NTSTATUS
DriverEntry(
DRIVER_OBJECT* driverObject,
UNICODE_STRING* registryPath
)
{
NTSTATUS status;
WDFDEVICE device;
WDFDRIVER driver;
WDFKEY configKey;
NET_BUFFER_LIST_POOL_PARAMETERS nblPoolParams = {0};
// Request NX Non-Paged Pool when available
ExInitializeDriverRuntime(DrvRtPoolNxOptIn);
status = StreamEditInitDriverObjects(
driverObject,
registryPath,
&driver,
&device
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = WdfDriverOpenParametersRegistryKey(
driver,
KEY_READ,
WDF_NO_OBJECT_ATTRIBUTES,
&configKey
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = StreamEditLoadConfig(configKey);
if (!NT_SUCCESS(status))
{
goto Exit;
}
gStringToReplaceMdl = IoAllocateMdl(
configStringToReplace,
(ULONG) strlen(configStringToReplace),
FALSE,
FALSE,
NULL
);
if (gStringToReplaceMdl == NULL)
{
status = STATUS_NO_MEMORY;
goto Exit;
}
MmBuildMdlForNonPagedPool(gStringToReplaceMdl);
gNdisGenericObj = NdisAllocateGenericObject(
driverObject,
STREAM_EDITOR_NDIS_OBJ_TAG,
0
);
if (gNdisGenericObj == NULL)
{
status = STATUS_NO_MEMORY;
goto Exit;
}
nblPoolParams.Header.Type = NDIS_OBJECT_TYPE_DEFAULT;
nblPoolParams.Header.Revision = NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nblPoolParams.Header.Size = sizeof(nblPoolParams);
nblPoolParams.fAllocateNetBuffer = TRUE;
nblPoolParams.DataSize = 0;
nblPoolParams.PoolTag = STREAM_EDITOR_NBL_POOL_TAG;
gNetBufferListPool = NdisAllocateNetBufferListPool(
gNdisGenericObj,
&nblPoolParams
);
if (gNetBufferListPool == NULL)
{
status = STATUS_NO_MEMORY;
goto Exit;
}
status = FwpsInjectionHandleCreate(
AF_UNSPEC,
FWPS_INJECTION_TYPE_STREAM,
&gInjectionHandle
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
gWdmDevice = WdfDeviceWdmGetDeviceObject(device);
status = StreamEditRegisterCallout(
&gStreamEditor,
gWdmDevice
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
if (configEditInline)
{
InlineEditInit(&gStreamEditor);
}
else
{
status = OobEditInit(&gStreamEditor);
if (!NT_SUCCESS(status))
{
goto Exit;
}
}
Exit:
if (!NT_SUCCESS(status))
{
if (gEngineHandle != NULL)
{
StreamEditUnregisterCallout();
}
if (gInjectionHandle != NULL)
{
FwpsInjectionHandleDestroy(gInjectionHandle);
}
if (gNetBufferListPool != NULL)
{
NdisFreeNetBufferListPool(gNetBufferListPool);
}
if (gNdisGenericObj != NULL)
{
NdisFreeGenericObject(gNdisGenericObj);
}
if (gStringToReplaceMdl != NULL)
{
IoFreeMdl(gStringToReplaceMdl);
}
}
return status;
}
NTSTATUS KrnlHlprNDISPoolDataPopulate(_Inout_ NDIS_POOL_DATA* pNDISPoolData,
_In_opt_ UINT32 memoryTag) /* WFPSAMPLER_NDIS_POOL_TAG */
{
#if DBG
DbgPrintEx(DPFLTR_IHVNETWORK_ID,
DPFLTR_INFO_LEVEL,
" ---> KrnlHlprNDISPoolDataPopulate()\n");
#endif /// DBG
NT_ASSERT(pNDISPoolData);
NTSTATUS status = STATUS_SUCCESS;
NET_BUFFER_LIST_POOL_PARAMETERS nblPoolParameters = {0};
NET_BUFFER_POOL_PARAMETERS nbPoolParameters = {0};
pNDISPoolData->ndisHandle = NdisAllocateGenericObject(0,
memoryTag,
0);
if(pNDISPoolData->ndisHandle == 0)
{
status = STATUS_INVALID_HANDLE;
DbgPrintEx(DPFLTR_IHVNETWORK_ID,
DPFLTR_ERROR_LEVEL,
" !!!! KrnlHlprNDISPoolDataPopulate : NdisAllocateGenericObject() [status: %#x]\n",
status);
HLPR_BAIL;
}
nblPoolParameters.Header.Type = NDIS_OBJECT_TYPE_DEFAULT;
nblPoolParameters.Header.Revision = NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nblPoolParameters.Header.Size = NDIS_SIZEOF_NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nblPoolParameters.fAllocateNetBuffer = TRUE;
nblPoolParameters.DataSize = 0;
nblPoolParameters.PoolTag = memoryTag;
pNDISPoolData->nblPoolHandle = NdisAllocateNetBufferListPool(pNDISPoolData->ndisHandle,
&nblPoolParameters);
if(pNDISPoolData->nblPoolHandle == 0)
{
status = STATUS_INVALID_HANDLE;
DbgPrintEx(DPFLTR_IHVNETWORK_ID,
DPFLTR_ERROR_LEVEL,
" !!!! KrnlHlprNDISPoolDataPopulate : NdisAllocateNetBufferListPool() [status: %#x]\n",
