Driver: Refactor FORT_CHECK_STACK()

2024-11-15 05:25:56 +00:00 · 2023-04-29 09:09:23 +03:00 · 2023-04-29 09:09:23 +03:00 · 68a3b66232
commit 68a3b66232
parent 9f10b73aba
18 changed files with 146 additions and 84 deletions
--- a/src/driver/FortFirewallDriver.pro
+++ b/src/driver/FortFirewallDriver.pro
@ -9,6 +9,7 @@ SOURCES += \
    fortcb.c \
    fortcnf.c \
    fortcout.c \
    fortdbg.c \
    fortdev.c \
    fortdrv.c \
    fortmod.c \
@ -46,6 +47,7 @@ HEADERS += \
    fortcnf.h \
    fortcout.h \
    fortcoutarg.h \
    fortdbg.h \
    fortdev.h \
    fortdrv.h \
    fortmod.h \
--- a/src/driver/fortbuf.c
+++ b/src/driver/fortbuf.c
@ -2,6 +2,7 @@
 #include "fortbuf.h"
 #include "fortdbg.h"
 #include "fortdev.h"
 #include "forttrace.h"
 #include "fortutl.h"
@ -184,7 +185,7 @@ NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, BOOL isIPv6, BOOL inboun
        const UINT32 *local_ip, const UINT32 *remote_ip, UINT32 pid, UINT32 path_len,
        const PVOID path, PIRP *irp, ULONG_PTR *info)
 {
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_BUFFER_BLOCKED_IP_WRITE);
    NTSTATUS status;
@ -314,7 +315,7 @@ static void fort_device_cancel_pending(PDEVICE_OBJECT device, PIRP irp)
 {
    UNUSED(device);
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_DEVICE_CANCEL_PENDING);
    ULONG_PTR info;
--- a/src/driver/fortcb.h
+++ b/src/driver/fortcb.h
@ -6,11 +6,11 @@
 #include "proxycb/fortpcb_def.h"
 enum {
-    FORT_SYSCB_POWER = 0,
+    FORT_CALLBACK_SYSCB_POWER = 0,
-    FORT_SYSCB_TIME,
+    FORT_CALLBACK_SYSCB_TIME,
-    FORT_TIMER_CALLBACK,
+    FORT_CALLBACK_TIMER_CALLBACK,
-    FORT_WORKER_CALLBACK,
+    FORT_CALLBACK_WORKER_CALLBACK,
-    FORT_PSTREE_NOTIFY,
+    FORT_CALLBACK_PSTREE_NOTIFY,
 };
 #if defined(__cplusplus)
--- a/src/driver/fortcout.c
+++ b/src/driver/fortcout.c
@ -7,6 +7,7 @@
 #include "common/fortprov.h"
 #include "fortcoutarg.h"
 #include "fortdbg.h"
 #include "fortdev.h"
 #include "fortps.h"
 #include "forttrace.h"
@ -70,8 +71,6 @@ inline static BOOL fort_callout_ale_associate_flow(PCFORT_CALLOUT_ARG ca,
        PCFORT_CALLOUT_ALE_INDEX ci, PFORT_CALLOUT_ALE_EXTRA cx, PFORT_CONF_REF conf_ref,
        FORT_APP_FLAGS app_flags)
 {
    FORT_CHECK_STACK();
    const UINT64 flow_id = ca->inMetaValues->flowHandle;
    const IPPROTO ip_proto = (IPPROTO) ca->inFixedValues->incomingValue[ci->ipProto].value.uint8;
@ -104,8 +103,6 @@ inline static BOOL fort_callout_ale_associate_flow(PCFORT_CALLOUT_ARG ca,
 inline static void fort_callout_ale_log_app_path(PFORT_CALLOUT_ALE_EXTRA cx,
        PFORT_CONF_REF conf_ref, FORT_CONF_FLAGS conf_flags, FORT_APP_FLAGS app_flags)
 {
    FORT_CHECK_STACK();
    if (app_flags.v != 0 || !conf_flags.filter_enabled
            || !(conf_flags.allow_all_new || conf_flags.log_blocked))
        return;
@ -213,8 +210,6 @@ inline static void fort_callout_ale_log(PCFORT_CALLOUT_ARG ca, PCFORT_CALLOUT_AL
 inline static BOOL fort_callout_ale_check_filter_flags(PCFORT_CALLOUT_ARG ca,
        PFORT_CALLOUT_ALE_EXTRA cx, PFORT_CONF_REF conf_ref, FORT_CONF_FLAGS conf_flags)
 {
    FORT_CHECK_STACK();
    if (conf_flags.stop_traffic) {
        cx->blocked = TRUE; /* block all */
        return TRUE;
@ -290,8 +285,6 @@ inline static void fort_callout_ale_classify_allowed(PCFORT_CALLOUT_ARG ca,
