mirrors/fort
1
0
Fork 0
mirror of https://github.com/tnodir/fort synced 2024-11-15 03:56:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Driver: Add LOG() macros

Browse Source
This commit is contained in:
Nodir Temirkhodjaev 2022-01-29 11:42:30 +03:00
parent e173d53290
commit 78b6af822b
12 changed files with 44 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/driver/common/common.h
View File

@ -44,6 +44,8 @@
#define UNUSED(p) ((void) (p))
#define LOG(...) DbgPrintEx(DPFLTR_SYSTEM_ID, DPFLTR_ERROR_LEVEL, "FORT: " __VA_ARGS__)
#ifndef NT_SUCCESS
# define NT_SUCCESS(status) ((LONG) (status) >= 0)
#endif

2
src/driver/fortbuf.c
View File

@ -123,7 +123,7 @@ FORT_API NTSTATUS fort_buffer_prepare(
} else {
PFORT_BUFFER_DATA data = fort_buffer_data_alloc(buf, len);
if (data == NULL) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Buffer OOM: len=%d\n", len);
LOG("Buffer OOM: len=%d\n", len);
return STATUS_INSUFFICIENT_RESOURCES;
}

3
src/driver/fortcb.c
View File

@ -14,8 +14,7 @@ FORT_API FortCallbackFunc fort_callback(int id, FortCallbackFunc func)
ProxyCallbackProc cb = g_callbackInfo.src[id];
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Proxy Callback: i=%d func=%p cb=%p\n", id, func, cb);
LOG("Proxy Callback: i=%d func=%p cb=%p\n", id, func, cb);
#endif
g_callbackInfo.callbacks[id] = func;

27
src/driver/fortcout.c
View File

@ -62,8 +62,7 @@ static BOOL fort_callout_classify_v4_blocked_log_stat(const FWPS_INCOMING_VALUES
return TRUE; /* block (Reauth) */
}
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Classify v4: Flow assoc. error: %x\n", status);
LOG("Classify v4: Flow assoc. error: %x\n", status);
} else if (is_new_proc) {
fort_buffer_proc_new_write(&fort_device()->buffer, process_id, path_len, path, irp, info);
}
@ -544,8 +543,7 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device)
status = FwpsCalloutRegister0(device, &c, &fort_device()->connect4_id);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Register Connect V4: Error: %x\n", status);
LOG("Register Connect V4: Error: %x\n", status);
return status;
}
@ -555,8 +553,7 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device)
status = FwpsCalloutRegister0(device, &c, &fort_device()->accept4_id);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Register Accept V4: Error: %x\n", status);
LOG("Register Accept V4: Error: %x\n", status);
return status;
}
@ -569,8 +566,7 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device)
status = FwpsCalloutRegister0(device, &c, &stat->stream4_id);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Register Stream V4: Error: %x\n", status);
LOG("Register Stream V4: Error: %x\n", status);
return status;
}
@ -582,8 +578,7 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device)
status = FwpsCalloutRegister0(device, &c, &stat->datagram4_id);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Register Datagram V4: Error: %x\n", status);
LOG("Register Datagram V4: Error: %x\n", status);
return status;
}
@ -596,8 +591,7 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device)
status = FwpsCalloutRegister0(device, &c, &stat->in_transport4_id);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Register Inbound Transport V4: Error: %x\n", status);
LOG("Register Inbound Transport V4: Error: %x\n", status);
return status;
}
@ -609,8 +603,7 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device)
status = FwpsCalloutRegister0(device, &c, &stat->out_transport4_id);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Register Outbound Transport V4: Error: %x\n", status);
LOG("Register Outbound Transport V4: Error: %x\n", status);
return status;
}
@ -746,8 +739,7 @@ FORT_API NTSTATUS fort_callout_force_reauth(
(conf_flags.allow_all_new || conf_flags.log_blocked || conf_flags.log_stat
|| conf_flags.log_blocked_ip));
} else {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Callout Reauth: Error: %x\n",
status);
LOG("Callout Reauth: Error: %x\n", status);
}
return status;
@ -798,8 +790,7 @@ FORT_API void NTAPI fort_callout_timer(void)
status = fort_buffer_prepare(buf, len, &out, &irp, &info);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Callout Timer: Error: %x\n",
status);
LOG("Callout Timer: Error: %x\n", status);
break;
}

