rebase/peflags: add support for reading/writing the CFG flag

2023-04-16 15:31:15 +02:00 · 2023-04-16 15:31:15 +02:00 · 6ed8dd848a
commit 6ed8dd848a
parent 78a969e1e7
2 changed files with 76 additions and 1 deletions
--- a/rebase/005-peflags-add-support-for-IMAGE_DLLCHARACTERISTICS_GUA.patch
+++ b/rebase/005-peflags-add-support-for-IMAGE_DLLCHARACTERISTICS_GUA.patch
@ -0,0 +1,71 @@
+From 101e2c4c61627e67ce69e1303d671cca4342388d Mon Sep 17 00:00:00 2001
+From: Christoph Reiter <reiter.christoph@gmail.com>
+Date: Sun, 16 Apr 2023 14:41:39 +0200
+Subject: [PATCH] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF
+
+This allows for setting, clearing, and displaying the value of the
+"control flow guard" dll characteristics flag.
+
+For the option naming something like cfguard would probably be
+easier to understand, but the MSVC flag is "/guard:cf" and the macro
+contains GUARD_CF, so use "guard-cf" for consistency.
+
+This is motivated by mingw-w64 and llvm v16 gaining support for
+CFG (Control Flow Guard).
+---
+ peflags.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/peflags.c b/peflags.c
+index b1cd7a8..83ce48e 100644
+--- a/peflags.c
+++ b/peflags.c
+@@ -121,7 +121,7 @@ static const symbolic_flags_t pe_symbolic_flags[] = {
+   CF(0x0800, no-bind),
+ /*CF(0x1000, reserved_0x1000),*/
+   CF(0x2000, wdmdriver),
+-/*CF(0x4000, reserved_0x4000),*/
+  CF(0x4000, guard-cf),
+   CF(0x8000, tsaware),
+   {0, 0, 0}
+ };
+@@ -182,6 +182,7 @@ sizeof_values_t sizeof_vals[5] = {
+ static struct option long_options[] = {
+   {"dynamicbase",  optional_argument, NULL, 'd'},
+   {"high-entropy-va", optional_argument, NULL, 'e'},
+  {"guard-cf",     optional_argument, NULL, 'g'},
+   {"forceinteg",   optional_argument, NULL, 'f'},
+   {"nxcompat",     optional_argument, NULL, 'n'},
+   {"no-isolation", optional_argument, NULL, 'i'},
+@@ -204,7 +205,7 @@ static struct option long_options[] = {
+   {NULL, no_argument, NULL, 0}
+ };
+ static const char *short_options
+-	= "d::e::f::n::i::s::b::W::t::w::l::S::x::X::y::Y::z::T:vhV";
+	= "d::e::g::f::n::i::s::b::W::t::w::l::S::x::X::y::Y::z::T:vhV";
+ 
+ static void short_usage (FILE *f);
+ static void help (FILE *f);
+@@ -706,6 +707,11 @@ parse_args (int argc, char *argv[])
+ 	                         optarg,
+ 	                         IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA);
+ 	  break;
+	case 'g':
+	  handle_pe_flag_option (long_options[option_index].name,
+	                         optarg,
+	                         IMAGE_DLLCHARACTERISTICS_GUARD_CF);
+	  break;
+ 	case 'n':
+ 	  handle_pe_flag_option (long_options[option_index].name,
+ 	                         optarg,
+@@ -1079,6 +1085,7 @@ help (FILE *f)
+ "  -e,\n"
+ "  --high-entropy-va  [BOOL]   Image is compatible with 64-bit address space\n"
+ "                              layout randomization (ASLR).\n"
+"  -g, --guard-cf     [BOOL]   Image supports Control Flow Guard.\n"
+ "  -f, --forceinteg   [BOOL]   Code integrity checks are enforced.\n"
+ "  -n, --nxcompat     [BOOL]   Image is compatible with data execution\n"
+ "                              prevention (DEP).\n"
+-- 
+2.40.0
+
--- a/rebase/PKGBUILD
+++ b/rebase/PKGBUILD
@ -2,7 +2,7 @@

 pkgname=rebase
 pkgver=4.5.0
-pkgrel=2
+pkgrel=3
 pkgdesc="The Cygwin rebase distribution contains four utilities, rebase, rebaseall, peflags, and peflagsall"
 arch=('i686' 'x86_64')
 license=('custom')
@ -15,6 +15,7 @@ source=(${pkgname}-${pkgver}::git://sourceware.org/git/cygwin-apps/rebase.git#ta
        '002-rebaseall-add-python-exts.patch'
        '003-allow-non-database-mode-when-__CYGWIN__-__MSYS__.patch'
        '004-msys2-usr.patch'
+        '005-peflags-add-support-for-IMAGE_DLLCHARACTERISTICS_GUA.patch'
        'autorebase.bat'
        'rebase.hook')
 sha256sums=('SKIP'
@ -22,6 +23,7 @@ sha256sums=('SKIP'
            'b06d561d82e7c32573082cf0207ca80275bab241c61debf2d3d8cc10cf79e31b'
            '4b789d2f6ae7de9afd778cce5823600ee0f53590b3e70e133dcafbb583d6cbbb'
            '35484af07e1df8b00821428b774744537106f99592d849ad7db26b41f570fa8c'
+            '90b9b8eac8bc92a8d99b263644e976758750e68a58cb65ad44e3d781e13d4566'
            '8e4099a29107a1d03031b198c3d142bbc31a40ff19298d6e099d9bcffd31b1b0'
            'a50a8bfdb28c47c1742f400287a8a7ba65f9893dee74c109aad517d46afed2a1')

@ -32,6 +34,8 @@ prepare() {
  patch -p1 -i ${srcdir}/002-rebaseall-add-python-exts.patch
  patch -p1 -i ${srcdir}/003-allow-non-database-mode-when-__CYGWIN__-__MSYS__.patch
  patch -p1 -i ${srcdir}/004-msys2-usr.patch
+  # https://cygwin.com/pipermail/cygwin-apps/2023-April/042816.html
+  patch -p1 -i "${srcdir}/005-peflags-add-support-for-IMAGE_DLLCHARACTERISTICS_GUA.patch"

  if check_option "strip" "n"; then
    sed -i "s/ -s//g" Makefile.in