 inline static void fort_callout_ale_check_conf(PCFORT_CALLOUT_ARG ca, PCFORT_CALLOUT_ALE_INDEX ci,
        PFORT_CALLOUT_ALE_EXTRA cx, PFORT_CONF_REF conf_ref)
 {
    FORT_CHECK_STACK();
    const FORT_CONF_FLAGS conf_flags = conf_ref->conf.flags;
    const UINT32 process_id = (UINT32) ca->inMetaValues->processId;
@ -357,8 +350,6 @@ inline static void fort_callout_ale_by_conf(PCFORT_CALLOUT_ARG ca, PCFORT_CALLOU
 static void fort_callout_ale_classify(PFORT_CALLOUT_ARG ca, PCFORT_CALLOUT_ALE_INDEX ci)
 {
    FORT_CHECK_STACK();
    const UINT32 classify_flags = ca->inFixedValues->incomingValue[ci->flags].value.uint32;
    const BOOL is_reauth = (classify_flags & FWP_CONDITION_FLAG_IS_REAUTHORIZE) != 0;
@ -391,7 +382,7 @@ static void NTAPI fort_callout_connect_v4(const FWPS_INCOMING_VALUES0 *inFixedVa
        const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData,
        const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut)
 {
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_CALLOUT_CONNECT_V4);
    FORT_CALLOUT_ARG ca = {
        .inFixedValues = inFixedValues,
@ -420,7 +411,7 @@ static void NTAPI fort_callout_connect_v6(const FWPS_INCOMING_VALUES0 *inFixedVa
        const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData,
        const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut)
 {
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_CALLOUT_CONNECT_V6);
    FORT_CALLOUT_ARG ca = {
        .inFixedValues = inFixedValues,
@ -449,7 +440,7 @@ static void NTAPI fort_callout_accept_v4(const FWPS_INCOMING_VALUES0 *inFixedVal
        const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData,
        const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut)
 {
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_CALLOUT_ACCEPT_V4);
    FORT_CALLOUT_ARG ca = {
        .inFixedValues = inFixedValues,
@ -478,7 +469,7 @@ static void NTAPI fort_callout_accept_v6(const FWPS_INCOMING_VALUES0 *inFixedVal
        const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData,
        const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut)
 {
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_CALLOUT_ACCEPT_V6);
    FORT_CALLOUT_ARG ca = {
        .inFixedValues = inFixedValues,
@ -515,8 +506,6 @@ static NTSTATUS NTAPI fort_callout_notify(
 inline static void fort_callout_flow_classify(PCFORT_CALLOUT_ARG ca, UINT32 dataSize)
 {
    FORT_CHECK_STACK();
    const UINT32 headerSize = ca->inbound ? ca->inMetaValues->transportHeaderSize : 0;
    fort_flow_classify(&fort_device()->stat, ca->flowContext, headerSize + dataSize, ca->inbound);
@ -526,7 +515,7 @@ static void NTAPI fort_callout_stream_classify(const FWPS_INCOMING_VALUES0 *inFi
        const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData,
        const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut)
 {
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_CALLOUT_STREAM_CLASSIFY);
    FWPS_STREAM_CALLOUT_IO_PACKET0 *packet = layerData;
@ -553,8 +542,6 @@ static void NTAPI fort_callout_stream_classify(const FWPS_INCOMING_VALUES0 *inFi
 static void fort_callout_datagram_classify(PFORT_CALLOUT_ARG ca, PCFORT_CALLOUT_DATAGRAM_INDEX ci)
