From c11fb3654d0bc2c7a91d51b7a5eb7fc44f96bdab Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Jun 2023 19:10:23 -0700 Subject: [PATCH 01/60] draft --- ebpf-for-windows.sln | 66 +++++++++++ installer/Product.wxs | 8 +- installer/ebpf-for-windows.wixproj | 10 +- libs/platform/kernel/ebpf_platform_kernel.c | 2 +- libs/platform/kernel/platform_kernel.vcxproj | 17 +++ .../kernel/platform_kernel.vcxproj.filters | 3 - .../kernel/ebpf_registry_helper.c | 30 ++--- .../kernel/ebpf_registry_helper.h | 33 ++++++ .../store_helper/kernel/ebpf_store_helper.c | 31 ++--- libs/store_helper/kernel/ebpf_store_helper.h | 68 +++++++++++ .../kernel/ebpf_store_helper.vcxproj | 107 ++++++++++++++++++ .../kernel/ebpf_store_helper.vcxproj.filters | 31 +++++ netebpfext/net_ebpf_ext_bind.c | 4 +- netebpfext/net_ebpf_ext_sock_addr.c | 4 +- netebpfext/net_ebpf_ext_sock_ops.c | 4 +- netebpfext/net_ebpf_ext_xdp.c | 4 +- netebpfext/sys/netebpfext.vcxproj | 17 ++- netebpfext/user/netebpfext_user.vcxproj | 18 +++ .../netebpfext_fuzzer.vcxproj | 12 +- tests/netebpfext_unit/netebpfext_unit.vcxproj | 6 + tests/sample/ext/drv/sample_ext.c | 4 +- tests/sample/ext/drv/sample_ext.vcxproj | 15 ++- tests/unit/test.vcxproj | 8 ++ .../export_program_info.cpp | 6 +- .../export_program_info.vcxproj | 8 ++ 25 files changed, 445 insertions(+), 71 deletions(-) rename include/kernel/ebpf_registry_helper.h => libs/store_helper/kernel/ebpf_registry_helper.c (85%) create mode 100644 libs/store_helper/kernel/ebpf_registry_helper.h rename include/ebpf_store_helper.h => libs/store_helper/kernel/ebpf_store_helper.c (93%) create mode 100644 libs/store_helper/kernel/ebpf_store_helper.h create mode 100644 libs/store_helper/kernel/ebpf_store_helper.vcxproj create mode 100644 libs/store_helper/kernel/ebpf_store_helper.vcxproj.filters diff --git a/ebpf-for-windows.sln b/ebpf-for-windows.sln index 48f9e5ed89..09f2de290a 100644 --- a/ebpf-for-windows.sln +++ b/ebpf-for-windows.sln @@ -215,6 +215,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "redist-package", "tools\red EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ebpf_stress_tests_km", "tests\stress\km\ebpf_stress_tests_km.vcxproj", "{4F082524-9496-44FA-8CBA-4BC0BDC62568}" EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ebpf_store_helper", "libs\store_helper\kernel\ebpf_store_helper.vcxproj", "{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|ARM64 = Debug|ARM64 @@ -2618,6 +2620,69 @@ Global {4F082524-9496-44FA-8CBA-4BC0BDC62568}.RelWithDebInfo|x64.Build.0 = Release|x64 {4F082524-9496-44FA-8CBA-4BC0BDC62568}.RelWithDebInfo|x86.ActiveCfg = Release|x64 {4F082524-9496-44FA-8CBA-4BC0BDC62568}.RelWithDebInfo|x86.Build.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|ARM64.ActiveCfg = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|ARM64.Build.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|ARM64.Deploy.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|x64.ActiveCfg = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|x64.Build.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|x64.Deploy.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|x86.ActiveCfg = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|x86.Build.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|x86.Deploy.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|ARM64.ActiveCfg = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|ARM64.Build.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|ARM64.Deploy.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|x64.ActiveCfg = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|x64.Build.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|x64.Deploy.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|x86.ActiveCfg = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|x86.Build.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|x86.Deploy.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|ARM64.ActiveCfg = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|ARM64.Build.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|ARM64.Deploy.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|x64.ActiveCfg = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|x64.Build.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|x64.Deploy.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|x86.ActiveCfg = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|x86.Build.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|x86.Deploy.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|ARM64.ActiveCfg = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|ARM64.Build.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|ARM64.Deploy.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x64.ActiveCfg = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x64.Build.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x64.Deploy.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x86.ActiveCfg = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x86.Build.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x86.Deploy.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|ARM64.ActiveCfg = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|ARM64.Build.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|ARM64.Deploy.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x64.ActiveCfg = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x64.Build.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x64.Deploy.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x86.ActiveCfg = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x86.Build.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x86.Deploy.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|ARM64.ActiveCfg = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|ARM64.Build.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|ARM64.Deploy.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|x64.ActiveCfg = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|x64.Build.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|x64.Deploy.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|x86.ActiveCfg = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|x86.Build.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|x86.Deploy.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|ARM64.ActiveCfg = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|ARM64.Build.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|ARM64.Deploy.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x64.ActiveCfg = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x64.Build.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x64.Deploy.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x86.ActiveCfg = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x86.Build.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x86.Deploy.0 = Release|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -2683,6 +2748,7 @@ Global {E51A27F5-A1D5-40DA-A09B-850203D6B13D} = {492C9B22-9237-4996-9E33-CA14D3533616} {A08B9A8B-FCD0-4E93-8811-D60EED639BE0} = {B09749EC-3D14-414B-BA9B-CD20E218DC84} {4F082524-9496-44FA-8CBA-4BC0BDC62568} = {492C9B22-9237-4996-9E33-CA14D3533616} + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E} = {7C2E30D9-E07F-4913-BD8A-345B38F18A81} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {3D5F862D-74C6-4357-9F95-0B152E33B7B8} diff --git a/installer/Product.wxs b/installer/Product.wxs index 9e0b2091ce..7105e30fee 100644 --- a/installer/Product.wxs +++ b/installer/Product.wxs @@ -366,7 +366,7 @@ SPDX-License-Identifier: MIT - + @@ -418,11 +418,7 @@ SPDX-License-Identifier: MIT - - - - - + diff --git a/installer/ebpf-for-windows.wixproj b/installer/ebpf-for-windows.wixproj index 7e5ac632b3..a2dc56c8b8 100644 --- a/installer/ebpf-for-windows.wixproj +++ b/installer/ebpf-for-windows.wixproj @@ -94,6 +94,14 @@ SPDX-License-Identifier: MIT Binaries;Content;Satellites INSTALLFOLDER + + ebpf_store_helper + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + True + True + Binaries;Content;Satellites + INSTALLFOLDER + netebpfext {55499e36-37d4-4f86-b694-9f2990315758} @@ -244,4 +252,4 @@ SPDX-License-Identifier: MIT --> - + \ No newline at end of file diff --git a/libs/platform/kernel/ebpf_platform_kernel.c b/libs/platform/kernel/ebpf_platform_kernel.c index d51eecc57e..3fdb206e9f 100644 --- a/libs/platform/kernel/ebpf_platform_kernel.c +++ b/libs/platform/kernel/ebpf_platform_kernel.c @@ -763,7 +763,7 @@ _Must_inspect_result_ ebpf_result_t ebpf_update_global_helpers( _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count) { - NTSTATUS status = _ebpf_store_update_global_helper_information(helper_info, helper_info_count); + NTSTATUS status = ebpf_store_update_global_helper_information(helper_info, helper_info_count); ebpf_result_t result = NT_SUCCESS(status) ? EBPF_SUCCESS : EBPF_FAILED; return result; diff --git a/libs/platform/kernel/platform_kernel.vcxproj b/libs/platform/kernel/platform_kernel.vcxproj index d526660ca3..cf934b7fe0 100644 --- a/libs/platform/kernel/platform_kernel.vcxproj +++ b/libs/platform/kernel/platform_kernel.vcxproj @@ -62,6 +62,11 @@ + + + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + + {FC3F9998-4085-4767-8386-5453F07C3AAD} {0a049372-4c4d-4ea0-a64e-dc6ad88ceca1} @@ -117,6 +122,12 @@ + + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel + + + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel + _DEBUG;WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;%(PreprocessorDefinitions);_KRPCENV_;_NO_CRT_STDIO_INLINE=1 @@ -125,6 +136,9 @@ _KRPCENV_;%(PreprocessorDefinitions) + + $(SolutionDir)$(Platform)\$(ConfigurationName)\ + @@ -134,6 +148,9 @@ _KRPCENV_;%(PreprocessorDefinitions) + + $(SolutionDir)$(Platform)\$(ConfigurationName)\ + diff --git a/libs/platform/kernel/platform_kernel.vcxproj.filters b/libs/platform/kernel/platform_kernel.vcxproj.filters index 8086990a18..4ee2b54cec 100644 --- a/libs/platform/kernel/platform_kernel.vcxproj.filters +++ b/libs/platform/kernel/platform_kernel.vcxproj.filters @@ -129,8 +129,5 @@ Header Files - - Header Files - \ No newline at end of file diff --git a/include/kernel/ebpf_registry_helper.h b/libs/store_helper/kernel/ebpf_registry_helper.c similarity index 85% rename from include/kernel/ebpf_registry_helper.h rename to libs/store_helper/kernel/ebpf_registry_helper.c index a7a1222456..fceb5e3af5 100644 --- a/include/kernel/ebpf_registry_helper.h +++ b/libs/store_helper/kernel/ebpf_registry_helper.c @@ -1,28 +1,16 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT -#pragma once +#include "ebpf_registry_helper.h" +#include "ebpf_store_helper.h" -#include "framework.h" - -#define __return_type NTSTATUS -#define _SUCCESS STATUS_SUCCESS -#define IS_SUCCESS(x) (NT_SUCCESS(x)) - -#define REG_CREATE_FLAGS 0 -#define GUID_STRING_LENGTH 38 // not including the null terminator. - -typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; - -typedef HANDLE ebpf_registry_key_t; - -static void +void close_registry_key(ebpf_registry_key_t key) { ZwClose(key); } -static NTSTATUS +NTSTATUS convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length) { UNICODE_STRING unicode_string = {0}; @@ -51,7 +39,7 @@ convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wc return status; } -static _Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_registry_result_t write_registry_value_binary( ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) { @@ -61,7 +49,7 @@ write_registry_value_binary( return ZwSetValueKey(key, &unicode_value_name, 0, REG_BINARY, value, (ULONG)value_size); } -static _Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_registry_result_t write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) { NTSTATUS status; @@ -84,7 +72,7 @@ write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* return status; } -static _Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_registry_result_t write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) { UNICODE_STRING unicode_name; @@ -92,7 +80,7 @@ write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_ return ZwSetValueKey(key, &unicode_name, 0, REG_DWORD, &value, sizeof(uint32_t)); } -static _Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_registry_result_t create_registry_key( ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) { @@ -111,7 +99,7 @@ create_registry_key( return status; } -static _Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_registry_result_t create_registry_key_ansi( ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) { diff --git a/libs/store_helper/kernel/ebpf_registry_helper.h b/libs/store_helper/kernel/ebpf_registry_helper.h new file mode 100644 index 0000000000..39673eaf10 --- /dev/null +++ b/libs/store_helper/kernel/ebpf_registry_helper.h @@ -0,0 +1,33 @@ +// Copyright (c) Microsoft Corporation +// SPDX-License-Identifier: MIT + +#pragma once + +#include "framework.h" + +#define _SUCCESS STATUS_SUCCESS +#define IS_SUCCESS(x) (NT_SUCCESS(x)) + +#define REG_CREATE_FLAGS 0 +#define GUID_STRING_LENGTH 38 // not including the null terminator. + +void +close_registry_key(ebpf_registry_key_t key); +NTSTATUS +convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length); +ebpf_registry_result_t +write_registry_value_binary( + ebpf_registry_key_t key, + _In_z_ const wchar_t* value_name, + _In_reads_(value_size) uint8_t* value, + size_t value_size); +ebpf_registry_result_t +write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); +ebpf_registry_result_t +write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); +ebpf_registry_result_t +create_registry_key( + ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); +ebpf_registry_result_t +create_registry_key_ansi( + ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); diff --git a/include/ebpf_store_helper.h b/libs/store_helper/kernel/ebpf_store_helper.c similarity index 93% rename from include/ebpf_store_helper.h rename to libs/store_helper/kernel/ebpf_store_helper.c index 8b328a89a4..b1947fdb36 100644 --- a/include/ebpf_store_helper.h +++ b/libs/store_helper/kernel/ebpf_store_helper.c @@ -5,14 +5,15 @@ #include "ebpf_program_types.h" #include "ebpf_registry_helper.h" +#include "ebpf_store_helper.h" #include "ebpf_windows.h" #ifdef USER_MODE extern ebpf_registry_key_t ebpf_root_registry_key; #endif -static uint32_t -_ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key) +uint32_t +ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key) { __return_type status = _SUCCESS; ebpf_registry_key_t root_key = NULL; @@ -41,8 +42,8 @@ _ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* prov return status; } -static __return_type -_ebpf_store_update_helper_prototype( +__return_type +ebpf_store_update_helper_prototype( ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info) { __return_type status = _SUCCESS; @@ -89,8 +90,8 @@ _ebpf_store_update_helper_prototype( * * @returns Status of the operation. */ -static __return_type -_ebpf_store_update_section_information( +__return_type +ebpf_store_update_section_information( _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count) { __return_type status = _SUCCESS; @@ -102,7 +103,7 @@ _ebpf_store_update_section_information( } // Open (or create) provider registry path. - status = _ebpf_store_open_or_create_provider_registry_key(&provider_key); + status = ebpf_store_open_or_create_provider_registry_key(&provider_key); if (!IS_SUCCESS(status)) { goto Exit; } @@ -180,8 +181,8 @@ _ebpf_store_update_section_information( * * @returns Status of the operation. */ -static __return_type -_ebpf_store_update_program_information( +__return_type +ebpf_store_update_program_information( _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count) { __return_type status = _SUCCESS; @@ -193,7 +194,7 @@ _ebpf_store_update_program_information( } // Open (or create) provider registry path. - status = _ebpf_store_open_or_create_provider_registry_key(&provider_key); + status = ebpf_store_open_or_create_provider_registry_key(&provider_key); if (!IS_SUCCESS(status)) { goto Exit; } @@ -275,7 +276,7 @@ _ebpf_store_update_program_information( // Iterate over all the helper prototypes and save in registry. for (uint32_t count = 0; count < program_info[i].count_of_program_type_specific_helpers; count++) { - status = _ebpf_store_update_helper_prototype( + status = ebpf_store_update_helper_prototype( helper_info_key, &(program_info[i].program_type_specific_helper_prototype[count])); if (!IS_SUCCESS(status)) { close_registry_key(program_key); @@ -308,8 +309,8 @@ _ebpf_store_update_program_information( * * @returns Status of the operation. */ -static __return_type -_ebpf_store_update_global_helper_information( +__return_type +ebpf_store_update_global_helper_information( _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count) { __return_type status = _SUCCESS; @@ -321,7 +322,7 @@ _ebpf_store_update_global_helper_information( } // Open (or create) provider registry path. - status = _ebpf_store_open_or_create_provider_registry_key(&provider_key); + status = ebpf_store_open_or_create_provider_registry_key(&provider_key); if (!IS_SUCCESS(status)) { goto Exit; } @@ -334,7 +335,7 @@ _ebpf_store_update_global_helper_information( for (uint32_t i = 0; i < helper_info_count; i++) { - status = _ebpf_store_update_helper_prototype(helper_info_key, &helper_info[i]); + status = ebpf_store_update_helper_prototype(helper_info_key, &helper_info[i]); if (!IS_SUCCESS(status)) { goto Exit; } diff --git a/libs/store_helper/kernel/ebpf_store_helper.h b/libs/store_helper/kernel/ebpf_store_helper.h new file mode 100644 index 0000000000..dadc6b961f --- /dev/null +++ b/libs/store_helper/kernel/ebpf_store_helper.h @@ -0,0 +1,68 @@ +// Copyright (c) Microsoft Corporation +// SPDX-License-Identifier: MIT + +#pragma once + +#include "ebpf_program_types.h" +#include "ebpf_windows.h" +#include "framework.