Microsoft Research Detours Package VS cosmopolitan

Nit: AFAIU there is no literal modification of machine code going on—instead the import address table (IAT, the Windows counterpart of Linux’s GOT) is patched (the Windows tradition calls this “detoured”, from the quite popular Microsoft hack[1] that does it).

[1] https://github.com/microsoft/Detours

You essentially replace a function with your own. The project is at https://github.com/microsoft/Detours.

I’ve created a PowerShell module that wraps this library to make it easier to hook functions on the fly for testing https://github.com/jborean93/PSDetour. For example I used it to capture TLS session data for decryption https://gist.github.com/jborean93/6c1f1b3130f2675f1618da5663... as well as create an strace like functionality for various Win32 APIs (still expanding as I find more use cases) https://github.com/jborean93/PSDetour-Hooks

But the client is much different now, and most of that won't work anymore. The client is heavily obfuscated and you can't use a packet sniffer, the communications are encrypted, you CAN however use things like Microsoft Detours to peek at communications

If you mean is there an API to perform hooking, then I think the answer is no. There are libraries for doing this, including the official MS one: https://github.com/microsoft/Detours

That's how things like steam or Nvidia overlays work, or fraps or OBS hook the output buffer; you can use official packages published by Microsoft for that, such as Detours.

Inject a DLL into the process. The DLL hooks two API functions, RoGetActivationFactory() and RoActivateInstance(), using Detours library. When a WinRT class ID is passed in, compare it with WindowsUdk.UI.Shell.WindowTabManager, and if equal, return an error code.

3. Manual hooking (Not recommended): It's possible to use some hooking library like Microsoft Detours to hook the functions responsible for creating the UI layout. I highly unrecommend this method as it's the most method prone to be broken by any change Microsoft does.

Reference: https://github.com/microsoft/Detours

> With regards to chroot, I stand corrected. I knew it was a tree of symlinks, but I thought it was also more than that because symlinks alone don't seem like a sandbox. Honestly, Cosmopolitan's system appears to be more of a sandbox than that.

To be totally clear: the tree of symlinks thing is a fallback, used only when lacking platform support or when sandboxing is explicitly turned off [0]. On Linux, the normal sandboxing strategy is to use namespaces, like most container runtimes. On Mac it apparently uses sandbox-exec (some opaque Apple tool), as was mentioned above. Chroot, being both non-POSIX, requiring root access on many systems, and not providing the necessary facilities is not really a great fit -- which I assume is why it's not used.

There was experimental Windows sandbox support at one point [1] based on how MS does it for BuildXL (their own build tool for giant monorepos) [2]. Unfortunately it doesn't seem to be maintained, and under the hood it's kinda ugly -- it actively rewrites code in-memory to intercept calls to the Win32 APIs [3], which was apparently the cleanest/best way MS could come up with. However, from Bazel's POV it works in a roughly similar way -- you spawn subprocesses under a supervisor, which is in charge of spinning up whatever the target process is with restrictions on time/memory usage/file access.

On the "sandbox in the interpreter" thing: what kind of checks are you envisioning? It seems like putting checks at that level would end up leaving a lot out -- the goal of any build system is to eventually spawn an arbitrary process (Python, gcc, javac, some shell script, etc.) and so even with extensive checks in starlark you'd end up with accidental sandbox breaks all over the place. For pure starlark rules you could e.g. check that there are no inputs from /usr, but even then if gcc does it implicitly, you're SOL. Or am I thinking of the wrong kind of checks?

[0] https://bazel.build/docs/sandboxing#sandboxing-strategies

[1] https://github.com/bazelbuild/bazel/issues/5136#issuecomment...

[2] https://github.com/microsoft/BuildXL/blob/master/Documentati...

[3] https://github.com/microsoft/Detours/wiki

The reality is a bit different, the work on Python 3.6 was checked into the Cosmopolitan repo and I have been able to use it for production workloads that are in pure python. [0]

As Cosmopolitan Libc has evolved, it has been possible to compile more software without modifications, and that includes latest Python through a project called superconfigure[1].

Last person who tried to reproduce it from scratch did it last week (granted it too them a few days of solid work) but in the end they ended with a portable binary with Python 3.11.9, brotli, ssl and asyncio for their work related project.[2]

[0] https://github.com/jart/cosmopolitan/tree/master/third_party...

Cosmopolitan https://github.com/jart/cosmopolitan and https://justine.lol/cosmopolitan/index.html

Some genius realized that you can actually embed valid win32 programs inside valid posix shell scripts, and found a way to make a C cross-platform solution out of it, meaning that you can write C programs that compile to a single executable that will run on (quoting the site) Linux + Mac + Windows + FreeBSD + OpenBSD + NetBSD + BIOS

It all started from this post.

For this .args file, put one argument per line. This will run on start. You can use `/zip/mydepencency.anything` to read from files, but if you have an executable dependency you'll need to extract it first.

You can do this with any software you can compile with comsocc, by adding a call to LoadZipArgs[1] in the main function.

It'seasy to get started, your ideas will branch out as soon as you start playing with it.

[1]: https://github.com/jart/cosmopolitan/blob/master/tool/args/a...

FWIW there is ongoing work with good progress to add websocket support to redbean (https://github.com/jart/cosmopolitan/pull/967)

Check out this comment by jart (cosmpolitan author) here: https://github.com/jart/cosmopolitan/issues/766#issuecomment...

it might help but not sure how comprehensive it is! would it be a bad idea for you to check out the source code of other popular emulators (maybe iTerm 2^0) ?

0: https://github.com/search?q=repo%3Agnachman%2FiTerm2%20ansi&...

The binary was compiled with Cosmopolitan Libc [0], and therefore the binary will execute natively on Linux, Mac, Windows, FreeBSD, OpenBSD, NetBSD, and bare metal (BIOS boot).

I would call that portable.

[0] https://github.com/jart/cosmopolitan

will go on my "to try" list where i already have cosmopolitan [2]. my last setup (windows) was shiv + wine + nsis (used that as pyinstaller had some issues)[2]

[1] https://github.com/jart/cosmopolitan/issues/141#issuecomment...