 {
    FORT_CHECK_STACK();
    const PNET_BUFFER netBuf = NET_BUFFER_LIST_FIRST_NB(ca->netBufList);
    const UINT32 dataSize = NET_BUFFER_DATA_LENGTH(netBuf);
@ -571,7 +558,7 @@ static void NTAPI fort_callout_datagram_classify_v4(const FWPS_INCOMING_VALUES0
        const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData,
        const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut)
 {
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_CALLOUT_DATAGRAM_CLASSIFY_V4);
    FORT_CALLOUT_ARG ca = {
        .inFixedValues = inFixedValues,
@ -593,7 +580,7 @@ static void NTAPI fort_callout_datagram_classify_v6(const FWPS_INCOMING_VALUES0
        const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData,
        const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut)
 {
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_CALLOUT_DATAGRAM_CLASSIFY_V6);
    FORT_CALLOUT_ARG ca = {
        .inFixedValues = inFixedValues,
@ -616,6 +603,8 @@ static void NTAPI fort_callout_flow_delete(UINT16 layerId, UINT32 calloutId, UIN
    UNUSED(layerId);
    UNUSED(calloutId);
    FORT_CHECK_STACK(FORT_CALLOUT_FLOW_DELETE);
    fort_shaper_drop_flow_packets(&fort_device()->shaper, flowContext);
    fort_flow_delete(&fort_device()->stat, flowContext);
@ -623,8 +612,6 @@ static void NTAPI fort_callout_flow_delete(UINT16 layerId, UINT32 calloutId, UIN
 static void fort_callout_transport_classify(PFORT_CALLOUT_ARG ca)
 {
    FORT_CHECK_STACK();
    if ((ca->classifyOut->rights & FWPS_RIGHT_ACTION_WRITE) == 0
            || ca->classifyOut->actionType == FWP_ACTION_BLOCK)
        return; /* Can't act on the packet */
@ -645,7 +632,7 @@ static void NTAPI fort_callout_transport_classify_in(const FWPS_INCOMING_VALUES0
        const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData,
        const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut)
 {
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_CALLOUT_TRANSPORT_CLASSIFY_IN);
    FORT_CALLOUT_ARG ca = {
        .inFixedValues = inFixedValues,
@ -664,7 +651,7 @@ static void NTAPI fort_callout_transport_classify_out(const FWPS_INCOMING_VALUES
        const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, PVOID layerData,
        const FWPS_FILTER0 *filter, UINT64 flowContext, FWPS_CLASSIFY_OUT0 *classifyOut)
 {
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_CALLOUT_TRANSPORT_CLASSIFY_OUT);
    FORT_CALLOUT_ARG ca = {
        .inFixedValues = inFixedValues,
@ -797,6 +784,8 @@ static NTSTATUS fort_callout_install_packet(PDEVICE_OBJECT device, PFORT_STAT st
 FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device)
 {
    FORT_CHECK_STACK(FORT_CALLOUT_INSTALL);
    PFORT_STAT stat = &fort_device()->stat;
    fort_callout_init();
@ -812,6 +801,8 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device)
 FORT_API void fort_callout_remove(void)
 {
    FORT_CHECK_STACK(FORT_CALLOUT_REMOVE);
    PFORT_STAT stat = &fort_device()->stat;
    const PUINT32 calloutIds = stat->callout_ids;
@ -887,7 +878,7 @@ static NTSTATUS fort_callout_force_reauth_prov(
 FORT_API NTSTATUS fort_callout_force_reauth(const FORT_CONF_FLAGS old_conf_flags)
 {
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_CALLOUT_FORCE_REAUTH);
