From 1f5a518d2914a37d40bd05ebeb255a1859eed816 Mon Sep 17 00:00:00 2001 From: Nodir Temirkhodjaev Date: Sun, 21 Nov 2021 19:54:00 +0300 Subject: [PATCH] Driver: Setup callbacks proxying --- src/driver/FortFirewallDriver.pro | 2 +- src/driver/fortcb.c | 21 ++- src/driver/fortcb.h | 4 + src/driver/fortdrv.c | 20 ++- src/driver/fortdrv.vcxproj | 7 +- src/driver/loader/fortdl.c | 10 +- src/driver/loader/fortmm.c | 14 +- src/driver/loader/fortmm.h | 6 +- src/driver/proxycb/fortpcb_def.h | 74 +------- src/driver/proxycb/fortpcb_dst.c | 158 +++++++++++++++++- src/driver/proxycb/fortpcb_dst.h | 5 +- src/driver/proxycb/fortpcb_dst_x86.asm | 11 +- src/driver/proxycb/fortpcb_src.c | 79 ++++++++- src/driver/proxycb/fortpcb_src.h | 5 +- .../{fortpcb_def.c => fortpcb_src_dummy.c} | 4 +- src/driver/proxycb/fortpcb_src_x86.asm | 11 +- 16 files changed, 311 insertions(+), 120 deletions(-) rename src/driver/proxycb/{fortpcb_def.c => fortpcb_src_dummy.c} (95%) diff --git a/src/driver/FortFirewallDriver.pro b/src/driver/FortFirewallDriver.pro index d4c770cf..8fb95d1b 100644 --- a/src/driver/FortFirewallDriver.pro +++ b/src/driver/FortFirewallDriver.pro @@ -23,10 +23,10 @@ SOURCES += \ loader/fortdl.c \ loader/fortimg.c \ loader/fortmm.c \ - proxycb/fortpcb_def.c \ proxycb/fortpcb_drv.c \ proxycb/fortpcb_dst.c \ proxycb/fortpcb_src.c \ + proxycb/fortpcb_src_dummy.c \ wdm/um_aux_klib.c \ wdm/um_fwpmk.c \ wdm/um_fwpsk.c \ diff --git a/src/driver/fortcb.c b/src/driver/fortcb.c index b4e7abd5..a33c1980 100644 --- a/src/driver/fortcb.c +++ b/src/driver/fortcb.c @@ -4,8 +4,25 @@ #include "proxycb/fortpcb_dst.h" +FORT_PROXYCB_INFO g_callbackInfo; + FORT_API FortCallbackFunc fort_callback(int id, FortCallbackFunc func) { - g_proxyDstCallbacks[id] = func; - return func; + g_callbackInfo.callbacks[id] = func; + return g_callbackInfo.src[id]; +} + +void fort_callback_setup(PFORT_PROXYCB_INFO cb_info) +{ + fort_proxycb_dst_prepare(&g_callbackInfo); + + if (cb_info == NULL) { + g_callbackInfo.src = g_callbackInfo.dst; + } else { + g_callbackInfo.src = cb_info->src; + + fort_proxycb_dst_setup(&g_callbackInfo); + + *cb_info = g_callbackInfo; + } } diff --git a/src/driver/fortcb.h b/src/driver/fortcb.h index 866d03c0..09847d7b 100644 --- a/src/driver/fortcb.h +++ b/src/driver/fortcb.h @@ -3,6 +3,8 @@ #include "fortdrv.h" +#include "proxycb/fortpcb_def.h" + enum { FORT_SYSCB_POWER = 0, FORT_SYSCB_TIME, @@ -18,6 +20,8 @@ typedef void (*FortCallbackFunc)(void); FORT_API FortCallbackFunc fort_callback(int id, FortCallbackFunc func); +FORT_API void fort_callback_setup(PFORT_PROXYCB_INFO cb_info); + #ifdef __cplusplus } // extern "C" #endif diff --git a/src/driver/fortdrv.c b/src/driver/fortdrv.c index 942c2542..b2e52148 100644 --- a/src/driver/fortdrv.c +++ b/src/driver/fortdrv.c @@ -4,6 +4,7 @@ #include "common/fortdef.h" +#include "fortcb.h" #include "fortdev.h" static NTSTATUS fort_bfe_wait(void) @@ -62,12 +63,6 @@ static NTSTATUS fort_driver_load(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path if (!NT_SUCCESS(status)) return status; - driver->MajorFunction[IRP_MJ_CREATE] = fort_device_create; - driver->MajorFunction[IRP_MJ_CLOSE] = fort_device_close; - driver->MajorFunction[IRP_MJ_CLEANUP] = fort_device_cleanup; - driver->MajorFunction[IRP_MJ_DEVICE_CONTROL] = fort_device_control; - driver->DriverUnload = fort_driver_unload; - UNICODE_STRING device_link; RtlInitUnicodeString(&device_link, FORT_DOS_DEVICE_NAME); @@ -75,15 +70,24 @@ static NTSTATUS fort_driver_load(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path if (!NT_SUCCESS(status)) return status; + driver->DriverUnload = fort_driver_unload; + driver->MajorFunction[IRP_MJ_CREATE] = fort_device_create; + driver->MajorFunction[IRP_MJ_CLOSE] = fort_device_close; + driver->MajorFunction[IRP_MJ_CLEANUP] = fort_device_cleanup; + driver->MajorFunction[IRP_MJ_DEVICE_CONTROL] = fort_device_control; + device_obj->Flags |= DO_BUFFERED_IO; return fort_device_load(device_obj); } -NTSTATUS __declspec(dllexport) DriverCallbackEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path) +NTSTATUS __declspec(dllexport) DriverCallbackEntry( + PDRIVER_OBJECT driver, PUNICODE_STRING reg_path, PFORT_PROXYCB_INFO cb_info) { NTSTATUS status; + fort_callback_setup(cb_info); + status = fort_driver_load(driver, reg_path); if (!NT_SUCCESS(status)) { @@ -96,5 +100,5 @@ NTSTATUS __declspec(dllexport) DriverCallbackEntry(PDRIVER_OBJECT driver, PUNICO NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path) { - return DriverCallbackEntry(driver, reg_path); + return DriverCallbackEntry(driver, reg_path, NULL); } diff --git a/src/driver/fortdrv.vcxproj b/src/driver/fortdrv.vcxproj index 496c56ad..649da55a 100644 --- a/src/driver/fortdrv.vcxproj +++ b/src/driver/fortdrv.vcxproj @@ -66,11 +66,12 @@ + + /safeseh + - - - + diff --git a/src/driver/loader/fortdl.c b/src/driver/loader/fortdl.c index 436f6976..3a17f868 100644 --- a/src/driver/loader/fortdl.c +++ b/src/driver/loader/fortdl.c @@ -32,14 +32,18 @@ static NTSTATUS fort_loader_entry(PDRIVER_OBJECT driver, PUNICODE_STRING regPath { NTSTATUS status; - /* Setup the proxy callbacks */ - fort_proxycb_src_setup(); + /* Prepare the proxy callbacks */ + FORT_PROXYCB_INFO cbInfo; + fort_proxycb_src_prepare(&cbInfo); /* Run the module entry function */ - status = CallModuleEntry(&g_loader.module, driver, regPath); + status = CallModuleEntry(&g_loader.module, driver, regPath, &cbInfo); if (!NT_SUCCESS(status)) return status; + /* Setup the proxy callbacks */ + fort_proxycb_src_setup(&cbInfo); + /* Proxy the driver major functions */ g_loader.DriverUnload = driver->DriverUnload; driver->DriverUnload = fort_loader_unload; diff --git a/src/driver/loader/fortmm.c b/src/driver/loader/fortmm.c index 3b4ed2ca..fa4b28c2 100644 --- a/src/driver/loader/fortmm.c +++ b/src/driver/loader/fortmm.c @@ -21,7 +21,8 @@ #define fort_nt_headers(pImage) \ ((PIMAGE_NT_HEADERS) & ((PUCHAR) (pImage))[((PIMAGE_DOS_HEADER) pImage)->e_lfanew]) -typedef NTSTATUS(WINAPI *DriverCallbackEntryProc)(PDRIVER_OBJECT driver, PUNICODE_STRING regPath); +typedef NTSTATUS(WINAPI *DriverCallbackEntryProc)( + PDRIVER_OBJECT driver, PUNICODE_STRING regPath, PFORT_PROXYCB_INFO cbInfo); static NTSTATUS GetModuleInfo(PLOADEDMODULE pModule, LPCSTR name, const PAUX_MODULE_EXTENDED_INFO modules, DWORD modulesCount) @@ -391,18 +392,19 @@ FORT_API void UnloadModule(PLOADEDMODULE pModule) } } -FORT_API NTSTATUS CallModuleEntry( - PLOADEDMODULE pModule, PDRIVER_OBJECT driver, PUNICODE_STRING regPath) +FORT_API NTSTATUS CallModuleEntry(PLOADEDMODULE pModule, PDRIVER_OBJECT driver, + PUNICODE_STRING regPath, PFORT_PROXYCB_INFO cbInfo) { DriverCallbackEntryProc driverEntry = (DriverCallbackEntryProc) ModuleGetProcAddress(pModule, "DriverCallbackEntry"); if (driverEntry == NULL) return STATUS_PROCEDURE_NOT_FOUND; - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Module: Entry Proc: %p %x\n", - driverEntry, *(PDWORD) (PVOID) &driverEntry); + DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, + "FORT: Loader Module: Entry Proc: %p data=%x\n", driverEntry, + *(PDWORD) (PVOID) &driverEntry); - return driverEntry(driver, regPath); + return driverEntry(driver, regPath, cbInfo); } /* Retrieve address of an exported function from the loaded module. */ diff --git a/src/driver/loader/fortmm.h b/src/driver/loader/fortmm.h index 7242182d..befc8d39 100644 --- a/src/driver/loader/fortmm.h +++ b/src/driver/loader/fortmm.h @@ -3,6 +3,8 @@ #include "fortdl.h" +#include "../proxycb/fortpcb_def.h" + #if defined(__cplusplus) extern "C" { #endif @@ -16,8 +18,8 @@ FORT_API NTSTATUS LoadModuleFromMemory(PLOADEDMODULE pModule, PUCHAR lpData, DWO FORT_API void UnloadModule(PLOADEDMODULE pModule); -FORT_API NTSTATUS CallModuleEntry( - PLOADEDMODULE pModule, PDRIVER_OBJECT driver, PUNICODE_STRING regPath); +FORT_API NTSTATUS CallModuleEntry(PLOADEDMODULE pModule, PDRIVER_OBJECT driver, + PUNICODE_STRING regPath, PFORT_PROXYCB_INFO cbInfo); FORT_API FARPROC ModuleGetProcAddress(PLOADEDMODULE pModule, LPCSTR funcName); diff --git a/src/driver/proxycb/fortpcb_def.h b/src/driver/proxycb/fortpcb_def.h index 1113e1cb..f5f3d22f 100644 --- a/src/driver/proxycb/fortpcb_def.h +++ b/src/driver/proxycb/fortpcb_def.h @@ -9,75 +9,15 @@ extern "C" { typedef void (*ProxyCallbackProc)(void); +typedef struct fort_proxycb_info +{ + ProxyCallbackProc *src; + ProxyCallbackProc *dst; + ProxyCallbackProc *callbacks; +} FORT_PROXYCB_INFO, *PFORT_PROXYCB_INFO; + #define