DriverLoader: Wrap debug outputs to "#ifdef FORT_DEBUG"

This commit is contained in:
Nodir Temirkhodjaev 2021-12-19 13:23:11 +03:00
parent 03b4fd74a2
commit 272e78a62f
5 changed files with 28 additions and 0 deletions

View File

@ -13,8 +13,10 @@ FORT_API FortCallbackFunc fort_callback(int id, FortCallbackFunc func)
ProxyCallbackProc cb = g_callbackInfo.src[id]; ProxyCallbackProc cb = g_callbackInfo.src[id];
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Proxy Callback: i=%d func=%p cb=%p\n", id, func, cb); "FORT: Proxy Callback: i=%d func=%p cb=%p\n", id, func, cb);
#endif
g_callbackInfo.callbacks[id] = func; g_callbackInfo.callbacks[id] = func;
return cb; return cb;

View File

@ -66,7 +66,9 @@ static NTSTATUS fort_loader_init(PUNICODE_STRING driverPath)
{ {
NTSTATUS status; NTSTATUS status;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Init: [%wZ]\n", driverPath); DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Init: [%wZ]\n", driverPath);
#endif
/* Load the driver file */ /* Load the driver file */
PUCHAR data = NULL; PUCHAR data = NULL;

View File

@ -116,10 +116,12 @@ FORT_API NTSTATUS fort_image_payload(
const int alignedSignatureSize = fort_le_u16_read(paylodInfo, 2); const int alignedSignatureSize = fort_le_u16_read(paylodInfo, 2);
const int payloadSize = fort_le_u32_read(paylodInfo, 4); const int payloadSize = fort_le_u32_read(paylodInfo, 4);
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Image Load: size=%d signatureSize=%d alignedSignatureSize=%d " "FORT: Loader Image Load: size=%d signatureSize=%d alignedSignatureSize=%d "
"payloadSize=%d\n", "payloadSize=%d\n",
dataSize, signatureSize, alignedSignatureSize, payloadSize); dataSize, signatureSize, alignedSignatureSize, payloadSize);
#endif
const PUCHAR signature = paylodInfo - alignedSignatureSize; const PUCHAR signature = paylodInfo - alignedSignatureSize;
const PUCHAR payload = signature - payloadSize; const PUCHAR payload = signature - payloadSize;

