5ab159c972
mingw-w64 bug 523 means that compile fails with missing type CERT_NAME_BLOB Pulling in wincrypt.h solves this
499 lines
14 KiB
C
499 lines
14 KiB
C
#include <windows.h>
|
|
#include <wincrypt.h>
|
|
#include <iphlpapi.h>
|
|
|
|
#include <stddef.h>
|
|
#include <stdint.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <time.h>
|
|
|
|
#include "hook/table.h"
|
|
|
|
#include "platform/netenv.h"
|
|
#include "platform/nusec.h"
|
|
|
|
#include "util/dprintf.h"
|
|
|
|
struct netenv {
|
|
IP_ADAPTER_ADDRESSES head;
|
|
char name[64];
|
|
wchar_t dns_suffix[64];
|
|
wchar_t description[64];
|
|
wchar_t friendly_name[64];
|
|
IP_ADAPTER_PREFIX prefix;
|
|
IP_ADAPTER_UNICAST_ADDRESS iface;
|
|
IP_ADAPTER_GATEWAY_ADDRESS router;
|
|
IP_ADAPTER_DNS_SERVER_ADDRESS dns;
|
|
struct sockaddr_in prefix_sa;
|
|
struct sockaddr_in iface_sa;
|
|
struct sockaddr_in router_sa;
|
|
struct sockaddr_in dns_sa;
|
|
};
|
|
|
|
/* Hook functions */
|
|
|
|
static uint32_t WINAPI hook_GetAdaptersAddresses(
|
|
uint32_t Family,
|
|
uint32_t Flags,
|
|
void *Reserved,
|
|
IP_ADAPTER_ADDRESSES *AdapterAddresses,
|
|
uint32_t *SizePointer);
|
|
|
|
static uint32_t WINAPI hook_GetAdaptersInfo(
|
|
IP_ADAPTER_INFO *AdapterInfo,
|
|
uint32_t *SizePointer);
|
|
|
|
static uint32_t WINAPI hook_GetBestRoute(
|
|
uint32_t src_ip,
|
|
uint32_t dest_ip,
|
|
MIB_IPFORWARDROW *route);
|
|
|
|
static uint32_t WINAPI hook_GetIfTable(
|
|
MIB_IFTABLE *pIfTable,
|
|
uint32_t *pdwSize,
|
|
BOOL bOrder);
|
|
|
|
static uint32_t WINAPI hook_IcmpSendEcho2(
|
|
HANDLE IcmpHandle,
|
|
HANDLE Event,
|
|
PIO_APC_ROUTINE ApcRoutine,
|
|
void *ApcContext,
|
|
uint32_t DestinationAddress,
|
|
void *RequestData,
|
|
uint16_t RequestSize,
|
|
IP_OPTION_INFORMATION *RequestOptions,
|
|
void *ReplyBuffer,
|
|
uint32_t ReplySize,
|
|
uint32_t Timeout);
|
|
|
|
/* Link pointers */
|
|
|
|
static uint32_t (WINAPI *next_GetAdaptersAddresses)(
|
|
uint32_t Family,
|
|
uint32_t Flags,
|
|
void *Reserved,
|
|
IP_ADAPTER_ADDRESSES *AdapterAddresses,
|
|
uint32_t *SizePointer);
|
|
|
|
static uint32_t (WINAPI *next_GetAdaptersInfo)(
|
|
IP_ADAPTER_INFO *AdapterInfo,
|
|
uint32_t *SizePointer);
|
|
|
|
static uint32_t (WINAPI *next_GetBestRoute)(
|
|
uint32_t src_ip,
|
|
uint32_t dest_ip,
|
|
MIB_IPFORWARDROW *route);
|
|
|
|
static uint32_t (WINAPI *next_GetIfTable)(
|
|
MIB_IFTABLE *pIfTable,
|
|
uint32_t *pdwSize,
|
|
BOOL bOrder);
|
|
|
|
static uint32_t (WINAPI *next_IcmpSendEcho2)(
|
|
HANDLE IcmpHandle,
|
|
HANDLE Event,
|
|
PIO_APC_ROUTINE ApcRoutine,
|
|
void *ApcContext,
|
|
uint32_t DestinationAddress,
|
|
void *RequestData,
|
|
uint16_t RequestSize,
|
|
IP_OPTION_INFORMATION *RequestOptions,
|
|
void *ReplyBuffer,
|
|
uint32_t ReplySize,
|
|
uint32_t Timeout);
|
|
|
|
static const struct hook_symbol netenv_hook_syms[] = {