    NTSTATUS status;
@ -974,7 +965,7 @@ inline static void fort_callout_flush_stat_traf(
 FORT_API void fort_callout_timer(void)
 {
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_CALLOUT_TIMER);
    PFORT_BUFFER buf = &fort_device()->buffer;
    PFORT_STAT stat = &fort_device()->stat;
--- a/src/driver/fortdbg.c
+++ b/src/driver/fortdbg.c
@ -0,0 +1,18 @@
 /* Fort Firewall Debug */
 #include "fortdbg.h"
 #define FORT_KERNEL_STACK_MIN_SIZE 1024
 #define FORT_STATUS_INVALID_STACK 0x000000DC /* DRIVER_INVALID_STACK_ACCESS */
 FORT_API void fort_check_stack(const char *func_name, FORT_FUNC_ID func_id)
 {
    const UINT32 free_size = (UINT32) IoGetRemainingStackSize();
    if (free_size < FORT_KERNEL_STACK_MIN_SIZE) {
        LOG("Stack Overflow: %s: id=%d remaining=%d\n", func_name, func_id, free_size);
        KeBugCheckEx(FORT_STATUS_INVALID_STACK, 0, 0, 0, 0);
    }
 }
--- a/src/driver/fortdbg.h
+++ b/src/driver/fortdbg.h
@ -0,0 +1,57 @@
 #ifndef FORTDBG_H
 #define FORTDBG_H
 #include "fortdrv.h"
 #define FORT_DEBUG_VERSION 1
 typedef enum FORT_FUNC_ID {
    FORT_FUNC_UNKNOWN = 1,
    FORT_BUFFER_BLOCKED_IP_WRITE,
    FORT_DEVICE_CANCEL_PENDING,
    FORT_CALLOUT_CONNECT_V4,
    FORT_CALLOUT_CONNECT_V6,
    FORT_CALLOUT_ACCEPT_V4,
    FORT_CALLOUT_ACCEPT_V6,
    FORT_CALLOUT_STREAM_CLASSIFY,
    FORT_CALLOUT_DATAGRAM_CLASSIFY_V4,
    FORT_CALLOUT_DATAGRAM_CLASSIFY_V6,
    FORT_CALLOUT_FLOW_DELETE,
    FORT_CALLOUT_TRANSPORT_CLASSIFY_IN,
    FORT_CALLOUT_TRANSPORT_CLASSIFY_OUT,
    FORT_CALLOUT_INSTALL,
    FORT_CALLOUT_REMOVE,
    FORT_CALLOUT_FORCE_REAUTH,
    FORT_CALLOUT_TIMER,
    FORT_DEVICE_CREATE,
    FORT_DEVICE_CLOSE,
    FORT_DEVICE_CLEANUP,
    FORT_DEVICE_CONTROL,
    FORT_DEVICE_SHUTDOWN,
    FORT_DEVICE_LOAD,
    FORT_DEVICE_UNLOAD,
    FORT_PACKET_INJECT_COMPLETE,
    FORT_SHAPER_TIMER_PROCESS,
    FORT_SYSCB_POWER,
    FORT_SYSCB_TIME,
    FORT_TIMER_CALLBACK,
    FORT_WORKER_CALLBACK,
 } FORT_FUNC_ID;
 #if defined(FORT_DEBUG_STACK)
 #    define FORT_CHECK_STACK(func_id) fort_check_stack(__func__, func_id)
 #else
 #    define FORT_CHECK_STACK(func_id)
 #endif
 #if defined(__cplusplus)
 extern "C" {
 #endif
 FORT_API void fort_check_stack(const char *func_name, FORT_FUNC_ID func_id);
 #ifdef __cplusplus
 } // extern "C"
 #endif
 #endif // FORTDBG_H
--- a/src/driver/fortdev.c
+++ b/src/driver/fortdev.c
@ -6,6 +6,7 @@
 #include "common/fortprov.h"
 #include "fortcout.h"
 #include "fortdbg.h"
 #include "fortps.h"
 #include "fortscb.h"
 #include "forttrace.h"
@ -25,8 +26,6 @@ FORT_API void fort_device_set(PFORT_DEVICE device)
 static void fort_worker_reauth(void)
 {
    FORT_CHECK_STACK();
    const FORT_CONF_FLAGS conf_flags = fort_device()->conf.conf_flags;
    const NTSTATUS status = fort_callout_force_reauth(conf_flags);
@ -57,7 +56,7 @@ FORT_API NTSTATUS fort_device_create(PDEVICE_OBJECT device, PIRP irp)
 {
    UNUSED(device);
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_DEVICE_CREATE);
    NTSTATUS status = STATUS_SUCCESS;
@ -81,7 +80,7 @@ FORT_API NTSTATUS fort_device_close(PDEVICE_OBJECT device, PIRP irp)
 {
    UNUSED(device);
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_DEVICE_CLOSE);
    fort_request_complete(irp, STATUS_SUCCESS);
