diff --git a/src/driver/FortFirewallDriver.pro b/src/driver/FortFirewallDriver.pro index 1c003a09..f20bb263 100644 --- a/src/driver/FortFirewallDriver.pro +++ b/src/driver/FortFirewallDriver.pro @@ -9,6 +9,7 @@ SOURCES += \ fortcb.c \ fortcnf.c \ fortcout.c \ + fortdbg.c \ fortdev.c \ fortdrv.c \ fortmod.c \ @@ -46,6 +47,7 @@ HEADERS += \ fortcnf.h \ fortcout.h \ fortcoutarg.h \ + fortdbg.h \ fortdev.h \ fortdrv.h \ fortmod.h \ diff --git a/src/driver/fortbuf.c b/src/driver/fortbuf.c index 7162d01a..a1f9a22d 100644 --- a/src/driver/fortbuf.c +++ b/src/driver/fortbuf.c @@ -2,6 +2,7 @@ #include "fortbuf.h" +#include "fortdbg.h" #include "fortdev.h" #include "forttrace.h" #include "fortutl.h" @@ -184,7 +185,7 @@ NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, BOOL isIPv6, BOOL inboun const UINT32 *local_ip, const UINT32 *remote_ip, UINT32 pid, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info) { - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_BUFFER_BLOCKED_IP_WRITE); NTSTATUS status; @@ -314,7 +315,7 @@ static void fort_device_cancel_pending(PDEVICE_OBJECT device, PIRP irp) { UNUSED(device); - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_DEVICE_CANCEL_PENDING); ULONG_PTR info; diff --git a/src/driver/fortcb.h b/src/driver/fortcb.h index 20df9ae5..06c58619 100644 --- a/src/driver/fortcb.h +++ b/src/driver/fortcb.h @@ -6,11 +6,11 @@ #include "proxycb/fortpcb_def.h" enum { - FORT_SYSCB_POWER = 0, - FORT_SYSCB_TIME, - FORT_TIMER_CALLBACK, - FORT_WORKER_CALLBACK, - FORT_PSTREE_NOTIFY, + FORT_CALLBACK_SYSCB_POWER = 0, + FORT_CALLBACK_SYSCB_TIME, + FORT_CALLBACK_TIMER_CALLBACK, + FORT_CALLBACK_WORKER_CALLBACK, + FORT_CALLBACK_PSTREE_NOTIFY, }; #if defined(__cplusplus) diff --git a/src/driver/fortcout.c b/src/driver/fortcout.c index 16d6cb1e..0e5297d2 100644 --- a/src/driver/fortcout.c +++ b/src/driver/fortcout.c @@ -7,6 +7,7 @@ #include "common/fortprov.h" #include "fortcoutarg.h" +#include "fortdbg.h" #include "fortdev.h" #include "fortps.h" #include "forttrace.h" @@ -70,8 +71,6 @@ inline static BOOL fort_callout_ale_associate_flow(PCFORT_CALLOUT_ARG ca, PCFORT_CALLOUT_ALE_INDEX ci, PFORT_CALLOUT_ALE_EXTRA cx, PFORT_CONF_REF conf_ref, FORT_APP_FLAGS app_flags) { - FORT_CHECK_STACK(); - const UINT64 flow_id = ca->inMetaValues->flowHandle; const IPPROTO ip_proto = (IPPROTO) ca->inFixedValues->incomingValue[ci->ipProto].value.uint8; @@ -104,8 +103,6 @@ inline static BOOL fort_callout_ale_associate_flow(PCFORT_CALLOUT_ARG ca, inline static void fort_callout_ale_log_app_path(PFORT_CALLOUT_ALE_EXTRA cx, PFORT_CONF_REF conf_ref, FORT_CONF_FLAGS conf_flags, FORT_APP_FLAGS app_flags) { - FORT_CHECK_STACK(); - if (app_flags.v != 0 || !conf_flags.filter_enabled || !(conf_flags.allow_all_new || conf_flags.log_blocked)) return; @@ -213,8 +210,6 @@ inline static void fort_callout_ale_log(PCFORT_CALLOUT_ARG ca, PCFORT_CALLOUT_AL inline static BOOL fort_callout_ale_check_filter_flags(PCFORT_CALLOUT_ARG ca, PFORT_CALLOUT_ALE_EXTRA cx, PFORT_CONF_REF conf_ref, FORT_CONF_FLAGS conf_flags) { - FORT_CHECK_STACK(); - if (conf_flags.stop_traffic) { cx->blocked = TRUE; /* block all */ return TRUE; @@ -290,8 +285,6 @@ inline static void fort_callout_ale_classify_allowed(PCFORT_CALLOUT_ARG ca, inline static void