|
|
{
|
|
.name = "GetAdaptersAddresses",
|
|
.patch = hook_GetAdaptersAddresses,
|
|
.link = (void **) &next_GetAdaptersAddresses,
|
|
}, {
|
|
.name = "GetAdaptersInfo",
|
|
.patch = hook_GetAdaptersInfo,
|
|
.link = (void **) &next_GetAdaptersInfo,
|
|
}, {
|
|
.name = "GetBestRoute",
|
|
.patch = hook_GetBestRoute,
|
|
.link = (void **) &next_GetBestRoute,
|
|
}, {
|
|
.name = "GetIfTable",
|
|
.patch = hook_GetIfTable,
|
|
.link = (void **) &next_GetIfTable,
|
|
}, {
|
|
.name = "IcmpSendEcho2",
|
|
.patch = hook_IcmpSendEcho2,
|
|
.link = (void **) &next_IcmpSendEcho2,
|
|
}
|
|
};
|
|
|
|
static uint32_t netenv_ip_prefix;
|
|
static uint32_t netenv_ip_iface;
|
|
static uint32_t netenv_ip_router;
|
|
static uint8_t netenv_mac_addr[6];
|
|
|
|
HRESULT netenv_hook_init(
|
|
const struct netenv_config *cfg,
|
|
const struct nusec_config *kc_cfg)
|
|
{
|
|
assert(cfg != NULL);
|
|
assert(kc_cfg != NULL);
|
|
|
|
if (!cfg->enable) {
|
|
return S_FALSE;
|
|
}
|
|
|
|
if (!kc_cfg->enable) {
|
|
dprintf("Netenv: Keychip emu is off? Disabling Netenv emu.\n");
|
|
|
|
return S_FALSE;
|
|
}
|
|
|
|
netenv_ip_prefix = kc_cfg->subnet;
|
|
netenv_ip_iface = kc_cfg->subnet | cfg->addr_suffix;
|
|
netenv_ip_router = kc_cfg->subnet | cfg->router_suffix;
|
|
memcpy(netenv_mac_addr, cfg->mac_addr, sizeof(netenv_mac_addr));
|
|
|
|
hook_table_apply(
|
|
NULL,
|
|
"iphlpapi.dll",
|
|
netenv_hook_syms,
|
|
_countof(netenv_hook_syms));
|
|
|
|
return S_OK;
|
|
}
|
|
|
|
static uint32_t WINAPI hook_GetAdaptersAddresses(
|
|
uint32_t Family,
|
|
uint32_t Flags,
|
|
void *Reserved,
|
|
IP_ADAPTER_ADDRESSES *AdapterAddresses,
|
|
uint32_t *SizePointer)
|
|
{
|
|
/* This hook errs on the side of caution and returns a lot more
|
|
information than the ALLNET lib cares about. MSVC mangles the main
|
|
call site for this API quite aggressively, so by the time we decompile
|
|
the code in question it's a little difficult to tell which pieces the
|
|
ALLNET lib pays attention to. */
|
|
|
|
uint32_t nbytes;
|
|
struct netenv *env;
|
|
|
|
if (Reserved != NULL || SizePointer == NULL) {
|
|
return ERROR_INVALID_PARAMETER;
|
|
}
|
|
|
|
nbytes = *SizePointer;
|
|
*SizePointer = sizeof(*env);
|
|
|
|
if (AdapterAddresses == NULL || nbytes < sizeof(*env)) {
|
|
return ERROR_BUFFER_OVERFLOW;
|
|
}
|
|
|
|
env = CONTAINING_RECORD(AdapterAddresses, struct netenv, head);
|
|
memset(env, 0, sizeof(*env));
|
|
|
|
env->head.Length = sizeof(env->head);
|
|
env->head.IfIndex = 1;
|
|
env->head.AdapterName = env->name;
|
|
env->head.FirstUnicastAddress = &env->iface;
|
|
env->head.FirstDnsServerAddress = &env->dns;
|
|
env->head.DnsSuffix = env->dns_suffix;
|
|
env->head.Description = env->description;
|
|
env->head.FriendlyName = env->friendly_name;
|
|
memcpy( env->head.PhysicalAddress,
|
|
netenv_mac_addr,
|
|
