root/drover-go
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 10 Wiki Activity

experimental/windivert: P2.1+P2.2 with WinDivert NETWORK+SOCKET layers

Browse Source 
WIP snapshot before pivot to sing-box+TUN. Reached:
- TCP redirect via streamdump pattern (swap+Outbound=0+reinject)
- SOCKET layer for SYN-stage flow detection (avoids FLOW Establish-too-late race)
- Lazy PID→name resolution (catches Update.exe inside procscan tick)
- UDP forward via SOCKS5 UDP ASSOCIATE relay + manual reinject
- Result: chat works, voice times out (Discord IP discovery / RTC handshake fails)

Reason for pivot: WinDivert NAT-reinject pattern has subtle layer-3
semantics issues that DLL-injection / TUN-based proxies sidestep
entirely. Going with embedded sing-box + wintun as the engine —
proven path for Discord voice through SOCKS5.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
root
2026-05-01 22:27:54 +03:00
parent 8ceb7775d7
commit 4074e68715
19 changed files with 2666 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/procscan/resolve_windows.go
+36
View File
@@ -0,0 +1,36 @@
//go:build windows
package procscan
import (
"fmt"
"path/filepath"
"syscall"
"golang.org/x/sys/windows"
)
// ResolvePID returns the exe basename for a given PID, or an error
// if the PID has already exited or we lack the rights to query it.
//
// Used by the engine's socketLoop to do a lazy lookup when SOCKET
// Connect events arrive for processes we haven't yet seen via the
// 2-second procscan tick — Update.exe's full lifecycle (spawn →
// connect → exit) routinely fits inside one tick window, so without
// this lookup the engine would miss its connections entirely and
// Discord's "Checking for updates" would hit its 30 s timeout.
func ResolvePID(pid uint32) (string, error) {
h, err := windows.OpenProcess(windows.PROCESS_QUERY_LIMITED_INFORMATION, false, pid)
if err != nil {
return "", fmt.Errorf("OpenProcess pid=%d: %w", pid, err)
}
defer windows.CloseHandle(h)
buf := make([]uint16, windows.MAX_PATH)
size := uint32(len(buf))
if err := windows.QueryFullProcessImageName(h, 0, &buf[0], &size); err != nil {
return "", fmt.Errorf("QueryFullProcessImageName pid=%d: %w", pid, err)
}
full := syscall.UTF16ToString(buf[:size])
return filepath.Base(full), nil
}