fort_callout_ale_check_conf(PCFORT_CALLOUT_ARG ca, PCFORT_CALLOUT_ALE_INDEX ci, PFORT_CALLOUT_ALE_EXTRA cx, PFORT_CONF_REF conf_ref) { - FORT_CHECK_STACK(); - const FORT_CONF_FLAGS conf_flags = conf_ref->conf.flags; const UINT32 process_id = (UINT32) ca->inMetaValues->processId; @@ -357,8 +350,6 @@ inline static void fort_callout_ale_by_conf(PCFORT_CALLOUT_ARG ca, PCFORT_CALLOU static void fort_callout_ale_classify(PFORT_CALLOUT_ARG ca, PCFORT_CALLOUT_ALE_INDEX ci) { - FORT_CHECK_STACK(); - const UINT32 classify_flags = ca->inFixedValues->incomingValue[ci->flags].value.uint32; const BOOL is_reauth = (classify_flags & FWP_CONDITION_FLAG_IS_REAUTHORIZE) != 0; @@ -391,7 +382,7 @@ static void NTAPI fort_callout_connect_v4(const FWPS_INCOMING_VALUES0 *inFixedVa const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData, const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut) { - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_CALLOUT_CONNECT_V4); FORT_CALLOUT_ARG ca = { .inFixedValues = inFixedValues, @@ -420,7 +411,7 @@ static void NTAPI fort_callout_connect_v6(const FWPS_INCOMING_VALUES0 *inFixedVa const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData, const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut) { - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_CALLOUT_CONNECT_V6); FORT_CALLOUT_ARG ca = { .inFixedValues = inFixedValues, @@ -449,7 +440,7 @@ static void NTAPI fort_callout_accept_v4(const FWPS_INCOMING_VALUES0 *inFixedVal const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData, const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut) { - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_CALLOUT_ACCEPT_V4); FORT_CALLOUT_ARG ca = { .inFixedValues = inFixedValues, @@ -478,7 +469,7 @@ static void NTAPI fort_callout_accept_v6(const FWPS_INCOMING_VALUES0 *inFixedVal const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData, const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut) { - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_CALLOUT_ACCEPT_V6); FORT_CALLOUT_ARG ca = { .inFixedValues = inFixedValues, @@ -515,8 +506,6 @@ static NTSTATUS NTAPI fort_callout_notify( inline static void fort_callout_flow_classify(PCFORT_CALLOUT_ARG ca, UINT32 dataSize) { - FORT_CHECK_STACK(); - const UINT32 headerSize = ca->inbound ? ca->inMetaValues->transportHeaderSize : 0; fort_flow_classify(&fort_device()->stat, ca->flowContext, headerSize + dataSize, ca->inbound); @@ -526,7 +515,7 @@ static void NTAPI fort_callout_stream_classify(const FWPS_INCOMING_VALUES0 *inFi const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData, const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut) { - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_CALLOUT_STREAM_CLASSIFY); FWPS_STREAM_CALLOUT_IO_PACKET0 *packet = layerData; @@ -553,8 +542,6 @@ static void NTAPI fort_callout_stream_classify(const FWPS_INCOMING_VALUES0 *inFi static void fort_callout_datagram_classify(PFORT_CALLOUT_ARG ca, PCFORT_CALLOUT_DATAGRAM_INDEX ci) { - FORT_CHECK_STACK(); - const PNET_BUFFER netBuf = NET_BUFFER_LIST_FIRST_NB(ca->netBufList); const UINT32 dataSize = NET_BUFFER_DATA_LENGTH(netBuf); @@ -571,7 +558,7 @@ static void NTAPI fort_callout_datagram_classify_v4(const FWPS_INCOMING_VALUES0 