diff --git a/src/driver/common/common.h b/src/driver/common/common.h index fdadaf2b..1b81c6d5 100644 --- a/src/driver/common/common.h +++ b/src/driver/common/common.h @@ -44,6 +44,8 @@ #define UNUSED(p) ((void) (p)) +#define LOG(...) DbgPrintEx(DPFLTR_SYSTEM_ID, DPFLTR_ERROR_LEVEL, "FORT: " __VA_ARGS__) + #ifndef NT_SUCCESS # define NT_SUCCESS(status) ((LONG) (status) >= 0) #endif diff --git a/src/driver/fortbuf.c b/src/driver/fortbuf.c index 7717b67a..32c10016 100644 --- a/src/driver/fortbuf.c +++ b/src/driver/fortbuf.c @@ -123,7 +123,7 @@ FORT_API NTSTATUS fort_buffer_prepare( } else { PFORT_BUFFER_DATA data = fort_buffer_data_alloc(buf, len); if (data == NULL) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Buffer OOM: len=%d\n", len); + LOG("Buffer OOM: len=%d\n", len); return STATUS_INSUFFICIENT_RESOURCES; } diff --git a/src/driver/fortcb.c b/src/driver/fortcb.c index c74e2e7e..a24aaf26 100644 --- a/src/driver/fortcb.c +++ b/src/driver/fortcb.c @@ -14,8 +14,7 @@ FORT_API FortCallbackFunc fort_callback(int id, FortCallbackFunc func) ProxyCallbackProc cb = g_callbackInfo.src[id]; #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Proxy Callback: i=%d func=%p cb=%p\n", id, func, cb); + LOG("Proxy Callback: i=%d func=%p cb=%p\n", id, func, cb); #endif g_callbackInfo.callbacks[id] = func; diff --git a/src/driver/fortcout.c b/src/driver/fortcout.c index 905ffa51..b6d953c4 100644 --- a/src/driver/fortcout.c +++ b/src/driver/fortcout.c @@ -62,8 +62,7 @@ static BOOL fort_callout_classify_v4_blocked_log_stat(const FWPS_INCOMING_VALUES return TRUE; /* block (Reauth) */ } - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Classify v4: Flow assoc. error: %x\n", status); + LOG("Classify v4: Flow assoc. error: %x\n", status); } else if (is_new_proc) { fort_buffer_proc_new_write(&fort_device()->buffer, process_id, path_len, path, irp, info); } @@ -544,8 +543,7 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device) status = FwpsCalloutRegister0(device, &c, &fort_device()->connect4_id); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Register Connect V4: Error: %x\n", status); + LOG("Register Connect V4: Error: %x\n", status); return status; } @@ -555,8 +553,7 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device) status = FwpsCalloutRegister0(device, &c, &fort_device()->accept4_id); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Register Accept V4: Error: %x\n", status); + LOG("Register Accept V4: Error: %x\n", status); return status; } @@ -569,8 +566,7 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device) status = FwpsCalloutRegister0(device, &c, &stat->stream4_id); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Register Stream V4: Error: %x\n", status); + LOG("Register Stream V4: Error: %x\n", status); return status; } @@ -582,8 +578,7 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device) status = FwpsCalloutRegister0(device, &c, &stat->datagram4_id); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Register Datagram V4: Error: %x\n", status); + LOG("Register Datagram V4: Error: %x\n", status); return status; } @@ -596,8 +591,7 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device) status = FwpsCalloutRegister0(device, &c, &stat->in_transport4_id); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Register Inbound Transport V4: Error: %x\n", status); + LOG("Register Inbound Transport V4: Error: %x\n", status); return status; } @@ -609,8 +603,7 @@ FORT_API NTSTATUS fort_callout_install(PDEVICE_OBJECT device) status = FwpsCalloutRegister0(device, &c, &stat->out_transport4_id); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Register Outbound Transport V4: Error: %x\n", status); + LOG("Register Outbound Transport V4: Error: %x\n", status); return status; } @@ -746,8 +739,7 @@ FORT_API NTSTATUS fort_callout_force_reauth( (conf_flags.allow_all_new || conf_flags.log_blocked || conf_flags.log_stat || conf_flags.log_blocked_ip)); } else { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Callout