From d927eab1de29f16ed75eac80c92173dbfd2c82f6 Mon Sep 17 00:00:00 2001 From: markfsanderson Date: Wed, 18 Apr 2018 18:02:39 -0500 Subject: [PATCH] WIP --- .gitattributes | 63 +++++++++++++++++++ control/win-kernel/WinVirtUE.sln | 42 +++++++++++++ control/win-kernel/WinVirtUE/Common/common.h | 8 +-- control/win-kernel/WinVirtUE/Debug.h | 32 +++++----- control/win-kernel/WinVirtUE/Driver.cpp | 36 +++++------ .../win-kernel/WinVirtUE/FltMgrCallbacks.cpp | 12 ++-- control/win-kernel/WinVirtUE/PortMsgTrans.cpp | 12 ++-- control/win-kernel/WinVirtUE/WinVirtUE.cpp | 30 ++++----- .../win-kernel/WinVirtUE/WinVirtUE.vcxproj | 7 +++ .../WinVirtUE/WinVirtUE.vcxproj.filters | 3 + control/win-kernel/WinVirtUE/config.h | 2 +- control/win-kernel/WinVirtUE/trace.h | 58 +++++++++++++++++ 12 files changed, 239 insertions(+), 66 deletions(-) create mode 100644 .gitattributes create mode 100644 control/win-kernel/WinVirtUE/trace.h diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..1ff0c42 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,63 @@ +############################################################################### +# Set default behavior to automatically normalize line endings. +############################################################################### +* text=auto + +############################################################################### +# Set default behavior for command prompt diff. +# +# This is need for earlier builds of msysgit that does not have it on by +# default for csharp files. +# Note: This is only used by command line +############################################################################### +#*.cs diff=csharp + +############################################################################### +# Set the merge driver for project and solution files +# +# Merging from the command prompt will add diff markers to the files if there +# are conflicts (Merging from VS is not affected by the settings below, in VS +# the diff markers are never inserted). Diff markers may cause the following +# file extensions to fail to load in VS. An alternative would be to treat +# these files as binary and thus will always conflict and require user +# intervention with every merge. To do so, just uncomment the entries below +############################################################################### +#*.sln merge=binary +#*.csproj merge=binary +#*.vbproj merge=binary +#*.vcxproj merge=binary +#*.vcproj merge=binary +#*.dbproj merge=binary +#*.fsproj merge=binary +#*.lsproj merge=binary +#*.wixproj merge=binary +#*.modelproj merge=binary +#*.sqlproj merge=binary +#*.wwaproj merge=binary + +############################################################################### +# behavior for image files +# +# image files are treated as binary by default. +############################################################################### +#*.jpg binary +#*.png binary +#*.gif binary + +############################################################################### +# diff behavior for common document formats +# +# Convert binary document formats to text before diffing them. This feature +# is only available from the command line. Turn it on by uncommenting the +# entries below. +############################################################################### +#*.doc diff=astextplain +#*.DOC diff=astextplain +#*.docx diff=astextplain +#*.DOCX diff=astextplain +#*.dot diff=astextplain +#*.DOT diff=astextplain +#*.pdf diff=astextplain +#*.PDF diff=astextplain +#*.rtf diff=astextplain +#*.RTF diff=astextplain diff --git a/control/win-kernel/WinVirtUE.sln b/control/win-kernel/WinVirtUE.sln index 488e64a..9897b87 100644 --- a/control/win-kernel/WinVirtUE.sln +++ b/control/win-kernel/WinVirtUE.sln @@ -14,22 +14,64 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WinVirtUE