6
src/driver/fortdev.c
View File

@ -30,8 +30,7 @@ static void NTAPI fort_worker_reauth(void)
status = fort_callout_force_reauth(conf_flags, 0);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Worker Reauth: Error: %x\n",
status);
LOG("Worker Reauth: Error: %x\n", status);
}
}
@ -293,8 +292,7 @@ FORT_API NTSTATUS fort_device_control(PDEVICE_OBJECT device, PIRP irp)
const NTSTATUS status = fort_device_control_process(irp_stack, irp, &info);
if (!NT_SUCCESS(status) && status != FORT_STATUS_USER_ERROR) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Device Control: Error: %x\n",
status);
LOG("Device Control: Error: %x\n", status);
}
if (status != STATUS_PENDING) {

2
src/driver/fortdrv.c
View File

@ -74,7 +74,7 @@ NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
const NTSTATUS status = fort_driver_load(driver, reg_path);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Entry: Error: %x\n", status);
LOG("Entry: Error: %x\n", status);
fort_driver_unload(driver);
}

12
src/driver/fortpkt.c
View File

@ -136,8 +136,7 @@ FORT_API void fort_defer_open(PFORT_DEFER defer)
if (!NT_SUCCESS(status)) {
defer->transport_injection4_id = INVALID_HANDLE_VALUE;
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Defer: Transport injection init error: %x\n", status);
LOG("Defer: Transport injection init error: %x\n", status);
}
status = FwpsInjectionHandleCreate0(
@ -146,8 +145,7 @@ FORT_API void fort_defer_open(PFORT_DEFER defer)
if (!NT_SUCCESS(status)) {
defer->stream_injection4_id = INVALID_HANDLE_VALUE;
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Defer: Stream injection init error: %x\n", status);
LOG("Defer: Stream injection init error: %x\n", status);
}
tommy_arrayof_init(&defer->packets, sizeof(FORT_PACKET));
@ -388,8 +386,7 @@ FORT_API void fort_defer_packet_free(
const NTSTATUS status = clonedNetBufList->Status;
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Defer: Injection error: %x\n", status);
LOG("Defer: Injection error: %x\n", status);
}
FwpsFreeCloneNetBufferList0(clonedNetBufList, 0);
@ -428,8 +425,7 @@ static void fort_defer_packet_inject(PFORT_DEFER defer, PFORT_PACKET pkt,
status = inject_func(defer, pkt, &clonedNetBufList, complete_func);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Defer: Injection prepare error: %x\n", status);
LOG("Defer: Injection prepare error: %x\n", status);
if (clonedNetBufList != NULL) {
clonedNetBufList->Status = STATUS_SUCCESS;

11
src/driver/fortps.c
View File

@ -153,7 +153,7 @@ static void NTAPI fort_pstree_notify(
if (createInfo == NULL) {
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: PsTree: pid=%d CLOSED\n", pid);
LOG("PsTree: pid=%d CLOSED\n", pid);
#endif
return;
}
@ -162,8 +162,7 @@ static void NTAPI fort_pstree_notify(
return;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: PsTree: pid=%d ppid=%d IMG=[%wZ] CMD=[%wZ]\n", pid, ppid,
LOG("PsTree: pid=%d ppid=%d IMG=[%wZ] CMD=[%wZ]\n", pid, ppid,
createInfo->ImageFileName, createInfo->CommandLine);
#endif
@ -193,15 +192,13 @@ FORT_API void fort_pstree_open(PFORT_PSTREE ps_tree)
FORT_PSTREE_NOTIFY, PCREATE_PROCESS_NOTIFY_ROUTINE_EX, fort_pstree_notify),
FALSE);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: PsTree: PsSetCreateProcessNotifyRoutineEx Error: %x\n", status);
LOG("PsTree: PsSetCreateProcessNotifyRoutineEx Error: %x\n", status);
return;
}
status = fort_pstree_enum_processes(ps_tree);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: PsTree: Enum Processes Error: %x\n", status);
LOG("PsTree: Enum Processes Error: %x\n", status);
return;
}
}

