inline VOID KrnlHlprClassifyDataDestroyLocalCopy(_Inout_ CLASSIFY_DATA** ppClassifyData) { #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " ---> KrnlHlprClassifyDataDestroyLocalCopy()\n"); #endif /// DBG NT_ASSERT(ppClassifyData); if(*ppClassifyData) { KrnlHlprClassifyDataReleaseLocalCopy(*ppClassifyData); HLPR_DELETE(*ppClassifyData, WFPSAMPLER_SYSLIB_TAG); } #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " <--- KrnlHlprClassifyDataDestroyLocalCopy()\n"); #endif /// DBG return; }
inline VOID KrnlHlprDPCDataDestroy(_Inout_ DPC_DATA** ppDPCData) { #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " ---> KrnlHlprDPCDataDestroy()\n"); #endif /// DBG NT_ASSERT(ppDPCData); if(*ppDPCData) { KrnlHlprDPCDataPurge(*ppDPCData); HLPR_DELETE(*ppDPCData, WFPSAMPLER_SYSLIB_TAG); } #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " <--- KrnlHlprDPCDataDestroy()\n"); #endif /// DBG return; }
/** @framework_function="RPCClientInterfaceTerminate" Purpose: Teardown the RPC client interface by unbinding and freeing the handles. <br> <br> Notes: <br> <br> MSDN_Ref: HTTP://MSDN.Microsoft.com/En-US/Library/Windows/Desktop/AA378651.aspx <br> HTTP://MSDN.Microsoft.com/En-US/Library/Windows/Desktop/AA375613.aspx <br> HTTP://MSDN.Microsoft.com/En-US/Library/Windows/Desktop/AA375588.aspx <br> */ UINT32 RPCClientInterfaceTerminate() { RPC_STATUS status = RPC_S_OK; if(pRPCData && pRPCData->bindingHandle) { if(pRPCData->isBound) { status = RpcBindingUnbind(pRPCData->bindingHandle); if(status != RPC_S_OK) HlprLogError(L"RPCClientInterfaceTerminate : RpcBindingUnbind() [status: %#x]", status); else pRPCData->isBound = FALSE; } status = RpcBindingFree(&(pRPCData->bindingHandle)); if(status != RPC_S_OK) HlprLogError(L"RPCClientInterfaceTerminate : RpcBindingFree() [status: %#x]", status); } HLPR_DELETE(pRPCData); return status; }
NTSTATUS NotifyPendAuthorizationNotification(_In_ FWPS_CALLOUT_NOTIFY_TYPE notificationType, _In_ const GUID* pFilterKey, _Inout_ FWPS_FILTER* pFilter) { #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " ---> NotifyPendAuthorizationNotification()\n"); #endif /// DBG NT_ASSERT(pFilter); NTSTATUS status = STATUS_SUCCESS; NOTIFY_DATA* pNotifyData = 0; #pragma warning(push) #pragma warning(disable: 6014) /// pNotifyData is expected to be cleaned up by caller using PrvPendAuthorizationNotificationWorkItemRoutine HLPR_NEW(pNotifyData, NOTIFY_DATA, WFPSAMPLER_CALLOUT_DRIVER_TAG); HLPR_BAIL_ON_ALLOC_FAILURE(pNotifyData, status); #pragma warning(pop) pNotifyData->notificationType = notificationType; pNotifyData->calloutID = pFilter ? pFilter->action.calloutId : 0; pNotifyData->pFilterKey = pFilterKey; status = KrnlHlprWorkItemQueue(g_pWDMDevice, PrvPendAuthorizationNotificationWorkItemRoutine, pNotifyData); HLPR_BAIL_LABEL: if(status != STATUS_SUCCESS) { HLPR_DELETE(pNotifyData, WFPSAMPLER_CALLOUT_DRIVER_TAG); } #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " <--- NotifyPendAuthorizationNotification() [status: %#x]\n", status); #endif /// DBG return status; }
inline VOID HlprThreadPoolDataDestroy(_Inout_ THREADPOOL_DATA** ppThreadPoolData) { ASSERT(ppThreadPoolData); if(*ppThreadPoolData) HlprThreadPoolDataPurge(*ppThreadPoolData); HLPR_DELETE(*ppThreadPoolData); return; }
UINT32 HlprThreadStop(_Inout_ THREAD_DATA** ppThreadData) { UINT32 status = NO_ERROR; if(ppThreadData) { status = HlprThreadStop(*ppThreadData); if(status == NO_ERROR) { HLPR_DELETE(*ppThreadData) } } return status; }
VOID PrvPendAuthorizationNotificationWorkItemRoutine(_In_ PDEVICE_OBJECT pDeviceObject, _Inout_opt_ PVOID pContext) { #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " ---> PrvPendAuthorizationNotificationWorkItemRoutine()\n"); #endif /// DBG UNREFERENCED_PARAMETER(pDeviceObject); NT_ASSERT(pContext); NT_ASSERT(((WORKITEM_DATA*)pContext)->pNotifyData); WORKITEM_DATA* pWorkItemData = (WORKITEM_DATA*)pContext; if(pWorkItemData) { NTSTATUS status = STATUS_SUCCESS; FWPM_CALLOUT* pCallout = 0; PWSTR pCalloutName = L""; status = FwpmCalloutGetById(g_EngineHandle, pWorkItemData->pNotifyData->calloutID, &pCallout); if(status != STATUS_SUCCESS) DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, " !!!! PrvPendAuthorizationNotificationWorkItemRoutine : FwpmCalloutGetById() [status: %#x]\n", status); else { pCalloutName = pCallout->displayData.name; if(pCallout->applicableLayer != FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4 && pCallout->applicableLayer != FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6 && pCallout->applicableLayer != FWPM_LAYER_ALE_AUTH_LISTEN_V4 && pCallout->applicableLayer != FWPM_LAYER_ALE_AUTH_LISTEN_V6 && pCallout->applicableLayer != FWPM_LAYER_ALE_AUTH_CONNECT_V4 && pCallout->applicableLayer != FWPM_LAYER_ALE_AUTH_CONNECT_V6 && pCallout->applicableLayer != FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4 && pCallout->applicableLayer != FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6) { status = STATUS_FWP_INCOMPATIBLE_LAYER; DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, " !!!! PrvPendAuthorizationNotificationWorkItemRoutine() [status: %#x]\n", status); } } switch(pWorkItemData->pNotifyData->notificationType) { case FWPS_CALLOUT_NOTIFY_ADD_FILTER: { DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " -- A filter referencing %S callout was added\n", pCalloutName); break; } case FWPS_CALLOUT_NOTIFY_DELETE_FILTER: { DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " -- A filter referencing %S callout was deleted\n", pCalloutName); break; } case FWPS_CALLOUT_NOTIFY_ADD_FILTER_POST_COMMIT: { DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " -- A filter referencing %S callout was committed\n", pCalloutName); break; } default: { DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " -- Invalid Notification Type. Please Contact [email protected]\n"); break; } } FwpmFreeMemory((VOID**)&pCallout); HLPR_DELETE(pWorkItemData->pNotifyData, WFPSAMPLER_CALLOUT_DRIVER_TAG); KrnlHlprWorkItemDataDestroy(&pWorkItemData); } #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " <--- PrvPendAuthorizationNotificationWorkItemRoutine()\n"); #endif /// DBG return; }