status);
HLPR_BAIL;
}
nbPoolParameters.Header.Type = NDIS_OBJECT_TYPE_DEFAULT;
nbPoolParameters.Header.Revision = NET_BUFFER_POOL_PARAMETERS_REVISION_1;
nbPoolParameters.Header.Size = NDIS_SIZEOF_NET_BUFFER_POOL_PARAMETERS_REVISION_1;
nbPoolParameters.PoolTag = memoryTag;
nbPoolParameters.DataSize = 0;
pNDISPoolData->nbPoolHandle = NdisAllocateNetBufferPool(pNDISPoolData->ndisHandle,
&nbPoolParameters);
if(pNDISPoolData->nbPoolHandle == 0)
{
status = STATUS_INVALID_HANDLE;
DbgPrintEx(DPFLTR_IHVNETWORK_ID,
DPFLTR_ERROR_LEVEL,
" !!!! KrnlHlprNDISPoolDataPopulate : NdisAllocateNetBufferPool() [status: %#x]\n",
status);
HLPR_BAIL;
}
HLPR_BAIL_LABEL:
if(status != STATUS_SUCCESS)
KrnlHlprNDISPoolDataPurge(pNDISPoolData);
#if DBG
DbgPrintEx(DPFLTR_IHVNETWORK_ID,
DPFLTR_INFO_LEVEL,
" <--- KrnlHlprNDISPoolDataPopulate()\n");
#endif /// DBG
return status;
}
NTSTATUS DriverEntry(
IN PDRIVER_OBJECT driverObject,
IN PUNICODE_STRING registryPath)
{
NTSTATUS status = STATUS_SUCCESS;
NTSTATUS symbolicLinkCreationStatus = STATUS_SUCCESS;
UNICODE_STRING deviceName;
UNICODE_STRING dosDeviceName;
HANDLE threadHandle;
NET_BUFFER_LIST_POOL_PARAMETERS nblPoolParams = {0};
UNICODE_STRING defaultSDDLString;
#ifdef DEBUG
DbgBreakPoint();
#endif
status = drvCtlInit(driverObject);
if (!NT_SUCCESS(status))
{
goto Exit;
}
gDriverUnloading = FALSE;
RtlInitUnicodeString(&defaultSDDLString, L"D:P(A;;GA;;;BU)");
RtlInitUnicodeString(&deviceName, DEVICE_NAME);
status = IoCreateDeviceSecure(
driverObject,
0,
&deviceName,
FILE_DEVICE_NETWORK,
0,
FALSE,
&defaultSDDLString,
NULL,
&gDeviceObject);
if (!NT_SUCCESS(status))
{
goto Exit;
}
RtlInitUnicodeString(&dosDeviceName, SYMBOLIC_LINK_NAME);
status = IoCreateSymbolicLink(&dosDeviceName, &deviceName);
symbolicLinkCreationStatus = status;
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = FwpsInjectionHandleCreate0(
AF_UNSPEC,
FWPS_INJECTION_TYPE_STREAM,
&gInjectionHandle);
if (!NT_SUCCESS(status))
{
goto Exit;
}
gNdisGenericObj = NdisAllocateGenericObject(
driverObject,
TAG_NDIS_OBJ,
0);
if (gNdisGenericObj == NULL)
{
status = STATUS_NO_MEMORY;
goto Exit;
}
nblPoolParams.Header.Type = NDIS_OBJECT_TYPE_DEFAULT;
nblPoolParams.Header.Revision =
NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nblPoolParams.Header.Size =
NDIS_SIZEOF_NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nblPoolParams.fAllocateNetBuffer = TRUE;
nblPoolParams.DataSize = 0;
nblPoolParams.PoolTag = TAG_NBL_POOL;
gNetBufferListPool = NdisAllocateNetBufferListPool(
gNdisGenericObj,
&nblPoolParams);
if(gNetBufferListPool == NULL)
{
status = STATUS_NO_MEMORY;
goto Exit;
}
InitializeListHead(&gPacketQueue);
KeInitializeSpinLock(&gPacketQueueLock);
InitializeListHead(&flowContextList);
KeInitializeSpinLock(&flowContextListLock);
KeInitializeEvent(
&gWorkerEvent,
NotificationEvent,
FALSE
);
status = RegisterCallouts(gDeviceObject);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = PsCreateSystemThread(
&threadHandle,
THREAD_ALL_ACCESS,
NULL,
NULL,
NULL,
thAnalyzer,
NULL);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = ObReferenceObjectByHandle(
threadHandle,
0,
NULL,
KernelMode,
(PVOID*) &gThreadObj,
NULL);
ASSERT(NT_SUCCESS(status));
KeSetBasePriorityThread(
(PKTHREAD) gThreadObj,
-2);
ZwClose(threadHandle);
driverObject->DriverUnload = DriverUnload;
Exit:
if (!NT_SUCCESS(status))
{
if (gFwpmEngineHandle != NULL)
{
UnregisterCallouts();
}
if (gInjectionHandle != NULL)
{
FwpsInjectionHandleDestroy0(gInjectionHandle);
}
if (gDeviceObject)
{
IoDeleteDevice(gDeviceObject);
}
if(NT_SUCCESS(symbolicLinkCreationStatus))
{
IoDeleteSymbolicLink(&dosDeviceName);
}
if (gNetBufferListPool != NULL)
{
NdisFreeNetBufferListPool(gNetBufferListPool);
}
if (gNdisGenericObj != NULL)
{
NdisFreeGenericObject(gNdisGenericObj);
}
}
return status;
}