const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData, const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut) { - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_CALLOUT_DATAGRAM_CLASSIFY_V4); FORT_CALLOUT_ARG ca = { .inFixedValues = inFixedValues, @@ -593,7 +580,7 @@ static void NTAPI fort_callout_datagram_classify_v6(const FWPS_INCOMING_VALUES0 const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData, const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut) { - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_CALLOUT_DATAGRAM_CLASSIFY_V6); FORT_CALLOUT_ARG ca = { .inFixedValues = inFixedValues, @@ -616,6 +603,8 @@ static void NTAPI fort_callout_flow_delete(UINT16 layerId, UINT32 calloutId, UIN UNUSED(layerId); UNUSED(calloutId); + FORT_CHECK_STACK(FORT_CALLOUT_FLOW_DELETE); + fort_shaper_drop_flow_packets(&fort_device()->shaper, flowContext); fort_flow_delete(&fort_device()->stat, flowContext); @@ -623,8 +612,6 @@ static void NTAPI fort_callout_flow_delete(UINT16 layerId, UINT32 calloutId, UIN static void fort_callout_transport_classify(PFORT_CALLOUT_ARG ca) { - FORT_CHECK_STACK(); - if ((ca->classifyOut->rights & FWPS_RIGHT_ACTION_WRITE) == 0 || ca->classifyOut->actionType == FWP_ACTION_BLOCK) return; /* Can't act on the packet */ @@ -645,7 +632,7 @@ static void NTAPI fort_callout_transport_classify_in(const FWPS_INCOMING_VALUES0 const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData, const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut) { - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_CALLOUT_TRANSPORT_CLASSIFY_IN); FORT_CALLOUT_ARG ca = { .inFixedValues = inFixedValues, @@ -664,7 +651,7 @@ static void NTAPI fort_callout_transport_classify_out(const FWPS_INCOMING_VALUES const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData, const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut) { - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_CALLOUT_TRANSPORT_CLASSIFY_OUT); FORT_CALLOUT_ARG ca = { .inFixedValues = inFixedValues, @@ -797,6 +784,8 @@ static NTSTATUS fort_callout_install_packet(PDEVICE_OBJECT device, PFORT_STAT st FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device) { + FORT_CHECK_STACK(FORT_CALLOUT_INSTALL); + PFORT_STAT stat = &fort_device()->stat; fort_callout_init(); @@ -812,6 +801,8 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device) FORT_API void fort_callout_remove(void) { + FORT_CHECK_STACK(FORT_CALLOUT_REMOVE); + PFORT_STAT stat = &fort_device()->stat; const PUINT32 calloutIds = stat->callout_ids; @@ -887,7 +878,7 @@ static NTSTATUS fort_callout_force_reauth_prov( FORT_API NTSTATUS fort_callout_force_reauth(const FORT_CONF_FLAGS old_conf_flags) { - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_CALLOUT_FORCE_REAUTH); NTSTATUS status; @@ -974,7 +965,7 @@ inline static void fort_callout_flush_stat_traf( FORT_API void fort_callout_timer(void) { - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_CALLOUT_TIMER); PFORT_BUFFER buf = &fort_device()->buffer; PFORT_STAT stat = &fort_device()->stat; diff --git a/src/driver/fortdbg.c b/src/driver/fortdbg.c new file mode 100644 index 00000000..c6012f18 --- /dev/null +++ b/src/driver/fortdbg.c @@ -0,0 +1,18 @@ +/* Fort Firewall Debug */ + +#include "fortdbg.h" + +#define FORT_KERNEL_STACK_MIN_SIZE 1024 + +#define FORT_STATUS_INVALID_STACK 0x000000DC /* DRIVER_INVALID_STACK_ACCESS */ + +FORT_API void fort_check_stack(const char *func_name, FORT_FUNC_ID func_id) +{ + const UINT32 free_size = (UINT32) IoGetRemainingStackSize(); + + if (free_size < FORT_KERNEL_STACK_MIN_SIZE) { + LOG("Stack Overflow: %s: id=%d remaining=%d\n", func_name, func_id, free_size); + + KeBugCheckEx(FORT_STATUS_INVALID_STACK, 0, 0, 0, 0); + } +} diff --git a/src/driver/fortdbg.h b/src/driver/fortdbg.h new file mode 100644 index 00000000..4148cf02 --- /dev/null +++ b/src/driver/fortdbg.h @@ -0,0 +1,57 @@ +#ifndef FORTDBG_H +#define FORTDBG_H + +#include "fortdrv.h" + +#define FORT_DEBUG_VERSION 1 + +typedef enum FORT_FUNC_ID { + FORT_FUNC_UNKNOWN = 1, + FORT_BUFFER_BLOCKED_IP_WRITE, + FORT_DEVICE_CANCEL_PENDING, + FORT_CALLOUT_CONNECT_V4, + FORT_CALLOUT_CONNECT_V6, + FORT_CALLOUT_ACCEPT_V4, + FORT_CALLOUT_ACCEPT_V6, + FORT_CALLOUT_STREAM_CLASSIFY, + FORT_CALLOUT_DATAGRAM_CLASSIFY_V4, + FORT_CALLOUT_DATAGRAM_CLASSIFY_V6, + FORT_CALLOUT_FLOW_DELETE, + FORT_CALLOUT_TRANSPORT_CLASSIFY_IN, + FORT_CALLOUT_TRANSPORT_CLASSIFY_OUT, + FORT_CALLOUT_INSTALL, + FORT_CALLOUT_REMOVE, + FORT_CALLOUT_FORCE_REAUTH, + FORT_CALLOUT_TIMER, + FORT_DEVICE_CREATE, + FORT_DEVICE_CLOSE, + FORT_DEVICE_CLEANUP, + FORT_DEVICE_CONTROL, + FORT_DEVICE_SHUTDOWN, + FORT_DEVICE_LOAD, + FORT_DEVICE_UNLOAD, + FORT_PACKET_INJECT_COMPLETE, + FORT_SHAPER_TIMER_PROCESS, + FORT_SYSCB_POWER, + FORT_SYSCB_TIME, + FORT_TIMER_CALLBACK, + FORT_WORKER_CALLBACK, +} FORT_FUNC_ID; + +#if defined(FORT_DEBUG_STACK) +# define FORT_CHECK_STACK(func_id) fort_check_stack(__func__, func_id) +#else +# define FORT_CHECK_STACK(func_id) +#endif + +#if defined(__cplusplus) +extern "C" { +#endif + +FORT_API void fort_check_stack(const char *func_name, FORT_FUNC_ID func_id); + +#ifdef __cplusplus +} // extern "C" +#endif + +#endif // FORTDBG_H diff --git a/src/driver/fortdev.c b/src/driver/fortdev.c index 961ba0e1..602227e5 100644 --- a/src/driver/fortdev.c +++ b/src/driver/fortdev.c @@ -6,6 +6,7 @@ #include "common/fortprov.h" #include "fortcout.h" +#include "fortdbg.h" #include "fortps.h" #include "fortscb.h" #include "forttrace.h" @@ -25,8 +26,6 @@ FORT_API void fort_device_set(PFORT_DEVICE device) static void fort_worker_reauth(void) { - FORT_CHECK_STACK(); - const FORT_CONF_FLAGS conf_flags = fort_device()->conf.conf_flags; const NTSTATUS status = fort_callout_force_reauth(conf_flags); @@ -57,7 +56,7 @@ FORT_API NTSTATUS fort_device_create(PDEVICE_OBJECT device, PIRP irp) { UNUSED(device); - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_DEVICE_CREATE); NTSTATUS status = STATUS_SUCCESS; @@ -81,7 +80,7 @@ FORT_API NTSTATUS fort_device_close(PDEVICE_OBJECT device, PIRP irp) { UNUSED(device); - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_DEVICE_CLOSE); fort_request_complete(irp, STATUS_SUCCESS); @@ -92,7 +91,7 @@ FORT_API NTSTATUS fort_device_cleanup(PDEVICE_OBJECT device, PIRP irp) { UNUSED(device); - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_DEVICE_CLEANUP); /* Device closed */ fort_device_flag_set( @@ -301,7 +300,7 @@ FORT_API NTSTATUS fort_device_control(PDEVICE_OBJECT device, PIRP