PROXY_CALLBACKS_COUNT 64 -#define ProxyCallbackExtern(i) extern void proxyCallback##i(void) - -ProxyCallbackExtern(0); -ProxyCallbackExtern(1); -ProxyCallbackExtern(2); -ProxyCallbackExtern(3); -ProxyCallbackExtern(4); -ProxyCallbackExtern(5); -ProxyCallbackExtern(6); -ProxyCallbackExtern(7); -ProxyCallbackExtern(8); -ProxyCallbackExtern(9); -ProxyCallbackExtern(10); -ProxyCallbackExtern(11); -ProxyCallbackExtern(12); -ProxyCallbackExtern(13); -ProxyCallbackExtern(14); -ProxyCallbackExtern(15); -ProxyCallbackExtern(16); -ProxyCallbackExtern(17); -ProxyCallbackExtern(18); -ProxyCallbackExtern(19); -ProxyCallbackExtern(20); -ProxyCallbackExtern(21); -ProxyCallbackExtern(22); -ProxyCallbackExtern(23); -ProxyCallbackExtern(24); -ProxyCallbackExtern(25); -ProxyCallbackExtern(26); -ProxyCallbackExtern(27); -ProxyCallbackExtern(28); -ProxyCallbackExtern(29); -ProxyCallbackExtern(30); -ProxyCallbackExtern(31); -ProxyCallbackExtern(32); -ProxyCallbackExtern(33); -ProxyCallbackExtern(34); -ProxyCallbackExtern(35); -ProxyCallbackExtern(36); -ProxyCallbackExtern(37); -ProxyCallbackExtern(38); -ProxyCallbackExtern(39); -ProxyCallbackExtern(40); -ProxyCallbackExtern(41); -ProxyCallbackExtern(42); -ProxyCallbackExtern(43); -ProxyCallbackExtern(44); -ProxyCallbackExtern(45); -ProxyCallbackExtern(46); -ProxyCallbackExtern(47); -ProxyCallbackExtern(48); -ProxyCallbackExtern(49); -ProxyCallbackExtern(50); -ProxyCallbackExtern(51); -ProxyCallbackExtern(52); -ProxyCallbackExtern(53); -ProxyCallbackExtern(54); -ProxyCallbackExtern(55); -ProxyCallbackExtern(56); -ProxyCallbackExtern(57); -ProxyCallbackExtern(58); -ProxyCallbackExtern(59); -ProxyCallbackExtern(60); -ProxyCallbackExtern(61); -ProxyCallbackExtern(62); -ProxyCallbackExtern(63); - #ifdef __cplusplus } // extern "C" #endif diff --git a/src/driver/proxycb/fortpcb_dst.c b/src/driver/proxycb/fortpcb_dst.c index b58c77fc..3b5ca38e 100644 --- a/src/driver/proxycb/fortpcb_dst.c +++ b/src/driver/proxycb/fortpcb_dst.c @@ -2,10 +2,160 @@ #include "fortpcb_dst.h" -ProxyCallbackProc g_proxyDstCallbacks[PROXY_CALLBACKS_COUNT]; +#ifdef _WIN64 -FORT_API void fort_proxycb_dst_setup(void) +# define ProxyCallbackExtern(i) extern void proxyCallback##i(void) + +ProxyCallbackExtern(0); +ProxyCallbackExtern(1); +ProxyCallbackExtern(2); +ProxyCallbackExtern(3); +ProxyCallbackExtern(4); +ProxyCallbackExtern(5); +ProxyCallbackExtern(6); +ProxyCallbackExtern(7); +ProxyCallbackExtern(8); +ProxyCallbackExtern(9); +ProxyCallbackExtern(10); +ProxyCallbackExtern(11); +ProxyCallbackExtern(12); +ProxyCallbackExtern(13); +ProxyCallbackExtern(14); +ProxyCallbackExtern(15); +ProxyCallbackExtern(16); +ProxyCallbackExtern(17); +ProxyCallbackExtern(18); +ProxyCallbackExtern(19); +ProxyCallbackExtern(20); +ProxyCallbackExtern(21); +ProxyCallbackExtern(22); +ProxyCallbackExtern(23); +ProxyCallbackExtern(24); +ProxyCallbackExtern(25); +ProxyCallbackExtern(26); +ProxyCallbackExtern(27); +ProxyCallbackExtern(28); +ProxyCallbackExtern(29); +ProxyCallbackExtern(30); +ProxyCallbackExtern(31); +ProxyCallbackExtern(32); +ProxyCallbackExtern(33); +ProxyCallbackExtern(34); +ProxyCallbackExtern(35); +ProxyCallbackExtern(36); +ProxyCallbackExtern(37); +ProxyCallbackExtern(38); +ProxyCallbackExtern(39); +ProxyCallbackExtern(40); +ProxyCallbackExtern(41); +ProxyCallbackExtern(42); +ProxyCallbackExtern(43); +ProxyCallbackExtern(44); +ProxyCallbackExtern(45); +ProxyCallbackExtern(46); +ProxyCallbackExtern(47); +ProxyCallbackExtern(48); +ProxyCallbackExtern(49); +ProxyCallbackExtern(50); +ProxyCallbackExtern(51); +ProxyCallbackExtern(52); +ProxyCallbackExtern(53); +ProxyCallbackExtern(54); +ProxyCallbackExtern(55); +ProxyCallbackExtern(56); +ProxyCallbackExtern(57); +ProxyCallbackExtern(58); +ProxyCallbackExtern(59); +ProxyCallbackExtern(60); +ProxyCallbackExtern(61); +ProxyCallbackExtern(62); +ProxyCallbackExtern(63); + +static ProxyCallbackProc g_proxyDstCallbacks[PROXY_CALLBACKS_COUNT] = { + proxyCallback0, + proxyCallback1, + proxyCallback2, + proxyCallback3, + proxyCallback4, + proxyCallback5, + proxyCallback6, + proxyCallback7, + proxyCallback8, + proxyCallback9, + proxyCallback10, + proxyCallback11, + proxyCallback12, + proxyCallback13, + proxyCallback14, + proxyCallback15, + proxyCallback16, + proxyCallback17, + proxyCallback18, + proxyCallback19, + proxyCallback20, + proxyCallback21, + proxyCallback22, + proxyCallback23, + proxyCallback24, + proxyCallback25, + proxyCallback26, + proxyCallback27, + proxyCallback28, + proxyCallback29, + proxyCallback30, + proxyCallback31, + proxyCallback32, + proxyCallback33, + proxyCallback34, + proxyCallback35, + proxyCallback36, + proxyCallback37, + proxyCallback38, + proxyCallback39, + proxyCallback40, + proxyCallback41, + proxyCallback42, + proxyCallback43, + proxyCallback44, + proxyCallback45, + proxyCallback46, + proxyCallback47, + proxyCallback48, + proxyCallback49, + proxyCallback50, + proxyCallback51, + proxyCallback52, + proxyCallback53, + proxyCallback54, + proxyCallback55, + proxyCallback56, + proxyCallback57, + proxyCallback58, + proxyCallback59, + proxyCallback60, + proxyCallback61, + proxyCallback62, + proxyCallback63, +}; + +#endif + +static ProxyCallbackProc g_proxyCallbacks[PROXY_CALLBACKS_COUNT]; + +ProxyCallbackProc *g_proxyCallbacksPtr; + +FORT_API void fort_proxycb_dst_prepare(PFORT_PROXYCB_INFO cbInfo) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: ProxyCbDst Setup: %p\n", - &proxyCallback0); + cbInfo->dst = g_proxyCallbacks; + cbInfo->callbacks = g_proxyCallbacks; +} + +FORT_API void fort_proxycb_dst_setup(PFORT_PROXYCB_INFO cbInfo) +{ +#ifdef _WIN64 + cbInfo->dst = g_proxyDstCallbacks; + g_proxyCallbacksPtr = g_proxyCallbacks; +#else + Q_UNUSED(cbInfo); +#endif } diff --git a/src/driver/proxycb/fortpcb_dst.h b/src/driver/proxycb/fortpcb_dst.h index 92a6b9f8..57310711 100644 --- a/src/driver/proxycb/fortpcb_dst.h +++ b/src/driver/proxycb/fortpcb_dst.h @@ -7,9 +7,10 @@ extern "C" { #endif -extern ProxyCallbackProc g_proxyDstCallbacks[PROXY_CALLBACKS_COUNT]; +extern ProxyCallbackProc *g_proxyCallbacksPtr; -FORT_API void fort_proxycb_dst_setup(void); +FORT_API void fort_proxycb_dst_prepare(PFORT_PROXYCB_INFO cbInfo); +FORT_API void fort_proxycb_dst_setup(PFORT_PROXYCB_INFO cbInfo); #ifdef __cplusplus } // extern "C" diff --git a/src/driver/proxycb/fortpcb_dst_x86.asm b/src/driver/proxycb/fortpcb_dst_x86.asm index 591ea102..b8a70751 100644 --- a/src/driver/proxycb/fortpcb_dst_x86.asm +++ b/src/driver/proxycb/fortpcb_dst_x86.asm @@ -3,21 +3,16 @@ ELSE .model flat, stdcall ENDIF -.DATA -IFDEF RAX - g_proxyDstCallbacks QWORD 040H dup (?) -ELSE - g_proxyDstCallbacks DWORD 040H dup (?) -ENDIF +externdef g_proxyCallbacksPtr : far .CODE ProxyCallbackProc MACRO index:REQ IFDEF RAX pop rax - jmp QWORD PTR [g_proxyDstCallbacks + index * 8] + jmp QWORD PTR [g_proxyCallbacksPtr + index * 8] ELSE - jmp DWORD PTR [g_proxyDstCallbacks + index * 4] + jmp DWORD PTR [g_proxyCallbacksPtr + index * 4] ENDIF ENDM diff --git a/src/driver/proxycb/fortpcb_src.c b/src/driver/proxycb/fortpcb_src.c index 12394bde..205e49df 100644 --- a/src/driver/proxycb/fortpcb_src.c +++ b/src/driver/proxycb/fortpcb_src.c @@ -2,6 +2,73 @@ #include "fortpcb_src.h" +#define ProxyCallbackExtern(i) extern void proxyCallback##i(void) + +ProxyCallbackExtern(0); +ProxyCallbackExtern(1); +ProxyCallbackExtern(2); +ProxyCallbackExtern(3); +ProxyCallbackExtern(4); +ProxyCallbackExtern(5); +ProxyCallbackExtern(6); +ProxyCallbackExtern(7); +ProxyCallbackExtern(8); +ProxyCallbackExtern(9); +ProxyCallbackExtern(10); +ProxyCallbackExtern(11); +ProxyCallbackExtern(12); +ProxyCallbackExtern(13); +ProxyCallbackExtern(14); +ProxyCallbackExtern(15); +ProxyCallbackExtern(16); +ProxyCallbackExtern(17); +ProxyCallbackExtern(18); +ProxyCallbackExtern(19); +ProxyCallbackExtern(20); +ProxyCallbackExtern(21); +ProxyCallbackExtern(22); +ProxyCallbackExtern(23); +ProxyCallbackExtern(24); +ProxyCallbackExtern(25); +ProxyCallbackExtern(26); +ProxyCallbackExtern(27); +ProxyCallbackExtern(28); +ProxyCallbackExtern(29); +ProxyCallbackExtern(30); +ProxyCallbackExtern(31); +ProxyCallbackExtern(32); +ProxyCallbackExtern(33); +ProxyCallbackExtern(34); +ProxyCallbackExtern(35); +ProxyCallbackExtern(36); +ProxyCallbackExtern(37); +ProxyCallbackExtern(38); +ProxyCallbackExtern(39); +ProxyCallbackExtern(40); +ProxyCallbackExtern(41); +ProxyCallbackExtern(42); +ProxyCallbackExtern(43); +ProxyCallbackExtern(44); +ProxyCallbackExtern(45); +ProxyCallbackExtern(46); +ProxyCallbackExtern(47); +ProxyCallbackExtern(48); +ProxyCallbackExtern(49); +ProxyCallbackExtern(50); +ProxyCallbackExtern(51); +ProxyCallbackExtern(52); +ProxyCallbackExtern(53); +ProxyCallbackExtern(54); +ProxyCallbackExtern(55); +ProxyCallbackExtern(56); +ProxyCallbackExtern(57); +ProxyCallbackExtern(58); +ProxyCallbackExtern(59); +ProxyCallbackExtern(60); +ProxyCallbackExtern(61); +ProxyCallbackExtern(62); +ProxyCallbackExtern(63); + static ProxyCallbackProc g_proxySrcCallbacks[PROXY_CALLBACKS_COUNT] = { proxyCallback0, proxyCallback1, @@ -69,8 +136,14 @@ static ProxyCallbackProc g_proxySrcCallbacks[PROXY_CALLBACKS_COUNT] = { proxyCallback63, }; -FORT_API void fort_proxycb_src_setup(void) +ProxyCallbackProc *g_proxyDstCallbacksPtr; + +FORT_API void fort_proxycb_src_prepare(PFORT_PROXYCB_INFO cbInfo) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: ProxyCbSrc Setup: %p\n", - &proxyCallback0); + cbInfo->src = g_proxySrcCallbacks; +} + +FORT_API void fort_proxycb_src_setup(PFORT_PROXYCB_INFO cbInfo) +{ + g_proxyDstCallbacksPtr = cbInfo->dst; } diff --git a/src/driver/proxycb/fortpcb_src.h b/src/driver/proxycb/fortpcb_src.h index e1217f92..ba25eaa0 100644 --- a/src/driver/proxycb/fortpcb_src.h +++ b/src/driver/proxycb/fortpcb_src.h @@ -7,7 +7,10 @@ extern "C" { #endif -FORT_API void fort_proxycb_src_setup(void); +extern ProxyCallbackProc *g_proxyDstCallbacksPtr; + +FORT_API void fort_proxycb_src_prepare(PFORT_PROXYCB_INFO cbInfo); +FORT_API void fort_proxycb_src_setup(PFORT_PROXYCB_INFO cbInfo); #ifdef __cplusplus } // extern "C" diff --git a/src/driver/proxycb/fortpcb_def.c b/src/driver/proxycb/fortpcb_src_dummy.c similarity index 95% rename from src/driver/proxycb/fortpcb_def.c rename to src/driver/proxycb/fortpcb_src_dummy.c index 44e888b7..709a4961 100644 --- a/src/driver/proxycb/fortpcb_def.c +++ b/src/driver/proxycb/fortpcb_src_dummy.c @@ -1,6 +1,6 @@ -/* Fort Firewall Driver Loader: Proxy Callbacks: Dummy */ +/* Fort Firewall Driver Loader: Proxy Callbacks: Source Dummy */ -#include "fortpcb_def.h" +#include "fortpcb_src.h" ProxyCallbackProc g_proxyDstProcs[PROXY_CALLBACKS_COUNT]; diff --git a/src/driver/proxycb/fortpcb_src_x86.asm b/src/driver/proxycb/fortpcb_src_x86.asm index f4653be1..810cab0c 100644 --- a/src/driver/proxycb/fortpcb_src_x86.asm +++ b/src/driver/proxycb/fortpcb_src_x86.asm @@ -3,22 +3,17 @@ ELSE .model flat, stdcall ENDIF -.DATA -IFDEF RAX - g_proxyDstProcs QWORD 040H dup (?) -ELSE - g_proxyDstProcs DWORD 040H dup (?) -ENDIF +externdef g_proxyDstCallbacksPtr : far .CODE ProxyCallbackProc MACRO index:REQ IFDEF RAX push rax - mov rax, [g_proxyDstProcs + index * 8] + mov rax, [g_proxyDstCallbacksPtr + index * 8] jmp rax ELSE - jmp DWORD PTR [g_proxyDstProcs + index * 4] + jmp DWORD PTR [g_proxyDstCallbacksPtr + index * 4] ENDIF ENDM