Package", "WinVir EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|ARM = Debug|ARM + Debug|ARM64 = Debug|ARM64 Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + Release|ARM = Release|ARM + Release|ARM64 = Release|ARM64 Release|x64 = Release|x64 + Release|x86 = Release|x86 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Debug|ARM.ActiveCfg = Debug|ARM + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Debug|ARM.Build.0 = Debug|ARM + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Debug|ARM.Deploy.0 = Debug|ARM + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Debug|ARM64.Build.0 = Debug|ARM64 + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Debug|ARM64.Deploy.0 = Debug|ARM64 {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Debug|x64.ActiveCfg = Debug|x64 {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Debug|x64.Build.0 = Debug|x64 {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Debug|x64.Deploy.0 = Debug|x64 + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Debug|x86.ActiveCfg = Debug|Win32 + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Debug|x86.Build.0 = Debug|Win32 + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Debug|x86.Deploy.0 = Debug|Win32 + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Release|ARM.ActiveCfg = Release|ARM + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Release|ARM.Build.0 = Release|ARM + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Release|ARM.Deploy.0 = Release|ARM + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Release|ARM64.ActiveCfg = Release|ARM64 + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Release|ARM64.Build.0 = Release|ARM64 + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Release|ARM64.Deploy.0 = Release|ARM64 {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Release|x64.ActiveCfg = Release|x64 {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Release|x64.Build.0 = Release|x64 {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Release|x64.Deploy.0 = Release|x64 + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Release|x86.ActiveCfg = Release|Win32 + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Release|x86.Build.0 = Release|Win32 + {F0873F2B-AFBE-480C-9355-71D073A9CCDB}.Release|x86.Deploy.0 = Release|Win32 + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Debug|ARM.ActiveCfg = Debug|ARM + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Debug|ARM.Build.0 = Debug|ARM + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Debug|ARM.Deploy.0 = Debug|ARM + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Debug|ARM64.Build.0 = Debug|ARM64 + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Debug|ARM64.Deploy.0 = Debug|ARM64 {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Debug|x64.ActiveCfg = Debug|x64 {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Debug|x64.Build.0 = Debug|x64 {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Debug|x64.Deploy.0 = Debug|x64 + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Debug|x86.ActiveCfg = Debug|Win32 + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Debug|x86.Build.0 = Debug|Win32 + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Debug|x86.Deploy.0 = Debug|Win32 + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Release|ARM.ActiveCfg = Release|ARM + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Release|ARM.Build.0 = Release|ARM + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Release|ARM.Deploy.0 = Release|ARM + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Release|ARM64.ActiveCfg = Release|ARM64 + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Release|ARM64.Build.0 = Release|ARM64 + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Release|ARM64.Deploy.0 = Release|ARM64 {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Release|x64.ActiveCfg = Release|x64 {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Release|x64.Build.0 = Release|x64 {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Release|x64.Deploy.0 = Release|x64 + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Release|x86.ActiveCfg = Release|Win32 + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Release|x86.Build.0 = Release|Win32 + {0D62BA54-B404-4087-98E6-5DC74FD0549C}.Release|x86.Deploy.