fix: disable win32k lockdown to properly load DLLs Bush2021/chrome_plus@dcde2e9

actions-user · actions-user · commit e91e51f5d7bc · 2024-05-08T11:28:37.000+08:00
diff --git a/src/green.h b/src/green.h
@@ -148,6 +148,8 @@ NET_API_STATUS WINAPI MyNetUserGetInfo(
 
 #define PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON (0x00000001ui64 << 44)
 
+#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON (0x00000001ui64 << 28)
+
 typedef BOOL(WINAPI *pUpdateProcThreadAttribute)(
     LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList,
     DWORD dwFlags,
@@ -170,8 +172,10 @@ BOOL WINAPI MyUpdateProcThreadAttribute(
 {
     if (Attribute == PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY && cbSize >= sizeof(DWORD64))
     {
+        // https://source.chromium.org/chromium/chromium/src/+/main:sandbox/win/src/process_mitigations.cc;l=362;drc=4c2fec5f6699ffeefd93137d2bf8c03504c6664c
         PDWORD64 policy_value_1 = &((PDWORD64)lpValue)[0];
         *policy_value_1 &= ~PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON;
+        *policy_value_1 &= ~PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON;
     }
     return RawUpdateProcThreadAttribute(lpAttributeList, dwFlags, Attribute, lpValue, cbSize, lpPreviousValue, lpReturnSize);
 }

Original file line number	Diff line number	Diff line change
`@@ -148,6 +148,8 @@ NET_API_STATUS WINAPI MyNetUserGetInfo(`
`148`	`148`
`149`	`149`	`#define PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON (0x00000001ui64 << 44)`
`150`	`150`
	`151`	`+#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON (0x00000001ui64 << 28)`
	`152`	`+`
`151`	`153`	`typedef BOOL(WINAPI *pUpdateProcThreadAttribute)(`
`152`	`154`	`LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList,`
`153`	`155`	`DWORD dwFlags,`
`@@ -170,8 +172,10 @@ BOOL WINAPI MyUpdateProcThreadAttribute(`
`170`	`172`	`{`
`171`	`173`	`if (Attribute == PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY && cbSize >= sizeof(DWORD64))`
`172`	`174`	`{`
	`175`	`+ // https://source.chromium.org/chromium/chromium/src/+/main:sandbox/win/src/process_mitigations.cc;l=362;drc=4c2fec5f6699ffeefd93137d2bf8c03504c6664c`
`173`	`176`	`PDWORD64 policy_value_1 = &((PDWORD64)lpValue)[0];`
`174`	`177`	`*policy_value_1 &= ~PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON;`
	`178`	`+ *policy_value_1 &= ~PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON;`
`175`	`179`	`}`
`176`	`180`	`return RawUpdateProcThreadAttribute(lpAttributeList, dwFlags, Attribute, lpValue, cbSize, lpPreviousValue, lpReturnSize);`
`177`	`181`	`}`