Driver: Add fortutl.* for utility functions.

2024-11-15 09:36:28 +00:00 · 2021-11-01 20:03:23 +03:00 · 2021-11-01 20:03:23 +03:00 · 4ce9bf1540
commit 4ce9bf1540
parent a7f3c408c5
5 changed files with 127 additions and 81 deletions
--- a/src/driver/FortFirewallDriver.pro
+++ b/src/driver/FortFirewallDriver.pro
@ -17,6 +17,7 @@ SOURCES += \
    forttds.c \
    forttlsf.c \
    forttmr.c \
+    fortutl.c \
    fortwrk.c \
    loader/fortdl.c \
    wdm/um_fwpmk.c \
@ -37,6 +38,7 @@ HEADERS += \
    forttds.h \
    forttlsf.h \
    forttmr.h \
+    fortutl.h \
    fortwrk.h \
    wdm/um_fwpmk.h \
    wdm/um_fwpsk.h \
--- a/src/driver/fortutl.c
+++ b/src/driver/fortutl.c
@ -0,0 +1,77 @@
+/* Fort Firewall Utilities */
+
+#include "fortutl.h"
+
+#define FORT_UTIL_POOL_TAG 'UwfF'
+
+FORT_API NTSTATUS fort_reg_value(HANDLE regKey, PUNICODE_STRING valueName, PWSTR *outData)
+{
+    NTSTATUS status;
+
+    ULONG keyInfoSize;
+    status = ZwQueryValueKey(regKey, valueName, KeyValueFullInformation, NULL, 0, &keyInfoSize);
+    if (status != STATUS_BUFFER_TOO_SMALL || status != STATUS_BUFFER_OVERFLOW)
+        return status;
+
+    PKEY_VALUE_FULL_INFORMATION keyInfo = fort_mem_alloc(keyInfoSize, FORT_UTIL_POOL_TAG);
+    if (keyInfo == NULL)
+        return STATUS_INSUFFICIENT_RESOURCES;
+
+    status = ZwQueryValueKey(
+            regKey, valueName, KeyValueFullInformation, keyInfo, keyInfoSize, &keyInfoSize);
+
+    if (NT_SUCCESS(status)) {
+        const PUCHAR src = ((const PUCHAR) keyInfo + keyInfo->DataOffset);
+        const ULONG len = keyInfo->DataLength;
+
+        PWSTR buf = ExAllocatePool(NonPagedPool, len);
+        if (buf == NULL) {
+            status = STATUS_INSUFFICIENT_RESOURCES;
+        } else {
+            RtlCopyMemory(buf, src, len);
+
+            *outData = buf;
+        }
+    }
+
+    fort_mem_free(keyInfo, FORT_UTIL_POOL_TAG);
+
+    return status;
+}
+
+FORT_API NTSTATUS fort_driver_path(PDRIVER_OBJECT driver, PUNICODE_STRING regPath, PWSTR *outPath)
+{
+    NTSTATUS status;
+
+#if defined(FORT_WIN7_COMPAT)
+    UNUSED(driver);
+
+    HANDLE regKey;
+    OBJECT_ATTRIBUTES objectAttr;
+
+    InitializeObjectAttributes(
+            &objectAttr, regPath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
+
+    status = ZwOpenKey(&regKey, KEY_QUERY_VALUE, &objectAttr);
+    if (!NT_SUCCESS(status))
+        return status;
+
+    UNICODE_STRING valueName;
+    RtlInitUnicodeString(&valueName, L"ImagePath");
+
+    status = fortdl_reg_value(regKey, &valueName, outPath);
+
+    ZwClose(regKey);
+#else
+    UNUSED(regPath);
+
+    UNICODE_STRING path;
+    status = IoQueryFullDriverPath(driver, &path);
+
+    if (NT_SUCCESS(status)) {
+        *outPath = path.Buffer;
+    }
+#endif
+
+    return status;
+}
--- a/src/driver/fortutl.h
+++ b/src/driver/fortutl.h
@ -0,0 +1,18 @@
+#ifndef FORTUTL_H
+#define FORTUTL_H
+
+#include "fortdrv.h"
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+FORT_API NTSTATUS fort_reg_value(HANDLE regKey, PUNICODE_STRING valueName, PWSTR *outData);
+
+FORT_API NTSTATUS fort_driver_path(PDRIVER_OBJECT driver, PUNICODE_STRING regPath, PWSTR *outPath);
+
+#ifdef __cplusplus
+} // extern "C"
+#endif
+
+#endif // FORTUTL_H
--- a/src/driver/loader/fortdl.c
+++ b/src/driver/loader/fortdl.c
@ -2,9 +2,20 @@

 #include "fortdl.h"

+#include "../fortutl.h"
+
 #define FORTDL_MAX_FILE_SIZE (4 * 1024 * 1024)

-static NTSTATUS fortdl_read_file(HANDLE fileHandle, PUCHAR *outData)
+static NTSTATUS fortdl_load_image(PUCHAR data, DWORD dataSize)
+{
+    NTSTATUS status;
+
+    DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Load Image: %d\n", dataSize);
+
+    return STATUS_SUCCESS;
+}
+
+static NTSTATUS fortdl_read_file(HANDLE fileHandle, PUCHAR *outData, DWORD *outSize)
 {
    NTSTATUS status;

