Driver: ProxyCallbacks: Prepare *.asm

src/driver/FortFirewallDriver.pro

@@ -22,8 +22,8 @@ SOURCES += \
     loader/fortdl.c \
     loader/fortimg.c \
     loader/fortmm.c \
-    loader/fortpcb.c \
+    proxycb/fortpcb.c \
-    loader/fortpcb_def.c \
+    proxycb/fortpcb_def.c \
     wdm/um_aux_klib.c \
     wdm/um_fwpmk.c \
     wdm/um_fwpsk.c \
@@ -48,8 +48,8 @@ HEADERS += \
     loader/fortdl.h \
     loader/fortimg.h \
     loader/fortmm.h \
-    loader/fortpcb.h \
+    proxycb/fortpcb.h \
-    loader/fortpcb_def.h \
+    proxycb/fortpcb_def.h \
     wdm/um_aux_klib.h \
     wdm/um_fwpmk.h \
     wdm/um_fwpsk.h \

src/driver/loader/fortdl.c

@@ -4,9 +4,9 @@
 
 #include "../fortutl.h"
 
+#include "../proxycb/fortpcb.h"
 #include "fortimg.h"
 #include "fortmm.h"
-#include "fortpcb.h"
 
 typedef struct fort_loader
 {
@@ -30,7 +30,7 @@ static NTSTATUS fort_loader_entry(PDRIVER_OBJECT driver, PUNICODE_STRING regPath
 {
     NTSTATUS status;
 
-    SetupProxyCallbacks();
+    fort_proxycb_src_setup();
 
     status = CallModuleEntry(&g_loader.module, driver, regPath);
     if (!NT_SUCCESS(status))

src/driver/loader/fortdl.vcxproj

@@ -66,7 +66,9 @@
     <FilesToPackage Include="$(TargetPath)" />
   </ItemGroup>
   <ItemGroup>
-    <MASM Include="fortpcb_$(Platform).asm" />
+    <MASM Include="..\proxycb\fortpcb_src_x86.asm">
+      <AdditionalOptions Condition="'$(Platform)'=='Win32'">/safeseh</AdditionalOptions>
+    </MASM>
     <ClCompile Include="fortdl_amalg.c" />
     <ClInclude Include="fortdl.h" />
     <ResourceCompile Include="fortdl.rc" />

src/driver/loader/fortdl_amalg.c

@@ -5,7 +5,7 @@
 
 #include "../fortutl.c"
 
-#include "fortpcb.c"
+#include "../proxycb/fortpcb.c"
 #include "fortmm.c"
 #include "fortimg.c"
 #include "fortdl.c"

src/driver/proxycb/fortpcb.c

@@ -4,7 +4,7 @@
 
 #include "fortpcb_def.h"
 
-static ProxyCallbackProc g_proxyCallbacks[PROXY_CALLBACKS_COUNT] = {
+static ProxyCallbackProc g_proxySrcCallbacks[PROXY_CALLBACKS_COUNT] = {
     proxyCallback0,
     proxyCallback1,
     proxyCallback2,
@@ -12,8 +12,8 @@ static ProxyCallbackProc g_proxyCallbacks[PROXY_CALLBACKS_COUNT] = {
     proxyCallback4,
 };
 
-FORT_API void SetupProxyCallbacks(void)
+FORT_API void fort_proxycb_src_setup(void)
 {
-    DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Loader SetupProxyCallbacks: %p\n",
+    DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: ProxyCbSrc Setup: %p\n",
             &proxyCallback0);
 }

src/driver/proxycb/fortpcb.h

@@ -1,13 +1,13 @@
 #ifndef FORTPCB_H
 #define FORTPCB_H
 
-#include "fortdl.h"
+#include "../fortdrv.h"
 
 #if defined(__cplusplus)
 extern "C" {
 #endif
 
-FORT_API void SetupProxyCallbacks(void);
+FORT_API void fort_proxycb_src_setup(void);
 
