VOID
DriverUnload(
IN PDRIVER_OBJECT driverObject
)
{
NTSTATUS status;
PVOID threadObj;
KLOCK_QUEUE_HANDLE connListLockHandle;
KLOCK_QUEUE_HANDLE packetQueueLockHandle;
UNREFERENCED_PARAMETER(driverObject);
KeAcquireInStackQueuedSpinLock(
&gConnListLock,
&connListLockHandle
);
KeAcquireInStackQueuedSpinLock(
&gPacketQueueLock,
&packetQueueLockHandle
);
gDriverUnloading = TRUE;
KeReleaseInStackQueuedSpinLock(&packetQueueLockHandle);
KeReleaseInStackQueuedSpinLock(&connListLockHandle);
if (IsListEmpty(&gConnList) && IsListEmpty(&gPacketQueue))
{
KeSetEvent(
&gWorkerEvent,
IO_NO_INCREMENT,
FALSE
);
}
ASSERT(gThreadObj != NULL);
KeWaitForSingleObject(
gThreadObj,
Executive,
KernelMode,
FALSE,
NULL
);
ObDereferenceObject(gThreadObj);
TLInspectUnregisterCallouts();
FwpsInjectionHandleDestroy0(gInjectionHandle);
IoDeleteDevice(gDeviceObject);
ZwClose(gRegistryKey);
}
VOID DriverUnload(
IN PDRIVER_OBJECT driverObject)
{
UNICODE_STRING dosDeviceName;
UNREFERENCED_PARAMETER(driverObject);
// set the unloading marker
{
KLOCK_QUEUE_HANDLE packetQueueLockHandle;
KeAcquireInStackQueuedSpinLock(
&gPacketQueueLock,
&packetQueueLockHandle
);
gDriverUnloading = TRUE;
KeReleaseInStackQueuedSpinLock(&packetQueueLockHandle);
}
CleanupFlowContextList();
if (IsListEmpty(&gPacketQueue))
{
KeSetEvent(
&gWorkerEvent,
IO_NO_INCREMENT,
FALSE);
}
ASSERT(gThreadObj != NULL);
KeWaitForSingleObject(
gThreadObj,
Executive,
KernelMode,
FALSE,
NULL);
ObDereferenceObject(gThreadObj);
UnregisterCallouts();
NdisFreeNetBufferListPool(gNetBufferListPool);
NdisFreeGenericObject(gNdisGenericObj);
FwpsInjectionHandleDestroy0(gInjectionHandle);
RtlInitUnicodeString(&dosDeviceName, SYMBOLIC_LINK_NAME);
IoDeleteSymbolicLink(&dosDeviceName);
IoDeleteDevice(gDeviceObject);
}
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT driverObject,
IN PUNICODE_STRING registryPath
)
{
NTSTATUS status = STATUS_SUCCESS;
UNICODE_STRING deviceName;
HANDLE threadHandle;
DDProxyLoadConfig(registryPath);
//
// To proxy UDP traffic, a new destination port or a pair of inspect and
// proxy ip address need to be pre-configured. To proxy UDP traffic, a
// pair of inspect and proxy ip addresses must be pre-configured.
