Merge branch 'main' into various_kernel_fixes

hugsy · Mar 23, 2024 · 187d646 · 187d646
2 parents 1fb3cba + c95be06
commit 187d646
Show file tree

Hide file tree

Showing 5 changed files with 254 additions and 235 deletions.
diff --git a/Common/Headers/IoctlCodes.hpp b/Common/Headers/IoctlCodes.hpp
@@ -1,83 +1,78 @@
-#pragma once
-
-#ifndef CTL_CODE
-#define CTL_CODE(DeviceType, Function, Method, Access)                                                                 \
-    (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))
-#endif // CTL_CODE
-
-#ifndef FILE_DEVICE_UNKNOWN
-#define FILE_DEVICE_UNKNOWN 0x0022
-#endif // FILE_DEVICE_UNKNOWN
-
-#ifndef METHOD_BUFFERED
-#define METHOD_BUFFERED 0
-#endif // METHOD_BUFFERED
-
-#ifndef FILE_ANY_ACCESS
-#define FILE_ANY_ACCESS 0
-#endif // FILE_ANY_ACCESS
-
-namespace CFB::Comms
-{
-
-///
-///@brief An enumeration class of the available IOCTL supported by the driver
-///
-enum class Ioctl : u32
-{
-    // clang-format off
-
-    ///
-    ///@brief ControlDriver - obsolete
-    ///
-    ControlDriver      = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS),
-
-    ///
-    ///@brief HookDriver
-    ///
-    HookDriver         = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS),
-
-    ///
-    ///@brief UnhookDriver
-    ///
-    UnhookDriver       = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS),
-
-    ///
-    ///@brief GetNumberOfDrivers
-    ///
-    GetNumberOfDrivers = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS),
-
-    ///
-    ///@brief GetNamesOfDrivers
-    ///
-    GetNamesOfDrivers  = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x804, METHOD_BUFFERED, FILE_ANY_ACCESS),
-
-    ///
-    ///@brief GetDriverInfo
-    ///
-    GetDriverInfo      = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x805, METHOD_BUFFERED, FILE_ANY_ACCESS),
-
-    ///
-    ///@brief SetEventPointer
-    ///
-    SetEventPointer    = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x806, METHOD_BUFFERED, FILE_ANY_ACCESS),
-
-    ///
-    ///@brief EnableMonitoring
-    ///
-    EnableMonitoring   = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x807, METHOD_BUFFERED, FILE_ANY_ACCESS),
-
-    ///
-    ///@brief DisableMonitoring
-    ///
-    DisableMonitoring  = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x808, METHOD_BUFFERED, FILE_ANY_ACCESS),
-
-    ///
-    ///@brief StoreTestCase
-    ///
-    StoreTestCase      = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x809, METHOD_BUFFERED, FILE_ANY_ACCESS),
-
-    // clang-format on
-};
-
-} // namespace CFB::Comms
+#pragma once
+
+#ifndef CTL_CODE
+#define CTL_CODE(DeviceType, Function, Method, Access)                                                                 \
+    (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))
+#endif // CTL_CODE
+