@ -92,7 +91,7 @@ FORT_API NTSTATUS fort_device_cleanup(PDEVICE_OBJECT device, PIRP irp)
 {
    UNUSED(device);
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_DEVICE_CLEANUP);
    /* Device closed */
    fort_device_flag_set(
@ -301,7 +300,7 @@ FORT_API NTSTATUS fort_device_control(PDEVICE_OBJECT device, PIRP irp)
 {
    UNUSED(device);
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_DEVICE_CONTROL);
    ULONG_PTR info = 0;
@ -324,7 +323,7 @@ FORT_API NTSTATUS fort_device_shutdown(PDEVICE_OBJECT device, PIRP irp)
 {
    UNUSED(device);
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_DEVICE_SHUTDOWN);
    if (fort_device() != NULL) {
        fort_stat_close_flows(&fort_device()->stat);
@ -361,6 +360,8 @@ static NTSTATUS fort_device_register_provider(void)
 FORT_API NTSTATUS fort_device_load(PVOID device_param)
 {
    FORT_CHECK_STACK(FORT_DEVICE_LOAD);
    NTSTATUS status;
    PDEVICE_OBJECT device = device_param;
@ -410,6 +411,8 @@ FORT_API NTSTATUS fort_device_load(PVOID device_param)
 FORT_API void fort_device_unload(void)
 {
    FORT_CHECK_STACK(FORT_DEVICE_UNLOAD);
    /* Stop system notifiers */
    fort_syscb_power_unregister();
    fort_syscb_time_unregister();
--- a/src/driver/fortdrv.c
+++ b/src/driver/fortdrv.c
@ -9,17 +9,6 @@
 #include "forttrace.h"
 #include "fortutl.h"
 #define FORT_STACK_USAGE_FREE_MIN 400
 FORT_API void fort_check_stack_usage(const char *func_name)
 {
    const UINT32 free_size = (UINT32) IoGetRemainingStackSize();
    if (free_size < FORT_STACK_USAGE_FREE_MIN) {
        LOG("Stack Overflow: %s: remaining=%d\n", func_name, free_size);
    }
 }
 static void fort_driver_delete_device(PDRIVER_OBJECT driver)
 {
    PDEVICE_OBJECT device_obj = driver->DeviceObject;
@ -83,8 +72,6 @@ static NTSTATUS fort_driver_create_device(PDRIVER_OBJECT driver, PUNICODE_STRING
 static void fort_driver_unload(PDRIVER_OBJECT driver)
 {
    FORT_CHECK_STACK();
    if (fort_device() == NULL)
        return;
--- a/src/driver/fortdrv.h
+++ b/src/driver/fortdrv.h
@ -38,14 +38,4 @@
 #define fort_request_complete(irp, status) fort_request_complete_info((irp), (status), 0)
 #define FORT_KERNEL_STACK_SIZE (8 * 1024)
 #if defined(FORT_DEBUG_STACK)
 #    define FORT_CHECK_STACK() fort_check_stack_usage(__func__)
 #else
 #    define FORT_CHECK_STACK()
 #endif
 FORT_API void fort_check_stack_usage(const char *func_name);
 #endif // FORTDRV_H
--- a/src/driver/fortdrv_amalg.c
+++ b/src/driver/fortdrv_amalg.c
@ -5,8 +5,8 @@
 /*
 #define FORT_DEBUG
 #define FORT_DEBUG_STACK
 */
 #define FORT_DEBUG_STACK
 #include "common/fortconf.c"
 #include "common/fortlog.c"
@ -18,9 +18,11 @@
 #include "forttlsf.c"
 #include "forttds.c"
 #include "fortbuf.c"
 #include "fortcb.c"
 #include "fortcnf.c"
-#include "fortbuf.c"
+#include "fortdbg.c"
 #include "fortmod.c"
 #include "fortpkt.c"
 #include "fortpool.c"
--- a/src/driver/fortpkt.c
+++ b/src/driver/fortpkt.c
@ -2,6 +2,7 @@
 #include "fortpkt.h"
 #include "fortdbg.h"
 #include "fortdev.h"
 #include "forttrace.h"
 #include "fortutl.h"
@ -372,7 +373,7 @@ static void NTAPI fort_packet_inject_complete(
 {
    UNUSED(dispatchLevel);
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_PACKET_INJECT_COMPLETE);
    switch (pkt->flags & FORT_PACKET_TYPE_MASK) {
    case FORT_PACKET_TYPE_FLOW: {