sizeof(netenv_mac_addr));
|
|
env->head.PhysicalAddressLength = sizeof(netenv_mac_addr);
|
|
env->head.Flags = IP_ADAPTER_DHCP_ENABLED | IP_ADAPTER_IPV4_ENABLED;
|
|
env->head.Mtu = 4200; /* idk what's typical here */
|
|
env->head.IfType = IF_TYPE_ETHERNET_CSMACD;
|
|
env->head.OperStatus = IfOperStatusUp;
|
|
env->head.FirstPrefix = &env->prefix;
|
|
env->head.FirstGatewayAddress = &env->router;
|
|
|
|
strcpy_s(
|
|
env->name,
|
|
_countof(env->name),
|
|
"{00000000-0000-0000-0000-000000000000}");
|
|
|
|
wcscpy_s(
|
|
env->dns_suffix,
|
|
_countof(env->dns_suffix),
|
|
L"local");
|
|
|
|
wcscpy_s(
|
|
env->description,
|
|
_countof(env->description),
|
|
L"Interface Description");
|
|
|
|
wcscpy_s(
|
|
env->friendly_name,
|
|
_countof(env->friendly_name),
|
|
L"Fake Ethernet");
|
|
|
|
env->iface.Length = sizeof(env->iface);
|
|
env->iface.Flags = 0;
|
|
env->iface.Address.lpSockaddr = (struct sockaddr *) &env->iface_sa;
|
|
env->iface.Address.iSockaddrLength = sizeof(env->iface_sa);
|
|
env->iface.PrefixOrigin = IpPrefixOriginDhcp;
|
|
env->iface.SuffixOrigin = IpSuffixOriginDhcp;
|
|
env->iface.DadState = IpDadStatePreferred;
|
|
env->iface.ValidLifetime = UINT32_MAX;
|
|
env->iface.PreferredLifetime = UINT32_MAX;
|
|
env->iface.LeaseLifetime = 86400;
|
|
env->iface.OnLinkPrefixLength = 24;
|
|
|
|
env->prefix.Length = sizeof(env->prefix);
|
|
env->prefix.Address.lpSockaddr = (struct sockaddr *) &env->prefix_sa;
|
|
env->prefix.Address.iSockaddrLength = sizeof(env->prefix_sa);
|
|
env->prefix.PrefixLength = 24;
|
|
|
|
env->router.Length = sizeof(env->router);
|
|
env->router.Address.lpSockaddr = (struct sockaddr *) &env->router_sa;
|
|
env->router.Address.iSockaddrLength = sizeof(env->router_sa);
|
|
|
|
env->dns.Length = sizeof(env->dns);
|
|
env->dns.Address.lpSockaddr = (struct sockaddr *) &env->dns_sa;
|
|
env->dns.Address.iSockaddrLength = sizeof(env->dns_sa);
|
|
|
|
env->prefix_sa.sin_family = AF_INET;
|
|
env->prefix_sa.sin_addr.s_addr = _byteswap_ulong(netenv_ip_prefix);
|
|
|
|
env->iface_sa.sin_family = AF_INET;
|
|
env->iface_sa.sin_addr.s_addr = _byteswap_ulong(netenv_ip_iface);
|
|
|
|
env->router_sa.sin_family = AF_INET;
|
|
env->router_sa.sin_addr.s_addr = _byteswap_ulong(netenv_ip_router);
|
|
|
|
env->dns_sa.sin_family = AF_INET;
|
|
env->dns_sa.sin_addr.s_addr = _byteswap_ulong(netenv_ip_router);
|
|
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
static uint32_t WINAPI hook_GetAdaptersInfo(
|
|
IP_ADAPTER_INFO *ai,
|
|
uint32_t *nbytes_inout)
|
|
{
|
|
IP_ADDR_STRING iface;
|
|
IP_ADDR_STRING router;
|
|
uint32_t nbytes;
|
|
|
|
if (nbytes_inout == NULL) {
|
|
return ERROR_INVALID_PARAMETER;
|
|
}
|
|
|
|
nbytes = *nbytes_inout;
|
|
*nbytes_inout = sizeof(*ai);
|
|
|
|
if (ai == NULL || nbytes < sizeof(*ai)) {
|
|
return ERROR_BUFFER_OVERFLOW;
|
|
}