View File

@ -81,9 +81,11 @@ static VOID ZeroDataSectionTable(
section->Misc.PhysicalAddress = (DWORD) (uintptr_t) dest; section->Misc.PhysicalAddress = (DWORD) (uintptr_t) dest;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Zero Section: offset=%d size=%d\n", section->VirtualAddress, "FORT: Loader Module: Zero Section: offset=%d size=%d\n", section->VirtualAddress,
sectionSize); sectionSize);
#endif
} }
static NTSTATUS CopySectionTable(PUCHAR pImage, PIMAGE_NT_HEADERS pNtHeaders, const PUCHAR lpData, static NTSTATUS CopySectionTable(PUCHAR pImage, PIMAGE_NT_HEADERS pNtHeaders, const PUCHAR lpData,
@ -113,9 +115,11 @@ static NTSTATUS CopySectionTable(PUCHAR pImage, PIMAGE_NT_HEADERS pNtHeaders, co
*/ */
section->Misc.PhysicalAddress = (DWORD) (uintptr_t) dest; section->Misc.PhysicalAddress = (DWORD) (uintptr_t) dest;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Copy Section: src-offset=%x offset=%x size=%x data=%x\n", "FORT: Loader Module: Copy Section: src-offset=%x offset=%x size=%x data=%x\n",
section->PointerToRawData, section->VirtualAddress, sectionSize, *(PDWORD) dest); section->PointerToRawData, section->VirtualAddress, sectionSize, *(PDWORD) dest);
#endif
} }
return STATUS_SUCCESS; return STATUS_SUCCESS;
@ -128,8 +132,10 @@ static void PatchAddressRelocations(
PUSHORT relInfo = (PUSHORT) ((PUCHAR) relocation + sizeof(IMAGE_BASE_RELOCATION)); PUSHORT relInfo = (PUSHORT) ((PUCHAR) relocation + sizeof(IMAGE_BASE_RELOCATION));
const DWORD relInfoCount = (relocation->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / 2; const DWORD relInfoCount = (relocation->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / 2;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Relocation: dest=%p count=%d\n", dest, relInfoCount); "FORT: Loader Module: Relocation: dest=%p count=%d\n", dest, relInfoCount);
#endif
for (DWORD i = 0; i < relInfoCount; ++i, ++relInfo) { for (DWORD i = 0; i < relInfoCount; ++i, ++relInfo) {
const INT type = *relInfo >> 12; /* the upper 4 bits define the type of relocation */ const INT type = *relInfo >> 12; /* the upper 4 bits define the type of relocation */
@ -169,8 +175,10 @@ static NTSTATUS PerformBaseRelocation(
PIMAGE_DATA_DIRECTORY directory = PIMAGE_DATA_DIRECTORY directory =
&(pHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC]); &(pHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC]);
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Relocation: size=%d delta=%d\n", directory->Size, locationDelta); "FORT: Loader Module: Relocation: size=%d delta=%d\n", directory->Size, locationDelta);
#endif
if (directory->Size == 0) { if (directory->Size == 0) {
return (locationDelta == 0) ? STATUS_SUCCESS : STATUS_UNSUCCESSFUL; return (locationDelta == 0) ? STATUS_SUCCESS : STATUS_UNSUCCESSFUL;
@ -217,8 +225,10 @@ static NTSTATUS BuildImportTableLibrary(PUCHAR codeBase, const PIMAGE_IMPORT_DES
"FORT: Loader Module: Error: Procedure Not Found: %s: %s\n", libName, funcName); "FORT: Loader Module: Error: Procedure Not Found: %s: %s\n", libName, funcName);
status = STATUS_PROCEDURE_NOT_FOUND; status = STATUS_PROCEDURE_NOT_FOUND;
} else { } else {
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Import: %s: %s: %p\n", libName, funcName, *funcRef); "FORT: Loader Module: Import: %s: %s: %p\n", libName, funcName, *funcRef);
#endif
} }
} }
@ -339,10 +349,12 @@ static NTSTATUS InitializeModuleImage(PUCHAR pImage, const PIMAGE_NT_HEADERS lpN
{ {
NTSTATUS status; NTSTATUS status;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Init Image: SizeOfHeaders=%d EntryPoint=%d ImageBase=%x\n", "FORT: Loader Module: Init Image: SizeOfHeaders=%d EntryPoint=%d ImageBase=%x\n",
lpNtHeaders->OptionalHeader.SizeOfHeaders, lpNtHeaders->OptionalHeader.SizeOfHeaders,
lpNtHeaders->OptionalHeader.AddressOfEntryPoint, lpNtHeaders->OptionalHeader.ImageBase); lpNtHeaders->OptionalHeader.AddressOfEntryPoint, lpNtHeaders->OptionalHeader.ImageBase);
#endif
/* Copy PE header */ /* Copy PE header */
RtlCopyMemory(pImage, lpData, lpNtHeaders->OptionalHeader.SizeOfHeaders); RtlCopyMemory(pImage, lpData, lpNtHeaders->OptionalHeader.SizeOfHeaders);
@ -386,15 +398,19 @@ FORT_API NTSTATUS LoadModuleFromMemory(PLOADEDMODULE pModule, const PUCHAR lpDat
const PIMAGE_NT_HEADERS pNtHeaders = fort_nt_headers(lpData); const PIMAGE_NT_HEADERS pNtHeaders = fort_nt_headers(lpData);
const DWORD imageSize = MAX_ALIGNED(pNtHeaders->OptionalHeader.SizeOfImage, PAGE_SIZE); const DWORD imageSize = MAX_ALIGNED(pNtHeaders->OptionalHeader.SizeOfImage, PAGE_SIZE);
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: data=%p size=%d imageSize=%d\n", lpData, dwSize, imageSize); "FORT: Loader Module: data=%p size=%d imageSize=%d\n", lpData, dwSize, imageSize);
#endif
/* Allocate the region */ /* Allocate the region */
PUCHAR pImage = fort_mem_exec_alloc(imageSize, FORT_LOADER_POOL_TAG); PUCHAR pImage = fort_mem_exec_alloc(imageSize, FORT_LOADER_POOL_TAG);
if (pImage == NULL) if (pImage == NULL)
return STATUS_NO_MEMORY; return STATUS_NO_MEMORY;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Module: image=%p\n", pImage); DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Module: image=%p\n", pImage);
#endif
status = InitializeModuleImage(pImage, pNtHeaders, lpData, dwSize, imageSize); status = InitializeModuleImage(pImage, pNtHeaders, lpData, dwSize, imageSize);
@ -425,9 +441,11 @@ NTSTATUS SetupModuleCallbacks(PLOADEDMODULE pModule, PFORT_PROXYCB_INFO cbInfo)
if (cbSetup == NULL) if (cbSetup == NULL)
return STATUS_PROCEDURE_NOT_FOUND; return STATUS_PROCEDURE_NOT_FOUND;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Setup Callbacks: %p data=%x\n", cbSetup, "FORT: Loader Module: Setup Callbacks: %p data=%x\n", cbSetup,
*(PDWORD) (PVOID) &cbSetup); *(PDWORD) (PVOID) &cbSetup);
#endif
return cbSetup(cbInfo); return cbSetup(cbInfo);
} }
@ -439,9 +457,11 @@ FORT_API NTSTATUS CallModuleEntry(
if (driverEntry == NULL) if (driverEntry == NULL)
return STATUS_PROCEDURE_NOT_FOUND; return STATUS_PROCEDURE_NOT_FOUND;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Driver Entry: %p data=%x\n", driverEntry, "FORT: Loader Module: Driver Entry: %p data=%x\n", driverEntry,
*(PDWORD) (PVOID) &driverEntry); *(PDWORD) (PVOID) &driverEntry);
#endif
return driverEntry(driver, regPath); return driverEntry(driver, regPath);
} }

View File

@ -85,8 +85,10 @@ FORT_API void fort_proxycb_drv_setup(PDRIVER_DISPATCH *driver_major_funcs)
PDRIVER_DISPATCH cb = g_proxyMajorCallbacks[i]; PDRIVER_DISPATCH cb = g_proxyMajorCallbacks[i];
driver_major_funcs[i] = cb; driver_major_funcs[i] = cb;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Proxy Major: i=%d func=%p cb=%p\n", i, major_func, cb); "FORT: Proxy Major: i=%d func=%p cb=%p\n", i, major_func, cb);
#endif
} }
} }
} }