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +#define __return_type NTSTATUS + typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; + typedef HANDLE ebpf_registry_key_t; + +#ifdef USER_MODE + extern ebpf_registry_key_t ebpf_root_registry_key; +#endif + + uint32_t + ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key); + + __return_type + ebpf_store_update_helper_prototype( + ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); + + /** + * @brief Update section information in eBPF store. + * + * @param[in] section_info Pointer to an array of section information. + * @param[in] section_info_count Count of section information entries. + * + * @returns Status of the operation. + */ + __return_type + ebpf_store_update_section_information( + _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count); + + /** + * @brief Update program information in eBPF store. + * + * @param[in] program_info Pointer to an array of program information. + * @param[in] program_info_count Count of program information entries. + * + * @returns Status of the operation. + */ + __return_type + ebpf_store_update_program_information( + _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count); + + /** + * @brief Update global helper information in eBPF store. + * + * @param[in] helper_info Pointer to an array of helper function prototypes. + * @param[in] helper_info_count Count of helper function prototypes. + * + * @returns Status of the operation. + */ + __return_type + ebpf_store_update_global_helper_information( + _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); + +#ifdef __cplusplus +} /* extern "C" */ +#endif \ No newline at end of file diff --git a/libs/store_helper/kernel/ebpf_store_helper.vcxproj b/libs/store_helper/kernel/ebpf_store_helper.vcxproj new file mode 100644 index 0000000000..942936f406 --- /dev/null +++ b/libs/store_helper/kernel/ebpf_store_helper.vcxproj @@ -0,0 +1,107 @@ + + + + + + Debug + x64 + + + Release + x64 + + + + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + v4.5 + 12.0 + Debug + Win32 + store_helper + KMDF + ebpf_store_helper + $(LatestTargetPlatformVersion) + + + + Windows10 + true + WindowsKernelModeDriver10.0 + StaticLibrary + Universal + Unicode + false + + + Windows10 + false + WindowsKernelModeDriver10.0 + StaticLibrary + Universal + Unicode + false + + + + + + + + + + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src + $(SolutionDir)$(Platform)\$(ConfigurationName)\ + + + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src + $(SolutionDir)$(Platform)\$(ConfigurationName)\ + + + + Level3 + true + _DEBUG;_LIB;%(PreprocessorDefinitions) + true + NotUsing + pch.h + + + + + true + + + + + Level3 + true + true + true + NDEBUG;_LIB;%(PreprocessorDefinitions) + true + NotUsing + pch.h + + + + + true + true + true + + + + + + + + + + + + + + \ No newline at end of file diff --git a/libs/store_helper/kernel/ebpf_store_helper.vcxproj.filters b/libs/store_helper/kernel/ebpf_store_helper.vcxproj.filters new file mode 100644 index 0000000000..04668dac5c --- /dev/null +++ b/libs/store_helper/kernel/ebpf_store_helper.vcxproj.filters @@ -0,0 +1,31 @@ + + + + + + {f18f64a4-4935-458c-b74d-6e4b7b62cf98} + + + {96641f48-dc1b-4f88-bf4e-bc8f00152973} + + + + + Source Files + + + Source Files + + + + + Header Files + + + Header Files + + + \ No newline at end of file diff --git a/netebpfext/net_ebpf_ext_bind.c b/netebpfext/net_ebpf_ext_bind.c index 68028daa5f..2baf2d137a 100644 --- a/netebpfext/net_ebpf_ext_bind.c +++ b/netebpfext/net_ebpf_ext_bind.c @@ -158,13 +158,13 @@ _net_ebpf_bind_update_store_entries() // Update section information. uint32_t section_info_count = sizeof(_ebpf_bind_section_info) / sizeof(ebpf_program_section_info_t); - status = _ebpf_store_update_section_information(&_ebpf_bind_section_info[0], section_info_count); + status = ebpf_store_update_section_information(&_ebpf_bind_section_info[0], section_info_count); if (!NT_SUCCESS(status)) { return status; } // Update program information. - status = _ebpf_store_update_program_information(&_ebpf_bind_program_info, 1); + status = ebpf_store_update_program_information(&_ebpf_bind_program_info, 1); return status; } diff --git a/netebpfext/net_ebpf_ext_sock_addr.c b/netebpfext/net_ebpf_ext_sock_addr.c index 20873a7e2e..1ebca1b1b9 100644 --- a/netebpfext/net_ebpf_ext_sock_addr.c +++ b/netebpfext/net_ebpf_ext_sock_addr.c @@ -585,13 +585,13 @@ _net_ebpf_sock_addr_update_store_entries() // Update section information. uint32_t section_info_count = sizeof(_ebpf_sock_addr_section_info) / sizeof(ebpf_program_section_info_t); - status = _ebpf_store_update_section_information(&_ebpf_sock_addr_section_info[0], section_info_count); + status = ebpf_store_update_section_information(&_ebpf_sock_addr_section_info[0], section_info_count); if (!NT_SUCCESS(status)) { NET_EBPF_EXT_RETURN_NTSTATUS(status); } // Update program information. - status = _ebpf_store_update_program_information(&_ebpf_sock_addr_program_info, 1); + status = ebpf_store_update_program_information(&_ebpf_sock_addr_program_info, 1); NET_EBPF_EXT_RETURN_NTSTATUS(status); } diff --git a/netebpfext/net_ebpf_ext_sock_ops.c b/netebpfext/net_ebpf_ext_sock_ops.c index f9605ffc3d..92a80191b4 100644 --- a/netebpfext/net_ebpf_ext_sock_ops.c +++ b/netebpfext/net_ebpf_ext_sock_ops.c @@ -259,13 +259,13 @@ _net_ebpf_sock_ops_update_store_entries() // Update section information. uint32_t section_info_count = sizeof(_ebpf_sock_ops_section_info) / sizeof(ebpf_program_section_info_t); - status = _ebpf_store_update_section_information(&_ebpf_sock_ops_section_info[0], section_info_count); + status = ebpf_store_update_section_information(&_ebpf_sock_ops_section_info[0], section_info_count); if (!NT_SUCCESS(status)) { return status; } // Update program information. - status = _ebpf_store_update_program_information(&_ebpf_sock_ops_program_info, 1); + status = ebpf_store_update_program_information(&_ebpf_sock_ops_program_info, 1); return status; } diff --git a/netebpfext/net_ebpf_ext_xdp.c b/netebpfext/net_ebpf_ext_xdp.c index ed32ef17ef..dd00f17b0e 100644 --- a/netebpfext/net_ebpf_ext_xdp.c +++ b/netebpfext/net_ebpf_ext_xdp.c @@ -230,13 +230,13 @@ _net_ebpf_xdp_update_store_entries() // Update section information. uint32_t section_info_count = sizeof(_ebpf_xdp_section_info) / sizeof(ebpf_program_section_info_t); - status = _ebpf_store_update_section_information(&_ebpf_xdp_section_info[0], section_info_count); + status = ebpf_store_update_section_information(&_ebpf_xdp_section_info[0], section_info_count); if (!NT_SUCCESS(status)) { return status; } // Update program information. - status = _ebpf_store_update_program_information(&_ebpf_xdp_program_info, 1); + status = ebpf_store_update_program_information(&_ebpf_xdp_program_info, 1); return status; } diff --git a/netebpfext/sys/netebpfext.vcxproj b/netebpfext/sys/netebpfext.vcxproj index 88606ceb2c..07386df7a5 100644 --- a/netebpfext/sys/netebpfext.vcxproj +++ b/netebpfext/sys/netebpfext.vcxproj @@ -100,15 +100,19 @@ DbgengKernelDebugger + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel DbgengKernelDebugger + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel DbgengKernelDebugger + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel DbgengKernelDebugger + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel @@ -127,7 +131,7 @@ %(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib - $(OutDir);%(AdditionalLibraryDirectories) + $(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories) SHA256 @@ -149,7 +153,7 @@ %(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib - $(OutDir);%(AdditionalLibraryDirectories) + $(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories) SHA256 @@ -170,7 +174,7 @@ %(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib - $(OutDir);%(AdditionalLibraryDirectories) + $(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories) SHA256 @@ -191,7 +195,7 @@ %(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib - $(OutDir);%(AdditionalLibraryDirectories) + $(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories) SHA256 @@ -230,6 +234,11 @@ + + + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + + diff --git a/netebpfext/user/netebpfext_user.vcxproj b/netebpfext/user/netebpfext_user.vcxproj index 4652a52fdc..148407c38c 100644 --- a/netebpfext/user/netebpfext_user.vcxproj +++ b/netebpfext/user/netebpfext_user.vcxproj @@ -62,12 +62,15 @@ true + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel true + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel false + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel @@ -83,6 +86,10 @@ true mincore.lib;%(AdditionalDependencies) + + ebpf_store_helper.lib %(AdditionalOptions) + $(SolutionDir)$(Platform)\$(ConfigurationName)\ + @@ -100,6 +107,8 @@ false + ebpf_store_helper.lib %(AdditionalOptions) + $(SolutionDir)$(Platform)\$(ConfigurationName)\ @@ -117,6 +126,10 @@ true mincore.lib;%(AdditionalDependencies) + + ebpf_store_helper.lib %(AdditionalOptions) + $(SolutionDir)$(Platform)\$(ConfigurationName)\ + @@ -149,6 +162,11 @@ + + + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + + diff --git a/tests/libfuzzer/netebpfext_fuzzer/netebpfext_fuzzer.vcxproj b/tests/libfuzzer/netebpfext_fuzzer/netebpfext_fuzzer.vcxproj index 86a03fab07..6b86e97e71 100644 --- a/tests/libfuzzer/netebpfext_fuzzer/netebpfext_fuzzer.vcxproj +++ b/tests/libfuzzer/netebpfext_fuzzer/netebpfext_fuzzer.vcxproj @@ -71,7 +71,8 @@ Console $(FuzzerLibs);mincore.lib;%(AdditionalDependencies) - $(VCToolsInstallDir)lib\$(Platform) + $(VCToolsInstallDir)lib\$(Platform);$(SolutionDir)$(Platform)\$(ConfigurationName)\ + ebpf_store_helper.lib %(AdditionalOptions) @@ -82,7 +83,8 @@ Console $(FuzzerLibs);mincore.lib;%(AdditionalDependencies) - $(VCToolsInstallDir)lib\$(Platform) + $(VCToolsInstallDir)lib\$(Platform);$(SolutionDir)$(Platform)\$(ConfigurationName)\ + ebpf_store_helper.lib %(AdditionalOptions) @@ -94,7 +96,8 @@ Console true $(FuzzerLibs);mincore.lib;%(AdditionalDependencies) - $(VCToolsInstallDir)lib\$(Platform) + $(VCToolsInstallDir)lib\$(Platform);$(SolutionDir)$(Platform)\$(ConfigurationName)\ + ebpf_store_helper.lib %(AdditionalOptions) @@ -111,6 +114,9 @@ {c26cb6a9-158c-4a9e-a243-755ddd98e5fe} + + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + {630bb78f-6211-41d8-8e3a-096e22e169ef} diff --git a/tests/netebpfext_unit/netebpfext_unit.vcxproj b/tests/netebpfext_unit/netebpfext_unit.vcxproj index 3404854298..18471cb042 100644 --- a/tests/netebpfext_unit/netebpfext_unit.vcxproj +++ b/tests/netebpfext_unit/netebpfext_unit.vcxproj @@ -80,6 +80,7 @@ Console true mincore.lib;%(AdditionalDependencies) + $(VC_LibraryPath_VC_x64_Desktop);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(Link.AdditionalLibraryDirectories) @@ -94,6 +95,7 @@ Console true mincore.lib;%(AdditionalDependencies) + $(VC_LibraryPath_VC_x64_Desktop);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(Link.AdditionalLibraryDirectories) @@ -112,6 +114,7 @@ true true mincore.lib;%(AdditionalDependencies) + $(VC_LibraryPath_VC_x64_Desktop);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(Link.AdditionalLibraryDirectories) @@ -132,6 +135,9 @@ {c26cb6a9-158c-4a9e-a243-755ddd98e5fe} + + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + {630bb78f-6211-41d8-8e3a-096e22e169ef} diff --git a/tests/sample/ext/drv/sample_ext.c b/tests/sample/ext/drv/sample_ext.c index 264bc65162..ca499ddba8 100644 --- a/tests/sample/ext/drv/sample_ext.c +++ b/tests/sample/ext/drv/sample_ext.c @@ -316,7 +316,7 @@ _sample_ebpf_extension_update_store_entries() (GUID*)&EBPF_ATTACH_TYPE_SAMPLE, BPF_PROG_TYPE_SAMPLE, BPF_ATTACH_TYPE_SAMPLE}; - status = _ebpf_store_update_section_information(§ion_info, 1); + status = ebpf_store_update_section_information(§ion_info, 1); if (!NT_SUCCESS(status)) { return status; } @@ -328,7 +328,7 @@ _sample_ebpf_extension_update_store_entries() .ProviderRegistrationInstance.NpiSpecificCharacteristics; program_data = (ebpf_program_data_t*)extension_data->data; - status = _ebpf_store_update_program_information(program_data->program_info, 1); + status = ebpf_store_update_program_information(program_data->program_info, 1); return status; } diff --git a/tests/sample/ext/drv/sample_ext.vcxproj b/tests/sample/ext/drv/sample_ext.vcxproj index ef2b56787a..4742ba3078 100644 --- a/tests/sample/ext/drv/sample_ext.vcxproj +++ b/tests/sample/ext/drv/sample_ext.vcxproj @@ -98,15 +98,19 @@ DbgengKernelDebugger + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel DbgengKernelDebugger + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel DbgengKernelDebugger + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel DbgengKernelDebugger + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel @@ -123,7 +127,7 @@ %(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib - $(OutDir);%(AdditionalLibraryDirectories) + $(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories) SHA256 @@ -144,7 +148,7 @@ %(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib - $(OutDir);%(AdditionalLibraryDirectories) + $(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories) SHA256 @@ -163,7 +167,7 @@ %(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib - $(OutDir);%(AdditionalLibraryDirectories) + $(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories) @@ -184,7 +188,7 @@ %(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib - $(OutDir);%(AdditionalLibraryDirectories) + $(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories) @@ -210,6 +214,9 @@ {fc3f9998-4085-4767-8386-5453f07c3aad} + + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + diff --git a/tests/unit/test.vcxproj b/tests/unit/test.vcxproj index 47559f455f..a5f25fdd51 100644 --- a/tests/unit/test.vcxproj +++ b/tests/unit/test.vcxproj @@ -88,18 +88,23 @@ false + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel false + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel false + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel false + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel false + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel @@ -195,6 +200,9 @@ {c26cb6a9-158c-4a9e-a243-755ddd98e5fe} + + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + {1423245d-0249-40fc-a077-ff7780acfe3f} diff --git a/tools/export_program_info/export_program_info.cpp b/tools/export_program_info/export_program_info.cpp index 2096fd9e8f..cb227972ab 100644 --- a/tools/export_program_info/export_program_info.cpp +++ b/tools/export_program_info/export_program_info.cpp @@ -50,7 +50,7 @@ export_all_program_information() uint32_t status = ERROR_SUCCESS; size_t array_size = _countof(program_information_array); for (uint32_t i = 0; i < array_size; i++) { - status = _ebpf_store_update_program_information(program_information_array[i], 1); + status = ebpf_store_update_program_information(program_information_array[i], 1); if (status != ERROR_SUCCESS) { break; } @@ -64,7 +64,7 @@ export_all_section_information() { uint32_t status = ERROR_SUCCESS; for (const auto& section : _section_information) { - status = _ebpf_store_update_section_information(section.section_info, (uint32_t)section.section_info_count); + status = ebpf_store_update_section_information(section.section_info, (uint32_t)section.section_info_count); if (status != ERROR_SUCCESS) { break; } @@ -76,7 +76,7 @@ export_all_section_information() int export_global_helper_information() { - return _ebpf_store_update_global_helper_information( + return ebpf_store_update_global_helper_information( ebpf_core_helper_function_prototype, ebpf_core_helper_functions_count); } diff --git a/tools/export_program_info/export_program_info.vcxproj b/tools/export_program_info/export_program_info.vcxproj index b13e4d8b22..11995a32ec 100644 --- a/tools/export_program_info/export_program_info.vcxproj +++ b/tools/export_program_info/export_program_info.vcxproj @@ -89,22 +89,27 @@ false Link + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel false Link + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel false Link + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel false Link + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel false Link + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel @@ -238,6 +243,9 @@ $(OutputPath)export_program_info.exe {c26cb6a9-158c-4a9e-a243-755ddd98e5fe} + + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + \ No newline at end of file From 6e7d7c157c41f47d6ce5f25f40065c67981fbabe Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 22 Jun 2023 00:14:25 -0700 Subject: [PATCH 02/60] wip --- ebpf-for-windows.sln | 68 ++++++++++- .../kernel => include}/ebpf_store_helper.h | 10 +- installer/Product.wxs | 9 +- installer/ebpf-for-windows.wixproj | 4 +- libs/platform/kernel/platform_kernel.vcxproj | 9 +- .../{kernel => }/ebpf_store_helper.c | 14 ++- .../kernel/ebpf_registry_helper.h | 33 ------ ...try_helper.c => ebpf_registry_helper_km.c} | 18 +-- .../kernel/ebpf_registry_helper_km.h | 54 +++++++++ ...r.vcxproj => ebpf_store_helper_km.vcxproj} | 16 +-- ...s => ebpf_store_helper_km.vcxproj.filters} | 20 ++-- .../user/ebpf_registry_helper_um.c | 79 +++++++++++++ .../user/ebpf_registry_helper_um.h | 86 ++++++++++++++ .../user/ebpf_store_helper_um.vcxproj | 107 ++++++++++++++++++ .../user/ebpf_store_helper_um.vcxproj.filters | 31 +++++ netebpfext/sys/netebpfext.vcxproj | 10 +- netebpfext/user/netebpfext_user.vcxproj | 10 +- .../netebpfext_fuzzer.vcxproj | 4 +- tests/netebpfext_unit/netebpfext_unit.vcxproj | 4 +- tests/sample/ext/drv/sample_ext.vcxproj | 10 +- tests/unit/test.vcxproj | 14 +-- .../export_program_info.vcxproj | 14 +-- 22 files changed, 509 insertions(+), 115 deletions(-) rename {libs/store_helper/kernel => include}/ebpf_store_helper.h (91%) rename libs/store_helper/{kernel => }/ebpf_store_helper.c (98%) delete mode 100644 libs/store_helper/kernel/ebpf_registry_helper.h rename libs/store_helper/kernel/{ebpf_registry_helper.c => ebpf_registry_helper_km.c} (96%) create mode 100644 libs/store_helper/kernel/ebpf_registry_helper_km.h rename libs/store_helper/kernel/{ebpf_store_helper.vcxproj => ebpf_store_helper_km.vcxproj} (91%) rename libs/store_helper/kernel/{ebpf_store_helper.vcxproj.filters => ebpf_store_helper_km.vcxproj.filters} (78%) create mode 100644 libs/store_helper/user/ebpf_registry_helper_um.c create mode 100644 libs/store_helper/user/ebpf_registry_helper_um.h create mode 100644 libs/store_helper/user/ebpf_store_helper_um.vcxproj create mode 100644 libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters diff --git a/ebpf-for-windows.sln b/ebpf-for-windows.sln index 09f2de290a..0f16f6467a 100644 --- a/ebpf-for-windows.sln +++ b/ebpf-for-windows.sln @@ -215,7 +215,9 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "redist-package", "tools\red EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ebpf_stress_tests_km", "tests\stress\km\ebpf_stress_tests_km.vcxproj", "{4F082524-9496-44FA-8CBA-4BC0BDC62568}" EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ebpf_store_helper", "libs\store_helper\kernel\ebpf_store_helper.vcxproj", "{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ebpf_store_helper_km", "libs\store_helper\kernel\ebpf_store_helper_km.vcxproj", "{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ebpf_store_helper_um", "libs\store_helper\user\ebpf_store_helper_um.vcxproj", "{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution @@ -2683,6 +2685,69 @@ Global {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x86.ActiveCfg = Release|x64 {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x86.Build.0 = Release|x64 {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x86.Deploy.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|ARM64.ActiveCfg = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|ARM64.Build.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|ARM64.Deploy.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|x64.ActiveCfg = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|x64.Build.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|x64.Deploy.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|x86.ActiveCfg = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|x86.Build.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|x86.Deploy.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|ARM64.ActiveCfg = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|ARM64.Build.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|ARM64.Deploy.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|x64.ActiveCfg = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|x64.Build.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|x64.Deploy.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|x86.ActiveCfg = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|x86.Build.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|x86.Deploy.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|ARM64.ActiveCfg = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|ARM64.Build.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|ARM64.Deploy.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|x64.ActiveCfg = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|x64.Build.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|x64.Deploy.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|x86.ActiveCfg = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|x86.Build.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|x86.Deploy.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|ARM64.ActiveCfg = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|ARM64.Build.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|ARM64.Deploy.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|x64.ActiveCfg = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|x64.Build.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|x64.Deploy.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|x86.ActiveCfg = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|x86.Build.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|x86.Deploy.0 = Debug|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|ARM64.ActiveCfg = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|ARM64.Build.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|ARM64.Deploy.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|x64.ActiveCfg = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|x64.Build.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|x64.Deploy.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|x86.ActiveCfg = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|x86.Build.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|x86.Deploy.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|ARM64.ActiveCfg = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|ARM64.Build.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|ARM64.Deploy.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|x64.ActiveCfg = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|x64.Build.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|x64.Deploy.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|x86.ActiveCfg = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|x86.Build.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|x86.Deploy.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|ARM64.ActiveCfg = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|ARM64.Build.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|ARM64.Deploy.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|x64.ActiveCfg = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|x64.Build.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|x64.Deploy.