DriverLoader: Refactor initialization

This commit is contained in:
Nodir Temirkhodjaev 2021-12-13 14:24:26 +03:00
parent 06d91e63a1
commit bc2992d64f
7 changed files with 50 additions and 33 deletions

View File

@ -17,11 +17,7 @@ FORT_API FortCallbackFunc fort_callback(int id, FortCallbackFunc func)
FORT_API void fort_callback_setup(PFORT_PROXYCB_INFO cb_info) FORT_API void fort_callback_setup(PFORT_PROXYCB_INFO cb_info)
{ {
if (cb_info == NULL) { fort_proxycb_dst_setup(cb_info);
g_callbackInfo.src = NULL;
} else {
fort_proxycb_dst_setup(cb_info);
g_callbackInfo = *cb_info; g_callbackInfo = *cb_info;
}
} }

View File

@ -63,6 +63,8 @@ static NTSTATUS fort_driver_load(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path
if (!NT_SUCCESS(status)) if (!NT_SUCCESS(status))
return status; return status;
device_obj->Flags |= DO_BUFFERED_IO;
UNICODE_STRING device_link; UNICODE_STRING device_link;
RtlInitUnicodeString(&device_link, FORT_DOS_DEVICE_NAME); RtlInitUnicodeString(&device_link, FORT_DOS_DEVICE_NAME);
@ -76,29 +78,27 @@ static NTSTATUS fort_driver_load(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path
driver->MajorFunction[IRP_MJ_CLEANUP] = fort_device_cleanup; driver->MajorFunction[IRP_MJ_CLEANUP] = fort_device_cleanup;
driver->MajorFunction[IRP_MJ_DEVICE_CONTROL] = fort_device_control; driver->MajorFunction[IRP_MJ_DEVICE_CONTROL] = fort_device_control;
device_obj->Flags |= DO_BUFFERED_IO;
return fort_device_load(device_obj); return fort_device_load(device_obj);
} }
NTSTATUS __declspec(dllexport) DriverCallbackEntry( NTSTATUS __declspec(dllexport) DriverCallbacksSetup(PFORT_PROXYCB_INFO cb_info)
PDRIVER_OBJECT driver, PUNICODE_STRING reg_path, PFORT_PROXYCB_INFO cb_info) {
fort_callback_setup(cb_info);
return STATUS_SUCCESS;
}
NTSTATUS __declspec(dllexport) DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
{ {
NTSTATUS status; NTSTATUS status;
fort_callback_setup(cb_info);
status = fort_driver_load(driver, reg_path); status = fort_driver_load(driver, reg_path);
if (!NT_SUCCESS(status)) { if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Entry: Error: %x\n", status); DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Entry: Error: %x\n", status);
fort_driver_unload(driver); fort_driver_unload(driver);
} }
return status; return status;
} }
NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
{
return DriverCallbackEntry(driver, reg_path, NULL);
}

View File

@ -39,19 +39,24 @@ static NTSTATUS fort_loader_entry(PDRIVER_OBJECT driver, PUNICODE_STRING regPath
FORT_PROXYCB_INFO cbInfo; FORT_PROXYCB_INFO cbInfo;
fort_proxycb_src_prepare(&cbInfo); fort_proxycb_src_prepare(&cbInfo);
/* Run the module entry function */ /* Setup the module's callbacks */
status = CallModuleEntry(&g_loader.module, driver, regPath, &cbInfo); status = SetupModuleCallbacks(&g_loader.module, &cbInfo);
if (!NT_SUCCESS(status)) if (!NT_SUCCESS(status))
return status; return status;
/* Setup the proxy callbacks */ /* Setup the proxy callbacks */
fort_proxycb_src_setup(&cbInfo); fort_proxycb_src_setup(&cbInfo);
/* Proxy the driver major functions */ /* Run the module's entry function */
status = CallModuleEntry(&g_loader.module, driver, regPath);
if (!NT_SUCCESS(status))
return status;
/* Proxy the driver's unload function */
g_loader.DriverUnload = driver->DriverUnload; g_loader.DriverUnload = driver->DriverUnload;
driver->DriverUnload = fort_loader_unload; driver->DriverUnload = fort_loader_unload;
/* Setup the major functions */ /* Proxy the driver's major functions */
fort_proxycb_drv_setup(driver->MajorFunction); fort_proxycb_drv_setup(driver->MajorFunction);
return status; return status;