15
src/driver/loader/fortdl.c
View File

@ -67,7 +67,7 @@ static NTSTATUS fort_loader_init(PUNICODE_STRING driverPath)
NTSTATUS status;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Init: [%wZ]\n", driverPath);
LOG("Loader Init: [%wZ]\n", driverPath);
#endif
/* Load the driver file */
@ -84,9 +84,7 @@ static NTSTATUS fort_loader_init(PUNICODE_STRING driverPath)
}
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader File Read: Error: %x size=%d [%wZ]\n", status, dataSize,
driverPath);
LOG("Loader File Read: Error: %x size=%d [%wZ]\n", status, dataSize, driverPath);
return status;
}
}
@ -105,8 +103,7 @@ static NTSTATUS fort_loader_init(PUNICODE_STRING driverPath)
fort_mem_free(data, FORT_LOADER_POOL_TAG);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Image Payload: Error: %x\n", status);
LOG("Loader Image Payload: Error: %x\n", status);
}
return status;
@ -129,8 +126,7 @@ DriverLoaderEntry
status = fort_driver_path(driver, regPath, &driverPath);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Entry: Path Error: %x\n",
status);
LOG("Loader Entry: Path Error: %x\n", status);
return status;
}
@ -146,8 +142,7 @@ DriverLoaderEntry
}
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Entry: Error: %x\n",
status);
LOG("Loader Entry: Error: %x\n", status);
fort_loader_unload(driver);
}

4
src/driver/loader/fortimg.c
View File

@ -117,9 +117,7 @@ FORT_API NTSTATUS fort_image_payload(
const int payloadSize = fort_le_u32_read(paylodInfo, 4);
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Image Load: size=%d signatureSize=%d alignedSignatureSize=%d "
"payloadSize=%d\n",
LOG("Loader Image Load: size=%d signatureSize=%d alignedSignatureSize=%d payloadSize=%d\n",
dataSize, signatureSize, alignedSignatureSize, payloadSize);
#endif