+#ifndef FILE_DEVICE_UNKNOWN
+#define FILE_DEVICE_UNKNOWN 0x0022
+#endif // FILE_DEVICE_UNKNOWN
+
+#ifndef METHOD_BUFFERED
+#define METHOD_BUFFERED 0
+#endif // METHOD_BUFFERED
+
+#ifndef FILE_ANY_ACCESS
+#define FILE_ANY_ACCESS 0
+#endif // FILE_ANY_ACCESS
+
+namespace CFB::Comms
+{
+
+///
+///@brief An enumeration class of the available IOCTL supported by the driver
+///
+enum class Ioctl : u32
+{
+    // clang-format off
+
+    ///
+    ///@brief ControlDriver - obsolete
+    ///
+    ControlDriver      = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS),
+
+    ///
+    ///@brief HookDriver
+    ///
+    HookDriver         = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS),
+
+    ///
+    ///@brief UnhookDriver
+    ///
+    UnhookDriver       = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS),
+
+    ///
+    ///@brief GetNumberOfDrivers
+    ///
+    GetNumberOfDrivers = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS),
+
+    ///
+    ///@brief GetNamesOfDrivers
+    ///
+    GetNamesOfDrivers  = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x804, METHOD_BUFFERED, FILE_ANY_ACCESS),
+
+    ///
+    ///@brief GetDriverInfo
+    ///
+    GetDriverInfo      = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x805, METHOD_BUFFERED, FILE_ANY_ACCESS),
+
+    ///
+    ///@brief SetEventPointer
+    ///
+    SetEventPointer    = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x806, METHOD_BUFFERED, FILE_ANY_ACCESS),
+
+    ///
+    ///@brief EnableMonitoring
+    ///
+    EnableMonitoring   = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x807, METHOD_BUFFERED, FILE_ANY_ACCESS),
+
+    ///
+    ///@brief DisableMonitoring
+    ///
+    DisableMonitoring  = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x808, METHOD_BUFFERED, FILE_ANY_ACCESS),
+
+    // clang-format on
+};
+
+} // namespace CFB::Comms
diff --git a/Driver/CMakeLists.txt b/Driver/CMakeLists.txt
@@ -1,98 +1,96 @@
-project(IrpMonitor
-    LANGUAGES CXX
-    VERSION 0.2.0
-    DESCRIPTION "Driver part of CFB"
-)
-
-message(STATUS "Configuring '${PROJECT_NAME}'")
-
-set(DRIVER_SOURCE_DIR ${CFB_ROOT_DIR}/Driver/Source)
-set(DRIVER_HEADER_DIR ${CFB_ROOT_DIR}/Driver/Headers)
-
-set(DRIVER_VERSION_MAJOR ${PROJECT_VERSION_MAJOR} CACHE INTERNAL "DRIVER_VERSION_MAJOR")
-set(DRIVER_VERSION_MINOR ${PROJECT_VERSION_MINOR} CACHE INTERNAL "DRIVER_VERSION_MINOR")
-set(DRIVER_VERSION_PATCH ${PROJECT_VERSION_PATCH} CACHE INTERNAL "DRIVER_VERSION_PATCH")
-
-set(DRIVER_RC_FILE ${DRIVER_SOURCE_DIR}/Driver.rc)
-set(DRIVER_RES_FILE ${DRIVER_SOURCE_DIR}/Driver.res)
-set(CFB_CERT_CN "${CFB_COMPANY_NAME}")
-set(CFB_CERT_STORE "PrivateCertStore")
-set(CFB_DRIVER_INF_FILE "${DRIVER_SOURCE_DIR}/${PROJECT_NAME}.inf")
-
-configure_file(${DRIVER_RC_FILE}.in ${DRIVER_RC_FILE} NEWLINE_STYLE WIN32 ESCAPE_QUOTES)
-
-set(
-    DRIVER_HEADER_FILES