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|x86.ActiveCfg = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|x86.Build.0 = Release|x64 + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|x86.Deploy.0 = Release|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -2749,6 +2814,7 @@ Global {A08B9A8B-FCD0-4E93-8811-D60EED639BE0} = {B09749EC-3D14-414B-BA9B-CD20E218DC84} {4F082524-9496-44FA-8CBA-4BC0BDC62568} = {492C9B22-9237-4996-9E33-CA14D3533616} {3569E946-C8B4-49EE-A89D-EDD09DC9F36E} = {7C2E30D9-E07F-4913-BD8A-345B38F18A81} + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {3D5F862D-74C6-4357-9F95-0B152E33B7B8} diff --git a/libs/store_helper/kernel/ebpf_store_helper.h b/include/ebpf_store_helper.h similarity index 91% rename from libs/store_helper/kernel/ebpf_store_helper.h rename to include/ebpf_store_helper.h index dadc6b961f..9d1e0c4401 100644 --- a/libs/store_helper/kernel/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -4,18 +4,18 @@ #pragma once #include "ebpf_program_types.h" +#ifdef USER_MODE +#include "user\ebpf_registry_helper_um.h" +#else +#include "kernel\ebpf_registry_helper_km.h" +#endif #include "ebpf_windows.h" -#include "framework.h" #ifdef __cplusplus extern "C" { #endif -#define __return_type NTSTATUS - typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; - typedef HANDLE ebpf_registry_key_t; - #ifdef USER_MODE extern ebpf_registry_key_t ebpf_root_registry_key; #endif diff --git a/installer/Product.wxs b/installer/Product.wxs index 7105e30fee..691dd43cdb 100644 --- a/installer/Product.wxs +++ b/installer/Product.wxs @@ -366,7 +366,7 @@ SPDX-License-Identifier: MIT - + @@ -585,14 +585,17 @@ SPDX-License-Identifier: MIT - - + + + + + diff --git a/installer/ebpf-for-windows.wixproj b/installer/ebpf-for-windows.wixproj index a2dc56c8b8..eda2b0b8b4 100644 --- a/installer/ebpf-for-windows.wixproj +++ b/installer/ebpf-for-windows.wixproj @@ -94,8 +94,8 @@ SPDX-License-Identifier: MIT Binaries;Content;Satellites INSTALLFOLDER - - ebpf_store_helper + + ebpf_store_helper_km {3569e946-c8b4-49ee-a89d-edd09dc9f36e} True True diff --git a/libs/platform/kernel/platform_kernel.vcxproj b/libs/platform/kernel/platform_kernel.vcxproj index cf934b7fe0..5e482efd8b 100644 --- a/libs/platform/kernel/platform_kernel.vcxproj +++ b/libs/platform/kernel/platform_kernel.vcxproj @@ -62,11 +62,6 @@ - - - {3569e946-c8b4-49ee-a89d-edd09dc9f36e} - - {FC3F9998-4085-4767-8386-5453F07C3AAD} {0a049372-4c4d-4ea0-a64e-dc6ad88ceca1} @@ -123,10 +118,10 @@ - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper diff --git a/libs/store_helper/kernel/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c similarity index 98% rename from libs/store_helper/kernel/ebpf_store_helper.c rename to libs/store_helper/ebpf_store_helper.c index b1947fdb36..f5fd04caf9 100644 --- a/libs/store_helper/kernel/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -4,12 +4,16 @@ #pragma once #include "ebpf_program_types.h" -#include "ebpf_registry_helper.h" +#ifdef USER_MODE +#include "user\ebpf_registry_helper_um.h" +#else +#include "kernel\ebpf_registry_helper_km.h" +#endif #include "ebpf_store_helper.h" #include "ebpf_windows.h" #ifdef USER_MODE -extern ebpf_registry_key_t ebpf_root_registry_key; +// extern ebpf_registry_key_t ebpf_root_registry_key; #endif uint32_t @@ -20,10 +24,10 @@ ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provi *provider_key = NULL; // Open (or create) root eBPF registry path. -#ifndef USER_MODE - status = create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); -#else +#ifdef USER_MODE status = create_registry_key(ebpf_root_registry_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); +#else + status = create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); #endif if (!IS_SUCCESS(status)) { goto Exit; diff --git a/libs/store_helper/kernel/ebpf_registry_helper.h b/libs/store_helper/kernel/ebpf_registry_helper.h deleted file mode 100644 index 39673eaf10..0000000000 --- a/libs/store_helper/kernel/ebpf_registry_helper.h +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright (c) Microsoft Corporation -// SPDX-License-Identifier: MIT - -#pragma once - -#include "framework.h" - -#define _SUCCESS STATUS_SUCCESS -#define IS_SUCCESS(x) (NT_SUCCESS(x)) - -#define REG_CREATE_FLAGS 0 -#define GUID_STRING_LENGTH 38 // not including the null terminator. - -void -close_registry_key(ebpf_registry_key_t key); -NTSTATUS -convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length); -ebpf_registry_result_t -write_registry_value_binary( - ebpf_registry_key_t key, - _In_z_ const wchar_t* value_name, - _In_reads_(value_size) uint8_t* value, - size_t value_size); -ebpf_registry_result_t -write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); -ebpf_registry_result_t -write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); -ebpf_registry_result_t -create_registry_key( - ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); -ebpf_registry_result_t -create_registry_key_ansi( - ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); diff --git a/libs/store_helper/kernel/ebpf_registry_helper.c b/libs/store_helper/kernel/ebpf_registry_helper_km.c similarity index 96% rename from libs/store_helper/kernel/ebpf_registry_helper.c rename to libs/store_helper/kernel/ebpf_registry_helper_km.c index fceb5e3af5..5c44f7c696 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper.c +++ b/libs/store_helper/kernel/ebpf_registry_helper_km.c @@ -1,18 +1,14 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT -#include "ebpf_registry_helper.h" -#include "ebpf_store_helper.h" - -void -close_registry_key(ebpf_registry_key_t key) -{ - ZwClose(key); -} +#include "ebpf_registry_helper_km.h" NTSTATUS convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length) { + if (guid == NULL || string == NULL || string_length == 0) + return STATUS_INVALID_PARAMETER; + UNICODE_STRING unicode_string = {0}; NTSTATUS status = RtlStringFromGUID(guid, &unicode_string); @@ -39,6 +35,12 @@ convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wc return status; } +void +close_registry_key(ebpf_registry_key_t key) +{ + ZwClose(key); +} + _Must_inspect_result_ ebpf_registry_result_t write_registry_value_binary( ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) diff --git a/libs/store_helper/kernel/ebpf_registry_helper_km.h b/libs/store_helper/kernel/ebpf_registry_helper_km.h new file mode 100644 index 0000000000..c5d2a6a102 --- /dev/null +++ b/libs/store_helper/kernel/ebpf_registry_helper_km.h @@ -0,0 +1,54 @@ +// Copyright (c) Microsoft Corporation +// SPDX-License-Identifier: MIT + +#pragma once + +#include "framework.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +#define __return_type NTSTATUS +#define _SUCCESS STATUS_SUCCESS +#define IS_SUCCESS(x) (NT_SUCCESS(x)) + +#define REG_CREATE_FLAGS 0 +#define GUID_STRING_LENGTH 38 // not including the null terminator. + + typedef HANDLE ebpf_registry_key_t; + typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; + + NTSTATUS + convert_guid_to_string( + _In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length); + + void + close_registry_key(ebpf_registry_key_t key); + + _Must_inspect_result_ ebpf_registry_result_t + write_registry_value_binary( + ebpf_registry_key_t key, + _In_z_ const wchar_t* value_name, + _In_reads_(value_size) uint8_t* value, + size_t value_size); + + _Must_inspect_result_ ebpf_registry_result_t + write_registry_value_ansi_string( + ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); + + _Must_inspect_result_ ebpf_registry_result_t + write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); + + _Must_inspect_result_ ebpf_registry_result_t + create_registry_key( + ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); + + _Must_inspect_result_ ebpf_registry_result_t + create_registry_key_ansi( + ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); + +#ifdef __cplusplus +} /* extern "C" */ +#endif \ No newline at end of file diff --git a/libs/store_helper/kernel/ebpf_store_helper.vcxproj b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj similarity index 91% rename from libs/store_helper/kernel/ebpf_store_helper.vcxproj rename to libs/store_helper/kernel/ebpf_store_helper_km.vcxproj index 942936f406..7f83b4e018 100644 --- a/libs/store_helper/kernel/ebpf_store_helper.vcxproj +++ b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj @@ -20,9 +20,9 @@ 12.0 Debug Win32 - store_helper + store_helper_km KMDF - ebpf_store_helper + ebpf_store_helper_km $(LatestTargetPlatformVersion) @@ -52,11 +52,11 @@ - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src;..\ $(SolutionDir)$(Platform)\$(ConfigurationName)\ - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src;..\ $(SolutionDir)$(Platform)\$(ConfigurationName)\ @@ -94,12 +94,12 @@ - - + + - - + + diff --git a/libs/store_helper/kernel/ebpf_store_helper.vcxproj.filters b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj.filters similarity index 78% rename from libs/store_helper/kernel/ebpf_store_helper.vcxproj.filters rename to libs/store_helper/kernel/ebpf_store_helper_km.vcxproj.filters index 04668dac5c..4480991cce 100644 --- a/libs/store_helper/kernel/ebpf_store_helper.vcxproj.filters +++ b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj.filters @@ -13,19 +13,19 @@ - - Source Files - - - Source Files - - - - + Header Files - + Header Files + + + Source Files + + + Source Files + + \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_registry_helper_um.c b/libs/store_helper/user/ebpf_registry_helper_um.c new file mode 100644 index 0000000000..9241ae8fdf --- /dev/null +++ b/libs/store_helper/user/ebpf_registry_helper_um.c @@ -0,0 +1,79 @@ +// Copyright (c) Microsoft Corporation +// SPDX-License-Identifier: MIT + +#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers +#include "ebpf_registry_helper_um.h" +//#include +#include + +void +close_registry_key(ebpf_registry_key_t key) +{ + RegCloseKey(key); +} + +_Must_inspect_result_ ebpf_registry_result_t +convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length) +{ + if (guid == NULL || string == NULL || string_length == 0) + return ERROR_INVALID_PARAMETER; + + if (StringFromGUID2(guid, string, string_length) == 0) { + return ERROR_NOT_ENOUGH_MEMORY; + } + + return ERROR_SUCCESS; +} + +_Must_inspect_result_ ebpf_registry_result_t +write_registry_value_binary( + ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) +{ + return RegSetValueExW(key, value_name, 0, REG_BINARY, value, value_size); +} + +_Must_inspect_result_ ebpf_registry_result_t +write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) +{ + wchar_t unicode_value[MAX_PATH]; + size_t value_length = strlen(value) + 1; + MultiByteToWideChar(CP_ACP, 0, value, -1, unicode_value, MAX_PATH); + + LSTATUS status = + RegSetValueExW(key, value_name, 0, REG_SZ, (const BYTE*)unicode_value, value_length * sizeof(wchar_t)); + if (status != ERROR_SUCCESS) { + return status; + } + + return ERROR_SUCCESS; +} + +_Must_inspect_result_ ebpf_registry_result_t +write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) +{ + return RegSetValueExW(key, value_name, 0, REG_DWORD, (const BYTE*)&value, sizeof(uint32_t)); +} + +_Must_inspect_result_ ebpf_registry_result_t +create_registry_key( + ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) +{ + return RegCreateKeyExW(root_key, sub_key, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, key, NULL); +} + +_Must_inspect_result_ ebpf_registry_result_t +create_registry_key_ansi( + ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) +{ + wchar_t unicode_sub_key[MAX_PATH]; + size_t sub_key_length = strlen(sub_key) + 1; + MultiByteToWideChar(CP_ACP, 0, sub_key, -1, unicode_sub_key, MAX_PATH); + + LSTATUS status = + RegCreateKeyExW(root_key, unicode_sub_key, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, key, NULL); + if (status != ERROR_SUCCESS) { + return status; + } + + return ERROR_SUCCESS; +} diff --git a/libs/store_helper/user/ebpf_registry_helper_um.h b/libs/store_helper/user/ebpf_registry_helper_um.h new file mode 100644 index 0000000000..8dd4594bfd --- /dev/null +++ b/libs/store_helper/user/ebpf_registry_helper_um.h @@ -0,0 +1,86 @@ +// Copyright (c) Microsoft Corporation +// SPDX-License-Identifier: MIT + +#pragma once + +#include +#include +#include + +#ifdef __cplusplus +extern "C" +{ +#endif + +#define __return_type uint32_t +#define IS_SUCCESS(x) (x == ERROR_SUCCESS) +#define _SUCCESS NO_ERROR + +#define GUID_STRING_LENGTH 38 // not including the null terminator. + +#define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ) +#define REG_OPEN_FLAGS (DELETE | KEY_READ) + + typedef HANDLE ebpf_registry_key_t; + typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; + + void + close_registry_key(ebpf_registry_key_t key); + + _Must_inspect_result_ ebpf_registry_result_t + write_registry_value_binary( + ebpf_registry_key_t key, + _In_z_ const wchar_t* value_name, + _In_reads_(value_size) uint8_t* value, + size_t value_size); + + _Must_inspect_result_ ebpf_registry_result_t + write_registry_value_ansi_string( + ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); + + _Must_inspect_result_ ebpf_registry_result_t + write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); + + _Must_inspect_result_ ebpf_registry_result_t + create_registry_key( + ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); + + _Success_(return == ERROR_SUCCESS) uint32_t open_registry_key( + ebpf_registry_key_t root_key, + _In_opt_z_ const wchar_t* sub_key, + uint32_t flags, + _Out_ ebpf_registry_key_t* key); + + _Must_inspect_result_ ebpf_registry_result_t + delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key); + + _Must_inspect_result_ ebpf_registry_result_t + delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key); + + _Must_inspect_result_ ebpf_registry_result_t + read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value); + + _Must_inspect_result_ ebpf_registry_result_t + read_registry_value_binary( + ebpf_registry_key_t key, + _In_z_ const wchar_t* value_name, + _Out_writes_(value_size) uint8_t* value, + size_t value_size); + + _Must_inspect_result_ ebpf_registry_result_t + convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size); + + _Must_inspect_result_ ebpf_registry_result_t + convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid); + + _Must_inspect_result_ ebpf_registry_result_t + create_registry_key_ansi( + ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); + + _Must_inspect_result_ ebpf_registry_result_t + read_registry_value_string( + ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_z_ wchar_t** value); + +#ifdef __cplusplus +} /* extern "C" */ +#endif \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_store_helper_um.vcxproj b/libs/store_helper/user/ebpf_store_helper_um.vcxproj new file mode 100644 index 0000000000..c4ded9cb55 --- /dev/null +++ b/libs/store_helper/user/ebpf_store_helper_um.vcxproj @@ -0,0 +1,107 @@ + + + + + + Debug + x64 + + + Release + x64 + + + + {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A} + v4.5 + 12.0 + Debug + Win32 + store_helper_um + KMDF + ebpf_store_helper_um + $(LatestTargetPlatformVersion) + + + + Windows10 + true + WindowsKernelModeDriver10.0 + StaticLibrary + Universal + Unicode + false + + + Windows10 + false + WindowsKernelModeDriver10.0 + StaticLibrary + Universal + Unicode + false + + + + + + + + + + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src;..\ + $(SolutionDir)$(Platform)\$(ConfigurationName)\ + + + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src;..\ + $(SolutionDir)$(Platform)\$(ConfigurationName)\ + + + + Level3 + true + _DEBUG;_LIB;%(PreprocessorDefinitions);USER_MODE + true + NotUsing + pch.h + + + + + true + + + + + Level3 + true + true + true + NDEBUG;_LIB;%(PreprocessorDefinitions);USER_MODE + true + NotUsing + pch.h + + + + + true + true + true + + + + + + + + + + + + + + \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters b/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters new file mode 100644 index 0000000000..855b6c6a40 --- /dev/null +++ b/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters @@ -0,0 +1,31 @@ + + + + + + {fc986e3b-0dc2-4bd3-9087-b44ce64ca07c} + + + {589ce50f-4aa5-42c3-9b32-d8f3f8a1eeec} + + + + + Source Files + + + Source Files + + + + + Header Files + + + Header Files + + + \ No newline at end of file diff --git a/netebpfext/sys/netebpfext.vcxproj b/netebpfext/sys/netebpfext.vcxproj index 07386df7a5..6562ef231f 100644 --- a/netebpfext/sys/netebpfext.vcxproj +++ b/netebpfext/sys/netebpfext.vcxproj @@ -100,19 +100,19 @@ DbgengKernelDebugger - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper DbgengKernelDebugger - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper DbgengKernelDebugger - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper DbgengKernelDebugger - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper @@ -235,7 +235,7 @@ - + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} diff --git a/netebpfext/user/netebpfext_user.vcxproj b/netebpfext/user/netebpfext_user.vcxproj index 148407c38c..b72628f633 100644 --- a/netebpfext/user/netebpfext_user.vcxproj +++ b/netebpfext/user/netebpfext_user.vcxproj @@ -62,15 +62,15 @@ true - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper true - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper false - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper @@ -163,8 +163,8 @@ - - {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + + {aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a} diff --git a/tests/libfuzzer/netebpfext_fuzzer/netebpfext_fuzzer.vcxproj b/tests/libfuzzer/netebpfext_fuzzer/netebpfext_fuzzer.vcxproj index 6b86e97e71..a0f780f6e8 100644 --- a/tests/libfuzzer/netebpfext_fuzzer/netebpfext_fuzzer.vcxproj +++ b/tests/libfuzzer/netebpfext_fuzzer/netebpfext_fuzzer.vcxproj @@ -114,8 +114,8 @@ {c26cb6a9-158c-4a9e-a243-755ddd98e5fe} - - {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + + {aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a} {630bb78f-6211-41d8-8e3a-096e22e169ef} diff --git a/tests/netebpfext_unit/netebpfext_unit.vcxproj b/tests/netebpfext_unit/netebpfext_unit.vcxproj index 18471cb042..aba530a208 100644 --- a/tests/netebpfext_unit/netebpfext_unit.vcxproj +++ b/tests/netebpfext_unit/netebpfext_unit.vcxproj @@ -135,8 +135,8 @@ {c26cb6a9-158c-4a9e-a243-755ddd98e5fe} - - {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + + {aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a} {630bb78f-6211-41d8-8e3a-096e22e169ef} diff --git a/tests/sample/ext/drv/sample_ext.vcxproj b/tests/sample/ext/drv/sample_ext.vcxproj index 4742ba3078..49fc86304c 100644 --- a/tests/sample/ext/drv/sample_ext.vcxproj +++ b/tests/sample/ext/drv/sample_ext.vcxproj @@ -98,19 +98,19 @@ DbgengKernelDebugger - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper DbgengKernelDebugger - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper DbgengKernelDebugger - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper DbgengKernelDebugger - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper\kernel + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper @@ -214,7 +214,7 @@ {fc3f9998-4085-4767-8386-5453f07c3aad} - + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} diff --git a/tests/unit/test.vcxproj b/tests/unit/test.vcxproj index a5f25fdd51..3bb3871257 100644 --- a/tests/unit/test.vcxproj +++ b/tests/unit/test.vcxproj @@ -88,23 +88,23 @@ false - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper false - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper false - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper false - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper false - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper @@ -200,8 +200,8 @@ {c26cb6a9-158c-4a9e-a243-755ddd98e5fe} - - {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + + {aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a} {1423245d-0249-40fc-a077-ff7780acfe3f} diff --git a/tools/export_program_info/export_program_info.vcxproj b/tools/export_program_info/export_program_info.vcxproj index 11995a32ec..ebb5621fe9 100644 --- a/tools/export_program_info/export_program_info.vcxproj +++ b/tools/export_program_info/export_program_info.vcxproj @@ -89,27 +89,27 @@ false Link - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper false Link - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper false Link - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper false Link - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper false Link - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper\kernel + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper @@ -243,8 +243,8 @@ $(OutputPath)export_program_info.exe {c26cb6a9-158c-4a9e-a243-755ddd98e5fe} - - {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + + {aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a} From ea9203e861a06172198d4ae76e4b19fd9a6d2c03 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 22 Jun 2023 15:43:00 -0700 Subject: [PATCH 03/60] wip --- include/ebpf_store_helper.h | 21 +++++++++++++++++-- .../kernel/ebpf_registry_helper_km.h | 12 +---------- .../kernel/ebpf_store_helper_km.vcxproj | 2 +- .../user/ebpf_registry_helper_um.h | 16 +------------- 4 files changed, 22 insertions(+), 29 deletions(-) diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index 9d1e0c4401..fe66f39dcf 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -4,13 +4,30 @@ #pragma once #include "ebpf_program_types.h" + #ifdef USER_MODE -#include "user\ebpf_registry_helper_um.h" +#include +#include +#include +#define __return_type uint32_t +#define IS_SUCCESS(x) (x == ERROR_SUCCESS) +#define _SUCCESS NO_ERROR +#define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ) +#define REG_OPEN_FLAGS (DELETE | KEY_READ) #else -#include "kernel\ebpf_registry_helper_km.h" +#include "framework.h" +#define __return_type NTSTATUS +#define _SUCCESS STATUS_SUCCESS +#define IS_SUCCESS(x) (NT_SUCCESS(x)) +#define REG_CREATE_FLAGS 0 #endif + #include "ebpf_windows.h" +#define GUID_STRING_LENGTH 38 // not including the null terminator. +typedef HANDLE ebpf_registry_key_t; +typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; + #ifdef __cplusplus extern "C" { diff --git a/libs/store_helper/kernel/ebpf_registry_helper_km.h b/libs/store_helper/kernel/ebpf_registry_helper_km.h index c5d2a6a102..191d338869 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper_km.h +++ b/libs/store_helper/kernel/ebpf_registry_helper_km.h @@ -3,23 +3,13 @@ #pragma once -#include "framework.h" +#include "ebpf_store_helper.h" #ifdef __cplusplus extern "C" { #endif -#define __return_type NTSTATUS -#define _SUCCESS STATUS_SUCCESS -#define IS_SUCCESS(x) (NT_SUCCESS(x)) - -#define REG_CREATE_FLAGS 0 -#define GUID_STRING_LENGTH 38 // not including the null terminator. - - typedef HANDLE ebpf_registry_key_t; - typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; - NTSTATUS convert_guid_to_string( _In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length); diff --git a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj index 7f83b4e018..94e251f53a 100644 --- a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj +++ b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj @@ -52,7 +52,7 @@ - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src;..\ + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src $(SolutionDir)$(Platform)\$(ConfigurationName)\ diff --git a/libs/store_helper/user/ebpf_registry_helper_um.h b/libs/store_helper/user/ebpf_registry_helper_um.h index 8dd4594bfd..64520979a3 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.h +++ b/libs/store_helper/user/ebpf_registry_helper_um.h @@ -3,27 +3,13 @@ #pragma once -#include -#include -#include +#include "ebpf_store_helper.h" #ifdef __cplusplus extern "C" { #endif -#define __return_type uint32_t -#define IS_SUCCESS(x) (x == ERROR_SUCCESS) -#define _SUCCESS NO_ERROR - -#define GUID_STRING_LENGTH 38 // not including the null terminator. - -#define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ) -#define REG_OPEN_FLAGS (DELETE | KEY_READ) - - typedef HANDLE ebpf_registry_key_t; - typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; - void close_registry_key(ebpf_registry_key_t key); From b2a218cf5eb873caee6d2f129285d1d3a48168c9 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Fri, 23 Jun 2023 12:58:01 -0700 Subject: [PATCH 04/60] wip --- include/ebpf_store_helper.h | 20 +- libs/store_helper/ebpf_store_helper.c | 7 +- .../kernel/ebpf_registry_helper_km.h | 3 + .../user/ebpf_registry_helper_um.c | 218 +++++++++++++++--- .../user/ebpf_registry_helper_um.h | 8 + 5 files changed, 199 insertions(+), 57 deletions(-) diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index fe66f39dcf..bb60bb4cda 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -3,25 +3,17 @@ #pragma once -#include "ebpf_program_types.h" - -#ifdef USER_MODE -#include -#include -#include -#define __return_type uint32_t -#define IS_SUCCESS(x) (x == ERROR_SUCCESS) -#define _SUCCESS NO_ERROR -#define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ) -#define REG_OPEN_FLAGS (DELETE | KEY_READ) -#else -#include "framework.h" +#ifndef USER_MODE #define __return_type NTSTATUS #define _SUCCESS STATUS_SUCCESS #define IS_SUCCESS(x) (NT_SUCCESS(x)) -#define REG_CREATE_FLAGS 0 +#else +#define __return_type uint32_t +#define IS_SUCCESS(x) (x == ERROR_SUCCESS) +#define _SUCCESS NO_ERROR #endif +#include "ebpf_program_types.h" #include "ebpf_windows.h" #define GUID_STRING_LENGTH 38 // not including the null terminator. diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index f5fd04caf9..1935b58690 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -3,19 +3,16 @@ #pragma once -#include "ebpf_program_types.h" #ifdef USER_MODE #include "user\ebpf_registry_helper_um.h" #else #include "kernel\ebpf_registry_helper_km.h" #endif + +#include "ebpf_program_types.h" #include "ebpf_store_helper.h" #include "ebpf_windows.h" -#ifdef USER_MODE -// extern ebpf_registry_key_t ebpf_root_registry_key; -#endif - uint32_t ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key) { diff --git a/libs/store_helper/kernel/ebpf_registry_helper_km.h b/libs/store_helper/kernel/ebpf_registry_helper_km.h index 191d338869..345047c2e5 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper_km.h +++ b/libs/store_helper/kernel/ebpf_registry_helper_km.h @@ -4,6 +4,9 @@ #pragma once #include "ebpf_store_helper.h" +#include "framework.h" + +#define REG_CREATE_FLAGS 0 #ifdef __cplusplus extern "C" diff --git a/libs/store_helper/user/ebpf_registry_helper_um.c b/libs/store_helper/user/ebpf_registry_helper_um.c index 9241ae8fdf..74058446f5 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.c +++ b/libs/store_helper/user/ebpf_registry_helper_um.c @@ -1,78 +1,220 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT -#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers #include "ebpf_registry_helper_um.h" -//#include -#include + +#include +#include +#include +#include +#include + +#ifdef _DEBUG +#define ebpf_assert(x) ASSERT(x) +#else +#define ebpf_assert(x) (void)(x) +#endif // !_DEBUG + +static wchar_t* +_get_wstring_from_string(const char* text) +{ + ebpf_assert(text); + size_t length = strlen(text) + 1; + wchar_t* wide = (wchar_t*)malloc(length * sizeof(wchar_t)); + mbstowcs(wide, text, length); + return wide; +} void close_registry_key(ebpf_registry_key_t key) { + ebpf_assert(key); RegCloseKey(key); } -_Must_inspect_result_ ebpf_registry_result_t -convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length) +ebpf_registry_result_t +write_registry_value_binary(ebpf_registry_key_t key, const wchar_t* value_name, const uint8_t* value, size_t value_size) { - if (guid == NULL || string == NULL || string_length == 0) - return ERROR_INVALID_PARAMETER; + ebpf_assert(value_name); + ebpf_assert(value); + + return RegSetValueEx(key, value_name, 0, REG_BINARY, value, (DWORD)value_size); +} - if (StringFromGUID2(guid, string, string_length) == 0) { +ebpf_registry_result_t +write_registry_value_wide_string(ebpf_registry_key_t key, const wchar_t* value_name, const wchar_t* value) +{ + ebpf_assert(value_name); + ebpf_assert(value); + + size_t length = (wcslen(value) + 1) * sizeof(wchar_t); + return RegSetValueEx(key, value_name, 0, REG_SZ, (const BYTE*)value, (DWORD)length); +} + +ebpf_registry_result_t +write_registry_value_ansi_string(ebpf_registry_key_t key, const wchar_t* value_name, const char* value) +{ + uint32_t result = ERROR_SUCCESS; + + wchar_t* wide_string = _get_wstring_from_string(value); + if (wide_string == NULL) { return ERROR_NOT_ENOUGH_MEMORY; } - return ERROR_SUCCESS; + result = write_registry_value_wide_string(key, value_name, wide_string); + free(wide_string); + + return result; +} + +ebpf_registry_result_t +write_registry_value_dword(ebpf_registry_key_t key, const wchar_t* value_name, uint32_t value) +{ + ebpf_assert(key); + return RegSetValueEx(key, value_name, 0, REG_DWORD, (const BYTE*)&value, sizeof(value)); +} + +ebpf_registry_result_t +create_registry_key(ebpf_registry_key_t root_key, const wchar_t* sub_key, uint32_t flags, ebpf_registry_key_t* key) +{ + *key = NULL; + if (root_key == NULL) { + return ERROR_INVALID_PARAMETER; + } + + return RegCreateKeyEx(root_key, sub_key, 0, NULL, 0, flags, NULL, key, NULL); +} + +uint32_t +open_registry_key(ebpf_registry_key_t root_key, const wchar_t* sub_key, uint32_t flags, ebpf_registry_key_t* key) +{ + ebpf_assert(root_key != NULL); + return RegOpenKeyEx(root_key, sub_key, 0, flags, key); +} + +ebpf_registry_result_t +delete_registry_key(ebpf_registry_key_t root_key, const wchar_t* sub_key) +{ + return RegDeleteKeyEx(root_key, sub_key, 0, 0); +} + +ebpf_registry_result_t +delete_registry_tree(ebpf_registry_key_t root_key, const wchar_t* sub_key) +{ + return RegDeleteTree(root_key, sub_key); } -_Must_inspect_result_ ebpf_registry_result_t -write_registry_value_binary( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) +ebpf_registry_result_t +create_registry_key_ansi(ebpf_registry_key_t root_key, const char* sub_key, uint32_t flags, ebpf_registry_key_t* key) { - return RegSetValueExW(key, value_name, 0, REG_BINARY, value, value_size); + uint32_t result = ERROR_SUCCESS; + + wchar_t* wide_string = _get_wstring_from_string(sub_key); + if (wide_string == NULL) { + return ERROR_NOT_ENOUGH_MEMORY; + } + + result = create_registry_key(root_key, wide_string, flags, key); + free(wide_string); + + return result; } -_Must_inspect_result_ ebpf_registry_result_t -write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) +ebpf_registry_result_t +read_registry_value_string(ebpf_registry_key_t key, const wchar_t* value_name, wchar_t** value) { - wchar_t unicode_value[MAX_PATH]; - size_t value_length = strlen(value) + 1; - MultiByteToWideChar(CP_ACP, 0, value, -1, unicode_value, MAX_PATH); + uint32_t status = ERROR_SUCCESS; + DWORD type = REG_SZ; + DWORD value_size = 0; + wchar_t* string_value = NULL; + + *value = NULL; + status = RegQueryValueEx(key, value_name, 0, &type, NULL, &value_size); + if (status != ERROR_SUCCESS || type != REG_SZ) { + if (type != REG_SZ) { + status = ERROR_INVALID_PARAMETER; + } + return status; + } + + string_value = (wchar_t*)malloc(value_size + sizeof(wchar_t)); + if (string_value == NULL) { + return ERROR_NOT_ENOUGH_MEMORY; + } - LSTATUS status = - RegSetValueExW(key, value_name, 0, REG_SZ, (const BYTE*)unicode_value, value_length * sizeof(wchar_t)); + memset(string_value, 0, value_size + sizeof(wchar_t)); + status = RegQueryValueEx(key, value_name, 0, &type, (BYTE*)string_value, &value_size); if (status != ERROR_SUCCESS) { + free(string_value); return status; } + *value = string_value; - return ERROR_SUCCESS; + return status; +} + +ebpf_registry_result_t +read_registry_value_dword(ebpf_registry_key_t key, const wchar_t* value_name, uint32_t* value) +{ + DWORD type = REG_DWORD; + DWORD value_size = sizeof(uint32_t); + return RegQueryValueEx(key, value_name, 0, &type, (BYTE*)value, &value_size); } -_Must_inspect_result_ ebpf_registry_result_t -write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) +ebpf_registry_result_t +read_registry_value_binary(ebpf_registry_key_t key, const wchar_t* value_name, uint8_t* value, size_t value_size) { - return RegSetValueExW(key, value_name, 0, REG_DWORD, (const BYTE*)&value, sizeof(uint32_t)); + DWORD status = NO_ERROR; + DWORD type = REG_BINARY; + DWORD local_value_size = (DWORD)value_size; + + status = RegQueryValueEx(key, value_name, 0, &type, value, &local_value_size); + if (status != ERROR_SUCCESS || type != REG_BINARY || local_value_size != value_size) { + if (status != ERROR_SUCCESS) { + status = ERROR_INVALID_PARAMETER; + } + return status; + } + + return status; } -_Must_inspect_result_ ebpf_registry_result_t -create_registry_key( - ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) +ebpf_registry_result_t +convert_guid_to_string(const GUID* guid, wchar_t* string, size_t string_size) { - return RegCreateKeyExW(root_key, sub_key, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, key, NULL); + if (string_size < GUID_STRING_LENGTH + 1) { + return ERROR_INSUFFICIENT_BUFFER; + } + + // Convert program type GUID to string. + RPC_WSTR value_name = NULL; + RPC_STATUS rpc_status = UuidToString((GUID*)guid, &value_name); + if (rpc_status != RPC_S_OK) { + return ERROR_INVALID_PARAMETER; + } + + // UuidToString returns string without braces. Add braces to the resulting string. + + // Copy the buffer to the output string. + wcsncpy_s(string, string_size, (wchar_t*)value_name, GUID_STRING_LENGTH); + string[GUID_STRING_LENGTH] = L'\0'; + RpcStringFree(&value_name); + + return ERROR_SUCCESS; } -_Must_inspect_result_ ebpf_registry_result_t -create_registry_key_ansi( - ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) +ebpf_registry_result_t +convert_string_to_guid(const wchar_t* string, GUID* guid) { - wchar_t unicode_sub_key[MAX_PATH]; - size_t sub_key_length = strlen(sub_key) + 1; - MultiByteToWideChar(CP_ACP, 0, sub_key, -1, unicode_sub_key, MAX_PATH); + // The UUID string read from the registry also contains the opening and closing braces. + // Remove those before converting to UUID. + wchar_t truncated_string[GUID_STRING_LENGTH + 1] = {0}; + wcsncpy_s(truncated_string, sizeof(truncated_string) / sizeof(wchar_t), string + 1, wcslen(string) - 2); - LSTATUS status = - RegCreateKeyExW(root_key, unicode_sub_key, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, key, NULL); - if (status != ERROR_SUCCESS) { - return status; + // Convert program type string to GUID + RPC_STATUS rpc_status = UuidFromString((RPC_WSTR)truncated_string, guid); + if (rpc_status != RPC_S_OK) { + return ERROR_INVALID_PARAMETER; } return ERROR_SUCCESS; diff --git a/libs/store_helper/user/ebpf_registry_helper_um.h b/libs/store_helper/user/ebpf_registry_helper_um.h index 64520979a3..592be51b75 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.h +++ b/libs/store_helper/user/ebpf_registry_helper_um.h @@ -5,6 +5,14 @@ #include "ebpf_store_helper.h" +#include +#include + +#define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ) +#define REG_OPEN_FLAGS (DELETE | KEY_READ) + +extern ebpf_registry_key_t ebpf_root_registry_key; + #ifdef __cplusplus extern "C" { From 93af0c4d244f2365a88cfb53fc5bbf6717765f8f Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Fri, 23 Jun 2023 18:30:13 -0700 Subject: [PATCH 05/60] wip --- include/ebpf_store_helper.h | 4 +- include/user/ebpf_registry_helper.h | 76 ------ libs/api_common/api_common.vcxproj | 1 - libs/api_common/api_common.vcxproj.filters | 3 - .../user/ebpf_registry_helper_um.c | 221 ------------------ .../user/ebpf_registry_helper_um.cpp} | 26 ++- .../user/ebpf_registry_helper_um.h | 94 ++++---- libs/store_helper/user/ebpf_store_helper.cpp | 10 + .../user/ebpf_store_helper_um.vcxproj | 30 +-- .../user/ebpf_store_helper_um.vcxproj.filters | 4 +- 10 files changed, 88 insertions(+), 381 deletions(-) delete mode 100644 include/user/ebpf_registry_helper.h delete mode 100644 libs/store_helper/user/ebpf_registry_helper_um.c rename libs/{api_common/registry_helper.cpp => store_helper/user/ebpf_registry_helper_um.cpp} (92%) create mode 100644 libs/store_helper/user/ebpf_store_helper.cpp diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index bb60bb4cda..1658a4a8cc 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -7,17 +7,19 @@ #define __return_type NTSTATUS #define _SUCCESS STATUS_SUCCESS #define IS_SUCCESS(x) (NT_SUCCESS(x)) +typedef HANDLE ebpf_registry_key_t; #else #define __return_type uint32_t #define IS_SUCCESS(x) (x == ERROR_SUCCESS) #define _SUCCESS NO_ERROR +#include +typedef HKEY ebpf_registry_key_t; #endif #include "ebpf_program_types.h" #include "ebpf_windows.h" #define GUID_STRING_LENGTH 38 // not including the null terminator. -typedef HANDLE ebpf_registry_key_t; typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; #ifdef __cplusplus diff --git a/include/user/ebpf_registry_helper.h b/include/user/ebpf_registry_helper.h deleted file mode 100644 index c9975e1bdb..0000000000 --- a/include/user/ebpf_registry_helper.h +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright (c) Microsoft Corporation -// SPDX-License-Identifier: MIT - -#pragma once - -#include "ebpf_api.h" -#include "ebpf_platform.h" -#include "platform.h" - -#define __return_type uint32_t -#define IS_SUCCESS(x) (x == ERROR_SUCCESS) -#define _SUCCESS NO_ERROR - -#define GUID_STRING_LENGTH 38 // not including the null terminator. - -#define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ) -#define REG_OPEN_FLAGS (DELETE | KEY_READ) - -typedef _Return_type_success_(return == 0) uint32_t ebpf_registry_result_t; - -typedef HKEY ebpf_registry_key_t; - -// Issue: #1542 - All API's should be annotated with _Must_inspect_result_ - -void -close_registry_key(ebpf_registry_key_t key); - -_Must_inspect_result_ ebpf_registry_result_t -write_registry_value_binary( - ebpf_registry_key_t key, - _In_z_ const wchar_t* value_name, - _In_reads_(value_size) uint8_t* value, - size_t value_size); - -_Must_inspect_result_ ebpf_registry_result_t -write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); - -_Must_inspect_result_ ebpf_registry_result_t -write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); - -_Must_inspect_result_ ebpf_registry_result_t -create_registry_key( - ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); - -_Success_(return == ERROR_SUCCESS) uint32_t open_registry_key( - ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); - -_Must_inspect_result_ ebpf_registry_result_t -delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key); - -_Must_inspect_result_ ebpf_registry_result_t -delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key); - -_Must_inspect_result_ ebpf_registry_result_t -read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value); - -_Must_inspect_result_ ebpf_registry_result_t -read_registry_value_binary( - ebpf_registry_key_t key, - _In_z_ const wchar_t* value_name, - _Out_writes_(value_size) uint8_t* value, - size_t value_size); - -_Must_inspect_result_ ebpf_registry_result_t -convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size); - -_Must_inspect_result_ ebpf_registry_result_t -convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid); - -_Must_inspect_result_ ebpf_registry_result_t -create_registry_key_ansi( - ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); - -_Must_inspect_result_ ebpf_registry_result_t -read_registry_value_string( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_z_ wchar_t** value); diff --git a/libs/api_common/api_common.vcxproj b/libs/api_common/api_common.vcxproj index b7ef0524ae..a38a56bd4a 100644 --- a/libs/api_common/api_common.vcxproj +++ b/libs/api_common/api_common.vcxproj @@ -185,7 +185,6 @@ - diff --git a/libs/api_common/api_common.vcxproj.filters b/libs/api_common/api_common.vcxproj.filters index 8f4b8c1d37..acb3eaf8b6 100644 --- a/libs/api_common/api_common.vcxproj.filters +++ b/libs/api_common/api_common.vcxproj.filters @@ -31,9 +31,6 @@ Source Files - - Source Files - Source Files diff --git a/libs/store_helper/user/ebpf_registry_helper_um.c b/libs/store_helper/user/ebpf_registry_helper_um.c deleted file mode 100644 index 74058446f5..0000000000 --- a/libs/store_helper/user/ebpf_registry_helper_um.c +++ /dev/null @@ -1,221 +0,0 @@ -// Copyright (c) Microsoft Corporation -// SPDX-License-Identifier: MIT - -#include "ebpf_registry_helper_um.h" - -#include -#include -#include -#include -#include - -#ifdef _DEBUG -#define ebpf_assert(x) ASSERT(x) -#else -#define ebpf_assert(x) (void)(x) -#endif // !