[Wintun] DEPENDENTLOADFLAG for wintun.dll?

[Wintun] DEPENDENTLOADFLAG for wintun.dll?

[Brad Spencer]

Would it make sense to link the official wintun.dll with the MSVC 
linker's -DEPENDENTLOADFLAG:0x800 option?

https://docs.microsoft.com/en-us/cpp/build/reference/dependentloadflag

Doing so restricts the search path for immediate dependencies to the 
%windows%\system32\ directory, and I think all of the DLLs Wintun needs 
are there.

-- 
Brad Spencer

Re: [Wintun] DEPENDENTLOADFLAG for wintun.dll?

[Jason A. Donenfeld]

Hi Brad,

On Wed, Feb 10, 2021 at 3:04 PM Brad Spencer <bspencer@blackberry.com> wrote:
>
> Would it make sense to link the official wintun.dll with the MSVC
> linker's -DEPENDENTLOADFLAG:0x800 option?
>
> https://docs.microsoft.com/en-us/cpp/build/reference/dependentloadflag
>
> Doing so restricts the search path for immediate dependencies to the
> %windows%\system32\ directory, and I think all of the DLLs Wintun needs
> are there.

That flag is a bit of a can of worms, which I haven't been too
inclined to open. See:
https://skanthak.homepage.t-online.de/snafu.html

Instead, wintun.dll uses delay loading for all DLLs except for
kernel32.dll and ntdll.dll, and then forces the delay loader hook
through LoadLibraryEx. See:
https://git.zx2c4.com/wintun/tree/api/entry.c#n25 You can see this in
action by putting wintun.dll into depends:
https://data.zx2c4.com/depends-for-wintun-dll-feb-2021.png

(CCing Stefan, in case he's curious. The DLLs in question are
https://www.wintun.net/builds/wintun-0.10.1.zip )

Jason

Re: [Wintun] DEPENDENTLOADFLAG for wintun.dll?

[Stefan Kanthak]

"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:

> Hi Brad,
> 
> On Wed, Feb 10, 2021 at 3:04 PM Brad Spencer <bspencer@blackberry.com> wrote:
>>
>> Would it make sense to link the official wintun.dll with the MSVC
>> linker's -DEPENDENTLOADFLAG:0x800 option?
>>
>> https://docs.microsoft.com/en-us/cpp/build/reference/dependentloadflag
>>
>> Doing so restricts the search path for immediate dependencies to the
>> %windows%\system32\ directory, and I think all of the DLLs Wintun needs
>> are there.

This flag is supported only on current versions of Windows 10.
Since Wireguard still supports Windows 7 and 8 you but need the "classic"
mitigation there, i.e. delay-loading and your own delay-loading routine, as
Jason writes below.

> That flag is a bit of a can of worms, which I haven't been too
> inclined to open. See:
> https://skanthak.homepage.t-online.de/snafu.html

This flag also doesn't help with exports forwarded to "unknown" DLLs,
neither with /DEPENDENTLOADFLAG:... nor with LoadLibraryEx(): see
https://skanthak.homepage.t-online.de/detour.html

> Instead, wintun.dll uses delay loading for all DLLs except for
> kernel32.dll and ntdll.dll, and then forces the delay loader hook
> through LoadLibraryEx. See:
> https://git.zx2c4.com/wintun/tree/api/entry.c#n25 You can see this in
> action by putting wintun.dll into depends:
> https://data.zx2c4.com/depends-for-wintun-dll-feb-2021.png

Stefan

Re: [Wintun] DEPENDENTLOADFLAG for wintun.dll?

[Brad Spencer]

On 2021-02-10 10:57 a.m., Stefan Kanthak wrote:
> This flag is supported only on current versions of Windows 10.
> Since Wireguard still supports Windows 7 and 8 you but need the "classic"
> mitigation there, i.e. delay-loading and your own delay-loading routine, as
> Jason writes below.

Thanks.  I have actually read your pages previously, Stefan, but I 
neglected to dig in to how wintun.dll loads its dependencies already.  
Thanks to you both for the comprehensive replies.

-- 

Brad Spencer