fix: imperfect name resolution hijack logic

shunf4 · Jun 14, 2020 · 0e47c92 · 0e47c92
1 parent db0faa0
commit 0e47c92
Show file tree

Hide file tree

Showing 12 changed files with 328 additions and 161 deletions.
diff --git a/README.md b/README.md
@@ -25,8 +25,7 @@ x64 SP1, Windows XP x86 SP3 and Cygwin 64-bit 3.1.2. Target OS should
 have [Visual C++ Redistributable for Visual Studio 2015](https://www.microsoft.com/en-us/download/details.aspx?id=48145) 
 installed.
 
-**WARNING: DNS LEAK IS INEVITABLE IN CURRENT VERSION. DO NOT USE IF YOU
-WANT ANONYMITY!**
+**WARNING: ANONYMITY IS NOT GUARANTEED!**
 
 WARNING: this program works only on dynamically linked programs. Also 
 both proxychains.exe and the program to call must be the same platform 
@@ -143,12 +142,18 @@ See [DevNotes](DEVNOTES.md).
 
 # To-do and Known Issues
 
-- [ ] Add an option to totally prevent "DNS leak" ? (Do name lookup on
-SOCKS5 server only)
+[ConEmu](https://github.com/Maximus5/ConEmu)
+[prevents](https://github.com/Maximus5/ConEmu/blob/9629fa82c8a4c817f3b6faa2161a0a9eec9285c4/src/ConEmuHk/hkProcess.cpp#L497)
+its descendant processes to do `SetThreadContext()`. This means
+proxychains.exe is in no way compatible with terminals based on ConEmu
+(like cmder).
+
 - [ ] Properly handle "fork-and-exit" child process ? (In this case the
 descendant processes' dns queries would never succeed)
 - [ ] Remote DNS resolving based on UDP associate
 - [ ] Hook `sendto()`, coping with applications which do TCP fast open
+- [X] Add an option to totally prevent "DNS leak" ? (Do name lookup on
+SOCKS5 server only) (fixed in 0.6.6)
 - [x] Connection closure should be correctly handled in
       `Ws2_32_LoopRecv` and `Ws2_32_LoopSend` (fixed in 0.6.5)
 - [x] A large part of socks5 server name possibly lost when parsing

diff --git a/README_zh-Hans.md b/README_zh-Hans.md
@@ -12,7 +12,7 @@ Proxychains.exe 是 [proxychains4](https://github.com/haad/proxychains) 或者 [
 
 Proxychains.exe 在 Windows 10 x64 1909 (18363.418)、Windows 7 x64 SP1、Windows XP x86 SP3 和 Cygwin 64-bit 3.1.2 经过测试。注意目标操作系统需要安装 [Visual C++ Redistributable for Visual Studio 2015](https://www.microsoft.com/zh-cn/download/details.aspx?id=48145)。
 
-**警告：目前版本存在 DNS 泄露的问题。对匿名性有要求者目前请不要使用此工具！**
+**警告：此工具不能保证匿名性！**
 
 警告：此程序只对动态链接的程序有用。同时，Proxychains.exe 和需要运行的目标程序必须是同一架构和平台（用 proxychains_x86.exe 运行 x86 程序，用 proxychains_x64.exe 运行 x64 程序；用 Cygwin 下构建的版本来运行 Cygwin 程序）。
 

diff --git a/include/defines_generic.h b/include/defines_generic.h
@@ -410,7 +410,7 @@ typedef struct _PROXYCHAINS_CONFIG {
 	PXCH_UINT32 dwWillUseFakeIpWhenHostnameNotMatched;	// usually exclusive with dwWillMapResolvedIpToHost
 	PXCH_UINT32 dwWillMapResolvedIpToHost;
 	PXCH_UINT32 dwWillLookupForHostByResolvedIp;
-	PXCH_UINT32 dwWillForceResolveByHostsFile;
+	PXCH_UINT32 dwWillResolveLocallyIfMatchHosts;
 	PXCH_UINT32 dwWillGenFakeIpUsingHashedHostname;
 
 	PXCH_UINT32 dwWillFirstTunnelUseIpv4;

diff --git a/include/hookdll_util_win32.h b/include/hookdll_util_win32.h
@@ -27,7 +27,7 @@ PXCH_DLL_API void StdVwprintf(DWORD dwStdHandle, const WCHAR* fmt, va_list args)
 PXCH_DLL_API void StdFlush(DWORD dwStdHandle);
 
 DWORD IpcClientRegisterChildProcessAndBackupChildData();
-PXCH_UINT32 RestoreChildData();
+PXCH_UINT32 RestoreChildDataIfNecessary();
 
 DWORD InjectTargetProcess(const PROCESS_INFORMATION* pPi, DWORD dwCreationFlags);
 

diff --git a/include/version.h b/include/version.h
@@ -23,5 +23,5 @@
 #define PXCH_VERSION_MINOR 6
 #endif
 #ifndef PXCH_VERSION_PATCH
-#define PXCH_VERSION_PATCH 5
+#define PXCH_VERSION_PATCH 6
 #endif
diff --git a/proxychains.conf b/proxychains.conf
@@ -170,7 +170,8 @@ use_fake_ip_when_hostname_not_matched 1
 
 map_resolved_ip_to_host 0
 search_for_host_by_resolved_ip 0
-force_resolve_by_hosts_file 1
+# or force_resolve_by_hosts_file 1
+resolve_locally_if_match_hosts 1
 
 # ===== Keep them as-is - end =====