//
if (configInspectUdp)
{
if ((configInspectDestPort == configNewDestPort) &&
(((configInspectDestAddrV4 == NULL) ||
(configNewDestAddrV4 == NULL)) &&
((configInspectDestAddrV6 == NULL) ||
(configNewDestAddrV6 == NULL))))
{
status = STATUS_DEVICE_CONFIGURATION_ERROR;
goto Exit;
}
}
else
{
if (((configInspectDestAddrV4 == NULL) ||
(configNewDestAddrV4 == NULL)) &&
((configInspectDestAddrV6 == NULL) ||
(configNewDestAddrV6 == NULL)))
{
status = STATUS_DEVICE_CONFIGURATION_ERROR;
goto Exit;
}
}
RtlInitUnicodeString(
&deviceName,
L"\\Device\\StreamEitor"
);
status = IoCreateDevice(
driverObject,
0,
&deviceName,
FILE_DEVICE_NETWORK,
0,
FALSE,
&gDeviceObject
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = FwpsInjectionHandleCreate0(
AF_UNSPEC,
FWPS_INJECTION_TYPE_TRANSPORT,
&gInjectionHandle
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
InitializeListHead(&gFlowList);
KeInitializeSpinLock(&gFlowListLock);
InitializeListHead(&gPacketQueue);
KeInitializeSpinLock(&gPacketQueueLock);
KeInitializeEvent(
&gPacketQueueEvent,
NotificationEvent,
FALSE
);
status = DDProxyRegisterCallouts(
gDeviceObject
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = PsCreateSystemThread(
&threadHandle,
THREAD_ALL_ACCESS,
NULL,
NULL,
NULL,
DDProxyWorker,
NULL
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = ObReferenceObjectByHandle(
threadHandle,
0,
NULL,
KernelMode,
&gThreadObj,
NULL
);
ASSERT(NT_SUCCESS(status));
ZwClose(threadHandle);
driverObject->DriverUnload = DriverUnload;
Exit:
if (!NT_SUCCESS(status))
{
if (gEngineHandle != NULL)
{
DDProxyUnregisterCallouts();
}
if (gInjectionHandle != NULL)
{
FwpsInjectionHandleDestroy0(gInjectionHandle);
}
if (gDeviceObject)
{
IoDeleteDevice(gDeviceObject);
}
}
return status;
}
VOID
DriverUnload(
IN PDRIVER_OBJECT driverObject
)
{
NTSTATUS status;
PVOID threadObj;
KLOCK_QUEUE_HANDLE packetQueueLockHandle;
KLOCK_QUEUE_HANDLE flowListLockHandle;
UNREFERENCED_PARAMETER(driverObject);
UNREFERENCED_PARAMETER(status);
UNREFERENCED_PARAMETER(threadObj);
KeAcquireInStackQueuedSpinLock(
&gPacketQueueLock,
&packetQueueLockHandle
);
KeAcquireInStackQueuedSpinLock(
&gFlowListLock,
&flowListLockHandle
);
gDriverUnloading = TRUE;
KeReleaseInStackQueuedSpinLock(&flowListLockHandle);
//
// Any associated flow contexts must be removed before
// a callout can be successfully unregistered.
//
DDProxyRemoveFlows();
if (IsListEmpty(&gPacketQueue))
{
KeSetEvent(
&gPacketQueueEvent,
IO_NO_INCREMENT,
FALSE
);
}
KeReleaseInStackQueuedSpinLock(&packetQueueLockHandle);
ASSERT(gThreadObj != NULL);
KeWaitForSingleObject(
gThreadObj,
Executive,
KernelMode,
FALSE,
NULL
);
ObDereferenceObject(gThreadObj);
DDProxyUnregisterCallouts();
FwpsInjectionHandleDestroy0(gInjectionHandle);
IoDeleteDevice(gDeviceObject);
}
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT driverObject,
IN PUNICODE_STRING registryPath
)
{
NTSTATUS status = STATUS_SUCCESS;
UNICODE_STRING deviceName;
HANDLE threadHandle;
//TLInspectLoadConfig(registryPath);
/*
if ((configInspectRemoteAddrV4 == NULL) &&
(configInspectRemoteAddrV6 == NULL))
{
status = STATUS_DEVICE_CONFIGURATION_ERROR;
goto Exit;
}
*/
RtlInitUnicodeString(
&deviceName,
L"\\Device\\StreamEitor"
);
status = IoCreateDevice(
driverObject,
0,
&deviceName,
FILE_DEVICE_NETWORK,
0,
FALSE,
&gDeviceObject
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = FwpsInjectionHandleCreate0(
AF_UNSPEC,
FWPS_INJECTION_TYPE_TRANSPORT,
&gInjectionHandle
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
InitializeListHead(&gConnList);
KeInitializeSpinLock(&gConnListLock);
InitializeListHead(&gPacketQueue);
KeInitializeSpinLock(&gPacketQueueLock);
KeInitializeEvent(
&gWorkerEvent,
NotificationEvent,
FALSE
);
status = TLInspectRegisterCallouts(
gDeviceObject
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = PsCreateSystemThread(
&threadHandle,
THREAD_ALL_ACCESS,
NULL,
NULL,
NULL,
TLInspectWorker,
NULL
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = ObReferenceObjectByHandle(
threadHandle,
0,
NULL,
KernelMode,
&gThreadObj,
NULL
);
ASSERT(NT_SUCCESS(status));
ZwClose(threadHandle);
driverObject->DriverUnload = DriverUnload;
Exit:
if (!NT_SUCCESS(status))
{
if (gEngineHandle != NULL)
{
TLInspectUnregisterCallouts();
}
if (gInjectionHandle != NULL)
{
FwpsInjectionHandleDestroy0(gInjectionHandle);
}
if (gDeviceObject)
{
IoDeleteDevice(gDeviceObject);
}
ZwClose(gRegistryKey);
}
return status;
}
NTSTATUS DriverEntry(
IN PDRIVER_OBJECT driverObject,
IN PUNICODE_STRING registryPath)
{
NTSTATUS status = STATUS_SUCCESS;
NTSTATUS symbolicLinkCreationStatus = STATUS_SUCCESS;
UNICODE_STRING deviceName;
UNICODE_STRING dosDeviceName;
HANDLE threadHandle;
NET_BUFFER_LIST_POOL_PARAMETERS nblPoolParams = {0};
UNICODE_STRING defaultSDDLString;
#ifdef DEBUG
DbgBreakPoint();
#endif
status = drvCtlInit(driverObject);
if (!NT_SUCCESS(status))
{
goto Exit;
}
gDriverUnloading = FALSE;
RtlInitUnicodeString(&defaultSDDLString, L"D:P(A;;GA;;;BU)");
RtlInitUnicodeString(&deviceName, DEVICE_NAME);
status = IoCreateDeviceSecure(
driverObject,
0,
&deviceName,
FILE_DEVICE_NETWORK,
0,
FALSE,
&defaultSDDLString,
NULL,
&gDeviceObject);
if (!NT_SUCCESS(status))
{
goto Exit;
}
RtlInitUnicodeString(&dosDeviceName, SYMBOLIC_LINK_NAME);
status = IoCreateSymbolicLink(&dosDeviceName, &deviceName);
symbolicLinkCreationStatus = status;
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = FwpsInjectionHandleCreate0(
AF_UNSPEC,
FWPS_INJECTION_TYPE_STREAM,
&gInjectionHandle);
if (!NT_SUCCESS(status))
{
goto Exit;
}
gNdisGenericObj = NdisAllocateGenericObject(
driverObject,
TAG_NDIS_OBJ,
0);
if (gNdisGenericObj == NULL)
{
status = STATUS_NO_MEMORY;
goto Exit;
}
nblPoolParams.Header.Type = NDIS_OBJECT_TYPE_DEFAULT;
nblPoolParams.Header.Revision =
NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nblPoolParams.Header.Size =
NDIS_SIZEOF_NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nblPoolParams.fAllocateNetBuffer = TRUE;
nblPoolParams.DataSize = 0;
nblPoolParams.PoolTag = TAG_NBL_POOL;
gNetBufferListPool = NdisAllocateNetBufferListPool(
gNdisGenericObj,
&nblPoolParams);
if(gNetBufferListPool == NULL)
{
status = STATUS_NO_MEMORY;
goto Exit;
}
InitializeListHead(&gPacketQueue);
KeInitializeSpinLock(&gPacketQueueLock);
InitializeListHead(&flowContextList);
KeInitializeSpinLock(&flowContextListLock);
KeInitializeEvent(
&gWorkerEvent,
NotificationEvent,
FALSE
);
status = RegisterCallouts(gDeviceObject);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = PsCreateSystemThread(
&threadHandle,
THREAD_ALL_ACCESS,
NULL,
NULL,
NULL,
thAnalyzer,
NULL);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = ObReferenceObjectByHandle(
threadHandle,
0,
NULL,
KernelMode,
(PVOID*) &gThreadObj,
NULL);
ASSERT(NT_SUCCESS(status));
KeSetBasePriorityThread(
(PKTHREAD) gThreadObj,
-2);
ZwClose(threadHandle);
driverObject->DriverUnload = DriverUnload;
Exit:
if (!NT_SUCCESS(status))
{
if (gFwpmEngineHandle != NULL)
{
UnregisterCallouts();
}
if (gInjectionHandle != NULL)
{
FwpsInjectionHandleDestroy0(gInjectionHandle);
}
if (gDeviceObject)
{
IoDeleteDevice(gDeviceObject);
}
if(NT_SUCCESS(symbolicLinkCreationStatus))
{
IoDeleteSymbolicLink(&dosDeviceName);
}
if (gNetBufferListPool != NULL)
{
NdisFreeNetBufferListPool(gNetBufferListPool);
}
if (gNdisGenericObj != NULL)
{
NdisFreeGenericObject(gNdisGenericObj);
}
}
return status;
}