-
-    ${DRIVER_HEADER_DIR}/Context.hpp
-    ${DRIVER_HEADER_DIR}/Native.hpp
-    ${DRIVER_HEADER_DIR}/DriverUtils.hpp
-    ${DRIVER_HEADER_DIR}/HookedDriverManager.hpp
-    ${DRIVER_HEADER_DIR}/HookedDriver.hpp
-    ${DRIVER_HEADER_DIR}/Callbacks.hpp
-    ${DRIVER_HEADER_DIR}/CapturedIrpManager.hpp
-    ${DRIVER_HEADER_DIR}/CapturedIrp.hpp
-)
-
-set(
-    DRIVER_SOURCE_FILES
-
-    ${DRIVER_SOURCE_DIR}/Entry.cpp
-    ${DRIVER_SOURCE_DIR}/DriverUtils.cpp
-    ${DRIVER_SOURCE_DIR}/HookedDriverManager.cpp
-    ${DRIVER_SOURCE_DIR}/HookedDriver.cpp
-    ${DRIVER_SOURCE_DIR}/Callbacks.cpp
-    ${DRIVER_SOURCE_DIR}/CapturedIrpManager.cpp
-    ${DRIVER_SOURCE_DIR}/CapturedIrp.cpp
-)
-
-wdk_add_driver(
-    ${PROJECT_NAME}
-    KMDF
-    1.15
-
-    ${DRIVER_HEADER_FILES}
-    ${DRIVER_SOURCE_FILES}
-)
-
-add_executable(CFB::Kernel::Driver ALIAS ${PROJECT_NAME})
-
-target_include_directories(${PROJECT_NAME} PRIVATE ${DRIVER_HEADER_DIR})
-target_compile_definitions(${PROJECT_NAME} PRIVATE CFB_KERNEL_DRIVER=1)
-target_link_options(${PROJECT_NAME} PUBLIC /integritycheck)
-target_link_libraries(${PROJECT_NAME} CFB::Kernel::CommonLib ${DRIVER_RES_FILE})
-
-#
-# Custom command directives
-#
-add_custom_command(
-    TARGET ${PROJECT_NAME} PRE_BUILD
-    COMMAND
-    rc /nologo /fo ${DRIVER_RES_FILE} /r ${DRIVER_RC_FILE}
-    COMMENT
-    "Compiling '${DRIVER_RES_FILE}' resource file"
-)
-
-add_custom_command(
-    TARGET ${PROJECT_NAME} POST_BUILD
-    COMMAND
-    powershell -ep bypass "Get-ChildItem -Recurse Cert:\\CurrentUser | Where-Object { $_.Subject -match '${CFB_CERT_CN}' } | Remove-Item"
-    COMMAND
-    makecert.exe -r -pe -ss ${CFB_CERT_STORE} -n CN="${CFB_CERT_CN}" -eku 1.3.6.1.5.5.7.3.3 "$<TARGET_FILE_DIR:${PROJECT_NAME}>/BlahCatTest.cer"
-    COMMAND
-    signtool.exe sign /v /a /fd SHA256 /s ${CFB_CERT_STORE} /n "${CFB_CERT_CN}" $<TARGET_FILE:${PROJECT_NAME}>
-    COMMAND
-    certmgr.exe -del -c -n "${CFB_CERT_CN}" -s -r currentUser ${CFB_CERT_STORE}
-    COMMAND
-    "${CMAKE_COMMAND}" -E copy_if_different $<TARGET_FILE:${PROJECT_NAME}> "$ENV{TEMP}"
-    COMMENT
-    "Sign driver, copy to tempdir"
-)
-
-#
-# Install directives
-#
-install(TARGETS ${PROJECT_NAME} DESTINATION Driver)
-install(FILES $<TARGET_PDB_FILE:${PROJECT_NAME}> DESTINATION Driver OPTIONAL)
-install(FILES ${CFB_DRIVER_INF_FILE} DESTINATION Driver OPTIONAL)
-install(FILES "$<TARGET_FILE_DIR:${PROJECT_NAME}>/BlahCatTest.cer" DESTINATION Driver OPTIONAL)
+project(IrpMonitor
+    LANGUAGES CXX
+    VERSION 0.2.0
+    DESCRIPTION "Driver part of CFB"
+)
+
+message(STATUS "Configuring '${PROJECT_NAME}'")
+
+set(DRIVER_SOURCE_DIR ${CFB_ROOT_DIR}/Driver/Source)
+set(DRIVER_HEADER_DIR ${CFB_ROOT_DIR}/Driver/Headers)
+
+set(DRIVER_VERSION_MAJOR ${PROJECT_VERSION_MAJOR} CACHE INTERNAL "DRIVER_VERSION_MAJOR")
