fix: disable win32k lockdown to properly load DLLs (#68)

Co-authored-by: YorkWaugh <[email protected]>
Bush2021 · May 5, 2024 · dcde2e9 · dcde2e9
1 parent ae71b9e
commit dcde2e9
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/green.h b/src/green.h
@@ -103,6 +103,9 @@ NET_API_STATUS WINAPI MyNetUserGetInfo(LPCWSTR servername, LPCWSTR username,
 #define PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON \
   (0x00000001ui64 << 44)
 
+#define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON \
+  (0x00000001ui64 << 28)
+
 typedef BOOL(WINAPI* pUpdateProcThreadAttribute)(
     LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, DWORD dwFlags,
     DWORD_PTR Attribute, PVOID lpValue, SIZE_T cbSize, PVOID lpPreviousValue,
@@ -117,9 +120,12 @@ BOOL WINAPI MyUpdateProcThreadAttribute(
     __in_opt PSIZE_T lpReturnSize) {
   if (Attribute == PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY &&
       cbSize >= sizeof(DWORD64)) {
+    // https://source.chromium.org/chromium/chromium/src/+/main:sandbox/win/src/process_mitigations.cc;l=362;drc=4c2fec5f6699ffeefd93137d2bf8c03504c6664c
     PDWORD64 policy_value_1 = &((PDWORD64)lpValue)[0];
     *policy_value_1 &=
         ~PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON;
+    *policy_value_1 &=
+        ~PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON;
   }
   return RawUpdateProcThreadAttribute(lpAttributeList, dwFlags, Attribute,
                                       lpValue, cbSize, lpPreviousValue,