View File

@ -21,8 +21,9 @@
#define fort_nt_headers(pImage) \ #define fort_nt_headers(pImage) \
((PIMAGE_NT_HEADERS) & ((PUCHAR) (pImage))[((PIMAGE_DOS_HEADER) pImage)->e_lfanew]) ((PIMAGE_NT_HEADERS) & ((PUCHAR) (pImage))[((PIMAGE_DOS_HEADER) pImage)->e_lfanew])
typedef NTSTATUS(WINAPI *DriverCallbackEntryProc)( typedef NTSTATUS(WINAPI *DriverCallbacksSetupProc)(PFORT_PROXYCB_INFO cbInfo);
PDRIVER_OBJECT driver, PUNICODE_STRING regPath, PFORT_PROXYCB_INFO cbInfo);
typedef NTSTATUS(WINAPI *DriverEntryProc)(PDRIVER_OBJECT driver, PUNICODE_STRING regPath);
static NTSTATUS GetModuleInfo(PLOADEDMODULE pModule, LPCSTR name, static NTSTATUS GetModuleInfo(PLOADEDMODULE pModule, LPCSTR name,
const PAUX_MODULE_EXTENDED_INFO modules, DWORD modulesCount) const PAUX_MODULE_EXTENDED_INFO modules, DWORD modulesCount)
@ -419,19 +420,32 @@ FORT_API void UnloadModule(PLOADEDMODULE pModule)
} }
} }
FORT_API NTSTATUS CallModuleEntry(PLOADEDMODULE pModule, PDRIVER_OBJECT driver, NTSTATUS SetupModuleCallbacks(PLOADEDMODULE pModule, PFORT_PROXYCB_INFO cbInfo)
PUNICODE_STRING regPath, PFORT_PROXYCB_INFO cbInfo)
{ {
DriverCallbackEntryProc driverEntry = DriverCallbacksSetupProc cbSetup =
(DriverCallbackEntryProc) ModuleGetProcAddress(pModule, "DriverCallbackEntry"); (DriverCallbacksSetupProc) ModuleGetProcAddress(pModule, "DriverCallbacksSetup");
if (cbSetup == NULL)
return STATUS_PROCEDURE_NOT_FOUND;
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Setup Callbacks: %p data=%x\n", cbSetup,
*(PDWORD) (PVOID) &cbSetup);
return cbSetup(cbInfo);
}
FORT_API NTSTATUS CallModuleEntry(
PLOADEDMODULE pModule, PDRIVER_OBJECT driver, PUNICODE_STRING regPath)
{
DriverEntryProc driverEntry = (DriverEntryProc) ModuleGetProcAddress(pModule, "DriverEntry");
if (driverEntry == NULL) if (driverEntry == NULL)
return STATUS_PROCEDURE_NOT_FOUND; return STATUS_PROCEDURE_NOT_FOUND;
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Loader Module: Entry Proc: %p data=%x\n", driverEntry, "FORT: Loader Module: Driver Entry: %p data=%x\n", driverEntry,
*(PDWORD) (PVOID) &driverEntry); *(PDWORD) (PVOID) &driverEntry);
return driverEntry(driver, regPath, cbInfo); return driverEntry(driver, regPath);
} }
/* Retrieve address of an exported function from the loaded module. */ /* Retrieve address of an exported function from the loaded module. */

View File

@ -18,8 +18,10 @@ FORT_API NTSTATUS LoadModuleFromMemory(PLOADEDMODULE pModule, PUCHAR lpData, DWO
FORT_API void UnloadModule(PLOADEDMODULE pModule); FORT_API void UnloadModule(PLOADEDMODULE pModule);
FORT_API NTSTATUS CallModuleEntry(PLOADEDMODULE pModule, PDRIVER_OBJECT driver, FORT_API NTSTATUS SetupModuleCallbacks(PLOADEDMODULE pModule, PFORT_PROXYCB_INFO cbInfo);
PUNICODE_STRING regPath, PFORT_PROXYCB_INFO cbInfo);
FORT_API NTSTATUS CallModuleEntry(
PLOADEDMODULE pModule, PDRIVER_OBJECT driver, PUNICODE_STRING regPath);
FORT_API FARPROC ModuleGetProcAddress(PLOADEDMODULE pModule, LPCSTR funcName); FORT_API FARPROC ModuleGetProcAddress(PLOADEDMODULE pModule, LPCSTR funcName);

View File

@ -7,7 +7,7 @@
extern "C" { extern "C" {
#endif #endif
typedef void (WINAPI *ProxyCallbackProc)(void); typedef void(WINAPI *ProxyCallbackProc)(void);
typedef struct fort_proxycb_info typedef struct fort_proxycb_info
{ {

View File

@ -88,7 +88,7 @@ FORT_API void fort_proxycb_drv_setup(PDRIVER_DISPATCH *driver_major_funcs)
driver_major_funcs[i] = g_proxyMajorCallbacks[i]; driver_major_funcs[i] = g_proxyMajorCallbacks[i];
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: fort_proxycb_drv_setup: %d mf=%p\n", i, major_func); "FORT: Proxy Major: i=%d func=%p\n", i, major_func);
} }
} }
} }