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE diff --git a/control/win-kernel/WinVirtUE/Common/common.h b/control/win-kernel/WinVirtUE/Common/common.h index aef0db6..3d95f92 100644 --- a/control/win-kernel/WinVirtUE/Common/common.h +++ b/control/win-kernel/WinVirtUE/Common/common.h @@ -24,6 +24,7 @@ #pragma warning( pop ) #include "config.h" +#include "trace.h" #include "CPPRuntime.h" #include "cmn_pool_tag.h" #include "types.h" @@ -55,9 +56,6 @@ #define MILLISECONDS( milli ) \ (((signed __int64) (milli)) * MICROSECONDS(1000L)) -_When_((PoolType & NonPagedPoolMustSucceed) != 0, - __drv_reportError("Must succeed pool allocations are forbidden. " - "Allocation failures cause a system crash")) #define ALLOC_POOL(PoolType, Size) ExAllocatePoolWithTag(PoolType, Size, COMMON_POOL_TAG) #define FREE_POOL(Buffer) ExFreePoolWithTag(Buffer, COMMON_POOL_TAG); @@ -69,4 +67,6 @@ CONST ULONG ENCRYPT_PAGE_SIZE = 512; /** When File Allocation Stream Size is Not Applicable */ CONST LONGLONG FILE_ALLOCATION_NA = 0; /** When File Attributes are not used */ -CONST ULONG FILE_ATTRIBUTES_NA = 0; \ No newline at end of file +CONST ULONG FILE_ATTRIBUTES_NA = 0; + + diff --git a/control/win-kernel/WinVirtUE/Debug.h b/control/win-kernel/WinVirtUE/Debug.h index 6ad94ed..492ebc9 100644 --- a/control/win-kernel/WinVirtUE/Debug.h +++ b/control/win-kernel/WinVirtUE/Debug.h @@ -21,22 +21,22 @@ #define DPFLTR_MASK 0x80000000 /* Module IDs */ -#define LOG_NONE (1 << 0) -#define LOG_UTIL (1 << 1) -#define LOG_CTX (1 << 2) -#define LOG_WVU_MAIN (1 << 3) -#define LOG_CRYPTO (1 << 4) -#define LOG_REGISTRY (1 << 5) -#define LOG_FLT_MGR (1 << 6) -#define LOG_CACHE (1 << 7) -#define LOG_FILE_OP (1 << 8) -#define LOG_FILE_CREATE (1 << 9) -#define LOG_NOTIFY_PROCS (1 << 10) -#define LOG_WVU_MAINTHREAD (1 << 11) -#define LOG_WVU_CONTAINER (1 << 12) -#define LOG_WVU_IOCTL (1 << 13) -#define LOG_WVU_PROCESS (1 << 14) -#define LOG_WVU_OP_CALLBACKS (1 << 15) +#define LOG_NONE (1 << 0) +#define LOG_UTIL (1 << 1) +#define LOG_CTX (1 << 2) +#define LOG_MAIN (1 << 3) +#define LOG_CRYPTO (1 << 4) +#define LOG_REGISTRY (1 << 5) +#define LOG_FLT_MGR (1 << 6) +#define LOG_CACHE (1 << 7) +#define LOG_FILE_OP (1 << 8) +#define LOG_FILE_CREATE (1 << 9) +#define LOG_NOTIFY_PROCS (1 << 10) +#define LOG_MAINTHREAD (1 << 11) +#define LOG_CONTAINER (1 << 12) +#define LOG_IOCTL (1 << 13) +#define LOG_PROCESS (1 << 14) +#define LOG_OP_CALLBACKS (1 << 15) /* * These are meant to be used when you want to see the logs diff --git a/control/win-kernel/WinVirtUE/Driver.cpp b/control/win-kernel/WinVirtUE/Driver.cpp index 3f341e6..25d2df4 100644 --- a/control/win-kernel/WinVirtUE/Driver.cpp +++ b/control/win-kernel/WinVirtUE/Driver.cpp @@ -33,19 +33,19 @@ static NTSTATUS GetOsVersion() goto Error; } - WVU_DEBUG_PRINT(LOG_WVU_MAIN, INFO_LEVEL_ID, "******************************\n"); + WVU_DEBUG_PRINT(LOG_MAIN, INFO_LEVEL_ID, "******************************\n"); // TODO: Generate a proper version number - WVU_DEBUG_PRINT(LOG_WVU_MAIN, INFO_LEVEL_ID, "***** WinVirtUE.sys Version %d.%d.%d\n", 0, 1, 0); - WVU_DEBUG_PRINT(LOG_WVU_MAIN, INFO_LEVEL_ID, "***** Windows Version %u.%u.%u Service Pack %u.%u\n", + WVU_DEBUG_PRINT(LOG_MAIN, INFO_LEVEL_ID, "***** WinVirtUE.sys Version %d.%d.