Reauth: Error: %x\n", - status); + LOG("Callout Reauth: Error: %x\n", status); } return status; @@ -798,8 +790,7 @@ FORT_API void NTAPI fort_callout_timer(void) status = fort_buffer_prepare(buf, len, &out, &irp, &info); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Callout Timer: Error: %x\n", - status); + LOG("Callout Timer: Error: %x\n", status); break; } diff --git a/src/driver/fortdev.c b/src/driver/fortdev.c index c66dfc99..a27c067b 100644 --- a/src/driver/fortdev.c +++ b/src/driver/fortdev.c @@ -30,8 +30,7 @@ static void NTAPI fort_worker_reauth(void) status = fort_callout_force_reauth(conf_flags, 0); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Worker Reauth: Error: %x\n", - status); + LOG("Worker Reauth: Error: %x\n", status); } } @@ -293,8 +292,7 @@ FORT_API NTSTATUS fort_device_control(PDEVICE_OBJECT device, PIRP irp) const NTSTATUS status = fort_device_control_process(irp_stack, irp, &info); if (!NT_SUCCESS(status) && status != FORT_STATUS_USER_ERROR) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Device Control: Error: %x\n", - status); + LOG("Device Control: Error: %x\n", status); } if (status != STATUS_PENDING) { diff --git a/src/driver/fortdrv.c b/src/driver/fortdrv.c index 8a633214..a97afc97 100644 --- a/src/driver/fortdrv.c +++ b/src/driver/fortdrv.c @@ -74,7 +74,7 @@ NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path) const NTSTATUS status = fort_driver_load(driver, reg_path); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Entry: Error: %x\n", status); + LOG("Entry: Error: %x\n", status); fort_driver_unload(driver); } diff --git a/src/driver/fortpkt.c b/src/driver/fortpkt.c index bc409829..b82bf4ac 100644 --- a/src/driver/fortpkt.c +++ b/src/driver/fortpkt.c @@ -136,8 +136,7 @@ FORT_API void fort_defer_open(PFORT_DEFER defer) if (!NT_SUCCESS(status)) { defer->transport_injection4_id = INVALID_HANDLE_VALUE; - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Defer: Transport injection init error: %x\n", status); + LOG("Defer: Transport injection init error: %x\n", status); } status = FwpsInjectionHandleCreate0( @@ -146,8 +145,7 @@ FORT_API void fort_defer_open(PFORT_DEFER defer) if (!NT_SUCCESS(status)) { defer->stream_injection4_id = INVALID_HANDLE_VALUE; - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Defer: Stream injection init error: %x\n", status); + LOG("Defer: Stream injection init error: %x\n", status); } tommy_arrayof_init(&defer->packets, sizeof(FORT_PACKET)); @@ -388,8 +386,7 @@ FORT_API void fort_defer_packet_free( const NTSTATUS status = clonedNetBufList->Status; if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Defer: Injection error: %x\n", status); + LOG("Defer: Injection error: %x\n", status); } FwpsFreeCloneNetBufferList0(clonedNetBufList, 0); @@ -428,8 +425,7 @@ static void fort_defer_packet_inject(PFORT_DEFER defer, PFORT_PACKET pkt, status = inject_func(defer, pkt, &clonedNetBufList, complete_func); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Defer: Injection prepare error: %x\n", status); + LOG("Defer: Injection prepare error: %x\n", status); if (clonedNetBufList != NULL) { clonedNetBufList->Status = STATUS_SUCCESS; diff --git a/src/driver/fortps.c b/src/driver/fortps.c index 71ad73de..c49ac5d2 100644 --- a/src/driver/fortps.c +++ b/src/driver/fortps.c @@ -153,7 +153,7 @@ static void NTAPI fort_pstree_notify( if (createInfo == NULL) { #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: PsTree: pid=%d CLOSED\n", pid); + LOG("PsTree: pid=%d CLOSED\n", pid); #endif return; } @@ -162,8 +162,7 @@ static void NTAPI fort_pstree_notify( return; #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: PsTree: pid=%d ppid=%d IMG=[%wZ] CMD=[%wZ]\n", pid, ppid, + LOG("PsTree: pid=%d ppid=%d IMG=[%wZ] CMD=[%wZ]\n", pid, ppid, createInfo->ImageFileName, createInfo->CommandLine); #endif @@ -193,15 +192,13 @@ FORT_API void fort_pstree_open(PFORT_PSTREE ps_tree) FORT_PSTREE_NOTIFY, PCREATE_PROCESS_NOTIFY_ROUTINE_EX, fort_pstree_notify), FALSE); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: PsTree: PsSetCreateProcessNotifyRoutineEx Error: %x\n", status); + LOG("PsTree: PsSetCreateProcessNotifyRoutineEx Error: %x\n", status); return; } status = fort_pstree_enum_processes(ps_tree); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: PsTree: Enum Processes Error: %x\n", status); + LOG("PsTree: Enum Processes Error: %x\n", status); return; } } diff --git a/src/driver/loader/fortdl.c b/src/driver/loader/fortdl.c index 49c5aa48..89d5ea5d 100644 --- a/src/driver/loader/fortdl.c +++ b/src/driver/loader/fortdl.c @@ -67,7 +67,7 @@ static NTSTATUS fort_loader_init(PUNICODE_STRING driverPath) NTSTATUS status; #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Init: [%wZ]\n", driverPath); + LOG("Loader Init: [%wZ]\n", driverPath); #endif /* Load the driver file */ @@ -84,9 +84,7 @@ static NTSTATUS fort_loader_init(PUNICODE_STRING driverPath) } if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader File Read: Error: %x size=%d [%wZ]\n", status, dataSize, - driverPath); + LOG("Loader File Read: Error: %x size=%d [%wZ]\n", status, dataSize, driverPath); return status; } } @@ -105,8 +103,7 @@ static NTSTATUS fort_loader_init(PUNICODE_STRING driverPath) fort_mem_free(data, FORT_LOADER_POOL_TAG); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Image Payload: Error: %x\n", status); + LOG("Loader Image Payload: Error: %x\n", status); } return status; @@ -129,8 +126,7 @@ DriverLoaderEntry status = fort_driver_path(driver, regPath, &driverPath); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Entry: Path Error: %x\n", - status); + LOG("Loader Entry: Path Error: %x\n", status); return status; } @@ -146,8 +142,7 @@ DriverLoaderEntry } if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Entry: Error: %x\n", - status); + LOG("Loader Entry: Error: %x\n", status); fort_loader_unload(driver); } diff --git a/src/driver/loader/fortimg.c b/src/driver/loader/fortimg.c index 37dafe93..ccfb7b38 100644 --- a/src/driver/loader/fortimg.c +++ b/src/driver/loader/fortimg.c @@ -117,9 +117,7 @@ FORT_API NTSTATUS fort_image_payload( const int payloadSize = fort_le_u32_read(paylodInfo, 4); #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Image Load: size=%d signatureSize=%d alignedSignatureSize=%d " - "payloadSize=%d\n", + LOG("Loader Image Load: size=%d signatureSize=%d alignedSignatureSize=%d payloadSize=%d\n", dataSize, signatureSize, alignedSignatureSize, payloadSize); #endif diff --git a/src/driver/loader/fortmm.c b/src/driver/loader/fortmm.c index 79ef4191..13c640d6 100644 --- a/src/driver/loader/fortmm.c +++ b/src/driver/loader/fortmm.c @@ -96,9 +96,7 @@ static VOID ZeroDataSectionTable( section->Misc.PhysicalAddress = (DWORD) (uintptr_t) dest; #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Module: Zero Section: offset=%d size=%d\n", section->VirtualAddress, - sectionSize); + LOG("Loader Module: Zero Section: offset=%d size=%d\n", section->VirtualAddress, sectionSize); #endif } @@ -130,8 +128,7 @@ static NTSTATUS CopySectionTable(PUCHAR pImage, PIMAGE_NT_HEADERS pNtHeaders, co section->Misc.PhysicalAddress = (DWORD) (uintptr_t) dest; #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Module: Copy Section: src-offset=%x offset=%x size=%x data=%x\n", + LOG("Loader Module: Copy Section: src-offset=%x offset=%x size=%x data=%x\n", section->PointerToRawData, section->VirtualAddress, sectionSize, *(PDWORD) dest); #endif } @@ -147,8 +144,7 @@ static void PatchAddressRelocations( const DWORD relInfoCount = (relocation->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / 2; #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Module: Relocation: dest=%p count=%d\n", dest, relInfoCount); + LOG("Loader Module: Relocation: dest=%p count=%d\n", dest, relInfoCount); #endif for (DWORD i = 0; i < relInfoCount; ++i, ++relInfo) { @@ -190,8 +186,7 @@ static NTSTATUS PerformBaseRelocation( &(pHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC]); #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Module: Relocation: size=%d delta=%d\n", directory->Size, locationDelta); + LOG("Loader Module: Relocation: size=%d delta=%d\n", directory->Size, locationDelta); #endif if (directory->Size == 0) { @@ -235,13 +230,11 @@ static NTSTATUS BuildImportTableLibrary(PUCHAR codeBase, const PIMAGE_IMPORT_DES *funcRef = ModuleGetProcAddress(&libModule, funcName); if (*funcRef == 0) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Module: Error: Procedure Not Found: %s: %s\n", libName, funcName); + LOG("Loader Module: Error: Procedure Not Found: %s: %s\n", libName, funcName); status = STATUS_PROCEDURE_NOT_FOUND; } else { #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Module: Import: %s: %s: %p\n", libName, funcName, *funcRef); + LOG("Loader Module: Import: %s: %s: %p\n", libName, funcName, *funcRef); #endif } } @@ -275,16 +268,14 @@ static NTSTATUS BuildImportTable(PUCHAR codeBase, PIMAGE_NT_HEADERS pHeaders) LOADEDMODULE libModule; if (!NT_SUCCESS(GetModuleInfo(&libModule, libName, modules, modulesCount))) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Module: Error: Module Not Found: %s\n", libName); + LOG("Loader Module: Error: Module Not Found: %s\n", libName); status = STATUS_PROCEDURE_NOT_FOUND; break; } status = BuildImportTableLibrary(codeBase, importDesc, libName, libModule); if (!NT_SUCCESS(status)) { - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Module: Library Import Error: %s\n", libName); + LOG("Loader Module: Library Import Error: %s\n", libName); break; } } @@ -364,8 +355,7 @@ static NTSTATUS InitializeModuleImage(PUCHAR pImage, const PIMAGE_NT_HEADERS lpN NTSTATUS status; #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Module: Init Image: SizeOfHeaders=%d EntryPoint=%d ImageBase=%x\n", + LOG("Loader Module: Init Image: SizeOfHeaders=%d EntryPoint=%d ImageBase=%x\n", lpNtHeaders->OptionalHeader.SizeOfHeaders, lpNtHeaders->OptionalHeader.AddressOfEntryPoint, lpNtHeaders->OptionalHeader.ImageBase); #endif @@ -413,8 +403,7 @@ FORT_API NTSTATUS LoadModuleFromMemory(PLOADEDMODULE pModule, const PUCHAR lpDat const DWORD imageSize = MAX_ALIGNED(pNtHeaders->OptionalHeader.SizeOfImage, PAGE_SIZE); #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Module: data=%p size=%d imageSize=%d\n", lpData, dwSize, imageSize); + LOG("Loader Module: data=%p size=%d imageSize=%d\n", lpData, dwSize, imageSize); #endif /* Allocate the region */ @@ -423,7 +412,7 @@ FORT_API NTSTATUS LoadModuleFromMemory(PLOADEDMODULE pModule, const PUCHAR lpDat return STATUS_NO_MEMORY; #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader Module: image=%p\n", pImage); + LOG("Loader Module: image=%p\n", pImage); #endif status = InitializeModuleImage(pImage, pNtHeaders, lpData, dwSize, imageSize); @@ -456,9 +445,7 @@ NTSTATUS SetupModuleCallbacks(PLOADEDMODULE pModule, PFORT_PROXYCB_INFO cbInfo) return STATUS_PROCEDURE_NOT_FOUND; #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Module: Setup Callbacks: %p data=%x\n", cbSetup, - *(PDWORD) (PVOID) &cbSetup); + LOG("Loader Module: Setup Callbacks: %p data=%x\n", cbSetup, *(PDWORD) (PVOID) &cbSetup); #endif return cbSetup(cbInfo); @@ -472,9 +459,7 @@ FORT_API NTSTATUS CallModuleEntry( return STATUS_PROCEDURE_NOT_FOUND; #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Loader Module: Driver Entry: %p data=%x\n", driverEntry, - *(PDWORD) (PVOID) &driverEntry); + LOG("Loader Module: Driver Entry: %p data=%x\n", driverEntry, *(PDWORD) (PVOID) &driverEntry); #endif return driverEntry(driver, regPath); diff --git a/src/driver/proxycb/fortpcb_drv.c b/src/driver/proxycb/fortpcb_drv.c index 175d58c2..632c1a57 100644 --- a/src/driver/proxycb/fortpcb_drv.c +++ b/src/driver/proxycb/fortpcb_drv.c @@ -86,8 +86,7 @@ FORT_API void fort_proxycb_drv_setup(PDRIVER_DISPATCH *driver_major_funcs) driver_major_funcs[i] = cb; #ifdef FORT_DEBUG - DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, - "FORT: Proxy Major: i=%d func=%p cb=%p\n", i, major_func, cb); + LOG("Proxy Major: i=%d func=%p cb=%p\n", i, major_func, cb); #endif } }