irp) { UNUSED(device); - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_DEVICE_CONTROL); ULONG_PTR info = 0; @@ -324,7 +323,7 @@ FORT_API NTSTATUS fort_device_shutdown(PDEVICE_OBJECT device, PIRP irp) { UNUSED(device); - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_DEVICE_SHUTDOWN); if (fort_device() != NULL) { fort_stat_close_flows(&fort_device()->stat); @@ -361,6 +360,8 @@ static NTSTATUS fort_device_register_provider(void) FORT_API NTSTATUS fort_device_load(PVOID device_param) { + FORT_CHECK_STACK(FORT_DEVICE_LOAD); + NTSTATUS status; PDEVICE_OBJECT device = device_param; @@ -410,6 +411,8 @@ FORT_API NTSTATUS fort_device_load(PVOID device_param) FORT_API void fort_device_unload(void) { + FORT_CHECK_STACK(FORT_DEVICE_UNLOAD); + /* Stop system notifiers */ fort_syscb_power_unregister(); fort_syscb_time_unregister(); diff --git a/src/driver/fortdrv.c b/src/driver/fortdrv.c index f647a95a..2098b587 100644 --- a/src/driver/fortdrv.c +++ b/src/driver/fortdrv.c @@ -9,17 +9,6 @@ #include "forttrace.h" #include "fortutl.h" -#define FORT_STACK_USAGE_FREE_MIN 400 - -FORT_API void fort_check_stack_usage(const char *func_name) -{ - const UINT32 free_size = (UINT32) IoGetRemainingStackSize(); - - if (free_size < FORT_STACK_USAGE_FREE_MIN) { - LOG("Stack Overflow: %s: remaining=%d\n", func_name, free_size); - } -} - static void fort_driver_delete_device(PDRIVER_OBJECT driver) { PDEVICE_OBJECT device_obj = driver->DeviceObject; @@ -83,8 +72,6 @@ static NTSTATUS fort_driver_create_device(PDRIVER_OBJECT driver, PUNICODE_STRING static void fort_driver_unload(PDRIVER_OBJECT driver) { - FORT_CHECK_STACK(); - if (fort_device() == NULL) return; diff --git a/src/driver/fortdrv.h b/src/driver/fortdrv.h index 380de2c7..6ba28359 100644 --- a/src/driver/fortdrv.h +++ b/src/driver/fortdrv.h @@ -38,14 +38,4 @@ #define fort_request_complete(irp, status) fort_request_complete_info((irp), (status), 0) -#define FORT_KERNEL_STACK_SIZE (8 * 1024) - -#if defined(FORT_DEBUG_STACK) -# define FORT_CHECK_STACK() fort_check_stack_usage(__func__) -#else -# define FORT_CHECK_STACK() -#endif - -FORT_API void fort_check_stack_usage(const char *func_name); - #endif // FORTDRV_H diff --git a/src/driver/fortdrv_amalg.c b/src/driver/fortdrv_amalg.c index 50d1a22b..0a630098 100644 --- a/src/driver/fortdrv_amalg.c +++ b/src/driver/fortdrv_amalg.c @@ -5,8 +5,8 @@ /* #define FORT_DEBUG -#define FORT_DEBUG_STACK */ +#define FORT_DEBUG_STACK #include "common/fortconf.c" #include "common/fortlog.c" @@ -18,9 +18,11 @@ #include "forttlsf.c" #include "forttds.c" + +#include "fortbuf.c" #include "fortcb.c" #include "fortcnf.c" -#include "fortbuf.c" +#include "fortdbg.c" #include "fortmod.c" #include "fortpkt.c" #include "fortpool.c" diff --git a/src/driver/fortpkt.c b/src/driver/fortpkt.c index e8c123ee..338a6d91 100644 --- a/src/driver/fortpkt.c +++ b/src/driver/fortpkt.c @@ -2,6 +2,7 @@ #include "fortpkt.h" +#include "fortdbg.h" #include "fortdev.h" #include "forttrace.h" #include "fortutl.h" @@ -372,7 +373,7 @@ static void NTAPI fort_packet_inject_complete( { UNUSED(dispatchLevel); - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_PACKET_INJECT_COMPLETE); switch (pkt->flags & FORT_PACKET_TYPE_MASK) { case FORT_PACKET_TYPE_FLOW: { @@ -822,7 +823,7 @@ inline static ULONG