%d\n", 0, 1, 0); + WVU_DEBUG_PRINT(LOG_MAIN, INFO_LEVEL_ID, "***** Windows Version %u.%u.%u Service Pack %u.%u\n", Globals.lpVersionInformation.dwMajorVersion, Globals.lpVersionInformation.dwMinorVersion, Globals.lpVersionInformation.dwBuildNumber, Globals.lpVersionInformation.wServicePackMajor, Globals.lpVersionInformation.wServicePackMinor); if (Globals.lpVersionInformation.szCSDVersion[0] != (TCHAR)0) { - WVU_DEBUG_PRINT(LOG_WVU_MAIN, INFO_LEVEL_ID, "***** Service Pack: %ws\n", Globals.lpVersionInformation.szCSDVersion); + WVU_DEBUG_PRINT(LOG_MAIN, INFO_LEVEL_ID, "***** Service Pack: %ws\n", Globals.lpVersionInformation.szCSDVersion); } - WVU_DEBUG_PRINT(LOG_WVU_MAIN, INFO_LEVEL_ID, "******************************\n"); + WVU_DEBUG_PRINT(LOG_MAIN, INFO_LEVEL_ID, "******************************\n"); Error: return Status; } @@ -114,11 +114,11 @@ DriverEntry( DriverObject->DriverUnload = DriverUnload; // For now, we unload by default - WVU_DEBUG_PRINT(LOG_WVU_MAIN, TRACE_LEVEL_ID, "About to call CallGlobalInitializers()!\n"); + WVU_DEBUG_PRINT(LOG_MAIN, TRACE_LEVEL_ID, "About to call CallGlobalInitializers()!\n"); CallGlobalInitializers(); - WVU_DEBUG_PRINT(LOG_WVU_MAIN, TRACE_LEVEL_ID, "CallGlobalInitializers() Completed!\n"); + WVU_DEBUG_PRINT(LOG_MAIN, TRACE_LEVEL_ID, "CallGlobalInitializers() Completed!\n"); // initialize the waiter. Once the WVUThreadStart gets to the end of its // intialization, it will signal and wait simultaneously. It will continue @@ -126,13 +126,13 @@ DriverEntry( // continues the objects created will have their destructors called. KeInitializeEvent(&Globals.WVUThreadStartEvent, EVENT_TYPE::SynchronizationEvent, FALSE); - WVU_DEBUG_PRINT(LOG_WVU_MAIN, TRACE_LEVEL_ID, "About to register filter manager callbacks!\n"); + WVU_DEBUG_PRINT(LOG_MAIN, TRACE_LEVEL_ID, "About to register filter manager callbacks!\n"); // Register with FltMgr to tell it our callback routines Status = FltRegisterFilter(DriverObject, &FilterRegistration, &Globals.FilterHandle); if (FALSE == NT_SUCCESS(Status)) { - WVU_DEBUG_PRINT(LOG_WVU_MAIN, ERROR_LEVEL_ID, "FltRegisterFilter() FAIL=%08x\n", Status); + WVU_DEBUG_PRINT(LOG_MAIN, ERROR_LEVEL_ID, "FltRegisterFilter() FAIL=%08x\n", Status); goto ErrorExit; } @@ -141,7 +141,7 @@ DriverEntry( Status = GetOsVersion(); if (FALSE == NT_SUCCESS(Status)) { - WVU_DEBUG_PRINT(LOG_WVU_MAIN, WARNING_LEVEL_ID, "RtlGetVersion Failed! Status=%08x\n", Status); + WVU_DEBUG_PRINT(LOG_MAIN, WARNING_LEVEL_ID, "RtlGetVersion Failed! Status=%08x\n", Status); } // @@ -186,14 +186,14 @@ DriverEntry( Status = FltStartFiltering(Globals.FilterHandle); if (FALSE == NT_SUCCESS(Status)) { - WVU_DEBUG_PRINT(LOG_WVU_MAIN, ERROR_LEVEL_ID, "FltStartFiltering() Failed! - FAIL=%08x\n", Status); + WVU_DEBUG_PRINT(LOG_MAIN, ERROR_LEVEL_ID, "FltStartFiltering() Failed! - FAIL=%08x\n", Status); FltUnregisterFilter(Globals.FilterHandle); goto ErrorExit; } } else { - WVU_DEBUG_PRINT(LOG_WVU_MAIN, ERROR_LEVEL_ID, "FltCreateCommunicationPort() Failed! - FAIL=%08x\n", Status); + WVU_DEBUG_PRINT(LOG_MAIN, ERROR_LEVEL_ID, "FltCreateCommunicationPort() Failed! - FAIL=%08x\n", Status); goto ErrorExit; } } @@ -204,11 +204,11 @@ DriverEntry( Status = PsCreateSystemThread(&ThreadHandle, GENERIC_ALL, &WVUThdObjAttr, NULL, &ClientId, WVUMainThreadStart, &Globals.WVUThreadStartEvent); if (FALSE == NT_SUCCESS(Status)) { - WVU_DEBUG_PRINT(LOG_WVU_MAIN, ERROR_LEVEL_ID, "PsCreateSystemThread() Failed! - FAIL=%08x\n", Status); + WVU_DEBUG_PRINT(LOG_MAIN, ERROR_LEVEL_ID, "PsCreateSystemThread() Failed! - FAIL=%08x\n", Status); goto ErrorExit; } - WVU_DEBUG_PRINT(LOG_WVU_MAIN, TRACE_LEVEL_ID, "PsCreateSystemThread(): Successfully created system thread %p process %p thread id %p\n", + WVU_DEBUG_PRINT(LOG_MAIN, TRACE_LEVEL_ID, "PsCreateSystemThread(): Successfully