_DEBUG - -static wchar_t* -_get_wstring_from_string(const char* text) -{ - ebpf_assert(text); - size_t length = strlen(text) + 1; - wchar_t* wide = (wchar_t*)malloc(length * sizeof(wchar_t)); - mbstowcs(wide, text, length); - return wide; -} - -void -close_registry_key(ebpf_registry_key_t key) -{ - ebpf_assert(key); - RegCloseKey(key); -} - -ebpf_registry_result_t -write_registry_value_binary(ebpf_registry_key_t key, const wchar_t* value_name, const uint8_t* value, size_t value_size) -{ - ebpf_assert(value_name); - ebpf_assert(value); - - return RegSetValueEx(key, value_name, 0, REG_BINARY, value, (DWORD)value_size); -} - -ebpf_registry_result_t -write_registry_value_wide_string(ebpf_registry_key_t key, const wchar_t* value_name, const wchar_t* value) -{ - ebpf_assert(value_name); - ebpf_assert(value); - - size_t length = (wcslen(value) + 1) * sizeof(wchar_t); - return RegSetValueEx(key, value_name, 0, REG_SZ, (const BYTE*)value, (DWORD)length); -} - -ebpf_registry_result_t -write_registry_value_ansi_string(ebpf_registry_key_t key, const wchar_t* value_name, const char* value) -{ - uint32_t result = ERROR_SUCCESS; - - wchar_t* wide_string = _get_wstring_from_string(value); - if (wide_string == NULL) { - return ERROR_NOT_ENOUGH_MEMORY; - } - - result = write_registry_value_wide_string(key, value_name, wide_string); - free(wide_string); - - return result; -} - -ebpf_registry_result_t -write_registry_value_dword(ebpf_registry_key_t key, const wchar_t* value_name, uint32_t value) -{ - ebpf_assert(key); - return RegSetValueEx(key, value_name, 0, REG_DWORD, (const BYTE*)&value, sizeof(value)); -} - -ebpf_registry_result_t -create_registry_key(ebpf_registry_key_t root_key, const wchar_t* sub_key, uint32_t flags, ebpf_registry_key_t* key) -{ - *key = NULL; - if (root_key == NULL) { - return ERROR_INVALID_PARAMETER; - } - - return RegCreateKeyEx(root_key, sub_key, 0, NULL, 0, flags, NULL, key, NULL); -} - -uint32_t -open_registry_key(ebpf_registry_key_t root_key, const wchar_t* sub_key, uint32_t flags, ebpf_registry_key_t* key) -{ - ebpf_assert(root_key != NULL); - return RegOpenKeyEx(root_key, sub_key, 0, flags, key); -} - -ebpf_registry_result_t -delete_registry_key(ebpf_registry_key_t root_key, const wchar_t* sub_key) -{ - return RegDeleteKeyEx(root_key, sub_key, 0, 0); -} - -ebpf_registry_result_t -delete_registry_tree(ebpf_registry_key_t root_key, const wchar_t* sub_key) -{ - return RegDeleteTree(root_key, sub_key); -} - -ebpf_registry_result_t -create_registry_key_ansi(ebpf_registry_key_t root_key, const char* sub_key, uint32_t flags, ebpf_registry_key_t* key) -{ - uint32_t result = ERROR_SUCCESS; - - wchar_t* wide_string = _get_wstring_from_string(sub_key); - if (wide_string == NULL) { - return ERROR_NOT_ENOUGH_MEMORY; - } - - result = create_registry_key(root_key, wide_string, flags, key); - free(wide_string); - - return result; -} - -ebpf_registry_result_t -read_registry_value_string(ebpf_registry_key_t key, const wchar_t* value_name, wchar_t** value) -{ - uint32_t status = ERROR_SUCCESS; - DWORD type = REG_SZ; - DWORD value_size = 0; - wchar_t* string_value = NULL; - - *value = NULL; - status = RegQueryValueEx(key, value_name, 0, &type, NULL, &value_size); - if (status != ERROR_SUCCESS || type != REG_SZ) { - if (type != REG_SZ) { - status = ERROR_INVALID_PARAMETER; - } - return status; - } - - string_value = (wchar_t*)malloc(value_size + sizeof(wchar_t)); - if (string_value == NULL) { - return ERROR_NOT_ENOUGH_MEMORY; - } - - memset(string_value, 0, value_size + sizeof(wchar_t)); - status = RegQueryValueEx(key, value_name, 0, &type, (BYTE*)string_value, &value_size); - if (status != ERROR_SUCCESS) { - free(string_value); - return status; - } - *value = string_value; - - return status; -} - -ebpf_registry_result_t -read_registry_value_dword(ebpf_registry_key_t key, const wchar_t* value_name, uint32_t* value) -{ - DWORD type = REG_DWORD; - DWORD value_size = sizeof(uint32_t); - return RegQueryValueEx(key, value_name, 0, &type, (BYTE*)value, &value_size); -} - -ebpf_registry_result_t -read_registry_value_binary(ebpf_registry_key_t key, const wchar_t* value_name, uint8_t* value, size_t value_size) -{ - DWORD status = NO_ERROR; - DWORD type = REG_BINARY; - DWORD local_value_size = (DWORD)value_size; - - status = RegQueryValueEx(key, value_name, 0, &type, value, &local_value_size); - if (status != ERROR_SUCCESS || type != REG_BINARY || local_value_size != value_size) { - if (status != ERROR_SUCCESS) { - status = ERROR_INVALID_PARAMETER; - } - return status; - } - - return status; -} - -ebpf_registry_result_t -convert_guid_to_string(const GUID* guid, wchar_t* string, size_t string_size) -{ - if (string_size < GUID_STRING_LENGTH + 1) { - return ERROR_INSUFFICIENT_BUFFER; - } - - // Convert program type GUID to string. - RPC_WSTR value_name = NULL; - RPC_STATUS rpc_status = UuidToString((GUID*)guid, &value_name); - if (rpc_status != RPC_S_OK) { - return ERROR_INVALID_PARAMETER; - } - - // UuidToString returns string without braces. Add braces to the resulting string. - - // Copy the buffer to the output string. - wcsncpy_s(string, string_size, (wchar_t*)value_name, GUID_STRING_LENGTH); - string[GUID_STRING_LENGTH] = L'\0'; - RpcStringFree(&value_name); - - return ERROR_SUCCESS; -} - -ebpf_registry_result_t -convert_string_to_guid(const wchar_t* string, GUID* guid) -{ - // The UUID string read from the registry also contains the opening and closing braces. - // Remove those before converting to UUID. - wchar_t truncated_string[GUID_STRING_LENGTH + 1] = {0}; - wcsncpy_s(truncated_string, sizeof(truncated_string) / sizeof(wchar_t), string + 1, wcslen(string) - 2); - - // Convert program type string to GUID - RPC_STATUS rpc_status = UuidFromString((RPC_WSTR)truncated_string, guid); - if (rpc_status != RPC_S_OK) { - return ERROR_INVALID_PARAMETER; - } - - return ERROR_SUCCESS; -} diff --git a/libs/api_common/registry_helper.cpp b/libs/store_helper/user/ebpf_registry_helper_um.cpp similarity index 92% rename from libs/api_common/registry_helper.cpp rename to libs/store_helper/user/ebpf_registry_helper_um.cpp index 114d91a1a8..1a709afb0e 100644 --- a/libs/api_common/registry_helper.cpp +++ b/libs/store_helper/user/ebpf_registry_helper_um.cpp @@ -6,19 +6,30 @@ * @brief Contains user mode registry related helper APIs. */ -#define _SILENCE_CXX17_CODECVT_HEADER_DEPRECATION_WARNING -#include "api_common.hpp" -#include "ebpf_registry_helper.h" - -#include +#include "ebpf_platform.h" +#include "ebpf_registry_helper_um.h" + +#include +//#include +//#include +//#include +//#include +//#include +//#include +//#include #define GUID_STRING_LENGTH 38 // not including the null terminator. static std::wstring _get_wstring_from_string(std::string text) { - std::wstring_convert> converter; - std::wstring wide = converter.from_bytes(text); + // std::wstring_convert> converter; + // std::wstring wide = converter.from_bytes(text); + // return wide; + + int length = MultiByteToWideChar(CP_UTF8, 0, text.c_str(), -1, nullptr, 0); + std::wstring wide(length, 0); + MultiByteToWideChar(CP_UTF8, 0, text.c_str(), -1, &wide[0], length); return wide; } @@ -228,6 +239,7 @@ convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid) // Remove those before converting to UUID. wchar_t truncated_string[GUID_STRING_LENGTH + 1] = {0}; memcpy(truncated_string, string + 1, (wcslen(string) - 2) * sizeof(wchar_t)); + // Convert program type string to GUID auto rpc_status = UuidFromString((RPC_WSTR)truncated_string, guid); if (rpc_status != RPC_S_OK) { diff --git a/libs/store_helper/user/ebpf_registry_helper_um.h b/libs/store_helper/user/ebpf_registry_helper_um.h index 592be51b75..48ead3bef3 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.h +++ b/libs/store_helper/user/ebpf_registry_helper_um.h @@ -5,76 +5,60 @@ #include "ebpf_store_helper.h" -#include -#include - #define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ) #define REG_OPEN_FLAGS (DELETE | KEY_READ) extern ebpf_registry_key_t ebpf_root_registry_key; -#ifdef __cplusplus -extern "C" -{ -#endif - - void - close_registry_key(ebpf_registry_key_t key); - - _Must_inspect_result_ ebpf_registry_result_t - write_registry_value_binary( - ebpf_registry_key_t key, - _In_z_ const wchar_t* value_name, - _In_reads_(value_size) uint8_t* value, - size_t value_size); +void +close_registry_key(ebpf_registry_key_t key); - _Must_inspect_result_ ebpf_registry_result_t - write_registry_value_ansi_string( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); +_Must_inspect_result_ ebpf_registry_result_t +write_registry_value_binary( + ebpf_registry_key_t key, + _In_z_ const wchar_t* value_name, + _In_reads_(value_size) uint8_t* value, + size_t value_size); - _Must_inspect_result_ ebpf_registry_result_t - write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); +_Must_inspect_result_ ebpf_registry_result_t +write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); - _Must_inspect_result_ ebpf_registry_result_t - create_registry_key( - ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); +_Must_inspect_result_ ebpf_registry_result_t +write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); - _Success_(return == ERROR_SUCCESS) uint32_t open_registry_key( - ebpf_registry_key_t root_key, - _In_opt_z_ const wchar_t* sub_key, - uint32_t flags, - _Out_ ebpf_registry_key_t* key); +_Must_inspect_result_ ebpf_registry_result_t +create_registry_key( + ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); - _Must_inspect_result_ ebpf_registry_result_t - delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key); +_Success_(return == ERROR_SUCCESS) uint32_t open_registry_key( + ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); - _Must_inspect_result_ ebpf_registry_result_t - delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key); +_Must_inspect_result_ ebpf_registry_result_t +delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key); - _Must_inspect_result_ ebpf_registry_result_t - read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value); +_Must_inspect_result_ ebpf_registry_result_t +delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key); - _Must_inspect_result_ ebpf_registry_result_t - read_registry_value_binary( - ebpf_registry_key_t key, - _In_z_ const wchar_t* value_name, - _Out_writes_(value_size) uint8_t* value, - size_t value_size); +_Must_inspect_result_ ebpf_registry_result_t +read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value); - _Must_inspect_result_ ebpf_registry_result_t - convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size); +_Must_inspect_result_ ebpf_registry_result_t +read_registry_value_binary( + ebpf_registry_key_t key, + _In_z_ const wchar_t* value_name, + _Out_writes_(value_size) uint8_t* value, + size_t value_size); - _Must_inspect_result_ ebpf_registry_result_t - convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid); +_Must_inspect_result_ ebpf_registry_result_t +convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size); - _Must_inspect_result_ ebpf_registry_result_t - create_registry_key_ansi( - ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); +_Must_inspect_result_ ebpf_registry_result_t +convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid); - _Must_inspect_result_ ebpf_registry_result_t - read_registry_value_string( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_z_ wchar_t** value); +_Must_inspect_result_ ebpf_registry_result_t +create_registry_key_ansi( + ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); -#ifdef __cplusplus -} /* extern "C" */ -#endif \ No newline at end of file +_Must_inspect_result_ ebpf_registry_result_t +read_registry_value_string( + ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_z_ wchar_t** value); diff --git a/libs/store_helper/user/ebpf_store_helper.cpp b/libs/store_helper/user/ebpf_store_helper.cpp new file mode 100644 index 0000000000..0b5dd9efad --- /dev/null +++ b/libs/store_helper/user/ebpf_store_helper.cpp @@ -0,0 +1,10 @@ +// Copyright (c) Microsoft Corporation +// SPDX-License-Identifier: MIT + +#include "ebpf_store_helper.h" +#include "user\ebpf_registry_helper_um.h" + +//#include +//#include + +#include "ebpf_store_helper.c" \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_store_helper_um.vcxproj b/libs/store_helper/user/ebpf_store_helper_um.vcxproj index c4ded9cb55..58773aabea 100644 --- a/libs/store_helper/user/ebpf_store_helper_um.vcxproj +++ b/libs/store_helper/user/ebpf_store_helper_um.vcxproj @@ -16,12 +16,9 @@ {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A} - v4.5 12.0 Debug - Win32 store_helper_um - KMDF ebpf_store_helper_um $(LatestTargetPlatformVersion) @@ -29,18 +26,16 @@ Windows10 true - WindowsKernelModeDriver10.0 + v143 StaticLibrary - Universal Unicode false Windows10 false - WindowsKernelModeDriver10.0 + v143 StaticLibrary - Universal Unicode false @@ -52,21 +47,22 @@ - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src;..\ + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;..\ $(SolutionDir)$(Platform)\$(ConfigurationName)\ + $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64) - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src;..\ + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;..\ $(SolutionDir)$(Platform)\$(ConfigurationName)\ + $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64) Level3 true - _DEBUG;_LIB;%(PreprocessorDefinitions);USER_MODE + _DEBUG;_LIB;USER_MODE;%(PreprocessorDefinitions) true NotUsing - pch.h @@ -80,10 +76,9 @@ true true true - NDEBUG;_LIB;%(PreprocessorDefinitions);USER_MODE + NDEBUG;_LIB;USER_MODE;%(PreprocessorDefinitions) true NotUsing - pch.h @@ -94,13 +89,18 @@ - - + + + + + {c26cb6a9-158c-4a9e-a243-755ddd98e5fe} + + diff --git a/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters b/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters index 855b6c6a40..ba3b1e4dcc 100644 --- a/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters +++ b/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters @@ -13,10 +13,10 @@ - + Source Files - + Source Files From 4662099eb6c289f08b046549986937a7ace52cd7 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 17 Jul 2023 11:54:19 -0700 Subject: [PATCH 06/60] wip - km & um compile --- libs/store_helper/user/ebpf_registry_helper_um.cpp | 1 + libs/store_helper/user/ebpf_store_helper.cpp | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/libs/store_helper/user/ebpf_registry_helper_um.cpp b/libs/store_helper/user/ebpf_registry_helper_um.cpp index 1a709afb0e..67c5971835 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.cpp +++ b/libs/store_helper/user/ebpf_registry_helper_um.cpp @@ -23,6 +23,7 @@ static std::wstring _get_wstring_from_string(std::string text) { + // This is deprecated // std::wstring_convert> converter; // std::wstring wide = converter.from_bytes(text); // return wide; diff --git a/libs/store_helper/user/ebpf_store_helper.cpp b/libs/store_helper/user/ebpf_store_helper.cpp index 0b5dd9efad..7574ec5fc1 100644 --- a/libs/store_helper/user/ebpf_store_helper.cpp +++ b/libs/store_helper/user/ebpf_store_helper.cpp @@ -4,7 +4,7 @@ #include "ebpf_store_helper.h" #include "user\ebpf_registry_helper_um.h" -//#include -//#include +#include +// Incluce the same C code as CPP #include "ebpf_store_helper.c" \ No newline at end of file From 9f7b46128c7e7c93ef6b672b0cc48b70189321d1 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 17 Jul 2023 11:57:47 -0700 Subject: [PATCH 07/60] fix --- libs/store_helper/user/ebpf_store_helper.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libs/store_helper/user/ebpf_store_helper.cpp b/libs/store_helper/user/ebpf_store_helper.cpp index 7574ec5fc1..9af992d1a6 100644 --- a/libs/store_helper/user/ebpf_store_helper.cpp +++ b/libs/store_helper/user/ebpf_store_helper.cpp @@ -1,10 +1,12 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT +#ifdef USER_MODE +#include +#endif + #include "ebpf_store_helper.h" #include "user\ebpf_registry_helper_um.h" -#include - // Incluce the same C code as CPP #include "ebpf_store_helper.c" \ No newline at end of file From c331effbb96926ddd5112c10d81ce62a6f218085 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 17 Jul 2023 12:37:45 -0700 Subject: [PATCH 08/60] fix include order --- include/ebpf_store_helper.h | 3 ++- libs/store_helper/kernel/ebpf_registry_helper_km.h | 1 - libs/store_helper/user/ebpf_registry_helper_um.cpp | 7 ------- 3 files changed, 2 insertions(+), 9 deletions(-) diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index 1658a4a8cc..4f89c4bb39 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -4,15 +4,16 @@ #pragma once #ifndef USER_MODE +#include "framework.h" #define __return_type NTSTATUS #define _SUCCESS STATUS_SUCCESS #define IS_SUCCESS(x) (NT_SUCCESS(x)) typedef HANDLE ebpf_registry_key_t; #else +#include #define __return_type uint32_t #define IS_SUCCESS(x) (x == ERROR_SUCCESS) #define _SUCCESS NO_ERROR -#include typedef HKEY ebpf_registry_key_t; #endif diff --git a/libs/store_helper/kernel/ebpf_registry_helper_km.h b/libs/store_helper/kernel/ebpf_registry_helper_km.h index 345047c2e5..d299eece22 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper_km.h +++ b/libs/store_helper/kernel/ebpf_registry_helper_km.h @@ -4,7 +4,6 @@ #pragma once #include "ebpf_store_helper.h" -#include "framework.h" #define REG_CREATE_FLAGS 0 diff --git a/libs/store_helper/user/ebpf_registry_helper_um.cpp b/libs/store_helper/user/ebpf_registry_helper_um.cpp index 67c5971835..4aaffcf698 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.cpp +++ b/libs/store_helper/user/ebpf_registry_helper_um.cpp @@ -10,13 +10,6 @@ #include "ebpf_registry_helper_um.h" #include -//#include -//#include -//#include -//#include -//#include -//#include -//#include #define GUID_STRING_LENGTH 38 // not including the null terminator. From b8ef664d9aaad88452486fbf6960cc529688e7f0 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 17 Jul 2023 13:47:49 -0700 Subject: [PATCH 09/60] wip --- libs/store_helper/user/ebpf_store_helper.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/store_helper/user/ebpf_store_helper.cpp b/libs/store_helper/user/ebpf_store_helper.cpp index 9af992d1a6..1f194baedc 100644 --- a/libs/store_helper/user/ebpf_store_helper.cpp +++ b/libs/store_helper/user/ebpf_store_helper.cpp @@ -8,5 +8,5 @@ #include "ebpf_store_helper.h" #include "user\ebpf_registry_helper_um.h" -// Incluce the same C code as CPP +// Include the same C code as CPP #include "ebpf_store_helper.c" \ No newline at end of file From b2a4e2d6fe1559e27e54930283edc7c4312d3237 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 17 Jul 2023 19:38:59 -0700 Subject: [PATCH 10/60] wip --- include/ebpf_store_helper.h | 17 ++++++++------- installer/Product.wxs | 4 ++-- .../kernel/ebpf_registry_helper_km.h | 3 +++ .../kernel/ebpf_store_helper_km.vcxproj | 19 +++++++---------- .../user/ebpf_registry_helper_um.h | 3 +++ libs/store_helper/user/ebpf_store_helper.cpp | 8 +++---- .../user/ebpf_store_helper_um.vcxproj | 21 +++++++------------ 7 files changed, 35 insertions(+), 40 deletions(-) diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index 4f89c4bb39..cbd4700207 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -10,7 +10,8 @@ #define IS_SUCCESS(x) (NT_SUCCESS(x)) typedef HANDLE ebpf_registry_key_t; #else -#include +#define WIN32_LEAN_AND_MEAN +#include #define __return_type uint32_t #define IS_SUCCESS(x) (x == ERROR_SUCCESS) #define _SUCCESS NO_ERROR @@ -23,10 +24,10 @@ typedef HKEY ebpf_registry_key_t; #define GUID_STRING_LENGTH 38 // not including the null terminator. typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; -#ifdef __cplusplus -extern "C" -{ -#endif +//#ifdef __cplusplus +//extern "C" +//{ +//#endif #ifdef USER_MODE extern ebpf_registry_key_t ebpf_root_registry_key; @@ -75,6 +76,6 @@ extern "C" ebpf_store_update_global_helper_information( _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); -#ifdef __cplusplus -} /* extern "C" */ -#endif \ No newline at end of file +//#ifdef __cplusplus +//} /* extern "C" */ +//#endif \ No newline at end of file diff --git a/installer/Product.wxs b/installer/Product.wxs index 691dd43cdb..cdb643a890 100644 --- a/installer/Product.wxs +++ b/installer/Product.wxs @@ -366,7 +366,7 @@ SPDX-License-Identifier: MIT - + @@ -586,7 +586,7 @@ SPDX-License-Identifier: MIT - + diff --git a/libs/store_helper/kernel/ebpf_registry_helper_km.h b/libs/store_helper/kernel/ebpf_registry_helper_km.h index d299eece22..3554608094 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper_km.h +++ b/libs/store_helper/kernel/ebpf_registry_helper_km.h @@ -5,6 +5,9 @@ #include "ebpf_store_helper.h" +#ifdef USER_MODE +#undefine USER_MODE +#endif #define REG_CREATE_FLAGS 0 #ifdef __cplusplus diff --git a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj index 94e251f53a..37ab9d069b 100644 --- a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj +++ b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj @@ -16,12 +16,11 @@ {3569e946-c8b4-49ee-a89d-edd09dc9f36e} - v4.5 12.0 Debug Win32 - store_helper_km KMDF + store_helper_km ebpf_store_helper_km $(LatestTargetPlatformVersion) @@ -30,8 +29,8 @@ Windows10 true WindowsKernelModeDriver10.0 - StaticLibrary Universal + StaticLibrary Unicode false @@ -39,8 +38,8 @@ Windows10 false WindowsKernelModeDriver10.0 - StaticLibrary Universal + StaticLibrary Unicode false @@ -53,11 +52,11 @@ $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src - $(SolutionDir)$(Platform)\$(ConfigurationName)\ + $(SolutionDir)$(Platform)\$(Configuration)\ $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src;..\ - $(SolutionDir)$(Platform)\$(ConfigurationName)\ + $(SolutionDir)$(Platform)\$(Configuration)\ @@ -66,11 +65,9 @@ _DEBUG;_LIB;%(PreprocessorDefinitions) true NotUsing - pch.h - - + true @@ -83,11 +80,9 @@ NDEBUG;_LIB;%(PreprocessorDefinitions) true NotUsing - pch.h - - + true true true diff --git a/libs/store_helper/user/ebpf_registry_helper_um.h b/libs/store_helper/user/ebpf_registry_helper_um.h index 48ead3bef3..bc807c2e55 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.h +++ b/libs/store_helper/user/ebpf_registry_helper_um.h @@ -5,6 +5,9 @@ #include "ebpf_store_helper.h" +#ifndef USER_MODE +#define USER_MODE +#endif #define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ) #define REG_OPEN_FLAGS (DELETE | KEY_READ) diff --git a/libs/store_helper/user/ebpf_store_helper.cpp b/libs/store_helper/user/ebpf_store_helper.cpp index 1f194baedc..6edfff5dc6 100644 --- a/libs/store_helper/user/ebpf_store_helper.cpp +++ b/libs/store_helper/user/ebpf_store_helper.cpp @@ -1,12 +1,12 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT -#ifdef USER_MODE -#include -#endif - #include "ebpf_store_helper.h" #include "user\ebpf_registry_helper_um.h" +#ifdef USER_MODE +#include +#endif + // Include the same C code as CPP #include "ebpf_store_helper.c" \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_store_helper_um.vcxproj b/libs/store_helper/user/ebpf_store_helper_um.vcxproj index 58773aabea..906cacd5ac 100644 --- a/libs/store_helper/user/ebpf_store_helper_um.vcxproj +++ b/libs/store_helper/user/ebpf_store_helper_um.vcxproj @@ -20,7 +20,7 @@ Debug store_helper_um ebpf_store_helper_um - $(LatestTargetPlatformVersion) + 10.0 @@ -48,13 +48,13 @@ $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;..