|
|
|
|
dprintf("Netenv: GetAdaptersInfo: Virtualized LAN configuration:\n");
|
|
dprintf("Netenv: Interface IP : %3i.%3i.%3i.%3i\n",
|
|
(uint8_t) (netenv_ip_iface >> 24),
|
|
(uint8_t) (netenv_ip_iface >> 16),
|
|
(uint8_t) (netenv_ip_iface >> 8),
|
|
(uint8_t) (netenv_ip_iface ));
|
|
dprintf("Netenv: Router IP : %3i.%3i.%3i.%3i\n",
|
|
(uint8_t) (netenv_ip_router >> 24),
|
|
(uint8_t) (netenv_ip_router >> 16),
|
|
(uint8_t) (netenv_ip_router >> 8),
|
|
(uint8_t) (netenv_ip_router ));
|
|
dprintf("Netenv: MAC Address : %02x:%02x:%02x:%02x:%02x:%02x\n",
|
|
netenv_mac_addr[0],
|
|
netenv_mac_addr[1],
|
|
netenv_mac_addr[2],
|
|
netenv_mac_addr[3],
|
|
netenv_mac_addr[4],
|
|
netenv_mac_addr[5]);
|
|
|
|
memset(&iface, 0, sizeof(iface));
|
|
memset(&router, 0, sizeof(router));
|
|
|
|
sprintf_s(
|
|
iface.IpAddress.String,
|
|
_countof(iface.IpAddress.String),
|
|
"%i.%i.%i.%i",
|
|
(uint8_t) (netenv_ip_iface >> 24),
|
|
(uint8_t) (netenv_ip_iface >> 16),
|
|
(uint8_t) (netenv_ip_iface >> 8),
|
|
(uint8_t) (netenv_ip_iface ));
|
|
|
|
strcpy_s(
|
|
iface.IpMask.String,
|
|
_countof(iface.IpMask.String),
|
|
"255.255.255.0");
|
|
|
|
sprintf_s(
|
|
router.IpAddress.String,
|
|
_countof(iface.IpAddress.String),
|
|
"%i.%i.%i.%i",
|
|
(uint8_t) (netenv_ip_router >> 24),
|
|
(uint8_t) (netenv_ip_router >> 16),
|
|
(uint8_t) (netenv_ip_router >> 8),
|
|
(uint8_t) (netenv_ip_router ));
|
|
|
|
strcpy_s(
|
|
router.IpMask.String,
|
|
_countof(router.IpMask.String),
|
|
"255.255.255.0");
|
|
|
|
memset(ai, 0, sizeof(*ai));
|
|
strcpy_s(
|
|
ai->AdapterName,
|
|
_countof(ai->AdapterName),
|
|
"Fake Ethernet");
|
|
strcpy_s(ai->Description,
|
|
_countof(ai->Description),
|
|
"Adapter Description");
|
|
ai->AddressLength = sizeof(netenv_mac_addr);
|
|
memcpy(ai->Address, netenv_mac_addr, sizeof(netenv_mac_addr));
|
|
ai->Index = 1;
|
|
ai->Type = MIB_IF_TYPE_ETHERNET;
|
|
ai->DhcpEnabled = 1;
|
|
memcpy(&ai->IpAddressList, &iface, sizeof(iface));
|
|
memcpy(&ai->GatewayList, &router, sizeof(router));
|
|
memcpy(&ai->DhcpServer, &router, sizeof(router));
|
|
ai->LeaseObtained = time(NULL) - 3600;
|
|
ai->LeaseExpires = time(NULL) + 86400;
|
|
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
static uint32_t WINAPI hook_GetBestRoute(
|
|
uint32_t src_ip,
|
|
uint32_t dest_ip,
|
|
MIB_IPFORWARDROW *route)
|
|
{
|
|
if (route == NULL) {
|
|
return ERROR_INVALID_PARAMETER;
|
|
}
|
|
|
|
dprintf("Netenv: GetBestRoute ip4 %x -> ip4 %x\n",
|
|
(int) _byteswap_ulong(src_ip),
|
|
(int) _byteswap_ulong(dest_ip));
|
|
|
|
memset(route, 0, sizeof(*route));
|
|
|
|
/* This doesn't seem to get read? It just needs to succeed. */
|
|
|
|
route->dwForwardDest = 0x00000000;
|
|
route->dwForwardMask = 0xFFFFFFFF;
|
|
route->dwForwardPolicy = 0; /* idk */
|
|
route->dwForwardNextHop = _byteswap_ulong(netenv_ip_router);
