Driver: Prepare major funcs proxying

src/driver/FortFirewallDriver.pro

@@ -24,6 +24,7 @@ SOURCES += \
     loader/fortimg.c \
     loader/fortmm.c \
     proxycb/fortpcb_def.c \
+    proxycb/fortpcb_drv.c \
     proxycb/fortpcb_dst.c \
     proxycb/fortpcb_src.c \
     wdm/um_aux_klib.c \
@@ -52,6 +53,7 @@ HEADERS += \
     loader/fortimg.h \
     loader/fortmm.h \
     proxycb/fortpcb_def.h \
+    proxycb/fortpcb_drv.h \
     proxycb/fortpcb_dst.h \
     proxycb/fortpcb_src.h \
     wdm/um_aux_klib.h \

src/driver/fortdrv.c

@@ -39,7 +39,7 @@ static void fort_driver_unload(PDRIVER_OBJECT driver)
     }
 }
 
-NTSTATUS __declspec(dllexport) DriverCallbackEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
+static NTSTATUS fort_driver_load(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
 {
     NTSTATUS status;
 
@@ -80,11 +80,11 @@ NTSTATUS __declspec(dllexport) DriverCallbackEntry(PDRIVER_OBJECT driver, PUNICO
     return fort_device_load(device_obj);
 }
 
-NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
+NTSTATUS __declspec(dllexport) DriverCallbackEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
 {
     NTSTATUS status;
 
-    status = DriverCallbackEntry(driver, reg_path);
+    status = fort_driver_load(driver, reg_path);
 
     if (!NT_SUCCESS(status)) {
         DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Entry: Error: %x\n", status);
@@ -93,3 +93,8 @@ NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
 
     return status;
 }
+
+NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
+{
+    return DriverCallbackEntry(driver, reg_path);
+}

src/driver/loader/fortdl.c

@@ -3,8 +3,9 @@
 #include "fortdl.h"
 
 #include "../fortutl.h"
-
+#include "../proxycb/fortpcb_drv.h"
 #include "../proxycb/fortpcb_src.h"
+
 #include "fortimg.h"
 #include "fortmm.h"
 
@@ -12,15 +13,16 @@ typedef struct fort_loader
 {
     LOADEDMODULE module;
 
-    PDRIVER_UNLOAD driver_unload;
+    PDRIVER_UNLOAD DriverUnload;
 } FORT_LOADER, *PFORT_LOADER;
 
 static FORT_LOADER g_loader;
 
 static void fort_loader_unload(PDRIVER_OBJECT driver)
 {
-    if (g_loader.driver_unload) {
-        g_loader.driver_unload(driver);
+    if (g_loader.DriverUnload) {
+        g_loader.DriverUnload(driver);
+        g_loader.DriverUnload = NULL;
     }
 
     UnloadModule(&g_loader.module);
@@ -30,16 +32,20 @@ static NTSTATUS fort_loader_entry(PDRIVER_OBJECT driver, PUNICODE_STRING regPath
 {
     NTSTATUS status;
 
+    /* Setup the proxy callbacks */
     fort_proxycb_src_setup();
 
+    /* Run the module entry function */
     status = CallModuleEntry(&g_loader.module, driver, regPath);
     if (!NT_SUCCESS(status))
         return status;
 
-    /* Chain the driver unloaders */
-    g_loader.driver_unload = driver->DriverUnload;
+    /* Proxy the driver major functions */
+    g_loader.DriverUnload = driver->DriverUnload;
     driver->DriverUnload = fort_loader_unload;
 
+    fort_proxycb_drv_setup(driver->MajorFunction);
+
     return status;
 }
 

src/driver/loader/fortdl_amalg.c

@@ -5,6 +5,7 @@
 
 #include "../fortutl.c"
 
+#include "../proxycb/fortpcb_drv.c"
 #include "../proxycb/fortpcb_src.c"
 
 #include "fortmm.c"

src/driver/proxycb/fortpcb_drv.c

@@ -0,0 +1,89 @@
+/* Fort Firewall Driver Loader: Proxy Callbacks: Driver Major Functions */
+
+#include "fortpcb_drv.h"
+
+#define FORT_DRIVER_MAJOR_FUNC_MAX (IRP_MJ_MAXIMUM_FUNCTION + 1)
+
+static_assert(FORT_DRIVER_MAJOR_FUNC_MAX == 28, "Driver Major Functions Count Mismatch");
+
+static PDRIVER_DISPATCH g_proxyDrvCallbacks[FORT_DRIVER_MAJOR_FUNC_MAX];
+
+#define DispatchProc(i)                                                                            \
+    static NTSTATUS dispatch##i(PDEVICE_OBJECT device, PIRP irp)                                   \
+    {                                                                                              \
+        return g_proxyDrvCallbacks[(i)]((device), (irp));                                          \
+    }
+
+DispatchProc(0);
+DispatchProc(1);
+DispatchProc(2);
+DispatchProc(3);
+DispatchProc(4);
+DispatchProc(5);
+DispatchProc(6);
+DispatchProc(7);
+DispatchProc(8);
+DispatchProc(9);
+DispatchProc(10);
+DispatchProc(11);
+DispatchProc(12);
+DispatchProc(13);
+DispatchProc(14);
+DispatchProc(15);
+DispatchProc(16);
+DispatchProc(17);
+DispatchProc(18);
+DispatchProc(19);
+DispatchProc(20);
+DispatchProc(21);
+DispatchProc(22);
+DispatchProc(23);
+DispatchProc(24);
+DispatchProc(25);
+DispatchProc(26);
+DispatchProc(27);
+
+static PDRIVER_DISPATCH g_dispatchProcs[FORT_DRIVER_MAJOR_FUNC_MAX] = {
+    dispatch0,
+    dispatch1,
+    dispatch2,
+    dispatch3,
+    dispatch4,
+    dispatch5,
+    dispatch6,
+    dispatch7,
+    dispatch8,
+    dispatch9,
+    dispatch10,
+    dispatch11,
+    dispatch12,
+    dispatch13,
+    dispatch14,
+    dispatch15,
+    dispatch16,
+    dispatch17,
+    dispatch18,
+    dispatch19,
+    dispatch20,
+    dispatch21,
+    dispatch22,
+    dispatch23,
+    dispatch24,
+    dispatch25,
+    dispatch26,
+    dispatch27,
+};
+
+FORT_API void fort_proxycb_drv_setup(PDRIVER_DISPATCH *driver_major_funcs)
+{
+    for (int i = 0; i < FORT_DRIVER_MAJOR_FUNC_MAX; ++i) {
+        PDRIVER_DISPATCH drv_func = driver_major_funcs[i];
+        if (drv_func != NULL) {
+            g_proxyDrvCallbacks[i] = drv_func;
+            driver_major_funcs[i] = g_dispatchProcs[i];
+
+            DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
+                    "FORT: fort_proxycb_drv_setup: %d\n", i);
+        }
+    }
+}

src/driver/proxycb/fortpcb_drv.h

@@ -0,0 +1,16 @@
+#ifndef FORTPCB_DRV_H
+#define FORTPCB_DRV_H
+
+#include "../fortdrv.h"
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+FORT_API void fort_proxycb_drv_setup(PDRIVER_DISPATCH *driver_major_funcs);
+
+#ifdef __cplusplus
+} // extern "C"
+#endif
+
+#endif // FORTPCB_DRV_H