created system thread %p process %p thread id %p\n", ThreadHandle, ClientId.UniqueProcess, ClientId.UniqueThread); LARGE_INTEGER timeout; @@ -216,21 +216,21 @@ DriverEntry( Status = KeWaitForSingleObject(&Globals.WVUThreadStartEvent, KWAIT_REASON::Executive, KernelMode, FALSE, &timeout); if (FALSE == NT_SUCCESS(Status)) { - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, ERROR_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Failed! Status=%08x\n", Status); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, ERROR_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Failed! Status=%08x\n", Status); goto ErrorExit; } switch (Status) { case STATUS_SUCCESS: - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Returned SUCCESS\n"); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Returned SUCCESS\n"); break; case STATUS_TIMEOUT: - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Has Just Timed Out\n"); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Has Just Timed Out\n"); Status = STATUS_TIMEOUT; goto ErrorExit; break; default: - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Has Just Received Status=0x%08x\n", Status); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Has Just Received Status=0x%08x\n", Status); goto ErrorExit; break; } diff --git a/control/win-kernel/WinVirtUE/FltMgrCallbacks.cpp b/control/win-kernel/WinVirtUE/FltMgrCallbacks.cpp index 33e4a74..36035f5 100644 --- a/control/win-kernel/WinVirtUE/FltMgrCallbacks.cpp +++ b/control/win-kernel/WinVirtUE/FltMgrCallbacks.cpp @@ -331,7 +331,7 @@ WinVirtUEPreOperation( UNREFERENCED_PARAMETER(FltObjects); UNREFERENCED_PARAMETER(CompletionContext); - WVU_DEBUG_PRINT(LOG_WVU_OP_CALLBACKS, TRACE_LEVEL_ID, + WVU_DEBUG_PRINT(LOG_OP_CALLBACKS, TRACE_LEVEL_ID, "WinVirtUE!WinVirtUEPreOperation: Entered\n"); // @@ -349,7 +349,7 @@ WinVirtUEPreOperation( WinVirtUEOperationStatusCallback, (PVOID)(++OperationStatusCtx)); if (!NT_SUCCESS(status)) { - WVU_DEBUG_PRINT(LOG_WVU_OP_CALLBACKS, TRACE_LEVEL_ID, + WVU_DEBUG_PRINT(LOG_OP_CALLBACKS, TRACE_LEVEL_ID, "WinVirtUE!WinVirtUEPreOperation: FltRequestOperationStatusCallback Failed, status=%08x\n", status); } @@ -388,10 +388,10 @@ WinVirtUEOperationStatusCallback( { UNREFERENCED_PARAMETER(FltObjects); - WVU_DEBUG_PRINT(LOG_WVU_OP_CALLBACKS, TRACE_LEVEL_ID, + WVU_DEBUG_PRINT(LOG_OP_CALLBACKS, TRACE_LEVEL_ID, "WinVirtUE!WinVirtUEOperationStatusCallback: Entered\n"); - WVU_DEBUG_PRINT(LOG_WVU_OP_CALLBACKS, TRACE_LEVEL_ID, + WVU_DEBUG_PRINT(LOG_OP_CALLBACKS, TRACE_LEVEL_ID, "WinVirtUE!WinVirtUEOperationStatusCallback: Status=%08x ctx=%p IrpMj=%02x.%02x \"%s\"\n", OperationStatus, RequesterContext, @@ -424,7 +424,7 @@ WinVirtUEPostOperation( UNREFERENCED_PARAMETER(CompletionContext); UNREFERENCED_PARAMETER(Flags); - WVU_DEBUG_PRINT(LOG_WVU_OP_CALLBACKS, TRACE_LEVEL_ID, + WVU_DEBUG_PRINT(LOG_OP_CALLBACKS, TRACE_LEVEL_ID, "WinVirtUE!WinVirtUEPostOperation: Entered\n"); return FLT_POSTOP_FINISHED_PROCESSING; @@ -451,7 +451,7 @@ WinVirtUEPreOperationNoPostOperation( UNREFERENCED_PARAMETER(FltObjects); UNREFERENCED_PARAMETER(CompletionContext); - WVU_DEBUG_PRINT(LOG_WVU_OP_CALLBACKS, TRACE_LEVEL_ID, + WVU_DEBUG_PRINT(LOG_OP_CALLBACKS, TRACE_LEVEL_ID, "WinVirtUE!WinVirtUEPreOperationNoPostOperation: Entered\n"); return FLT_PREOP_SUCCESS_NO_CALLBACK; diff --git a/control/win-kernel/WinVirtUE/PortMsgTrans.cpp b/control/win-kernel/WinVirtUE/PortMsgTrans.cpp index 3196f76..bc27e90 100644 --- a/control/win-kernel/WinVirtUE/PortMsgTrans.cpp +++ b/control/win-kernel/WinVirtUE/PortMsgTrans.cpp @@ -32,7 +32,7 @@ NTSTATUS FLTAPI WVUPortConnect( UNREFERENCED_PARAMETER(SizeOfContext); *ConnectionPortCookie = (PVOID)Globals.DriverObject; - WVU_DEBUG_PRINT(LOG_WVU_MAIN, TRACE_LEVEL_ID, "Port Connected by Process 0x%p Port 0x%p!