fort_shaper_timer_process_queues(PFORT_SHAPER shaper, ULONG static void fort_shaper_timer_process(void) { - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_SHAPER_TIMER_PROCESS); PFORT_SHAPER shaper = &fort_device()->shaper; diff --git a/src/driver/fortps.c b/src/driver/fortps.c index abb6632f..6cd78007 100644 --- a/src/driver/fortps.c +++ b/src/driver/fortps.c @@ -3,6 +3,7 @@ #include "fortps.h" #include "fortcb.h" +#include "fortdbg.h" #include "fortdev.h" #include "forttrace.h" #include "fortutl.h" @@ -161,8 +162,6 @@ UCHAR fort_pstree_flags(PFORT_PSTREE ps_tree) static PFORT_PSNAME fort_pstree_name_new(PFORT_PSTREE ps_tree, UINT16 name_size) { - FORT_CHECK_STACK(); - PFORT_PSNAME ps_name = fort_pool_malloc(&ps_tree->pool_list, FORT_PSNAME_DATA_OFF + name_size + sizeof(WCHAR)); /* include terminating zero */ if (ps_name != NULL) { @@ -482,8 +481,6 @@ inline static void fort_pstree_check_proc_inheritance(PFORT_PSTREE ps_tree, PFOR static PFORT_PSNODE fort_pstree_handle_new_proc(PFORT_PSTREE ps_tree, PCFORT_PSINFO_HASH psi) { - FORT_CHECK_STACK(); - PFORT_PSNAME ps_name = fort_pstree_add_service_name(ps_tree, psi); PFORT_PSNODE proc = fort_pstree_proc_new(ps_tree, psi->pid_hash); @@ -564,8 +561,6 @@ static void NTAPI fort_pstree_notify( { UNUSED(process); - FORT_CHECK_STACK(); - PFORT_PSTREE ps_tree = &fort_device()->ps_tree; PFORT_PSNODE proc = fort_pstree_notify_process(ps_tree, process, processHandle, createInfo); @@ -585,8 +580,8 @@ static void fort_pstree_update(PFORT_PSTREE ps_tree, BOOL active) return; const NTSTATUS status = PsSetCreateProcessNotifyRoutineEx( - FORT_CALLBACK( - FORT_PSTREE_NOTIFY, PCREATE_PROCESS_NOTIFY_ROUTINE_EX, &fort_pstree_notify), + FORT_CALLBACK(FORT_CALLBACK_PSTREE_NOTIFY, PCREATE_PROCESS_NOTIFY_ROUTINE_EX, + &fort_pstree_notify), /*remove=*/!active); if (!NT_SUCCESS(status)) { diff --git a/src/driver/fortscb.c b/src/driver/fortscb.c index c45e3635..638ed3dd 100644 --- a/src/driver/fortscb.c +++ b/src/driver/fortscb.c @@ -3,6 +3,7 @@ #include "fortscb.h" #include "fortcb.h" +#include "fortdbg.h" #include "fortdev.h" #include "fortpkt.h" @@ -41,7 +42,7 @@ static void NTAPI fort_syscb_power(PVOID context, PVOID event, PVOID specifics) { UNUSED(context); - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_SYSCB_POWER); if (event != (PVOID) PO_CB_SYSTEM_STATE_LOCK) return; @@ -59,7 +60,7 @@ FORT_API NTSTATUS fort_syscb_power_register(void) { return fort_syscb_register(L"\\Callback\\PowerState", &fort_device()->power_cb_obj, &fort_device()->power_cb_reg, - FORT_CALLBACK(FORT_SYSCB_POWER, PCALLBACK_FUNCTION, &fort_syscb_power)); + FORT_CALLBACK(FORT_CALLBACK_SYSCB_POWER, PCALLBACK_FUNCTION, &fort_syscb_power)); } FORT_API void fort_syscb_power_unregister(void) @@ -73,7 +74,7 @@ static void NTAPI fort_syscb_time(PVOID context, PVOID event, PVOID specifics) UNUSED(event); UNUSED(specifics); - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_SYSCB_TIME); fort_stat_flags_set(&fort_device()->stat, FORT_STAT_SYSTEM_TIME_CHANGED, TRUE); @@ -84,7 +85,7 @@ FORT_API NTSTATUS fort_syscb_time_register(void) { return fort_syscb_register(L"\\Callback\\SetSystemTime", &fort_device()->systime_cb_obj, &fort_device()->systime_cb_reg, - FORT_CALLBACK(FORT_SYSCB_TIME, PCALLBACK_FUNCTION, &fort_syscb_time)); + FORT_CALLBACK(FORT_CALLBACK_SYSCB_TIME, PCALLBACK_FUNCTION, &fort_syscb_time)); } FORT_API