VOID PendAuthorizationWorkItemRoutine(_In_ PDEVICE_OBJECT pDeviceObject, _In_opt_ PVOID pContext) { #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " ---> PendAuthorizationWorkItemRoutine()\n"); #endif /// DBG UNREFERENCED_PARAMETER(pDeviceObject); NT_ASSERT(pContext); NT_ASSERT(((WORKITEM_DATA*)pContext)->pClassifyData); NT_ASSERT(((WORKITEM_DATA*)pContext)->pInjectionData); WORKITEM_DATA* pWorkItemData = (WORKITEM_DATA*)pContext; if(pWorkItemData) { NTSTATUS status = STATUS_SUCCESS; status = PerformPendAuthorization(&(pWorkItemData->pClassifyData), &(pWorkItemData->pPendData), (INJECTION_DATA**)&(pWorkItemData->pContext)); if(status != STATUS_SUCCESS) { if(pWorkItemData->pClassifyData) KrnlHlprClassifyDataDestroyLocalCopy(&(pWorkItemData->pClassifyData)); if(pWorkItemData->pInjectionData) KrnlHlprInjectionDataDestroy(&(pWorkItemData->pInjectionData)); DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, " !!!! PendAuthorizationWorkItemRoutine() [status: %#x]\n", status); } KrnlHlprWorkItemDataDestroy(&pWorkItemData); } #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " <--- PendAuthorizationWorkItemRoutine()\n"); #endif /// DBG return; }
NTSTATUS KrnlHlprWorkItemDataCreate(_Outptr_ WORKITEM_DATA** ppWorkItemData, _In_ CLASSIFY_DATA* pClassifyData, _In_ REDIRECT_DATA* pRedirectData, _In_opt_ PIO_WORKITEM pIOWorkItem, /* 0 */ _In_opt_ VOID* pContext) /* 0 */ { #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " ---> KrnlHlprWorkItemDataCreate()\n"); #endif /// DBG NT_ASSERT(ppWorkItemData); NT_ASSERT(pClassifyData); NT_ASSERT(pRedirectData); NTSTATUS status = STATUS_SUCCESS; HLPR_NEW(*ppWorkItemData, WORKITEM_DATA, WFPSAMPLER_SYSLIB_TAG); HLPR_BAIL_ON_ALLOC_FAILURE(*ppWorkItemData, status); KrnlHlprWorkItemDataPopulate(*ppWorkItemData, pClassifyData, pRedirectData, pIOWorkItem, pContext); HLPR_BAIL_LABEL: if(status != STATUS_SUCCESS) KrnlHlprWorkItemDataDestroy(ppWorkItemData); #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " <--- KrnlHlprWorkItemDataCreate() [status: %#x]\n", status); #endif /// DBG return status; }
VOID PrvPendAuthorizationNotificationWorkItemRoutine(_In_ PDEVICE_OBJECT pDeviceObject, _Inout_opt_ PVOID pContext) { #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " ---> PrvPendAuthorizationNotificationWorkItemRoutine()\n"); #endif /// DBG UNREFERENCED_PARAMETER(pDeviceObject); NT_ASSERT(pContext); NT_ASSERT(((WORKITEM_DATA*)pContext)->pNotifyData); WORKITEM_DATA* pWorkItemData = (WORKITEM_DATA*)pContext; if(pWorkItemData) { NTSTATUS status = STATUS_SUCCESS; FWPM_CALLOUT* pCallout = 0; PWSTR pCalloutName = L""; status = FwpmCalloutGetById(g_EngineHandle, pWorkItemData->pNotifyData->calloutID, &pCallout); if(status != STATUS_SUCCESS) DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, " !!!! PrvPendAuthorizationNotificationWorkItemRoutine : FwpmCalloutGetById() [status: %#x]\n", status); else { pCalloutName = pCallout->displayData.name; if(pCallout->applicableLayer != FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4 && pCallout->applicableLayer != FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6 && pCallout->applicableLayer != FWPM_LAYER_ALE_AUTH_LISTEN_V4 && pCallout->applicableLayer != FWPM_LAYER_ALE_AUTH_LISTEN_V6 && pCallout->applicableLayer != FWPM_LAYER_ALE_AUTH_CONNECT_V4 && pCallout->applicableLayer != FWPM_LAYER_ALE_AUTH_CONNECT_V6 && pCallout->applicableLayer != FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4 && pCallout->applicableLayer != FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6) { status = STATUS_FWP_INCOMPATIBLE_LAYER; DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, " !!!! PrvPendAuthorizationNotificationWorkItemRoutine() [status: %#x]\n", status); } } switch(pWorkItemData->pNotifyData->notificationType) { case FWPS_CALLOUT_NOTIFY_ADD_FILTER: { DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " -- A filter referencing %S callout was added\n", pCalloutName); break; } case FWPS_CALLOUT_NOTIFY_DELETE_FILTER: { DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " -- A filter referencing %S callout was deleted\n", pCalloutName); break; } case FWPS_CALLOUT_NOTIFY_ADD_FILTER_POST_COMMIT: { DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " -- A filter referencing %S callout was committed\n", pCalloutName); break; } default: { DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " -- Invalid Notification Type. Please Contact [email protected]\n"); break; } } FwpmFreeMemory((VOID**)&pCallout); HLPR_DELETE(pWorkItemData->pNotifyData, WFPSAMPLER_CALLOUT_DRIVER_TAG); KrnlHlprWorkItemDataDestroy(&pWorkItemData); } #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " <--- PrvPendAuthorizationNotificationWorkItemRoutine()\n"); #endif /// DBG return; }
NTSTATUS KrnlHlprWorkItemQueue(_In_ PDEVICE_OBJECT pWDMDevice, _In_ IO_WORKITEM_ROUTINE* pWorkItemFn, _In_ CLASSIFY_DATA* pClassifyData, _In_ REDIRECT_DATA* pRedirectData, _In_opt_ VOID* pContext) /* 0 */ { #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " ---> KrnlHlprWorkItemQueue()\n"); #endif /// DBG NT_ASSERT(pWDMDevice); NT_ASSERT(pWorkItemFn); NT_ASSERT(pClassifyData); NT_ASSERT(pRedirectData); NTSTATUS status = STATUS_SUCCESS; PIO_WORKITEM pIOWorkItem = 0; WORKITEM_DATA* pWorkItemData = 0; #pragma warning(push) #pragma warning(disable: 6014) /// pIOWorkItem is cleaned up in KrnlHlprWorkItemDataDestroy pIOWorkItem = IoAllocateWorkItem(pWDMDevice); if(pIOWorkItem == 0) { status = STATUS_UNSUCCESSFUL; DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, " !!!! KrnlHlprWorkItemQueue : IoAllocateWorkItem() [status: %#x]\n", status); HLPR_BAIL; } #pragma warning(pop) status = KrnlHlprWorkItemDataCreate(&pWorkItemData, pClassifyData, pRedirectData, pIOWorkItem, pContext); HLPR_BAIL_ON_FAILURE(status); IoQueueWorkItem(pWorkItemData->pIOWorkItem, pWorkItemFn, DelayedWorkQueue, (PVOID)pWorkItemData); HLPR_BAIL_LABEL: if(status != STATUS_SUCCESS && pWorkItemData) KrnlHlprWorkItemDataDestroy(&pWorkItemData); #if DBG DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, " <--- KrnlHlprWorkItemQueue() [status: %#x]\n", status); #endif /// DBG return status; }