\n", + WVU_DEBUG_PRINT(LOG_MAIN, TRACE_LEVEL_ID, "Port Connected by Process 0x%p Port 0x%p!\n", Globals.UserProcess, Globals.ClientPort); return Status; @@ -51,7 +51,7 @@ VOID FLTAPI WVUPortDisconnect( { UNREFERENCED_PARAMETER(ConnectionCookie); - WVU_DEBUG_PRINT(LOG_WVU_MAIN, TRACE_LEVEL_ID, "Port Disconnected - Port 0x%p!\n", Globals.ClientPort); + WVU_DEBUG_PRINT(LOG_MAIN, TRACE_LEVEL_ID, "Port Disconnected - Port 0x%p!\n", Globals.ClientPort); // close our handle to the connection FltCloseClientPort(Globals.FilterHandle, &Globals.ClientPort); @@ -81,12 +81,12 @@ NTSTATUS OnProtectionStateChange( case WVU_COMMAND::WVUDisableProtection: Globals.EnableProtection = FALSE; Status = STATUS_SUCCESS; - WVU_DEBUG_PRINT(LOG_WVU_MAIN, TRACE_LEVEL_ID, "Windows VirtUE Protection Has Been Enabled!\n"); + WVU_DEBUG_PRINT(LOG_MAIN, TRACE_LEVEL_ID, "Windows VirtUE Protection Has Been Enabled!\n"); break; case WVU_COMMAND::WVUEnableProtection: Globals.EnableProtection = TRUE; Status = STATUS_SUCCESS; - WVU_DEBUG_PRINT(LOG_WVU_MAIN, TRACE_LEVEL_ID, "Windows VirtUE Protection Has Been Disabled!\n"); + WVU_DEBUG_PRINT(LOG_MAIN, TRACE_LEVEL_ID, "Windows VirtUE Protection Has Been Disabled!\n"); break; default: case WVU_COMMAND::WVUDisableUnload: @@ -118,14 +118,14 @@ NTSTATUS OnUnloadStateChange( Globals.DriverObject->DriverUnload = NULL; Globals.AllowFilterUnload = FALSE; Status = STATUS_SUCCESS; - WVU_DEBUG_PRINT(LOG_WVU_MAIN, TRACE_LEVEL_ID, "Windows VirtUE Driver Unload Has Been Disabled!\n"); + WVU_DEBUG_PRINT(LOG_MAIN, TRACE_LEVEL_ID, "Windows VirtUE Driver Unload Has Been Disabled!\n"); break; case WVU_COMMAND::WVUEnableUnload: #pragma warning(suppress: 28175) Globals.DriverObject->DriverUnload = DriverUnload; Globals.AllowFilterUnload = TRUE; Status = STATUS_SUCCESS; - WVU_DEBUG_PRINT(LOG_WVU_MAIN, TRACE_LEVEL_ID, "Windows VirtUE Driver Unload Has Been Enabled!\n"); + WVU_DEBUG_PRINT(LOG_MAIN, TRACE_LEVEL_ID, "Windows VirtUE Driver Unload Has Been Enabled!\n"); break; default: case WVU_COMMAND::NOCOMMAND: diff --git a/control/win-kernel/WinVirtUE/WinVirtUE.cpp b/control/win-kernel/WinVirtUE/WinVirtUE.cpp index 3b06dc1..eaadab9 100644 --- a/control/win-kernel/WinVirtUE/WinVirtUE.cpp +++ b/control/win-kernel/WinVirtUE/WinVirtUE.cpp @@ -24,12 +24,12 @@ WVUMainThreadStart(PVOID StartContext) // Take a rundown reference (VOID)ExAcquireRundownProtection(&Globals.RunDownRef); - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, TRACE_LEVEL_ID, "Acquired runndown protection . . .\n"); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, TRACE_LEVEL_ID, "Acquired runndown protection . . .\n"); Status = PsSetLoadImageNotifyRoutine(ImageLoadNotificationRoutine); if (FALSE == NT_SUCCESS(Status)) { - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, ERROR_LEVEL_ID, "PsSetLoadImageNotifyRoutine(ImageLoadNotificationRoutine) " + WVU_DEBUG_PRINT(LOG_MAINTHREAD, ERROR_LEVEL_ID, "PsSetLoadImageNotifyRoutine(ImageLoadNotificationRoutine) " "Add Failed! Status=%08x\n", Status); goto ErrorExit; } @@ -37,7 +37,7 @@ WVUMainThreadStart(PVOID StartContext) Status = PsSetCreateProcessNotifyRoutineEx(ProcessNotifyCallbackEx, FALSE); if (FALSE == NT_SUCCESS(Status)) { - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, ERROR_LEVEL_ID, "PsSetCreateProcessNotifyRoutineEx(ProcessNotifyCallbackEx, FALSE) " + WVU_DEBUG_PRINT(LOG_MAINTHREAD, ERROR_LEVEL_ID, "PsSetCreateProcessNotifyRoutineEx(ProcessNotifyCallbackEx, FALSE) " "Add Failed! Status=%08x\n", Status); goto ErrorExit; } @@ -45,7 +45,7 @@ WVUMainThreadStart(PVOID StartContext) Status = PsSetCreateThreadNotifyRoutine(ThreadCreateCallback); if (FALSE == NT_SUCCESS(Status)) { - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, ERROR_LEVEL_ID, "PsSetCreateThreadNotifyRoutine(ThreadCreateCallback) " + WVU_DEBUG_PRINT(LOG_MAINTHREAD, ERROR_LEVEL_ID, "PsSetCreateThreadNotifyRoutine(ThreadCreateCallback) " "Add