|
|
route->dwForwardIfIndex = 1;
|
|
route->dwForwardType = MIB_IPROUTE_TYPE_INDIRECT;
|
|
route->dwForwardProto = MIB_IPPROTO_NETMGMT;
|
|
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
static uint32_t WINAPI hook_GetIfTable(
|
|
MIB_IFTABLE *pIfTable,
|
|
uint32_t *pdwSize,
|
|
BOOL bOrder)
|
|
{
|
|
MIB_IFROW *row;
|
|
uint32_t nbytes;
|
|
|
|
if (pdwSize == NULL) {
|
|
return ERROR_INVALID_PARAMETER;
|
|
}
|
|
|
|
nbytes = *pdwSize;
|
|
*pdwSize = sizeof(*row) + sizeof(DWORD);
|
|
|
|
if (pIfTable == NULL || nbytes < sizeof(*row) + sizeof(DWORD)) {
|
|
return ERROR_BUFFER_OVERFLOW;
|
|
}
|
|
|
|
pIfTable->dwNumEntries = 1;
|
|
|
|
row = pIfTable->table;
|
|
memset(row, 0, sizeof(*row));
|
|
|
|
wcscpy_s(row->wszName, _countof(row->wszName), L"Fake Ethernet");
|
|
row->dwIndex = 1; /* Should match other IF_INDEX fields we return */
|
|
row->dwType = IF_TYPE_ETHERNET_CSMACD;
|
|
row->dwMtu = 4200; /* I guess? */
|
|
row->dwSpeed = 1000000000;
|
|
row->dwPhysAddrLen = sizeof(netenv_mac_addr);
|
|
memcpy(row->bPhysAddr, netenv_mac_addr, sizeof(netenv_mac_addr));
|
|
row->dwAdminStatus = 1;
|
|
row->dwOperStatus = IF_OPER_STATUS_OPERATIONAL;
|
|
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
static uint32_t WINAPI hook_IcmpSendEcho2(
|
|
HANDLE IcmpHandle,
|
|
HANDLE Event,
|
|
PIO_APC_ROUTINE ApcRoutine,
|
|
void *ApcContext,
|
|
uint32_t DestinationAddress,
|
|
void *RequestData,
|
|
uint16_t RequestSize,
|
|
IP_OPTION_INFORMATION *RequestOptions,
|
|
void *ReplyBuffer,
|
|
uint32_t ReplySize,
|
|
uint32_t Timeout)
|
|
{
|
|
ICMP_ECHO_REPLY *pong;
|
|
BOOL ok;
|
|
|
|
if (IcmpHandle == NULL || IcmpHandle == INVALID_HANDLE_VALUE) {
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
|
|
return 0;
|
|
}
|
|
|
|
if (ApcRoutine != NULL) {
|
|
dprintf("%s: Got APC routine...\n", __func__);
|
|
SetLastError(ERROR_NOT_SUPPORTED);
|
|
|
|
return 0;
|
|
}
|
|
|
|
if (ReplyBuffer == NULL) {
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
|
|
return 0;
|
|
}
|
|
|
|
if (ReplySize < sizeof(ICMP_ECHO_REPLY)) {
|
|
SetLastError(IP_BUF_TOO_SMALL);
|
|
|
|
return 0;
|
|
}
|
|
|
|
dprintf("Netenv: Virtualized ICMP Ping to ip4 %x\n",
|
|
(int) _byteswap_ulong(DestinationAddress));
|
|
|
|
pong = (ICMP_ECHO_REPLY *) ReplyBuffer;
|
|
memset(pong, 0, sizeof(*pong));
|
|
pong->Address = DestinationAddress;
|
|
pong->Status = IP_SUCCESS;
|
|
pong->RoundTripTime = 1;
|
|
pong->DataSize = 0;
|
|
pong->Reserved = 1; /* Number of ICMP_ECHO_REPLY structs in ReplyBuffer */
|
|
pong->Data = NULL;
|
|
|
|
if (Event != NULL) {
|
|
ok = SetEvent(Event);
|
|
|
|
if (ok) {
|
|
SetLastError(ERROR_IO_PENDING);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
dprintf("%s: Unexpected synchronous call...\n", __func__);
|
|
SetLastError(ERROR_SUCCESS);
|
|
|
|
return 1;
|
|
}
|