// A driver entry point
_Use_decl_annotations_ NTSTATUS DriverEntry(PDRIVER_OBJECT driver_object,
PUNICODE_STRING registry_path) {
UNREFERENCED_PARAMETER(registry_path);
PAGED_CODE();
static const wchar_t kLogFilePath[] = L"\\SystemRoot\\HyperPlatform.log";
static const auto kLogLevel =
(IsReleaseBuild()) ? kLogPutLevelInfo | kLogOptDisableFunctionName
: kLogPutLevelDebug | kLogOptDisableFunctionName;
auto status = STATUS_UNSUCCESSFUL;
driver_object->DriverUnload = DriverpDriverUnload;
HYPERPLATFORM_COMMON_DBG_BREAK();
// Initialize log functions
bool need_reinitialization = false;
status = LogInitialization(kLogLevel, kLogFilePath);
if (status == STATUS_REINITIALIZATION_NEEDED) {
need_reinitialization = true;
} else if (!NT_SUCCESS(status)) {
return status;
}
// Test if the system is supported
if (!DriverpIsSuppoetedOS()) {
return STATUS_CANCELLED;
}
// Initialize perf functions
status = PerfInitialization();
if (!NT_SUCCESS(status)) {
LogTermination();
return status;
}
// Initialize utility functions
status = UtilInitialization();
if (!NT_SUCCESS(status)) {
PerfTermination();
LogTermination();
return status;
}
// Virtualize all processors
status = VmInitialization();
if (!NT_SUCCESS(status)) {
UtilTermination();
PerfTermination();
LogTermination();
return status;
}
// Register re-initialization for the log functions if needed
if (need_reinitialization) {
LogRegisterReinitialization(driver_object);
}
HYPERPLATFORM_LOG_INFO("The VMM has been installed.");
return status;
}
_Use_decl_annotations_ EXTERN_C NTSTATUS
DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
UNREFERENCED_PARAMETER(RegistryPath);
PAGED_CODE();
auto status = STATUS_UNSUCCESSFUL;
DriverObject->DriverUnload = DriverUnload;
DBG_BREAK();
status = LogInitialization(LOG_LEVEL, nullptr);
if (!NT_SUCCESS(status)) {
return status;
}
// Build the following code as a SYSENTER handler on NonPagedPool
//
// FF 25 00 00 00 00 jmp cs:jmp_address
// FF FF FF FF FF FF FF FF jmp_address dq 0FFFFFFFFFFFFFFFFh
const JMP_CODE jmpCode = {{0xff, 0x25}, __readmsr(IA32_LSTAR)};
g_Trampoline = reinterpret_cast<UCHAR*>(ExAllocatePoolWithTag(
NonPagedPoolExecute, sizeof(jmpCode), POOL_TAG_NAME));
if (!g_Trampoline) {
LogTermination();
return STATUS_MEMORY_NOT_ALLOCATED;
}
RtlCopyMemory(g_Trampoline, &jmpCode, sizeof(jmpCode));
// Modify MSR
UtilForEachProcessor(MsrHookCallback, nullptr);
return status;
}
EXTERN_C static NTSTATUS FLTAPI
ScvnpUnload(_In_ FLT_FILTER_UNLOAD_FLAGS Flags) {
PAGED_CODE();
UNREFERENCED_PARAMETER(Flags);
FltUnregisterFilter(g_ScvnpFilterHandle);
BCryptCloseAlgorithmProvider(g_ScvnpSha1AlgorithmHandle, 0);
LogTermination(nullptr);
return STATUS_SUCCESS;
}
// Unload handler
_Use_decl_annotations_ static void DriverpDriverUnload(
PDRIVER_OBJECT driver_object) {
UNREFERENCED_PARAMETER(driver_object);
PAGED_CODE();
HYPERPLATFORM_COMMON_DBG_BREAK();
VmTermination();
UtilTermination();
PerfTermination();
LogTermination();
}
_Use_decl_annotations_ EXTERN_C static void DriverUnload(
PDRIVER_OBJECT DriverObject) {
UNREFERENCED_PARAMETER(DriverObject);
PAGED_CODE();
DBG_BREAK();
// Restore MSR
UtilForEachProcessor(MsrHookCallback, nullptr);
ExFreePoolWithTag(g_Trampoline, POOL_TAG_NAME);
LogTermination();
}
EXTERN_C NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT DriverObject,
_In_ PUNICODE_STRING RegistryPath) {
const FLT_OPERATION_REGISTRATION fltCallbacks[] = {
{
IRP_MJ_CLEANUP, FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO, nullptr,
ScvnpPostCleanupAndFlushBuffers,
},
{
IRP_MJ_FLUSH_BUFFERS, FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
nullptr, ScvnpPostCleanupAndFlushBuffers,
},
{IRP_MJ_SET_INFORMATION, FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
ScvnpPreSetInformation, nullptr},
{IRP_MJ_OPERATION_END}};
const FLT_REGISTRATION filterRegistration = {
sizeof(filterRegistration), // Size
FLT_REGISTRATION_VERSION, // Version
0, // Flags
nullptr, // Context
fltCallbacks, // Operation callbacks
ScvnpUnload, // FilterUnload
nullptr, // InstanceSetup
nullptr, // InstanceQueryTeardown
nullptr, // InstanceTeardownStart
nullptr, // InstanceTeardownComplete
nullptr, // GenerateFileName
nullptr, // GenerateDestinationFileName
nullptr, // NormalizeNameComponent
};
PAGED_CODE();
UNREFERENCED_PARAMETER(RegistryPath);
// DBG_BREAK();
auto status = ScvnpCreateDirectory(SCVNP_OUT_DIRECTORY_PATH);
if (!NT_SUCCESS(status)) {
return status;
}
// Initialize the Log system
status = LogInitialization(
SCVNP_LOG_LEVEL | LOG_OPT_DISABLE_TIME | LOG_OPT_DISABLE_FUNCTION_NAME,
SCVNP_LOG_FILE_PATH, nullptr);
if (!NT_SUCCESS(status)) {
return status;
}
// Initialize the crypt APIs.
status = BCryptOpenAlgorithmProvider(&g_ScvnpSha1AlgorithmHandle,
BCRYPT_SHA1_ALGORITHM, nullptr, 0);
if (!NT_SUCCESS(status)) {
LOG_ERROR("BCryptOpenAlgorithmProvider failed (%08x)", status);
LogTermination(nullptr);
return status;
}
// Register and start a mini filter driver
status = FltRegisterFilter(DriverObject, &filterRegistration,
&g_ScvnpFilterHandle);
if (!NT_SUCCESS(status)) {
LOG_ERROR("FltRegisterFilter failed (%08x)", status);
BCryptCloseAlgorithmProvider(g_ScvnpSha1AlgorithmHandle, 0);
LogTermination(nullptr);
return status;
}
status = FltStartFiltering(g_ScvnpFilterHandle);
if (!NT_SUCCESS(status)) {
LOG_ERROR("FltStartFiltering failed (%08x)", status);
FltUnregisterFilter(g_ScvnpFilterHandle);
BCryptCloseAlgorithmProvider(g_ScvnpSha1AlgorithmHandle, 0);
LogTermination(nullptr);
return status;
}
LOG_INFO("Scavenger installed");
return status;
}