@ -822,7 +823,7 @@ inline static ULONG fort_shaper_timer_process_queues(PFORT_SHAPER shaper, ULONG
 static void fort_shaper_timer_process(void)
 {
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_SHAPER_TIMER_PROCESS);
    PFORT_SHAPER shaper = &fort_device()->shaper;
--- a/src/driver/fortps.c
+++ b/src/driver/fortps.c
@ -3,6 +3,7 @@
 #include "fortps.h"
 #include "fortcb.h"
 #include "fortdbg.h"
 #include "fortdev.h"
 #include "forttrace.h"
 #include "fortutl.h"
@ -161,8 +162,6 @@ UCHAR fort_pstree_flags(PFORT_PSTREE ps_tree)
 static PFORT_PSNAME fort_pstree_name_new(PFORT_PSTREE ps_tree, UINT16 name_size)
 {
    FORT_CHECK_STACK();
    PFORT_PSNAME ps_name = fort_pool_malloc(&ps_tree->pool_list,
            FORT_PSNAME_DATA_OFF + name_size + sizeof(WCHAR)); /* include terminating zero */
    if (ps_name != NULL) {
@ -482,8 +481,6 @@ inline static void fort_pstree_check_proc_inheritance(PFORT_PSTREE ps_tree, PFOR
 static PFORT_PSNODE fort_pstree_handle_new_proc(PFORT_PSTREE ps_tree, PCFORT_PSINFO_HASH psi)
 {
    FORT_CHECK_STACK();
    PFORT_PSNAME ps_name = fort_pstree_add_service_name(ps_tree, psi);
    PFORT_PSNODE proc = fort_pstree_proc_new(ps_tree, psi->pid_hash);
@ -564,8 +561,6 @@ static void NTAPI fort_pstree_notify(
 {
    UNUSED(process);
    FORT_CHECK_STACK();
    PFORT_PSTREE ps_tree = &fort_device()->ps_tree;
    PFORT_PSNODE proc = fort_pstree_notify_process(ps_tree, process, processHandle, createInfo);
@ -585,8 +580,8 @@ static void fort_pstree_update(PFORT_PSTREE ps_tree, BOOL active)
        return;
    const NTSTATUS status = PsSetCreateProcessNotifyRoutineEx(
-            FORT_CALLBACK(
+            FORT_CALLBACK(FORT_CALLBACK_PSTREE_NOTIFY, PCREATE_PROCESS_NOTIFY_ROUTINE_EX,
-                    FORT_PSTREE_NOTIFY, PCREATE_PROCESS_NOTIFY_ROUTINE_EX, &fort_pstree_notify),
+                    &fort_pstree_notify),
            /*remove=*/!active);
    if (!NT_SUCCESS(status)) {
--- a/src/driver/fortscb.c
+++ b/src/driver/fortscb.c
@ -3,6 +3,7 @@
 #include "fortscb.h"
 #include "fortcb.h"
 #include "fortdbg.h"
 #include "fortdev.h"
 #include "fortpkt.h"
@ -41,7 +42,7 @@ static void NTAPI fort_syscb_power(PVOID context, PVOID event, PVOID specifics)
 {
    UNUSED(context);
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_SYSCB_POWER);
    if (event != (PVOID) PO_CB_SYSTEM_STATE_LOCK)
        return;
@ -59,7 +60,7 @@ FORT_API NTSTATUS fort_syscb_power_register(void)
 {
    return fort_syscb_register(L"\\Callback\\PowerState", &fort_device()->power_cb_obj,
            &fort_device()->power_cb_reg,
-            FORT_CALLBACK(FORT_SYSCB_POWER, PCALLBACK_FUNCTION, &fort_syscb_power));
+            FORT_CALLBACK(FORT_CALLBACK_SYSCB_POWER, PCALLBACK_FUNCTION, &fort_syscb_power));
 }
 FORT_API void fort_syscb_power_unregister(void)
@ -73,7 +74,7 @@ static void NTAPI fort_syscb_time(PVOID context, PVOID event, PVOID specifics)
    UNUSED(event);
    UNUSED(specifics);
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_SYSCB_TIME);
    fort_stat_flags_set(&fort_device()->stat, FORT_STAT_SYSTEM_TIME_CHANGED, TRUE);
@ -84,7 +85,7 @@ FORT_API NTSTATUS fort_syscb_time_register(void)
 {
    return fort_syscb_register(L"\\Callback\\SetSystemTime", &fort_device()->systime_cb_obj,