Failed! Status=%08x\n", Status); goto ErrorExit; } @@ -54,39 +54,39 @@ WVUMainThreadStart(PVOID StartContext) Status = CmRegisterCallbackEx(RegistryModificationCB, &WinVirtUEAltitude, Globals.DriverObject, NULL, &Cookie, NULL); if (FALSE == NT_SUCCESS(Status)) { - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, ERROR_LEVEL_ID, "CmRegisterCallbackEx(...) failed with Status=%08x\n", Status); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, ERROR_LEVEL_ID, "CmRegisterCallbackEx(...) failed with Status=%08x\n", Status); goto ErrorExit; } - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, TRACE_LEVEL_ID, "Calling KeSetEvent(WVUMainThreadStartEvt, IO_NO_INCREMENT, TRUE) . . .\n"); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, TRACE_LEVEL_ID, "Calling KeSetEvent(WVUMainThreadStartEvt, IO_NO_INCREMENT, TRUE) . . .\n"); #pragma warning(suppress: 28160) // stupid warning about the wait arg TRUE . . . sheesh Signaled = KeSetEvent(WVUMainThreadStartEvt, IO_NO_INCREMENT, TRUE); do { - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, TRACE_LEVEL_ID, "Calling KeWaitForSingleObject(WVUMainThreadStart, KWAIT_REASON::Executive, KernelMode, TRUE, (PLARGE_INTEGER)0) . . .\n"); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, TRACE_LEVEL_ID, "Calling KeWaitForSingleObject(WVUMainThreadStart, KWAIT_REASON::Executive, KernelMode, TRUE, (PLARGE_INTEGER)0) . . .\n"); Status = KeWaitForSingleObject(WVUMainThreadStartEvt, KWAIT_REASON::Executive, KernelMode, FALSE, (PLARGE_INTEGER)0); if (FALSE == NT_SUCCESS(Status)) { - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, ERROR_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Failed! Status=%08x\n", Status); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, ERROR_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Failed! Status=%08x\n", Status); goto ErrorExit; } - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, TRACE_LEVEL_ID, "Returned from KeWaitForSingleObject(WVUMainThreadStart, KWAIT_REASON::Executive, KernelMode, TRUE, (PLARGE_INTEGER)0) . . .\n"); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, TRACE_LEVEL_ID, "Returned from KeWaitForSingleObject(WVUMainThreadStart, KWAIT_REASON::Executive, KernelMode, TRUE, (PLARGE_INTEGER)0) . . .\n"); switch (Status) { case STATUS_SUCCESS: - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Returned SUCCESS - Exiting!\n"); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Returned SUCCESS - Exiting!\n"); break; case STATUS_ALERTED: - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Was Just Alerted - Waiting Again!\n"); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Was Just Alerted - Waiting Again!\n"); break; case STATUS_USER_APC: - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Had An APC Delievered - Waiting Again!\n"); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Had An APC Delievered - Waiting Again!\n"); break; case STATUS_TIMEOUT: - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Has Just Timed Out - Exiting!\n"); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Has Just Timed Out - Exiting!\n"); break; default: - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Has Just Received Status=0x%08x - Exiting!\n", Status); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, TRACE_LEVEL_ID, "KeWaitForSingleObject(WVUMainThreadStart,...) Thread Has Just Received Status=0x%08x - Exiting!\n", Status); break; } } while (Status == STATUS_ALERTED || Status == STATUS_USER_APC); // don't bail if we get alerted or APC'd @@ -95,6 +95,6 @@ WVUMainThreadStart(PVOID StartContext) // Drop a rundown reference ExReleaseRundownProtection(&Globals.RunDownRef); - WVU_DEBUG_PRINT(LOG_WVU_MAINTHREAD, TRACE_LEVEL_ID, "Exiting Thread w/Status=0x%08x!