@ -47,11 +58,12 @@ static NTSTATUS fortdl_read_file(HANDLE fileHandle, PUCHAR *outData)
    } while (dataSize < fileSize);

    *outData = data;
+    *outSize = dataSize;

    return status;
 }

-static NTSTATUS fortdl_load_file(PCWSTR driverPath, PUCHAR *outData)
+static NTSTATUS fortdl_load_file(PCWSTR driverPath, PUCHAR *outData, DWORD *outSize)
 {
    NTSTATUS status;

@ -75,7 +87,8 @@ static NTSTATUS fortdl_load_file(PCWSTR driverPath, PUCHAR *outData)
            return status;
    }

-    status = fortdl_read_file(fileHandle, outData);
+    // Read File
+    status = fortdl_read_file(fileHandle, outData, outSize);

    ZwClose(fileHandle);

@ -93,95 +106,29 @@ static void fortdl_init(PDRIVER_OBJECT driver, PVOID context, ULONG count)

    /* Load the driver file */
    PUCHAR data = NULL;
+    DWORD dataSize = 0;
    {
-        status = fortdl_load_file(context, &data);
+        status = fortdl_load_file(context, &data, &dataSize);

        /* Free the allocated driver path */
        ExFreePool(context);
    }

+    // Prepare the driver image
+    PUCHAR image = NULL;
+    if (NT_SUCCESS(status)) {
+        status = fortdl_load_image(data, dataSize);
+
+        /* Free the allocated driver file data */
+        fortdl_free(data);
+    }
+
    if (!NT_SUCCESS(status)) {
        DbgPrintEx(
                DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Init: Error: %x\n", status);
    }
 }

-#if defined(FORT_WIN7_COMPAT)
-
-static NTSTATUS fortdl_reg_value(HANDLE regKey, PUNICODE_STRING valueName, PWSTR *out_path)
-{
-    NTSTATUS status;
-
-    ULONG keyInfoSize;
-    status = ZwQueryValueKey(regKey, valueName, KeyValueFullInformation, NULL, 0, &keyInfoSize);
-    if (status != STATUS_BUFFER_TOO_SMALL || status != STATUS_BUFFER_OVERFLOW)
-        return status;
-
-    PKEY_VALUE_FULL_INFORMATION keyInfo = fortdl_alloc(keyInfoSize);
-    if (keyInfo == NULL)
-        return STATUS_INSUFFICIENT_RESOURCES;
-
-    status = ZwQueryValueKey(
-            regKey, valueName, KeyValueFullInformation, keyInfo, keyInfoSize, &keyInfoSize);
-
-    if (NT_SUCCESS(status)) {
-        const PUCHAR src = ((const PUCHAR) keyInfo + keyInfo->DataOffset);
-        const ULONG len = keyInfo->DataLength;
-
-        PWSTR buf = ExAllocatePool(NonPagedPool, len);
-        if (buf == NULL) {
-            status = STATUS_INSUFFICIENT_RESOURCES;
-        } else {
-            RtlCopyMemory(buf, src, len);
-
-            *out_path = buf;
-        }
-    }
-
-    fortdl_free(keyInfo);
-
-    return status;
-}
-
-#endif
-
-static NTSTATUS fortdl_driver_path(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path, PWSTR *out_path)
-{
-    NTSTATUS status;
-
-#if defined(FORT_WIN7_COMPAT)
-    UNUSED(driver);
-
-    HANDLE regKey;
-    OBJECT_ATTRIBUTES objectAttr;
-
-    InitializeObjectAttributes(
-            &objectAttr, reg_path, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
-
-    status = ZwOpenKey(&regKey, KEY_QUERY_VALUE, &objectAttr);
-    if (!NT_SUCCESS(status))
-        return status;
-
-    UNICODE_STRING valueName;
-    RtlInitUnicodeString(&valueName, L"ImagePath");
-
-    status = fortdl_reg_value(regKey, &valueName, out_path);
-
-    ZwClose(regKey);
-#else
-    UNUSED(reg_path);
-
-    UNICODE_STRING path;
-    status = IoQueryFullDriverPath(driver, &path);
-
-    if (NT_SUCCESS(status)) {
-        *out_path = path.Buffer;
-    }
-#endif
-
-    return status;
-}
-
 NTSTATUS
 #if defined(FORT_DRIVER)
 DriverEntry
@ -193,7 +140,7 @@ DriverLoaderEntry
    NTSTATUS status;

    PWSTR driverPath = NULL;
-    status = fortdl_driver_path(driver, reg_path, &driverPath);
+    status = fort_driver_path(driver, reg_path, &driverPath);

    if (!NT_SUCCESS(status)) {
        DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Entry: Error: %x\n",
--- a/src/driver/loader/fortdl_amalg.c
+++ b/src/driver/loader/fortdl_amalg.c
@ -3,4 +3,6 @@
 #define FORT_AMALG
 #define FORT_DRIVER

+#include "../fortutl.c"
+
 #include "fortdl.c"