41
src/driver/loader/fortmm.c
View File

@ -96,9 +96,7 @@ static VOID ZeroDataSectionTable(
section->Misc.PhysicalAddress = (DWORD) (uintptr_t) dest;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Zero Section: offset=%d size=%d\n", section->VirtualAddress,
sectionSize);
LOG("Loader Module: Zero Section: offset=%d size=%d\n", section->VirtualAddress, sectionSize);
#endif
}
@ -130,8 +128,7 @@ static NTSTATUS CopySectionTable(PUCHAR pImage, PIMAGE_NT_HEADERS pNtHeaders, co
section->Misc.PhysicalAddress = (DWORD) (uintptr_t) dest;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Copy Section: src-offset=%x offset=%x size=%x data=%x\n",
LOG("Loader Module: Copy Section: src-offset=%x offset=%x size=%x data=%x\n",
section->PointerToRawData, section->VirtualAddress, sectionSize, *(PDWORD) dest);
#endif
}
@ -147,8 +144,7 @@ static void PatchAddressRelocations(
const DWORD relInfoCount = (relocation->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / 2;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Relocation: dest=%p count=%d\n", dest, relInfoCount);
LOG("Loader Module: Relocation: dest=%p count=%d\n", dest, relInfoCount);
#endif
for (DWORD i = 0; i < relInfoCount; ++i, ++relInfo) {
@ -190,8 +186,7 @@ static NTSTATUS PerformBaseRelocation(
&(pHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC]);
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Relocation: size=%d delta=%d\n", directory->Size, locationDelta);
LOG("Loader Module: Relocation: size=%d delta=%d\n", directory->Size, locationDelta);
#endif
if (directory->Size == 0) {
@ -235,13 +230,11 @@ static NTSTATUS BuildImportTableLibrary(PUCHAR codeBase, const PIMAGE_IMPORT_DES
*funcRef = ModuleGetProcAddress(&libModule, funcName);
if (*funcRef == 0) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Error: Procedure Not Found: %s: %s\n", libName, funcName);
LOG("Loader Module: Error: Procedure Not Found: %s: %s\n", libName, funcName);
status = STATUS_PROCEDURE_NOT_FOUND;
} else {
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Import: %s: %s: %p\n", libName, funcName, *funcRef);
LOG("Loader Module: Import: %s: %s: %p\n", libName, funcName, *funcRef);
#endif
}
}
@ -275,16 +268,14 @@ static NTSTATUS BuildImportTable(PUCHAR codeBase, PIMAGE_NT_HEADERS pHeaders)
LOADEDMODULE libModule;
if (!NT_SUCCESS(GetModuleInfo(&libModule, libName, modules, modulesCount))) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Error: Module Not Found: %s\n", libName);
LOG("Loader Module: Error: Module Not Found: %s\n", libName);
status = STATUS_PROCEDURE_NOT_FOUND;
break;
}
status = BuildImportTableLibrary(codeBase, importDesc, libName, libModule);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Library Import Error: %s\n", libName);
LOG("Loader Module: Library Import Error: %s\n", libName);
break;
}
}
@ -364,8 +355,7 @@ static NTSTATUS InitializeModuleImage(PUCHAR pImage, const PIMAGE_NT_HEADERS lpN
NTSTATUS status;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Init Image: SizeOfHeaders=%d EntryPoint=%d ImageBase=%x\n",
LOG("Loader Module: Init Image: SizeOfHeaders=%d EntryPoint=%d ImageBase=%x\n",
lpNtHeaders->OptionalHeader.SizeOfHeaders,
lpNtHeaders->OptionalHeader.AddressOfEntryPoint, lpNtHeaders->OptionalHeader.ImageBase);
#endif
@ -413,8 +403,7 @@ FORT_API NTSTATUS LoadModuleFromMemory(PLOADEDMODULE pModule, const PUCHAR lpDat
const DWORD imageSize = MAX_ALIGNED(pNtHeaders->OptionalHeader.SizeOfImage, PAGE_SIZE);
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: data=%p size=%d imageSize=%d\n", lpData, dwSize, imageSize);
LOG("Loader Module: data=%p size=%d imageSize=%d\n", lpData, dwSize, imageSize);
#endif
/* Allocate the region */
@ -423,7 +412,7 @@ FORT_API NTSTATUS LoadModuleFromMemory(PLOADEDMODULE pModule, const PUCHAR lpDat
return STATUS_NO_MEMORY;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Module: image=%p\n", pImage);
LOG("Loader Module: image=%p\n", pImage);
#endif
status = InitializeModuleImage(pImage, pNtHeaders, lpData, dwSize, imageSize);
@ -456,9 +445,7 @@ NTSTATUS SetupModuleCallbacks(PLOADEDMODULE pModule, PFORT_PROXYCB_INFO cbInfo)
return STATUS_PROCEDURE_NOT_FOUND;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Setup Callbacks: %p data=%x\n", cbSetup,
*(PDWORD) (PVOID) &cbSetup);
LOG("Loader Module: Setup Callbacks: %p data=%x\n", cbSetup, *(PDWORD) (PVOID) &cbSetup);
#endif
return cbSetup(cbInfo);
@ -472,9 +459,7 @@ FORT_API NTSTATUS CallModuleEntry(
return STATUS_PROCEDURE_NOT_FOUND;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Driver Entry: %p data=%x\n", driverEntry,
*(PDWORD) (PVOID) &driverEntry);
LOG("Loader Module: Driver Entry: %p data=%x\n", driverEntry, *(PDWORD) (PVOID) &driverEntry);
#endif
return driverEntry(driver, regPath);

3
src/driver/proxycb/fortpcb_drv.c
View File

@ -86,8 +86,7 @@ FORT_API void fort_proxycb_drv_setup(PDRIVER_DISPATCH *driver_major_funcs)
driver_major_funcs[i] = cb;
#ifdef FORT_DEBUG
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Proxy Major: i=%d func=%p cb=%p\n", i, major_func, cb);
LOG("Proxy Major: i=%d func=%p cb=%p\n", i, major_func, cb);
#endif
}
}