            &fort_device()->systime_cb_reg,
-            FORT_CALLBACK(FORT_SYSCB_TIME, PCALLBACK_FUNCTION, &fort_syscb_time));
+            FORT_CALLBACK(FORT_CALLBACK_SYSCB_TIME, PCALLBACK_FUNCTION, &fort_syscb_time));
 }
 FORT_API void fort_syscb_time_unregister(void)
--- a/src/driver/forttmr.c
+++ b/src/driver/forttmr.c
@ -3,6 +3,7 @@
 #include "forttmr.h"
 #include "fortcb.h"
 #include "fortdbg.h"
 static UCHAR fort_timer_flags_exchange(PFORT_TIMER timer, UCHAR flags)
 {
@ -25,7 +26,7 @@ static void NTAPI fort_timer_callback(PKDPC dpc, PFORT_TIMER timer, PVOID arg1,
    UNUSED(arg1);
    UNUSED(arg2);
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_TIMER_CALLBACK);
    const UCHAR flags = fort_timer_flags(timer);
    if ((flags & FORT_TIMER_ONESHOT) != 0) {
@ -45,7 +46,8 @@ FORT_API void fort_timer_open(
    timer->flags = flags;
    KeInitializeDpc(&timer->dpc,
-            FORT_CALLBACK(FORT_TIMER_CALLBACK, PKDEFERRED_ROUTINE, &fort_timer_callback), timer);
+            FORT_CALLBACK(FORT_CALLBACK_TIMER_CALLBACK, PKDEFERRED_ROUTINE, &fort_timer_callback),
            timer);
    KeInitializeTimer(&timer->id);
 }
--- a/src/driver/fortutl.c
+++ b/src/driver/fortutl.c
@ -9,6 +9,8 @@
 #define FORT_KEY_INFO_PATH_SIZE                                                                    \
    (2 * sizeof(KEY_VALUE_FULL_INFORMATION) + (MAX_PATH * sizeof(WCHAR)))
 #define FORT_KERNEL_STACK_SIZE (8 * 1024)
 typedef struct fort_expand_stack_arg
 {
    FORT_EXPAND_STACK_FUNC func;
--- a/src/driver/fortwrk.c
+++ b/src/driver/fortwrk.c
@ -5,6 +5,7 @@
 #include <assert.h>
 #include "fortcb.h"
 #include "fortdbg.h"
 #include "fortutl.h"
 static void fort_worker_callback_run(
@ -32,7 +33,7 @@ static void NTAPI fort_worker_callback(PDEVICE_OBJECT device, PVOID context)
 {
    UNUSED(device);
-    FORT_CHECK_STACK();
+    FORT_CHECK_STACK(FORT_WORKER_CALLBACK);
    const NTSTATUS status = fort_expand_stack(&fort_worker_callback_expand, context);
    UNUSED(status);
@ -70,7 +71,8 @@ FORT_API void fort_worker_queue(PFORT_WORKER worker, UCHAR work_id)
        InterlockedIncrement16(&worker->queue_size);
        IoQueueWorkItem(worker->item,
-                FORT_CALLBACK(FORT_WORKER_CALLBACK, PIO_WORKITEM_ROUTINE, &fort_worker_callback),
+                FORT_CALLBACK(
                        FORT_CALLBACK_WORKER_CALLBACK, PIO_WORKITEM_ROUTINE, &fort_worker_callback),
                DelayedWorkQueue, worker);
    }
 }
--- a/src/driver/wdm/um_wdm.c
+++ b/src/driver/wdm/um_wdm.c
@ -517,3 +517,8 @@ ULONG_PTR IoGetRemainingStackSize(void)
 {
    return 0;
 }
 void KeBugCheckEx(ULONG bugCheckCode, ULONG_PTR bugCheckParameter1, ULONG_PTR bugCheckParameter2,
        ULONG_PTR bugCheckParameter3, ULONG_PTR bugCheckParameter4)
 {
 }
--- a/src/driver/wdm/um_wdm.h
+++ b/src/driver/wdm/um_wdm.h
@ -467,6 +467,9 @@ FORT_API PVOID IoGetInitialStack(void);
 FORT_API void IoGetStackLimits(PULONG_PTR lowLimit, PULONG_PTR highLimit);
 FORT_API ULONG_PTR IoGetRemainingStackSize(void);
 FORT_API void KeBugCheckEx(ULONG bugCheckCode, ULONG_PTR bugCheckParameter1,
        ULONG_PTR bugCheckParameter2, ULONG_PTR bugCheckParameter3, ULONG_PTR bugCheckParameter4);
 #ifdef __cplusplus
 } // extern "C"
 #endif