void fort_syscb_time_unregister(void) diff --git a/src/driver/forttmr.c b/src/driver/forttmr.c index 0003bed1..debac1ae 100644 --- a/src/driver/forttmr.c +++ b/src/driver/forttmr.c @@ -3,6 +3,7 @@ #include "forttmr.h" #include "fortcb.h" +#include "fortdbg.h" static UCHAR fort_timer_flags_exchange(PFORT_TIMER timer, UCHAR flags) { @@ -25,7 +26,7 @@ static void NTAPI fort_timer_callback(PKDPC dpc, PFORT_TIMER timer, PVOID arg1, UNUSED(arg1); UNUSED(arg2); - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_TIMER_CALLBACK); const UCHAR flags = fort_timer_flags(timer); if ((flags & FORT_TIMER_ONESHOT) != 0) { @@ -45,7 +46,8 @@ FORT_API void fort_timer_open( timer->flags = flags; KeInitializeDpc(&timer->dpc, - FORT_CALLBACK(FORT_TIMER_CALLBACK, PKDEFERRED_ROUTINE, &fort_timer_callback), timer); + FORT_CALLBACK(FORT_CALLBACK_TIMER_CALLBACK, PKDEFERRED_ROUTINE, &fort_timer_callback), + timer); KeInitializeTimer(&timer->id); } diff --git a/src/driver/fortutl.c b/src/driver/fortutl.c index 5b961fe7..ea810578 100644 --- a/src/driver/fortutl.c +++ b/src/driver/fortutl.c @@ -9,6 +9,8 @@ #define FORT_KEY_INFO_PATH_SIZE \ (2 * sizeof(KEY_VALUE_FULL_INFORMATION) + (MAX_PATH * sizeof(WCHAR))) +#define FORT_KERNEL_STACK_SIZE (8 * 1024) + typedef struct fort_expand_stack_arg { FORT_EXPAND_STACK_FUNC func; diff --git a/src/driver/fortwrk.c b/src/driver/fortwrk.c index 14286f0d..34e8ea0c 100644 --- a/src/driver/fortwrk.c +++ b/src/driver/fortwrk.c @@ -5,6 +5,7 @@ #include #include "fortcb.h" +#include "fortdbg.h" #include "fortutl.h" static void fort_worker_callback_run( @@ -32,7 +33,7 @@ static void NTAPI fort_worker_callback(PDEVICE_OBJECT device, PVOID context) { UNUSED(device); - FORT_CHECK_STACK(); + FORT_CHECK_STACK(FORT_WORKER_CALLBACK); const NTSTATUS status = fort_expand_stack(&fort_worker_callback_expand, context); UNUSED(status); @@ -70,7 +71,8 @@ FORT_API void fort_worker_queue(PFORT_WORKER worker, UCHAR work_id) InterlockedIncrement16(&worker->queue_size); IoQueueWorkItem(worker->item, - FORT_CALLBACK(FORT_WORKER_CALLBACK, PIO_WORKITEM_ROUTINE, &fort_worker_callback), + FORT_CALLBACK( + FORT_CALLBACK_WORKER_CALLBACK, PIO_WORKITEM_ROUTINE, &fort_worker_callback), DelayedWorkQueue, worker); } } diff --git a/src/driver/wdm/um_wdm.c b/src/driver/wdm/um_wdm.c index 9b876560..d6fad740 100644 --- a/src/driver/wdm/um_wdm.c +++ b/src/driver/wdm/um_wdm.c @@ -517,3 +517,8 @@ ULONG_PTR IoGetRemainingStackSize(void) { return 0; } + +void KeBugCheckEx(ULONG bugCheckCode, ULONG_PTR bugCheckParameter1, ULONG_PTR bugCheckParameter2, + ULONG_PTR bugCheckParameter3, ULONG_PTR bugCheckParameter4) +{ +} diff --git a/src/driver/wdm/um_wdm.h b/src/driver/wdm/um_wdm.h index d113b9ed..e5c47301 100644 --- a/src/driver/wdm/um_wdm.h +++ b/src/driver/wdm/um_wdm.h @@ -467,6 +467,9 @@ FORT_API PVOID IoGetInitialStack(void); FORT_API void IoGetStackLimits(PULONG_PTR lowLimit, PULONG_PTR highLimit); FORT_API ULONG_PTR IoGetRemainingStackSize(void); +FORT_API void KeBugCheckEx(ULONG bugCheckCode, ULONG_PTR bugCheckParameter1, + ULONG_PTR bugCheckParameter2, ULONG_PTR bugCheckParameter3, ULONG_PTR bugCheckParameter4); + #ifdef __cplusplus } // extern "C" #endif