syscall.Syscall6(procShellExecuteW.Addr(), 6, uintptr(hwnd), uintptr(unsafe.Pointer(verb)), uintptr(unsafe.Pointer(file)), uintptr(unsafe.Pointer(args)), uintptr(unsafe.Pointer(cwd)), uintptr(showCmd))
 	if r1 == 0 {
-- 
cgit v1.2.3-59-g8ed1b