Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add DLL blocking hook for FM. #359

Merged
merged 2 commits into from
Feb 9, 2024
Merged

Add DLL blocking hook for FM. #359

merged 2 commits into from
Feb 9, 2024

Conversation

dinhngtu
Copy link
Contributor

@dinhngtu dinhngtu commented Dec 31, 2023
edited
Loading

To recall, #236 disabled the dynamic code mitigation on NanaZip's main FM thread due to an incompatibility with ExplorerPatcher.

This PR introduces in NanaZip FM a Detours hook of NtMapViewOfSection that inspects a mapped DLL's identity and denies the mapping if it belongs to a predefined list, which at the moment contains only ExplorerPatcher.

Also reenable dynamic code mitigation on main NanaZip FM thread.

Tested on Windows 11 with ExplorerPatcher installed.

Additional mitigations to follow.

@dinhngtu dinhngtu force-pushed the dllblock branch 2 times, most recently from 0c51b9e to bfe08d9 Compare December 31, 2023 03:19
@MouriNaruto
Copy link
Member

Thank you. I will merge your PR after I finish the separation of NanaZip.Classic and NanaZip.Modern.

Please wait for me some time to finish that.

Kenji Mouri

@MouriNaruto
Copy link
Member

The feature looks good to me. There are some steps needed.

  • Also enable for NanaZip.UI.Modern projects.
  • I'm consider about using non submodule version of Detours. I will add Detours separately but I need to adjust NanaZip.Shared folder first.

Kenji Mouri

@dinhngtu
Copy link
Contributor Author

I've enabled the DLL blocker for both projects. I'll leave the Detours part as is for the moment.

@MouriNaruto
Copy link
Member

Detours dependency integration is ready in NanaZip.Shared.Mitigations project.

You can continue with this PR. I will merge this if you have done that.

Kenji Mouri

@dinhngtu
Copy link
Contributor Author

dinhngtu commented Feb 7, 2024

I've rebased the PR.

@dinhngtu dinhngtu force-pushed the dllblock branch 2 times, most recently from 1ad9008 to 134a9f2 Compare February 7, 2024 16:28
@MouriNaruto
Copy link
Member

It looks like you forget calling NanaZipBlockDlls in
NanaZip.UI.Modern/SevenZip/CPP/7zip/UI/FileManager/FM.cpp.

Kenji Mouri

@MouriNaruto MouriNaruto merged commit 0d4d9fb into M2Team:main Feb 9, 2024
1 check passed
@MouriNaruto
Copy link
Member

Thank you. I have merged that.

Kenji Mouri

@dinhngtu dinhngtu deleted the dllblock branch February 9, 2024 09:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dinhngtu @MouriNaruto