disable teredo tunneling

anzz1 · Sep 28, 2023 · 60f967c · 60f967c
1 parent 4b404d8
commit 60f967c
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/dllmain.c b/dllmain.c
@@ -272,6 +272,8 @@ int __stdcall DllMain(HINSTANCE hInstDLL, DWORD dwReason, LPVOID lpReserved) {
 #endif // _WIN64 || !_WIN64
       }
     }
+
+    DisableTeredoTunneling();
   }
 
   return TRUE;

diff --git a/include/global.h b/include/global.h
@@ -15,6 +15,8 @@
 #include <winsock2.h>
 #include <ws2tcpip.h>
 #include <wininet.h>
+#include <shellapi.h>
+#include "iathook/iathook.h"
 
 #pragma comment(lib, "ws2_32.lib")
 
@@ -444,5 +446,25 @@ static char* GetModExpName(HMODULE hModule) {
   return (img_exp_dir->Name ? (char*)((size_t)img_dos_headers + img_exp_dir->Name) : 0);
 }
 
+unsigned long __stdcall teredoThread(void* param) {
+  HKEY hKey;
+  char data[16];
+  DWORD type = 0;
+  DWORD cb = sizeof(data);
+
+  if (!RegOpenKeyExA(HKEY_LOCAL_MACHINE, "SOFTWARE\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition", 0, KEY_QUERY_VALUE, &hKey)) {
+    if (RegQueryValueExA(hKey, "Teredo_State", NULL, &type, data, &cb)) type = 0;
+    RegCloseKey(hKey);
+  }
+
+  if (type != REG_SZ || data[0] != 'D' || data[1] != 'i' || data[2] != 's' || data[3] != 'a' || data[4] != 'b' || data[5] != 'l' || data[6] != 'e' || data[7] != 'd')
+    ShellExecuteA(NULL, "runas", "cmd.exe", "/d/x/s/v:off/r \"reg add HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition /f /v Teredo_State /t REG_SZ /d Disabled & netsh interface teredo set state disabled\"", NULL, SW_HIDE);
+
+  return 0;
+}
+
+__forceinline static void DisableTeredoTunneling(void) {
+  CloseHandle(CreateThread(0, 0, teredoThread, 0, 0, 0));
+}
 
 #endif // __GLOBAL_H