\n", Status); + WVU_DEBUG_PRINT(LOG_MAINTHREAD, TRACE_LEVEL_ID, "Exiting Thread w/Status=0x%08x!\n", Status); return; } \ No newline at end of file diff --git a/control/win-kernel/WinVirtUE/WinVirtUE.vcxproj b/control/win-kernel/WinVirtUE/WinVirtUE.vcxproj index a26757b..8bdfb0e 100644 --- a/control/win-kernel/WinVirtUE/WinVirtUE.vcxproj +++ b/control/win-kernel/WinVirtUE/WinVirtUE.vcxproj @@ -181,6 +181,9 @@ true POOL_NX_OPTIN=1;%(PreprocessorDefinitions) + false + true + trace.h @@ -193,6 +196,9 @@ POOL_NX_OPTIN=1;%(PreprocessorDefinitions) + false + true + trace.h @@ -239,6 +245,7 @@ + diff --git a/control/win-kernel/WinVirtUE/WinVirtUE.vcxproj.filters b/control/win-kernel/WinVirtUE/WinVirtUE.vcxproj.filters index 5a297c5..bab6bf0 100644 --- a/control/win-kernel/WinVirtUE/WinVirtUE.vcxproj.filters +++ b/control/win-kernel/WinVirtUE/WinVirtUE.vcxproj.filters @@ -148,6 +148,9 @@ Header Files + + Header Files\Common + diff --git a/control/win-kernel/WinVirtUE/config.h b/control/win-kernel/WinVirtUE/config.h index 01f8122..616ec65 100644 --- a/control/win-kernel/WinVirtUE/config.h +++ b/control/win-kernel/WinVirtUE/config.h @@ -19,7 +19,7 @@ # see debug.h. */ //#define LOG_MODULES LOG_NONE -//#define LOG_MODULES (LOG_CORE|LOG_WVU_MAIN|LOG_NOTIFY_PROCS|LOG_WVU_MAINTHREAD|LOG_WVU_CONTAINER|LOG_WVU_IOCTL) +//#define LOG_MODULES (LOG_CORE|LOG_WVU_MAIN|LOG_NOTIFY_PROCS|LOG_WVU_MAINTHREAD|LOG_CONTAINER|LOG_IOCTL) //#define LOG_MODULES (LOG_WVU_MAINTHREAD|LOG_FILE_CREATE|LOG_FILE_OP|LOG_CTX) #define LOG_MODULES LOG_ALL diff --git a/control/win-kernel/WinVirtUE/trace.h b/control/win-kernel/WinVirtUE/trace.h new file mode 100644 index 0000000..e140705 --- /dev/null +++ b/control/win-kernel/WinVirtUE/trace.h @@ -0,0 +1,58 @@ +/** +* @file trace.h +* @version 0.1.0.1 +* @copyright (2018) TwoSix Labs +* @brief Defines WPP constants, macros and etc. +*/ +#pragma once + +#define WPP_CONTROL_GUIDS \ + WPP_DEFINE_CONTROL_GUID( \ + WinVirtUEGUID, (DF241AD6,F4BB,4F0A,865D,F7FE49059BC2), \ + WPP_DEFINE_BIT(TRACE_ALL) \ + WPP_DEFINE_BIT(TRACE_DRIVER) \ + WPP_DEFINE_BIT(TRACE_UTIL) \ + WPP_DEFINE_BIT(TRACE_CTX) \ + WPP_DEFINE_BIT(TRACE_MAIN) \ + WPP_DEFINE_BIT(TRACE_CRYPTo) \ + WPP_DEFINE_BIT(TRACE_REGISTRY) \ + WPP_DEFINE_BIT(TRACE_FLT_MGR) \ + WPP_DEFINE_BIT(TRACE_CACHE) \ + WPP_DEFINE_BIT(TRACE_FILE_OP) \ + WPP_DEFINE_BIT(TRACE_FILE_CREATE) \ + WPP_DEFINE_BIT(TRACE_NOTIFY_PROCS) \ + WPP_DEFINE_BIT(TRACE_MAINTHREAD) \ + WPP_DEFINE_BIT(TRACE_CONTAINER) \ + WPP_DEFINE_BIT(TRACE_IOCTL) \ + WPP_DEFINE_BIT(TRACE_PROCESS) \ + WPP_DEFINE_BIT(TRACE_OP_CALLBACKS) + +#define WPP_FLAG_LEVEL_LOGGER(flag, level) WPP_LEVEL_LOGGER(flag) + +#define WPP_FLAG_LEVEL_ENABLED(flag, level) \ + (WPP_LEVEL_ENABLED(flag) && \ + WPP_CONTROL(WPP_BIT_ ## flag).Level >= level) + +#define WPP_LEVEL_FLAGS_LOGGER(lvl,flags) WPP_LEVEL_LOGGER(flags) + +#define WPP_LEVEL_FLAGS_ENABLED(lvl, flags) \ + (WPP_LEVEL_ENABLED(flags) && WPP_CONTROL(WPP_BIT_ ## flags).Level >= lvl) + +// +// WPP orders static parameters before dynamic parameters. To support the Trace function +// defined below which sets FLAGS=MYDRIVER_ALL_INFO, a custom macro must be defined to +// reorder the arguments to what the .tpl configuration file expects. +// +#define WPP_RECORDER_FLAGS_LEVEL_ARGS(flags, lvl) WPP_RECORDER_LEVEL_FLAGS_ARGS(lvl, flags) +#define WPP_RECORDER_FLAGS_LEVEL_FILTER(flags, lvl) WPP_RECORDER_LEVEL_FLAGS_FILTER(lvl, flags) + +// +// This comment block is scanned by the trace preprocessor to define our +// Trace function. +// +// begin_wpp config +// FUNC Trace{FLAGS=TRACE_ALL}(LEVEL, MSG, ...); +// FUNC TraceEvents(LEVEL, FLAGS, MSG, ...); +// FUNC KdPrint{LEVEL=TRACE_LEVEL_INFORMATION, FLAGS=TRACE_DRIVER}((MSG, ...)); +// end_wpp +// \ No newline at end of file