 #ifdef __cplusplus
 } // extern "C"

src/driver/proxycb/fortpcb_def.c

@@ -2,7 +2,10 @@
 
 #include "fortpcb_def.h"
 
-ProxyCallbackProc g_proxiedCallbacks[PROXY_CALLBACKS_COUNT];
+#define ProxyCallbackFunction(i)                                                                   \
+    void proxyCallback##i(void) { g_proxyDstProcs[i](); }
+
+ProxyCallbackProc g_proxyDstProcs[PROXY_CALLBACKS_COUNT];
 
 ProxyCallbackFunction(0) ProxyCallbackFunction(1) ProxyCallbackFunction(2) ProxyCallbackFunction(3)
         ProxyCallbackFunction(4)

src/driver/proxycb/fortpcb_def.h

@@ -1,7 +1,7 @@
 #ifndef FORTPCB_DEF_H
 #define FORTPCB_DEF_H
 
-#include "fortdl.h"
+#include "../fortdrv.h"
 
 #if defined(__cplusplus)
 extern "C" {
@@ -11,10 +11,7 @@ typedef void (*ProxyCallbackProc)(void);
 
 #define PROXY_CALLBACKS_COUNT 64
 
-extern ProxyCallbackProc g_proxiedCallbacks[PROXY_CALLBACKS_COUNT];
+extern ProxyCallbackProc g_proxyDstCallbacks[PROXY_CALLBACKS_COUNT];
-
-#define ProxyCallbackFunction(i)                                                                   \
-    void proxyCallback##i(void) { g_proxiedCallbacks[i](); }
 
 #define ProxyCallbackExtern(i) extern void proxyCallback##i(void)
 

src/driver/proxycb/fortpcb_dst_x86.asm

@@ -0,0 +1,44 @@
+IFDEF RAX
+ELSE
+.model flat, c
+ENDIF
+
+.DATA
+IFDEF RAX
+	g_proxyDstCallbacks QWORD 040H dup (?)
+ELSE
+	g_proxyDstCallbacks DWORD 040H dup (?)
+ENDIF
+
+.CODE
+
+ProxyCallbackProc MACRO index:REQ
+IFDEF RAX
+	pop rax
+	jmp QWORD PTR [g_proxyDstCallbacks + index * 8]
+ELSE
+	jmp DWORD PTR [g_proxyDstCallbacks + index * 4]
+ENDIF
+ENDM
+
+proxyCallback0 PROC
+ProxyCallbackProc(0)
+proxyCallback0 ENDP
+
+proxyCallback1 PROC
+ProxyCallbackProc(1)
+proxyCallback1 ENDP
+
+proxyCallback2 PROC
+ProxyCallbackProc(2)
+proxyCallback2 ENDP
+
+proxyCallback3 PROC
+ProxyCallbackProc(3)
+proxyCallback3 ENDP
+
+proxyCallback4 PROC
+ProxyCallbackProc(4)
+proxyCallback4 ENDP
+
+END

src/driver/proxycb/fortpcb_src_x86.asm

@@ -1,10 +1,25 @@
+IFDEF RAX
+ELSE
+.model flat, stdcall
+ENDIF
+
 .DATA
-g_proxiedCallbacks QWORD 040H dup (?)
+IFDEF RAX
+	g_proxyDstProcs QWORD 040H dup (?)
+ELSE
+	g_proxyDstProcs DWORD 040H dup (?)
+ENDIF
 
 .CODE
 
 ProxyCallbackProc MACRO index:REQ
-	jmp QWORD PTR [g_proxiedCallbacks + index * 8]
+IFDEF RAX
+	push rax
+	mov rax, [g_proxyDstProcs + index * 8]
+	jmp rax
+ELSE
+	jmp DWORD PTR [g_proxyDstProcs + index * 4]
+ENDIF
 ENDM
 
 proxyCallback0 PROC