+set(DRIVER_VERSION_MINOR ${PROJECT_VERSION_MINOR} CACHE INTERNAL "DRIVER_VERSION_MINOR")
+set(DRIVER_VERSION_PATCH ${PROJECT_VERSION_PATCH} CACHE INTERNAL "DRIVER_VERSION_PATCH")
+
+set(DRIVER_RC_FILE ${DRIVER_SOURCE_DIR}/Driver.rc)
+set(DRIVER_RES_FILE ${DRIVER_SOURCE_DIR}/Driver.res)
+set(CFB_CERT_CN "${CFB_COMPANY_NAME}")
+set(CFB_CERT_STORE "PrivateCertStore")
+set(CFB_DRIVER_INF_FILE "${DRIVER_SOURCE_DIR}/${PROJECT_NAME}.inf")
+
+configure_file(${DRIVER_RC_FILE}.in ${DRIVER_RC_FILE} NEWLINE_STYLE WIN32 ESCAPE_QUOTES)
+
+set(
+    DRIVER_HEADER_FILES
+
+    ${DRIVER_HEADER_DIR}/Context.hpp
+    ${DRIVER_HEADER_DIR}/Native.hpp
+    ${DRIVER_HEADER_DIR}/DriverUtils.hpp
+    ${DRIVER_HEADER_DIR}/HookedDriverManager.hpp
+    ${DRIVER_HEADER_DIR}/HookedDriver.hpp
+    ${DRIVER_HEADER_DIR}/Callbacks.hpp
+    ${DRIVER_HEADER_DIR}/CapturedIrpManager.hpp
+    ${DRIVER_HEADER_DIR}/CapturedIrp.hpp
+)
+
+set(
+    DRIVER_SOURCE_FILES
+
+    ${DRIVER_SOURCE_DIR}/Entry.cpp
+    ${DRIVER_SOURCE_DIR}/DriverUtils.cpp
+    ${DRIVER_SOURCE_DIR}/HookedDriverManager.cpp
+    ${DRIVER_SOURCE_DIR}/HookedDriver.cpp
+    ${DRIVER_SOURCE_DIR}/Callbacks.cpp
+    ${DRIVER_SOURCE_DIR}/CapturedIrpManager.cpp
+    ${DRIVER_SOURCE_DIR}/CapturedIrp.cpp
+)
+
+wdk_add_driver(
+    ${PROJECT_NAME}
+    KMDF
+    1.15
+
+    ${DRIVER_HEADER_FILES}
+    ${DRIVER_SOURCE_FILES}
+)
+
+add_executable(CFB::Kernel::Driver ALIAS ${PROJECT_NAME})
+
+target_include_directories(${PROJECT_NAME} PRIVATE ${DRIVER_HEADER_DIR})
+target_compile_definitions(${PROJECT_NAME} PRIVATE CFB_KERNEL_DRIVER=1)
+target_link_options(${PROJECT_NAME} PUBLIC /integritycheck)
+target_link_libraries(${PROJECT_NAME} CFB::Kernel::CommonLib ${DRIVER_RES_FILE})
+
+#
+# Custom command directives
+#
+add_custom_command(
+    TARGET ${PROJECT_NAME} PRE_BUILD
+    COMMAND
+    rc /nologo /fo ${DRIVER_RES_FILE} /r ${DRIVER_RC_FILE}
+    COMMENT
+    "Compiling '${DRIVER_RES_FILE}' resource file"
+)
+
+add_custom_command(
+    TARGET ${PROJECT_NAME} POST_BUILD
+    COMMAND
+    makecert.exe -r -pe -ss ${CFB_CERT_STORE} -n CN="${CFB_CERT_CN}" -eku 1.3.6.1.5.5.7.3.3 "$<TARGET_FILE_DIR:${PROJECT_NAME}>/BlahCatTest.cer"
+    COMMAND
+    signtool.exe sign /v /a /fd SHA256 /s ${CFB_CERT_STORE} /n "${CFB_CERT_CN}" $<TARGET_FILE:${PROJECT_NAME}>
+    COMMAND
+    certmgr.exe -del -c -n "${CFB_CERT_CN}" -s -r currentUser ${CFB_CERT_STORE}
+    COMMAND
+    "${CMAKE_COMMAND}" -E copy_if_different $<TARGET_FILE:${PROJECT_NAME}> "$ENV{TEMP}"
+    COMMENT
+    "Sign driver, copy to tempdir"
+)
+
+#
+# Install directives
+#
+install(TARGETS ${PROJECT_NAME} DESTINATION Driver)
+install(FILES $<TARGET_PDB_FILE:${PROJECT_NAME}> DESTINATION Driver OPTIONAL)
+install(FILES ${CFB_DRIVER_INF_FILE} DESTINATION Driver OPTIONAL)
+install(FILES "$<TARGET_FILE_DIR:${PROJECT_NAME}>/BlahCatTest.cer" DESTINATION Driver OPTIONAL)