Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Enclave remote attestation from dll

nadiaivc
New Contributor I
1,404 Views

Hello!
So now I know how to load enclave dll from injected untrusted dll module (running an enclave dll from dll). It works. But now I want to do remote attestation with this structure. For remote attestation I use this sample: https://github.com/intel/sgx-ra-sample . I'm running sp.exe (server) and I create dll from client part and inject it to the target.exe. (sp.exe + client.exe works good). And it stops working on sgx_get_extended_epid_group_id() - no error, no messages - just waiting for the return value. I can't find anything in documentation about it. And of course I can't debug sgx functions to understand why it might not work with dll...


Is it possible in theory to do what I want? 

0 Kudos
1 Solution
nadiaivc
New Contributor I
1,333 Views

Yes! I tried to use ManualMap from Guided Hacking injector and it works good! But anyway I don't know why it doesn't work with LoadLibrary. If I find the answer, I will write about it.

View solution in original post

0 Kudos
11 Replies
JesusG_Intel
Moderator
1,381 Views

Hello nadia111,


In theory, it is possible to do what you want. While I cannot tell you exactly how to create your DLL solution from the sgx-ra-sample, I can guide you on what to look for.


Ensure that...


  1. Install the latest PSW components.
  2. You can successfully run the sgx-ra-sample as-is.
  3. Pass the correct arguments from the run-client script.


Sincerely,

Jesus G.

Intel Customer Support




0 Kudos
nadiaivc
New Contributor I
1,374 Views

Hello!

Yes, it works successfully for sp.exe and client.exe (I wrote all the arguments as constant values ​​in the code (spid, pri api key, ...) - I know it isn't a good idea, but first of all I want my structure to work). How it works:

nadia111_0-1622702558511.png

After that, I changed the client project settings to .dll and injected this dll into hello.exe.

nadia111_1-1622702943346.pngnadia111_0-1622707347283.png

 

I also tried to avoid sgx_get_extended_epid_group_id (): sgx_get_extended_epid_group_id () always returns 0 for msg0_extended_epid_group_id, so I set this variable to a constant value = 0, but in this situation my program stops working on the next sgx function sgx_ra_get_msg1()

 

0 Kudos
JesusG_Intel
Moderator
1,362 Views

Hi Nadia, I'm not familiar with LoadLibrary. Is there any way to do this without LoadLibrary?


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
nadiaivc
New Contributor I
1,350 Views

Yes, I will try to use some injectors with different ways to inject dll
But LoadLibrary is the only one documented and "legal" method from all of them

0 Kudos
nadiaivc
New Contributor I
1,334 Views

Yes! I tried to use ManualMap from Guided Hacking injector and it works good! But anyway I don't know why it doesn't work with LoadLibrary. If I find the answer, I will write about it.

0 Kudos
nadiaivc
New Contributor I
1,243 Views

I have uploaded the complete code to the github (https://github.com/nadiaivc/LoadSGXenclaveInProcess). I hope this can help someone!!

0 Kudos
JesusG_Intel
Moderator
1,309 Views

Hi Nadia,

 

I'm not an expert in DLL linking, and it is beyond the scope of SGX support, but it seems that you are trying to use run-time dynamic linking vs load-time dynamic linking. I am more familiar with load-time: https://docs.microsoft.com/en-us/windows/win.32/dlls/load-time-dynamic-linking.

 

With load-time linking, you don't need to do DLL injection.

 

Sincerely,

Jesus G.

Intel Customer Support

 

0 Kudos
nadiaivc
New Contributor I
1,287 Views

Yes, I use run-time dynamic linking. I want to inject my enclave in different processes (and I don't want to manipulate someone else's .exe code). So I think injection is a good decision for me in this situation, but I'm not sure because I don't have much experience...

0 Kudos
JesusG_Intel
Moderator
1,276 Views

Hello Nadia,


Run time loading of enclave DLLs is possible as we have many customers doing this. Since this is not an SGX limitation, I'm not sure how else to help you. You may be better served by seeking advice on Windows DLL loading from other forums such as StackOverflow.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
nadiaivc
New Contributor I
1,268 Views

Yes, I'm not sure why the solution with LoadLibrary doesn't work. And yes, I know it is out of the scope of discussion on this forum, so if I don’t figure it out, I’ll ask the question on other forums.
But anyway I found the solution how to run my DLL in the way I want.  I guess I had to close this topic in the time I found the solution... Sorry!

Thank you for your time! I appreciate it!

JesusG_Intel
Moderator
1,262 Views

I'm glad you found a solution that works for you, Nadia.


This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Reply