\ - $(SolutionDir)$(Platform)\$(ConfigurationName)\ $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64) + $(SolutionDir)$(Platform)\$(Configuration)\ $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;..\ - $(SolutionDir)$(Platform)\$(ConfigurationName)\ $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64) + $(SolutionDir)$(Platform)\$(Configuration)\ @@ -65,8 +65,7 @@ NotUsing - - + true @@ -81,25 +80,19 @@ NotUsing - - + true true true - - - - - - {c26cb6a9-158c-4a9e-a243-755ddd98e5fe} - + + From 2313155055bdfd1b617b2e9acbcb035a7cbf42b9 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 17 Jul 2023 22:45:07 -0700 Subject: [PATCH 11/60] wip --- include/ebpf_store_helper.h | 81 ++++++++++---------- libs/store_helper/ebpf_store_helper.c | 8 +- libs/store_helper/user/ebpf_store_helper.cpp | 7 -- 3 files changed, 44 insertions(+), 52 deletions(-) diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index cbd4700207..cbeba9529e 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -12,6 +12,7 @@ typedef HANDLE ebpf_registry_key_t; #else #define WIN32_LEAN_AND_MEAN #include +#include #define __return_type uint32_t #define IS_SUCCESS(x) (x == ERROR_SUCCESS) #define _SUCCESS NO_ERROR @@ -25,56 +26,56 @@ typedef HKEY ebpf_registry_key_t; typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; //#ifdef __cplusplus -//extern "C" +// extern "C" //{ //#endif #ifdef USER_MODE - extern ebpf_registry_key_t ebpf_root_registry_key; +extern ebpf_registry_key_t ebpf_root_registry_key; #endif - uint32_t - ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key); +uint32_t +ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key); - __return_type - ebpf_store_update_helper_prototype( - ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); +__return_type +ebpf_store_update_helper_prototype( + ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); - /** - * @brief Update section information in eBPF store. - * - * @param[in] section_info Pointer to an array of section information. - * @param[in] section_info_count Count of section information entries. - * - * @returns Status of the operation. - */ - __return_type - ebpf_store_update_section_information( - _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count); +/** + * @brief Update section information in eBPF store. + * + * @param[in] section_info Pointer to an array of section information. + * @param[in] section_info_count Count of section information entries. + * + * @returns Status of the operation. + */ +__return_type +ebpf_store_update_section_information( + _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count); - /** - * @brief Update program information in eBPF store. - * - * @param[in] program_info Pointer to an array of program information. - * @param[in] program_info_count Count of program information entries. - * - * @returns Status of the operation. - */ - __return_type - ebpf_store_update_program_information( - _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count); +/** + * @brief Update program information in eBPF store. + * + * @param[in] program_info Pointer to an array of program information. + * @param[in] program_info_count Count of program information entries. + * + * @returns Status of the operation. + */ +__return_type +ebpf_store_update_program_information( + _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count); - /** - * @brief Update global helper information in eBPF store. - * - * @param[in] helper_info Pointer to an array of helper function prototypes. - * @param[in] helper_info_count Count of helper function prototypes. - * - * @returns Status of the operation. - */ - __return_type - ebpf_store_update_global_helper_information( - _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); +/** + * @brief Update global helper information in eBPF store. + * + * @param[in] helper_info Pointer to an array of helper function prototypes. + * @param[in] helper_info_count Count of helper function prototypes. + * + * @returns Status of the operation. + */ +__return_type +ebpf_store_update_global_helper_information( + _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); //#ifdef __cplusplus //} /* extern "C" */ diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index 1935b58690..a20dc034ae 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -1,12 +1,10 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT -#pragma once - -#ifdef USER_MODE -#include "user\ebpf_registry_helper_um.h" -#else +#ifndef USER_MODE #include "kernel\ebpf_registry_helper_km.h" +#else +#include "user\ebpf_registry_helper_um.h" #endif #include "ebpf_program_types.h" diff --git a/libs/store_helper/user/ebpf_store_helper.cpp b/libs/store_helper/user/ebpf_store_helper.cpp index 6edfff5dc6..ee2291077a 100644 --- a/libs/store_helper/user/ebpf_store_helper.cpp +++ b/libs/store_helper/user/ebpf_store_helper.cpp @@ -1,12 +1,5 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT -#include "ebpf_store_helper.h" -#include "user\ebpf_registry_helper_um.h" - -#ifdef USER_MODE -#include -#endif - // Include the same C code as CPP #include "ebpf_store_helper.c" \ No newline at end of file From 7a08efb14582b8a92e30f527e83eb641e9f4ceba Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 17 Jul 2023 23:19:23 -0700 Subject: [PATCH 12/60] wip - api_common --- libs/api_common/api_common.vcxproj | 19 ++++++++++++++----- libs/api_common/store_helper_internal.cpp | 19 ++++++++++++------- libs/api_common/windows_platform_common.cpp | 3 ++- 3 files changed, 28 insertions(+), 13 deletions(-) diff --git a/libs/api_common/api_common.vcxproj b/libs/api_common/api_common.vcxproj index a38a56bd4a..4ca2b71222 100644 --- a/libs/api_common/api_common.vcxproj +++ b/libs/api_common/api_common.vcxproj @@ -104,7 +104,7 @@ - _DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + _DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);USER_MODE true NotUsing pch.h @@ -115,10 +115,11 @@ true false + - _DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + _DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);USER_MODE true NotUsing pch.h @@ -129,10 +130,11 @@ true false + - _DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + _DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);USER_MODE true NotUsing pch.h @@ -149,7 +151,7 @@ - NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);USER_MODE true NotUsing pch.h @@ -162,10 +164,11 @@ true false + - NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);USER_MODE true NotUsing pch.h @@ -178,6 +181,7 @@ true false + @@ -198,5 +202,10 @@ + + + {aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a} + + \ No newline at end of file diff --git a/libs/api_common/store_helper_internal.cpp b/libs/api_common/store_helper_internal.cpp index 2e5dcb5d9a..1b703280f4 100644 --- a/libs/api_common/store_helper_internal.cpp +++ b/libs/api_common/store_helper_internal.cpp @@ -1,8 +1,10 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT -#include "ebpf_registry_helper.h" +#include "..\libs\store_helper\user\ebpf_registry_helper_um.h" +#include "ebpf_program_attach_type_guids.h" #include "ebpf_serialize.h" +#include "ebpf_store_helper.h" #include "ebpf_utilities.h" #include "store_helper_internal.h" #include "utilities.hpp" @@ -81,7 +83,7 @@ _load_helper_prototype( Exit: if (helper_info_key) { - close_registry_key(helper_info_key); + close_registry_key(static_cast(helper_info_key)); } return result; } @@ -108,7 +110,8 @@ _load_program_data_information( *program_info = nullptr; try { - status = open_registry_key(program_data_key, program_type_string, KEY_READ, &program_info_key); + status = + open_registry_key(program_data_key, program_type_string, KEY_READ, (ebpf_registry_key_t*)&program_info_key); if (status != ERROR_SUCCESS) { // Registry path is not present. result = EBPF_FILE_NOT_FOUND; @@ -317,7 +320,8 @@ ebpf_store_load_program_information( } // Open program data registry path. - status = open_registry_key(store_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, KEY_READ, &program_data_key); + status = open_registry_key( + store_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, KEY_READ, (ebpf_registry_key_t*)&program_data_key); if (status != ERROR_SUCCESS) { if (status != ERROR_FILE_NOT_FOUND) { result = win32_error_code_to_ebpf_result(status); @@ -406,7 +410,7 @@ _load_section_data_information( ebpf_section_definition_t* section_information = nullptr; try { - status = open_registry_key(section_data_key, section_name, KEY_READ, §ion_info_key); + status = open_registry_key(section_data_key, section_name, KEY_READ, (ebpf_registry_key_t*)§ion_info_key); if (status != ERROR_SUCCESS) { // Registry path is not present. result = EBPF_FILE_NOT_FOUND; @@ -521,7 +525,7 @@ ebpf_store_load_section_information( goto Exit; } - status = RegOpenKeyEx(store_key, EBPF_SECTIONS_REGISTRY_PATH, 0, KEY_READ, §ion_data_key); + status = RegOpenKeyEx(static_cast(store_key), EBPF_SECTIONS_REGISTRY_PATH, 0, KEY_READ, §ion_data_key); if (status != ERROR_SUCCESS) { if (status != ERROR_FILE_NOT_FOUND) { result = win32_error_code_to_ebpf_result(status); @@ -621,7 +625,8 @@ ebpf_store_load_global_helper_information( } // Open program data registry path. - status = open_registry_key(store_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, KEY_READ, &global_helpers_key); + status = open_registry_key( + store_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, KEY_READ, (ebpf_registry_key_t*)&global_helpers_key); if (status != ERROR_SUCCESS) { if (status != ERROR_FILE_NOT_FOUND) { result = win32_error_code_to_ebpf_result(status); diff --git a/libs/api_common/windows_platform_common.cpp b/libs/api_common/windows_platform_common.cpp index beb9dd8e07..38d3f30459 100644 --- a/libs/api_common/windows_platform_common.cpp +++ b/libs/api_common/windows_platform_common.cpp @@ -1,6 +1,7 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT +#include "..\libs\store_helper\user\ebpf_registry_helper_um.h" #include "api_common.hpp" #include "api_internal.h" #include "crab_verifier_wrapper.hpp" @@ -8,8 +9,8 @@ #include "ebpf_api.h" #include "ebpf_nethooks.h" #include "ebpf_protocol.h" -#include "ebpf_registry_helper.h" #include "ebpf_serialize.h" +#include "ebpf_store_helper.h" #include "ebpf_tracelog.h" #include "helpers.hpp" #include "map_descriptors.hpp" From 36c878af59b264075bd07730663d9c805286f96a Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 17 Jul 2023 23:34:10 -0700 Subject: [PATCH 13/60] wip - updated projects --- libs/platform/kernel/platform_kernel.vcxproj | 5 +++++ netebpfext/sys/netebpfext.vcxproj | 2 +- netebpfext/user/netebpfext_user.vcxproj | 3 --- .../netebpfext_fuzzer/netebpfext_fuzzer.vcxproj | 6 ------ tests/netebpfext_unit/netebpf_ext_helper.h | 3 ++- tests/unit/test.vcxproj | 13 +++++-------- tools/export_program_info/export_program_info.cpp | 1 - .../export_program_info/export_program_info.vcxproj | 11 +++++------ .../export_program_info.vcxproj.filters | 3 --- 9 files changed, 18 insertions(+), 29 deletions(-) diff --git a/libs/platform/kernel/platform_kernel.vcxproj b/libs/platform/kernel/platform_kernel.vcxproj index 5e482efd8b..eb1d76c46a 100644 --- a/libs/platform/kernel/platform_kernel.vcxproj +++ b/libs/platform/kernel/platform_kernel.vcxproj @@ -62,6 +62,11 @@ + + + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + + {FC3F9998-4085-4767-8386-5453F07C3AAD} {0a049372-4c4d-4ea0-a64e-dc6ad88ceca1} diff --git a/netebpfext/sys/netebpfext.vcxproj b/netebpfext/sys/netebpfext.vcxproj index 6562ef231f..cdadc36d2a 100644 --- a/netebpfext/sys/netebpfext.vcxproj +++ b/netebpfext/sys/netebpfext.vcxproj @@ -235,7 +235,7 @@ - + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} diff --git a/netebpfext/user/netebpfext_user.vcxproj b/netebpfext/user/netebpfext_user.vcxproj index b72628f633..dfbf2255be 100644 --- a/netebpfext/user/netebpfext_user.vcxproj +++ b/netebpfext/user/netebpfext_user.vcxproj @@ -87,7 +87,6 @@ mincore.lib;%(AdditionalDependencies) - ebpf_store_helper.lib %(AdditionalOptions) $(SolutionDir)$(Platform)\$(ConfigurationName)\ @@ -107,7 +106,6 @@ false - ebpf_store_helper.lib %(AdditionalOptions) $(SolutionDir)$(Platform)\$(ConfigurationName)\ @@ -127,7 +125,6 @@ mincore.lib;%(AdditionalDependencies) - ebpf_store_helper.lib %(AdditionalOptions) $(SolutionDir)$(Platform)\$(ConfigurationName)\ diff --git a/tests/libfuzzer/netebpfext_fuzzer/netebpfext_fuzzer.vcxproj b/tests/libfuzzer/netebpfext_fuzzer/netebpfext_fuzzer.vcxproj index a0f780f6e8..03dd695c6b 100644 --- a/tests/libfuzzer/netebpfext_fuzzer/netebpfext_fuzzer.vcxproj +++ b/tests/libfuzzer/netebpfext_fuzzer/netebpfext_fuzzer.vcxproj @@ -72,7 +72,6 @@ Console $(FuzzerLibs);mincore.lib;%(AdditionalDependencies) $(VCToolsInstallDir)lib\$(Platform);$(SolutionDir)$(Platform)\$(ConfigurationName)\ - ebpf_store_helper.lib %(AdditionalOptions) @@ -84,7 +83,6 @@ Console $(FuzzerLibs);mincore.lib;%(AdditionalDependencies) $(VCToolsInstallDir)lib\$(Platform);$(SolutionDir)$(Platform)\$(ConfigurationName)\ - ebpf_store_helper.lib %(AdditionalOptions) @@ -97,7 +95,6 @@ true $(FuzzerLibs);mincore.lib;%(AdditionalDependencies) $(VCToolsInstallDir)lib\$(Platform);$(SolutionDir)$(Platform)\$(ConfigurationName)\ - ebpf_store_helper.lib %(AdditionalOptions) @@ -114,9 +111,6 @@ {c26cb6a9-158c-4a9e-a243-755ddd98e5fe} - - {aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a} - {630bb78f-6211-41d8-8e3a-096e22e169ef} diff --git a/tests/netebpfext_unit/netebpf_ext_helper.h b/tests/netebpfext_unit/netebpf_ext_helper.h index 00681ca23c..82445aa602 100644 --- a/tests/netebpfext_unit/netebpf_ext_helper.h +++ b/tests/netebpfext_unit/netebpf_ext_helper.h @@ -13,8 +13,9 @@ } #endif +#include "..\libs\store_helper\kernel\ebpf_registry_helper_km.h" #include "ebpf_extension_uuids.h" -#include "ebpf_registry_helper.h" +#include "ebpf_store_helper.h" #include "fwp_um.h" #include diff --git a/tests/unit/test.vcxproj b/tests/unit/test.vcxproj index 3bb3871257..62000072b5 100644 --- a/tests/unit/test.vcxproj +++ b/tests/unit/test.vcxproj @@ -108,7 +108,7 @@ - _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + _DEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE true $(SolutionDir)libs\api_common;$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\ebpfnetsh;$(SolutionDir)tests\libs\util;$(SolutionDir)tests\libs\common;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)libs\service;$(SolutionDir)rpc_interface;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)libs\execution_context;$(SolutionDir)tests\end_to_end;$(SolutionDir)tests\sample;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)\tests\xdp;$(SolutionDir)tools\export_program_info;$(SolutionDir)libs\thunk;$(SolutionDir)libs\thunk\mock;$(SolutionDir)\netebpfext;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;$(SolutionDir)external\bpftool;$(SolutionDir)include\user;%(AdditionalIncludeDirectories) @@ -121,7 +121,7 @@ - _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + _DEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE true $(SolutionDir)libs\api_common;$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\ebpfnetsh;$(SolutionDir)tests\libs\util;$(SolutionDir)tests\libs\common;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)libs\service;$(SolutionDir)rpc_interface;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)libs\execution_context;$(SolutionDir)tests\end_to_end;$(SolutionDir)tests\sample;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)\tests\xdp;$(SolutionDir)tools\export_program_info;$(SolutionDir)libs\thunk;$(SolutionDir)libs\thunk\mock;$(SolutionDir)\netebpfext;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;$(SolutionDir)external\bpftool;$(SolutionDir)include\user;%(AdditionalIncludeDirectories) @@ -134,7 +134,7 @@ - _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + _DEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE true $(SolutionDir)libs\api_common;$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\ebpfnetsh;$(SolutionDir)tests\libs\util;$(SolutionDir)tests\libs\common;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)libs\service;$(SolutionDir)rpc_interface;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)libs\execution_context;$(SolutionDir)tests\end_to_end;$(SolutionDir)tests\sample;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)\tests\xdp;$(SolutionDir)tools\export_program_info;$(SolutionDir)libs\thunk;$(SolutionDir)libs\thunk\mock;$(SolutionDir)\netebpfext;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;$(SolutionDir)external\bpftool;$(SolutionDir)include\user;%(AdditionalIncludeDirectories) @@ -147,7 +147,7 @@ - NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE true $(SolutionDir)libs\api_common;$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\ebpfnetsh;$(SolutionDir)tests\libs\util;$(SolutionDir)tests\libs\common;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)libs\service;$(SolutionDir)rpc_interface;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)libs\execution_context;$(SolutionDir)tests\end_to_end;$(SolutionDir)tests\sample;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)\tests\xdp;$(SolutionDir)tools\export_program_info;$(SolutionDir)libs\thunk;$(SolutionDir)libs\thunk\mock;$(SolutionDir)\netebpfext;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;$(SolutionDir)external\bpftool;$(SolutionDir)include\user;%(AdditionalIncludeDirectories) @@ -162,7 +162,7 @@ - NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE true $(SolutionDir)libs\api_common;$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\ebpfnetsh;$(SolutionDir)tests\libs\util;$(SolutionDir)tests\libs\common;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)libs\service;$(SolutionDir)rpc_interface;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)libs\execution_context;$(SolutionDir)tests\end_to_end;$(SolutionDir)tests\sample;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)\tests\xdp;$(SolutionDir)tools\export_program_info;$(SolutionDir)libs\thunk;$(SolutionDir)libs\thunk\mock;$(SolutionDir)\netebpfext;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;$(SolutionDir)external\bpftool;$(SolutionDir)include\user;%(AdditionalIncludeDirectories) @@ -200,9 +200,6 @@ {c26cb6a9-158c-4a9e-a243-755ddd98e5fe} - - {aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a} - {1423245d-0249-40fc-a077-ff7780acfe3f} diff --git a/tools/export_program_info/export_program_info.cpp b/tools/export_program_info/export_program_info.cpp index cb227972ab..a96b59ad8a 100644 --- a/tools/export_program_info/export_program_info.cpp +++ b/tools/export_program_info/export_program_info.cpp @@ -1,7 +1,6 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT -#define USER_MODE #define _SILENCE_CXX17_CODECVT_HEADER_DEPRECATION_WARNING #include "ebpf_api.h" diff --git a/tools/export_program_info/export_program_info.vcxproj b/tools/export_program_info/export_program_info.vcxproj index ebb5621fe9..42d729a324 100644 --- a/tools/export_program_info/export_program_info.vcxproj +++ b/tools/export_program_info/export_program_info.vcxproj @@ -113,7 +113,7 @@ - _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + _DEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE true $(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)libs\execution_context;$(SolutionDir)external\ubpf\vm;$(SolutionDir)external\ubpf\vm\inc;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)external\ebpf-verifier\external;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)tests\sample\ext\drv;$(OutDir);$(SolutionDir)libs\thunk;$(SolutionDir)\netebpfext;$(SolutionDir)\libs\api_common;$(SolutionDir)include\user;$(SolutionDir)external\ebpf-verifier\build\packages\boost\lib\native\include;%(AdditionalIncludeDirectories) @@ -136,7 +136,7 @@ $(OutputPath)export_program_info.exe - _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + _DEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE true $(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)libs\execution_context;$(SolutionDir)external\ubpf\vm;$(SolutionDir)external\ubpf\vm\inc;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)external\ebpf-verifier\external;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)tests\sample\ext\drv;$(OutDir);$(SolutionDir)libs\thunk;$(SolutionDir)\netebpfext;$(SolutionDir)\libs\api_common;$(SolutionDir)include\user;%(AdditionalIncludeDirectories) @@ -159,7 +159,7 @@ $(OutputPath)export_program_info.exe - _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + _DEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE true $(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)libs\execution_context;$(SolutionDir)external\ubpf\vm;$(SolutionDir)external\ubpf\vm\inc;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)external\ebpf-verifier\external;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)tests\sample\ext\drv;$(OutDir);$(SolutionDir)libs\thunk;$(SolutionDir)\netebpfext;$(SolutionDir)\libs\api_common;$(SolutionDir)include\user;$(SolutionDir)external\ebpf-verifier\build\packages\boost\lib\native\include;%(AdditionalIncludeDirectories) @@ -182,7 +182,7 @@ $(OutputPath)export_program_info.exe - NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE true $(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)libs\execution_context;$(SolutionDir)external\ubpf\vm;$(SolutionDir)external\ubpf\vm\inc;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)external\ebpf-verifier\external;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)tests\sample\ext\drv;$(OutDir);$(SolutionDir)libs\thunk;$(SolutionDir)\netebpfext;$(SolutionDir)\libs\api_common;$(SolutionDir)include\user;$(SolutionDir)external\ebpf-verifier\build\packages\boost\lib\native\include;%(AdditionalIncludeDirectories) @@ -206,7 +206,7 @@ $(OutputPath)export_program_info.exe - NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE true $(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)libs\execution_context;$(SolutionDir)external\ubpf\vm;$(SolutionDir)external\ubpf\vm\inc;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)external\ebpf-verifier\external;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)tests\sample\ext\drv;$(OutDir);$(SolutionDir)libs\thunk;$(SolutionDir)\netebpfext;$(SolutionDir)\libs\api_common;$(SolutionDir)include\user;%(AdditionalIncludeDirectories) @@ -229,7 +229,6 @@ $(OutputPath)export_program_info.exe - diff --git a/tools/export_program_info/export_program_info.vcxproj.filters b/tools/export_program_info/export_program_info.vcxproj.filters index d072dbade3..9f83e6dae3 100644 --- a/tools/export_program_info/export_program_info.vcxproj.filters +++ b/tools/export_program_info/export_program_info.vcxproj.filters @@ -28,9 +28,6 @@ Source Files - - Source Files - Source Files From a8027c3a5209cfd0380c6b0cf63cb9bb01433ec9 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 17 Jul 2023 23:47:20 -0700 Subject: [PATCH 14/60] wip --- netebpfext/user/netebpfext_user.vcxproj | 2 +- tests/netebpfext_unit/netebpfext_unit.vcxproj | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/netebpfext/user/netebpfext_user.vcxproj b/netebpfext/user/netebpfext_user.vcxproj index dfbf2255be..a41f94ac00 100644 --- a/netebpfext/user/netebpfext_user.vcxproj +++ b/netebpfext/user/netebpfext_user.vcxproj @@ -112,7 +112,7 @@ true - NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;_CONSOLE;USER_MODE;%(PreprocessorDefinitions) $(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\user;$(SolutionDir)netebpfext;$(SolutionDir)netebpfext\user;$(SolutionDir)libs\thunk;$(SolutionDir)tests\libs\util;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;%(AdditionalIncludeDirectories) CompileAsCpp /Zc:strictStrings- %(AdditionalOptions) diff --git a/tests/netebpfext_unit/netebpfext_unit.vcxproj b/tests/netebpfext_unit/netebpfext_unit.vcxproj index aba530a208..6cf3828bf9 100644 --- a/tests/netebpfext_unit/netebpfext_unit.vcxproj +++ b/tests/netebpfext_unit/netebpfext_unit.vcxproj @@ -135,9 +135,6 @@ {c26cb6a9-158c-4a9e-a243-755ddd98e5fe} - - {aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a} - {630bb78f-6211-41d8-8e3a-096e22e169ef} From 76bf472a0811a471279b96f28b167d94b77c3b84 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 18 Jul 2023 11:04:07 -0700 Subject: [PATCH 15/60] wip --- include/ebpf_store_helper.h | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index cbeba9529e..f823474ecc 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -17,6 +17,7 @@ typedef HANDLE ebpf_registry_key_t; #define IS_SUCCESS(x) (x == ERROR_SUCCESS) #define _SUCCESS NO_ERROR typedef HKEY ebpf_registry_key_t; +extern ebpf_registry_key_t ebpf_root_registry_key; #endif #include "ebpf_program_types.h" @@ -25,18 +26,22 @@ typedef HKEY ebpf_registry_key_t; #define GUID_STRING_LENGTH 38 // not including the null terminator. typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; -//#ifdef __cplusplus -// extern "C" -//{ -//#endif - -#ifdef USER_MODE -extern ebpf_registry_key_t ebpf_root_registry_key; -#endif - +/** + * @brief Open the root of the eBPF registry. + * + * @param[in] provider_key Pointer to the registry key to be initialized. + * @returns Status of the operation. + */ uint32_t ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key); +/** + * @brief Update the provider information in the eBPF registry. + * + * @param helper_info_key + * @param helper_info + * @return __return_type + */ __return_type ebpf_store_update_helper_prototype( ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); @@ -75,8 +80,4 @@ ebpf_store_update_program_information( */ __return_type ebpf_store_update_global_helper_information( - _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); - -//#ifdef __cplusplus -//} /* extern "C" */ -//#endif \ No newline at end of file + _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); \ No newline at end of file From 5cc7ef1606d1e78aa0fe5da140cfeb7dad92b341 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 18 Jul 2023 12:25:02 -0700 Subject: [PATCH 16/60] fix merge issues --- ebpfapi/ebpfapi.vcxproj | 8 ++++---- libs/api_common/CMakeLists.txt | 4 ++-- libs/platform/user/framework.h | 10 +++++----- libs/store_helper/user/ebpf_store_helper_um.vcxproj | 4 ++-- tests/netebpfext_unit/netebpf_ext_helper.h | 1 - tools/export_program_info/CMakeLists.txt | 3 ++- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/ebpfapi/ebpfapi.vcxproj b/ebpfapi/ebpfapi.vcxproj index ed0cfeb000..ad90032ae8 100644 --- a/ebpfapi/ebpfapi.vcxproj +++ b/ebpfapi/ebpfapi.vcxproj @@ -234,12 +234,12 @@ {7d5b4e68-c0fa-3f86-9405-f6400219b440} + + {bc45d39c-f956-3951-bd46-44eae20ec7c9} + {030a7ac6-14dc-45cf-af34-891057ab1402} - - {c034859f-e0d6-3ae6-b4fe-71b012fdc618} - {c8bf60c3-40a9-43ad-891a-8aa34f1c3a68} @@ -271,4 +271,4 @@ - + \ No newline at end of file diff --git a/libs/api_common/CMakeLists.txt b/libs/api_common/CMakeLists.txt index 3eed3f077d..943a8a177c 100644 --- a/libs/api_common/CMakeLists.txt +++ b/libs/api_common/CMakeLists.txt @@ -17,8 +17,6 @@ add_library("api_common" STATIC device_helper.hpp device_helper.cpp - registry_helper.cpp - store_helper_internal.h store_helper_internal.cpp @@ -43,6 +41,7 @@ target_include_directories("api_common" PRIVATE target_link_libraries("api_common" PRIVATE "ebpf_for_windows_cpp_settings" + "ebpf_store_helper_um" "NetEbpfExt_headers" "external::boost" "external::ebpfverifier" @@ -51,6 +50,7 @@ target_link_libraries("api_common" PRIVATE target_compile_definitions("api_common" PRIVATE _WINDOWS _USRDLL + USER_MODE ) # In order to get around cyclic dependency issues, create an interface diff --git a/libs/platform/user/framework.h b/libs/platform/user/framework.h index 24681736b7..3d8854852c 100644 --- a/libs/platform/user/framework.h +++ b/libs/platform/user/framework.h @@ -4,11 +4,11 @@ #pragma once #include "..\..\..\external\usersim\src\framework.h" -#include "usersim/ex.h" -#include "usersim/ke.h" -#include "usersim/ps.h" -#include "usersim/rtl.h" -#include "usersim/se.h" +#include "usersim\ex.h" +#include "usersim\ke.h" +#include "usersim\ps.h" +#include "usersim\rtl.h" +#include "usersim\se.h" #ifdef _DEBUG #define ebpf_assert(x) assert(x) diff --git a/libs/store_helper/user/ebpf_store_helper_um.vcxproj b/libs/store_helper/user/ebpf_store_helper_um.vcxproj index 906cacd5ac..ca67bb916f 100644 --- a/libs/store_helper/user/ebpf_store_helper_um.vcxproj +++ b/libs/store_helper/user/ebpf_store_helper_um.vcxproj @@ -47,12 +47,12 @@ - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;..\ + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;$(SolutionDir)external\usersim\inc;..\ $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64) $(SolutionDir)$(Platform)\$(Configuration)\ - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;..\ + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;$(SolutionDir)external\usersim\inc;..\ $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64) $(SolutionDir)$(Platform)\$(Configuration)\ diff --git a/tests/netebpfext_unit/netebpf_ext_helper.h b/tests/netebpfext_unit/netebpf_ext_helper.h index b4cd23dcae..7b8fe48c61 100644 --- a/tests/netebpfext_unit/netebpf_ext_helper.h +++ b/tests/netebpfext_unit/netebpf_ext_helper.h @@ -16,7 +16,6 @@ #include "..\..\external\usersim\src\fwp_um.h" #include "..\libs\store_helper\kernel\ebpf_registry_helper_km.h" #include "ebpf_extension_uuids.h" -#include "ebpf_registry_helper.h" #include "ebpf_store_helper.h" #include "net_ebpf_ext.h" #include "net_ebpf_ext_tracelog.h" diff --git a/tools/export_program_info/CMakeLists.txt b/tools/export_program_info/CMakeLists.txt index dd31a7f554..4d94ec8894 100644 --- a/tools/export_program_info/CMakeLists.txt +++ b/tools/export_program_info/CMakeLists.txt @@ -4,7 +4,6 @@ add_executable("export_program_info" export_program_info.cpp main.cpp - ${CMAKE_SOURCE_DIR}/libs/api_common/registry_helper.cpp ${CMAKE_SOURCE_DIR}/libs/api_common/store_helper_internal.cpp ${CMAKE_SOURCE_DIR}/libs/api_common/utilities.cpp ) @@ -24,6 +23,7 @@ target_include_directories("export_program_info" PRIVATE target_link_libraries("export_program_info" PRIVATE "ebpf_for_windows_cpp_settings" + "ebpf_store_helper_um" "execution_context_user" "platform_user" "api_common_headers" @@ -36,6 +36,7 @@ target_link_libraries("export_program_info" PRIVATE target_compile_definitions("export_program_info" PRIVATE _CONSOLE + USER_MODE ) # Use export_program_info to populate the ebpf store. From 289ea997c749b22e785430dd43e4c214d58a77a1 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 18 Jul 2023 13:08:32 -0700 Subject: [PATCH 17/60] wip --- include/ebpf_store_helper.h | 12 +++++++----- libs/store_helper/user/ebpf_registry_helper_um.cpp | 5 +++++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index f823474ecc..e6d01fef21 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -27,20 +27,22 @@ extern ebpf_registry_key_t ebpf_root_registry_key; typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; /** - * @brief Open the root of the eBPF registry. + * @brief Open or create the root of the eBPF registry store. * * @param[in] provider_key Pointer to the registry key to be initialized. + * * @returns Status of the operation. */ uint32_t ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key); /** - * @brief Update the provider information in the eBPF registry. + * @brief Update the provider prototype information in the eBPF registry store. + * + * @param[in] helper_info_key Pointer to the registry key to be initialized. + * @param[in] helper_info Pointer to the helper function prototype. * - * @param helper_info_key - * @param helper_info - * @return __return_type + * @return Status of the operation. */ __return_type ebpf_store_update_helper_prototype( diff --git a/libs/store_helper/user/ebpf_registry_helper_um.cpp b/libs/store_helper/user/ebpf_registry_helper_um.cpp index 4aaffcf698..29737ca00b 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.cpp +++ b/libs/store_helper/user/ebpf_registry_helper_um.cpp @@ -132,6 +132,10 @@ read_registry_value_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_ unsigned long value_size = 0; wchar_t* string_value = nullptr; + if (value == nullptr) { + return ERROR_INVALID_PARAMETER; + } + *value = nullptr; status = RegQueryValueEx(key, value_name, 0, &type, nullptr, &value_size); if (status != ERROR_SUCCESS || type != REG_SZ) { @@ -151,6 +155,7 @@ read_registry_value_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_ if (status != ERROR_SUCCESS) { goto Exit; } + *value = string_value; string_value = nullptr; From c9c41f3e611fe0bb9921f1b6336161460471b20d Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 18 Jul 2023 16:07:08 -0700 Subject: [PATCH 18/60] fix C28196/C6387 --- libs/store_helper/user/ebpf_registry_helper_um.cpp | 6 ++++-- libs/store_helper/user/ebpf_registry_helper_um.h | 3 +-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/libs/store_helper/user/ebpf_registry_helper_um.cpp b/libs/store_helper/user/ebpf_registry_helper_um.cpp index 29737ca00b..4f4a641ebb 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.cpp +++ b/libs/store_helper/user/ebpf_registry_helper_um.cpp @@ -125,7 +125,7 @@ create_registry_key_ansi( } _Must_inspect_result_ ebpf_registry_result_t -read_registry_value_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_z_ wchar_t** value) +read_registry_value_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ wchar_t** value) { uint32_t status = ERROR_SUCCESS; unsigned long type = REG_SZ; @@ -136,7 +136,7 @@ read_registry_value_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_ return ERROR_INVALID_PARAMETER; } - *value = nullptr; + *value = 0; status = RegQueryValueEx(key, value_name, 0, &type, nullptr, &value_size); if (status != ERROR_SUCCESS || type != REG_SZ) { if (type != REG_SZ) { @@ -204,6 +204,8 @@ convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wcha wchar_t* value_name = nullptr; try { + *string = 0; + if (string_size < GUID_STRING_LENGTH + 1) { return ERROR_INSUFFICIENT_BUFFER; } diff --git a/libs/store_helper/user/ebpf_registry_helper_um.h b/libs/store_helper/user/ebpf_registry_helper_um.h index bc807c2e55..c29350e06c 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.h +++ b/libs/store_helper/user/ebpf_registry_helper_um.h @@ -63,5 +63,4 @@ create_registry_key_ansi( ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); _Must_inspect_result_ ebpf_registry_result_t -read_registry_value_string( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_z_ wchar_t** value); +read_registry_value_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ wchar_t** value); From 88974eaee776461ccb8f7b8e8fad3643af9f5676 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 18 Jul 2023 17:51:11 -0700 Subject: [PATCH 19/60] wip --- libs/store_helper/kernel/ebpf_registry_helper_km.c | 3 --- libs/store_helper/user/ebpf_registry_helper_um.cpp | 6 ++---- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/libs/store_helper/kernel/ebpf_registry_helper_km.c b/libs/store_helper/kernel/ebpf_registry_helper_km.c index 5c44f7c696..ccb23b1cc4 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper_km.c +++ b/libs/store_helper/kernel/ebpf_registry_helper_km.c @@ -6,9 +6,6 @@ NTSTATUS convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length) { - if (guid == NULL || string == NULL || string_length == 0) - return STATUS_INVALID_PARAMETER; - UNICODE_STRING unicode_string = {0}; NTSTATUS status = RtlStringFromGUID(guid, &unicode_string); diff --git a/libs/store_helper/user/ebpf_registry_helper_um.cpp b/libs/store_helper/user/ebpf_registry_helper_um.cpp index 4f4a641ebb..47ad50be96 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.cpp +++ b/libs/store_helper/user/ebpf_registry_helper_um.cpp @@ -125,16 +125,14 @@ create_registry_key_ansi( } _Must_inspect_result_ ebpf_registry_result_t -read_registry_value_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ wchar_t** value) +read_registry_value_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_z_ wchar_t** value) { uint32_t status = ERROR_SUCCESS; unsigned long type = REG_SZ; unsigned long value_size = 0; wchar_t* string_value = nullptr; - if (value == nullptr) { - return ERROR_INVALID_PARAMETER; - } + __analysis_assume(value != nullptr); *value = 0; status = RegQueryValueEx(key, value_name, 0, &type, nullptr, &value_size); From 77cbb8969cda4a4c51451461cc44bec4d40ba628 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 18 Jul 2023 18:09:22 -0700 Subject: [PATCH 20/60] wip --- libs/store_helper/user/ebpf_registry_helper_um.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libs/store_helper/user/ebpf_registry_helper_um.h b/libs/store_helper/user/ebpf_registry_helper_um.h index c29350e06c..bc807c2e55 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.h +++ b/libs/store_helper/user/ebpf_registry_helper_um.h @@ -63,4 +63,5 @@ create_registry_key_ansi( ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); _Must_inspect_result_ ebpf_registry_result_t -read_registry_value_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ wchar_t** value); +read_registry_value_string( + ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_z_ wchar_t** value); From 18c9321a93ea6351cf7ae4680ae6a503678ce3a0 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 18 Jul 2023 18:58:51 -0700 Subject: [PATCH 21/60] fix SAL --- libs/store_helper/user/ebpf_registry_helper_um.cpp | 9 ++++++--- libs/store_helper/user/ebpf_registry_helper_um.h | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/libs/store_helper/user/ebpf_registry_helper_um.cpp b/libs/store_helper/user/ebpf_registry_helper_um.cpp index 47ad50be96..720a937cad 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.cpp +++ b/libs/store_helper/user/ebpf_registry_helper_um.cpp @@ -125,16 +125,19 @@ create_registry_key_ansi( } _Must_inspect_result_ ebpf_registry_result_t -read_registry_value_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_z_ wchar_t** value) +read_registry_value_string( + ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value) { uint32_t status = ERROR_SUCCESS; unsigned long type = REG_SZ; unsigned long value_size = 0; wchar_t* string_value = nullptr; - __analysis_assume(value != nullptr); + if (value == nullptr) { + return ERROR_INVALID_PARAMETER; + } - *value = 0; + *value = nullptr; status = RegQueryValueEx(key, value_name, 0, &type, nullptr, &value_size); if (status != ERROR_SUCCESS || type != REG_SZ) { if (type != REG_SZ) { diff --git a/libs/store_helper/user/ebpf_registry_helper_um.h b/libs/store_helper/user/ebpf_registry_helper_um.h index bc807c2e55..8490912bb2 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.h +++ b/libs/store_helper/user/ebpf_registry_helper_um.h @@ -64,4 +64,4 @@ create_registry_key_ansi( _Must_inspect_result_ ebpf_registry_result_t read_registry_value_string( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_z_ wchar_t** value); + ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value); From 4d0cb8a94ec750b4adf2fc6819aa46758602282b Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 18 Jul 2023 21:19:02 -0700 Subject: [PATCH 22/60] cleanup --- include/ebpf_store_helper.h | 2 +- libs/api_common/CMakeLists.txt | 3 ++- libs/store_helper/user/ebpf_registry_helper_um.h | 3 --- tools/export_program_info/CMakeLists.txt | 9 +++++---- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index e6d01fef21..d68a24d2ae 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -24,7 +24,7 @@ extern ebpf_registry_key_t ebpf_root_registry_key; #include "ebpf_windows.h" #define GUID_STRING_LENGTH 38 // not including the null terminator. -typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; +typedef _Return_type_success_(NT_SUCCESS(return == EBPF_SUCCESS)) uint32_t ebpf_registry_result_t; /** * @brief Open or create the root of the eBPF registry store. diff --git a/libs/api_common/CMakeLists.txt b/libs/api_common/CMakeLists.txt index 943a8a177c..860e5f35df 100644 --- a/libs/api_common/CMakeLists.txt +++ b/libs/api_common/CMakeLists.txt @@ -28,9 +28,10 @@ target_include_directories("api_common" PRIVATE "${CMAKE_SOURCE_DIR}/libs/api" "${CMAKE_SOURCE_DIR}/include" "${CMAKE_SOURCE_DIR}/include/user" + "${CMAKE_SOURCE_DIR}/libs/execution_context" "${CMAKE_SOURCE_DIR}/libs/platform" "${CMAKE_SOURCE_DIR}/libs/platform/user" - "${CMAKE_SOURCE_DIR}/libs/execution_context" + "${CMAKE_SOURCE_DIR}/libs/store_helper/user" "${CMAKE_SOURCE_DIR}/external/ubpf/vm" "${CMAKE_SOURCE_DIR}/external/ubpf/vm/inc" "${CMAKE_BINARY_DIR}/external/ubpf/vm" diff --git a/libs/store_helper/user/ebpf_registry_helper_um.h b/libs/store_helper/user/ebpf_registry_helper_um.h index 8490912bb2..1e6aa1c652 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.h +++ b/libs/store_helper/user/ebpf_registry_helper_um.h @@ -5,9 +5,6 @@ #include "ebpf_store_helper.h" -#ifndef USER_MODE -#define USER_MODE -#endif #define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ) #define REG_OPEN_FLAGS (DELETE | KEY_READ) diff --git a/tools/export_program_info/CMakeLists.txt b/tools/export_program_info/CMakeLists.txt index 4d94ec8894..e73d9ef318 100644 --- a/tools/export_program_info/CMakeLists.txt +++ b/tools/export_program_info/CMakeLists.txt @@ -9,16 +9,17 @@ add_executable("export_program_info" ) target_include_directories("export_program_info" PRIVATE + "${CMAKE_SOURCE_DIR}/external/usersim/inc" "${CMAKE_SOURCE_DIR}/include" "${CMAKE_SOURCE_DIR}/include/user" - "${CMAKE_SOURCE_DIR}/libs/platform" - "${CMAKE_SOURCE_DIR}/libs/platform/user" "${CMAKE_SOURCE_DIR}/libs/api" "${CMAKE_SOURCE_DIR}/libs/execution_context" + "${CMAKE_SOURCE_DIR}/libs/platform" + "${CMAKE_SOURCE_DIR}/libs/platform/user" + "${CMAKE_SOURCE_DIR}/libs/store_helper/user" + "${CMAKE_SOURCE_DIR}/libs/thunk" "${CMAKE_SOURCE_DIR}/netebpfext" "${CMAKE_SOURCE_DIR}/tests/sample/ext/inc" - "${CMAKE_SOURCE_DIR}/libs/thunk" - "${CMAKE_SOURCE_DIR}/external/usersim/inc" ) target_link_libraries("export_program_info" PRIVATE From d1a2fc99070cfd985cff46b98ace913f0a3b0a6a Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 18 Jul 2023 22:05:06 -0700 Subject: [PATCH 23/60] fix SAL bugs --- include/ebpf_store_helper.h | 7 ++++++- libs/api_common/store_helper_internal.cpp | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index d68a24d2ae..7b8d9454aa 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -24,7 +24,12 @@ extern ebpf_registry_key_t ebpf_root_registry_key; #include "ebpf_windows.h" #define GUID_STRING_LENGTH 38 // not including the null terminator. -typedef _Return_type_success_(NT_SUCCESS(return == EBPF_SUCCESS)) uint32_t ebpf_registry_result_t; + +#ifndef USER_MODE +typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; +#else +typedef _Return_type_success_(return == EBPF_SUCCESS) uint32_t ebpf_registry_result_t; +#endif /** * @brief Open or create the root of the eBPF registry store. diff --git a/libs/api_common/store_helper_internal.cpp b/libs/api_common/store_helper_internal.cpp index 1b703280f4..8727ffd295 100644 --- a/libs/api_common/store_helper_internal.cpp +++ b/libs/api_common/store_helper_internal.cpp @@ -174,7 +174,9 @@ _load_program_data_information( goto Exit; } - auto program_type_name_string = ebpf_down_cast_from_wstring(std::wstring(program_type_name)); + auto program_type_name_string = (program_type_name != nullptr) + ? ebpf_down_cast_from_wstring(std::wstring(program_type_name)) + : ebpf_down_cast_from_wstring(std::wstring(L"")); program_information = (ebpf_program_info_t*)ebpf_allocate(sizeof(ebpf_program_info_t)); if (program_information == nullptr) { From 7a19ea35035a3533033b5f538bf4ff2e4e1752fe Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 18 Jul 2023 23:34:03 -0700 Subject: [PATCH 24/60] wip - cmake --- include/ebpf_store_helper.h | 6 ++--- libs/store_helper/kernel/CMakeLists.txt | 20 +++++++++++++++++ .../kernel/ebpf_store_helper_km.vcxproj | 2 +- libs/store_helper/user/CMakeLists.txt | 22 +++++++++++++++++++ libs/store_helper/user/ebpf_store_helper.cpp | 2 +- .../user/ebpf_store_helper_um.vcxproj | 4 ++-- 6 files changed, 49 insertions(+), 7 deletions(-) create mode 100644 libs/store_helper/kernel/CMakeLists.txt create mode 100644 libs/store_helper/user/CMakeLists.txt diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index 7b8d9454aa..67ab01b26f 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -8,7 +8,6 @@ #define __return_type NTSTATUS #define _SUCCESS STATUS_SUCCESS #define IS_SUCCESS(x) (NT_SUCCESS(x)) -typedef HANDLE ebpf_registry_key_t; #else #define WIN32_LEAN_AND_MEAN #include @@ -16,8 +15,6 @@ typedef HANDLE ebpf_registry_key_t; #define __return_type uint32_t #define IS_SUCCESS(x) (x == ERROR_SUCCESS) #define _SUCCESS NO_ERROR -typedef HKEY ebpf_registry_key_t; -extern ebpf_registry_key_t ebpf_root_registry_key; #endif #include "ebpf_program_types.h" @@ -26,8 +23,11 @@ extern ebpf_registry_key_t ebpf_root_registry_key; #define GUID_STRING_LENGTH 38 // not including the null terminator. #ifndef USER_MODE +typedef HANDLE ebpf_registry_key_t; typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; #else +typedef HKEY ebpf_registry_key_t; +extern ebpf_registry_key_t ebpf_root_registry_key; typedef _Return_type_success_(return == EBPF_SUCCESS) uint32_t ebpf_registry_result_t; #endif diff --git a/libs/store_helper/kernel/CMakeLists.txt b/libs/store_helper/kernel/CMakeLists.txt new file mode 100644 index 0000000000..abe7dd0168 --- /dev/null +++ b/libs/store_helper/kernel/CMakeLists.txt @@ -0,0 +1,20 @@ +# Copyright (c) Microsoft Corporation +# SPDX-License-Identifier: MIT + +add_library("ebpf_store_helper_km" STATIC + ebpf_registry_helper_km.c + ../ebpf_store_helper.c +) + +target_include_directories("ebpf_store_helper_km" PRIVATE +"${CMAKE_SOURCE_DIR}/include" +"${CMAKE_SOURCE_DIR}/libs/platform" +"${CMAKE_SOURCE_DIR}/libs/platform/kernel" +"${CMAKE_SOURCE_DIR}/libs/store_helper/kernel" +"${CMAKE_SOURCE_DIR}/external/ebpf-verifier/src" +) + +target_compile_definitions("ebpf_store_helper_km" PRIVATE + _WINDOWS + _LIB +) \ No newline at end of file diff --git a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj index 37ab9d069b..8af341b726 100644 --- a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj +++ b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj @@ -55,7 +55,7 @@ $(SolutionDir)$(Platform)\$(Configuration)\ - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src;..\ + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src $(SolutionDir)$(Platform)\$(Configuration)\ diff --git a/libs/store_helper/user/CMakeLists.txt b/libs/store_helper/user/CMakeLists.txt new file mode 100644 index 0000000000..b0fc2304fa --- /dev/null +++ b/libs/store_helper/user/CMakeLists.txt @@ -0,0 +1,22 @@ +# Copyright (c) Microsoft Corporation +# SPDX-License-Identifier: MIT + +add_library("ebpf_store_helper_um" STATIC + ebpf_registry_helper_um.c + ebpf_store_helper.cpp +) + +target_include_directories("ebpf_store_helper_um" PRIVATE + "${CMAKE_SOURCE_DIR}/include" + "${CMAKE_SOURCE_DIR}/libs/platform" + "${CMAKE_SOURCE_DIR}/libs/platform/user" + "${CMAKE_SOURCE_DIR}/libs/store_helper/user" + "${CMAKE_SOURCE_DIR}/external/usersim/inc" + "${CMAKE_SOURCE_DIR}/external/ebpf-verifier/src" +) + +target_compile_definitions("ebpf_store_helper_um" PRIVATE + _WINDOWS + _LIB + USER_MODE +) diff --git a/libs/store_helper/user/ebpf_store_helper.cpp b/libs/store_helper/user/ebpf_store_helper.cpp index ee2291077a..c3ef732a3f 100644 --- a/libs/store_helper/user/ebpf_store_helper.cpp +++ b/libs/store_helper/user/ebpf_store_helper.cpp @@ -2,4 +2,4 @@ // SPDX-License-Identifier: MIT // Include the same C code as CPP -#include "ebpf_store_helper.c" \ No newline at end of file +#include "..\ebpf_store_helper.c" \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_store_helper_um.vcxproj b/libs/store_helper/user/ebpf_store_helper_um.vcxproj index ca67bb916f..6a6182062a 100644 --- a/libs/store_helper/user/ebpf_store_helper_um.vcxproj +++ b/libs/store_helper/user/ebpf_store_helper_um.vcxproj @@ -47,12 +47,12 @@ - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;$(SolutionDir)external\usersim\inc;..\ + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;$(SolutionDir)external\usersim\inc $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64) $(SolutionDir)$(Platform)\$(Configuration)\ - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;$(SolutionDir)external\usersim\inc;..\ + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;$(SolutionDir)external\usersim\inc $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64) $(SolutionDir)$(Platform)\$(Configuration)\ From 1a5c391b41db0b41e699712dcf681ea91fca62c4 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 19 Jul 2023 11:12:50 -0700 Subject: [PATCH 25/60] add cmake files --- include/ebpf_store_helper.h | 12 ++++++------ libs/CMakeLists.txt | 1 + libs/store_helper/CMakeLists.txt | 5 +++++ libs/store_helper/user/CMakeLists.txt | 4 +++- 4 files changed, 15 insertions(+), 7 deletions(-) create mode 100644 libs/store_helper/CMakeLists.txt diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index 67ab01b26f..de999a3fcd 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -5,16 +5,10 @@ #ifndef USER_MODE #include "framework.h" -#define __return_type NTSTATUS -#define _SUCCESS STATUS_SUCCESS -#define IS_SUCCESS(x) (NT_SUCCESS(x)) #else #define WIN32_LEAN_AND_MEAN #include #include -#define __return_type uint32_t -#define IS_SUCCESS(x) (x == ERROR_SUCCESS) -#define _SUCCESS NO_ERROR #endif #include "ebpf_program_types.h" @@ -23,9 +17,15 @@ #define GUID_STRING_LENGTH 38 // not including the null terminator. #ifndef USER_MODE +#define __return_type NTSTATUS +#define _SUCCESS STATUS_SUCCESS +#define IS_SUCCESS(x) (NT_SUCCESS(x)) typedef HANDLE ebpf_registry_key_t; typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; #else +#define __return_type uint32_t +#define IS_SUCCESS(x) (x == ERROR_SUCCESS) +#define _SUCCESS NO_ERROR typedef HKEY ebpf_registry_key_t; extern ebpf_registry_key_t ebpf_root_registry_key; typedef _Return_type_success_(return == EBPF_SUCCESS) uint32_t ebpf_registry_result_t; diff --git a/libs/CMakeLists.txt b/libs/CMakeLists.txt index 1c1ae2217c..6e8aa003f3 100644 --- a/libs/CMakeLists.txt +++ b/libs/CMakeLists.txt @@ -9,4 +9,5 @@ add_subdirectory("pe-parse") add_subdirectory("platform") add_subdirectory("ebpfnetsh") add_subdirectory("service") +add_subdirectory("store_helper") add_subdirectory("ubpf") diff --git a/libs/store_helper/CMakeLists.txt b/libs/store_helper/CMakeLists.txt new file mode 100644 index 0000000000..3aaa616d84 --- /dev/null +++ b/libs/store_helper/CMakeLists.txt @@ -0,0 +1,5 @@ +# Copyright (c) Microsoft Corporation +# SPDX-License-Identifier: MIT + +add_subdirectory("kernel") +add_subdirectory("user") diff --git a/libs/store_helper/user/CMakeLists.txt b/libs/store_helper/user/CMakeLists.txt index b0fc2304fa..a7fdec4e46 100644 --- a/libs/store_helper/user/CMakeLists.txt +++ b/libs/store_helper/user/CMakeLists.txt @@ -2,7 +2,7 @@ # SPDX-License-Identifier: MIT add_library("ebpf_store_helper_um" STATIC - ebpf_registry_helper_um.c + ebpf_registry_helper_um.cpp ebpf_store_helper.cpp ) @@ -18,5 +18,7 @@ target_include_directories("ebpf_store_helper_um" PRIVATE target_compile_definitions("ebpf_store_helper_um" PRIVATE _WINDOWS _LIB + UNICODE + _UNICODE USER_MODE ) From a46673b64d57b39a8f1c8b11497a9d09b5d783f1 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 19 Jul 2023 12:08:57 -0700 Subject: [PATCH 26/60] wip --- ebpfcore/CMakeLists.txt | 4 +++- libs/store_helper/kernel/CMakeLists.txt | 6 +++++- netebpfext/sys/CMakeLists.txt | 2 ++ tests/sample/ext/drv/CMakeLists.txt | 2 ++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/ebpfcore/CMakeLists.txt b/ebpfcore/CMakeLists.txt index 2bc302932f..6a907f7ab8 100644 --- a/ebpfcore/CMakeLists.txt +++ b/ebpfcore/CMakeLists.txt @@ -15,9 +15,10 @@ wdk_add_driver("EbpfCore" WINVER "${EBPFFORWINDOWS_WDK_WINVER}" KMDF "${EBPFFORW target_include_directories("EbpfCore" PRIVATE "${CMAKE_SOURCE_DIR}/include" + "${CMAKE_SOURCE_DIR}/libs/execution_context" "${CMAKE_SOURCE_DIR}/libs/platform" "${CMAKE_SOURCE_DIR}/libs/platform/kernel" - "${CMAKE_SOURCE_DIR}/libs/execution_context" + "${CMAKE_SOURCE_DIR}/libs/store_helper/kernel" "${CMAKE_SOURCE_DIR}/resource" "${CMAKE_CURRENT_SOURCE_DIR}" ) @@ -28,6 +29,7 @@ target_link_directories("EbpfCore" PRIVATE target_link_libraries("EbpfCore" "ebpf_for_windows_common_settings" + "ebpf_store_helper_km" "execution_context_kernel" "platform_kernel" "external::ebpfverifier_headers" diff --git a/libs/store_helper/kernel/CMakeLists.txt b/libs/store_helper/kernel/CMakeLists.txt index abe7dd0168..0631ff1eca 100644 --- a/libs/store_helper/kernel/CMakeLists.txt +++ b/libs/store_helper/kernel/CMakeLists.txt @@ -1,6 +1,11 @@ # Copyright (c) Microsoft Corporation # SPDX-License-Identifier: MIT +list(APPEND CMAKE_MODULE_PATH + "${CMAKE_SOURCE_DIR}/external/usersim/external/FindWDK/cmake" +) +find_package(WDK REQUIRED) + add_library("ebpf_store_helper_km" STATIC ebpf_registry_helper_km.c ../ebpf_store_helper.c @@ -15,6 +20,5 @@ target_include_directories("ebpf_store_helper_km" PRIVATE ) target_compile_definitions("ebpf_store_helper_km" PRIVATE - _WINDOWS _LIB ) \ No newline at end of file diff --git a/netebpfext/sys/CMakeLists.txt b/netebpfext/sys/CMakeLists.txt index e757b72b75..a068f337f6 100644 --- a/netebpfext/sys/CMakeLists.txt +++ b/netebpfext/sys/CMakeLists.txt @@ -44,6 +44,7 @@ target_include_directories("NetEbpfExt" PRIVATE "${CMAKE_SOURCE_DIR}/include/kernel" "${CMAKE_SOURCE_DIR}/libs/platform" "${CMAKE_SOURCE_DIR}/libs/platform/kernel" + "${CMAKE_SOURCE_DIR}/libs/store_helper/kernel" "${CMAKE_SOURCE_DIR}/netebpfext/sys" "${CMAKE_SOURCE_DIR}/netebpfext" "${CMAKE_SOURCE_DIR}/resource" @@ -55,6 +56,7 @@ target_link_directories("NetEbpfExt" PRIVATE target_link_libraries("NetEbpfExt" "ebpf_for_windows_common_settings" + "ebpf_store_helper_km" "external::ebpfverifier_headers" "Ndis.lib" "Netio.lib" diff --git a/tests/sample/ext/drv/CMakeLists.txt b/tests/sample/ext/drv/CMakeLists.txt index 4ec56b23fc..4511726c87 100644 --- a/tests/sample/ext/drv/CMakeLists.txt +++ b/tests/sample/ext/drv/CMakeLists.txt @@ -18,6 +18,7 @@ target_include_directories("sample_ebpf_ext" PRIVATE "${CMAKE_SOURCE_DIR}/include/kernel" "${CMAKE_SOURCE_DIR}/libs/platform" "${CMAKE_SOURCE_DIR}/libs/platform/kernel" + "${CMAKE_SOURCE_DIR}/libs/store_helper/kernel" "${CMAKE_SOURCE_DIR}/tests/sample" "${CMAKE_SOURCE_DIR}/tests/sample/ext/inc" ) @@ -28,6 +29,7 @@ target_link_directories("sample_ebpf_ext" PRIVATE target_link_libraries("sample_ebpf_ext" "ebpf_for_windows_common_settings" + "ebpf_store_helper_km" "external::ebpfverifier_headers" "platform_kernel" "netio.lib" From 0d3f566ad9b13c1763ecb23872e88dd698ca49d6 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 19 Jul 2023 12:23:55 -0700 Subject: [PATCH 27/60] wip --- libs/store_helper/kernel/CMakeLists.txt | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/libs/store_helper/kernel/CMakeLists.txt b/libs/store_helper/kernel/CMakeLists.txt index 0631ff1eca..77db8305b3 100644 --- a/libs/store_helper/kernel/CMakeLists.txt +++ b/libs/store_helper/kernel/CMakeLists.txt @@ -6,11 +6,15 @@ list(APPEND CMAKE_MODULE_PATH ) find_package(WDK REQUIRED) -add_library("ebpf_store_helper_km" STATIC +wdk_add_library("ebpf_store_helper_km" STATIC WINVER "${EBPFFORWINDOWS_WDK_WINVER}" ebpf_registry_helper_km.c ../ebpf_store_helper.c ) +target_link_directories("ebpf_store_helper_km" PRIVATE + "${WDK_ROOT}/Lib/${WDK_VERSION}/km/x64" +) + target_include_directories("ebpf_store_helper_km" PRIVATE "${CMAKE_SOURCE_DIR}/include" "${CMAKE_SOURCE_DIR}/libs/platform" @@ -20,5 +24,11 @@ target_include_directories("ebpf_store_helper_km" PRIVATE ) target_compile_definitions("ebpf_store_helper_km" PRIVATE - _LIB + WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP + WINAPI_PARTITION_DESKTOP=1 + WINAPI_PARTITION_SYSTEM=1 + WINAPI_PARTITION_APP=1 + WINAPI_PARTITION_PC_APP=1 + _KRPCENV_ + _NO_CRT_STDIO_INLINE=1 ) \ No newline at end of file From 36001fec2d5badce078ba1eaafe80aa68ad5fe10 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 19 Jul 2023 12:34:13 -0700 Subject: [PATCH 28/60] update msi artifacts --- installer/Product.wxs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/installer/Product.wxs b/installer/Product.wxs index f02e99c690..f3b77f8ffe 100644 --- a/installer/Product.wxs +++ b/installer/Product.wxs @@ -585,16 +585,16 @@ SPDX-License-Identifier: MIT - - + + - - + + From a6d241f0ecf8fd939f76a8397b1ff11fb121e82f Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 19 Jul 2023 13:37:52 -0700 Subject: [PATCH 29/60] wip --- installer/Product.wxs | 6 +----- installer/ebpf-for-windows.wixproj | 8 ++++++++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/installer/Product.wxs b/installer/Product.wxs index f3b77f8ffe..7c89981d7a 100644 --- a/installer/Product.wxs +++ b/installer/Product.wxs @@ -584,11 +584,7 @@ SPDX-License-Identifier: MIT - - - - - + diff --git a/installer/ebpf-for-windows.wixproj b/installer/ebpf-for-windows.wixproj index eda2b0b8b4..d3be001411 100644 --- a/installer/ebpf-for-windows.wixproj +++ b/installer/ebpf-for-windows.wixproj @@ -102,6 +102,14 @@ SPDX-License-Identifier: MIT Binaries;Content;Satellites INSTALLFOLDER + + ebpf_store_helper_um + {aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a} + True + True + Binaries;Content;Satellites + INSTALLFOLDER + netebpfext {55499e36-37d4-4f86-b694-9f2990315758} From d7a6d5d9b1ef26bf09867f676371d6a06cfaf8cb Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 19 Jul 2023 16:13:54 -0700 Subject: [PATCH 30/60] cleanup --- libs/store_helper/user/ebpf_registry_helper_um.cpp | 5 ----- 1 file changed, 5 deletions(-) diff --git a/libs/store_helper/user/ebpf_registry_helper_um.cpp b/libs/store_helper/user/ebpf_registry_helper_um.cpp index 720a937cad..1e19a3c67c 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.cpp +++ b/libs/store_helper/user/ebpf_registry_helper_um.cpp @@ -16,11 +16,6 @@ static std::wstring _get_wstring_from_string(std::string text) { - // This is deprecated - // std::wstring_convert> converter; - // std::wstring wide = converter.from_bytes(text); - // return wide; - int length = MultiByteToWideChar(CP_UTF8, 0, text.c_str(), -1, nullptr, 0); std::wstring wide(length, 0); MultiByteToWideChar(CP_UTF8, 0, text.c_str(), -1, &wide[0], length); From 9698a120e3f1a7fae9d503a45bd5e24177db6d9b Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 25 Jul 2023 10:49:14 -0700 Subject: [PATCH 31/60] collapse null-checks --- libs/store_helper/ebpf_store_helper.c | 32 +++++-------------- .../kernel/ebpf_registry_helper_km.c | 4 ++- 2 files changed, 11 insertions(+), 25 deletions(-) diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index a20dc034ae..e81e4f89d4 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -35,9 +35,7 @@ ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provi } Exit: - if (root_key) { - close_registry_key(root_key); - } + close_registry_key(root_key); return status; } @@ -74,9 +72,7 @@ ebpf_store_update_helper_prototype( } Exit: - if (helper_function_key) { - close_registry_key(helper_function_key); - } + close_registry_key(helper_function_key); return status; } @@ -162,12 +158,8 @@ ebpf_store_update_section_information( } Exit: - if (section_info_key) { - close_registry_key(section_info_key); - } - if (provider_key) { - close_registry_key(provider_key); - } + close_registry_key(section_info_key); + close_registry_key(provider_key); return status; } @@ -290,12 +282,8 @@ ebpf_store_update_program_information( } Exit: - if (program_info_key) { - close_registry_key(program_info_key); - } - if (provider_key) { - close_registry_key(provider_key); - } + close_registry_key(program_info_key); + close_registry_key(provider_key); return status; } @@ -341,12 +329,8 @@ ebpf_store_update_global_helper_information( } Exit: - if (helper_info_key) { - close_registry_key(helper_info_key); - } - if (provider_key) { - close_registry_key(provider_key); - } + close_registry_key(helper_info_key); + close_registry_key(provider_key); return status; } \ No newline at end of file diff --git a/libs/store_helper/kernel/ebpf_registry_helper_km.c b/libs/store_helper/kernel/ebpf_registry_helper_km.c index ccb23b1cc4..afa09ae0a9 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper_km.c +++ b/libs/store_helper/kernel/ebpf_registry_helper_km.c @@ -35,7 +35,9 @@ convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wc void close_registry_key(ebpf_registry_key_t key) { - ZwClose(key); + if (key) { + ZwClose(key); + } } _Must_inspect_result_ ebpf_registry_result_t From 5456f63ce69272e41274f31901ec77e2b1606375 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 25 Jul 2023 11:27:34 -0700 Subject: [PATCH 32/60] clean-up headers --- libs/api_common/windows_platform_common.cpp | 1 - tests/netebpfext_unit/netebpf_ext_helper.cpp | 1 + tests/netebpfext_unit/netebpf_ext_helper.h | 1 - 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/libs/api_common/windows_platform_common.cpp b/libs/api_common/windows_platform_common.cpp index 87092eb82a..083f49759d 100644 --- a/libs/api_common/windows_platform_common.cpp +++ b/libs/api_common/windows_platform_common.cpp @@ -1,7 +1,6 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT -#include "..\libs\store_helper\user\ebpf_registry_helper_um.h" #include "api_common.hpp" #include "api_internal.h" #include "crab_verifier_wrapper.hpp" diff --git a/tests/netebpfext_unit/netebpf_ext_helper.cpp b/tests/netebpfext_unit/netebpf_ext_helper.cpp index 804c4ca261..678a9a11f9 100644 --- a/tests/netebpfext_unit/netebpf_ext_helper.cpp +++ b/tests/netebpfext_unit/netebpf_ext_helper.cpp @@ -1,6 +1,7 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT +#include "..\libs\store_helper\user\ebpf_registry_helper_um.h" #include "net_ebpf_ext_sock_addr.h" #include "netebpf_ext_helper.h" diff --git a/tests/netebpfext_unit/netebpf_ext_helper.h b/tests/netebpfext_unit/netebpf_ext_helper.h index 7b8fe48c61..e63cb2067f 100644 --- a/tests/netebpfext_unit/netebpf_ext_helper.h +++ b/tests/netebpfext_unit/netebpf_ext_helper.h @@ -14,7 +14,6 @@ #endif #include "..\..\external\usersim\src\fwp_um.h" -#include "..\libs\store_helper\kernel\ebpf_registry_helper_km.h" #include "ebpf_extension_uuids.h" #include "ebpf_store_helper.h" #include "net_ebpf_ext.h" From 04a4382ad87008162307c964a499cdbcf34b799a Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 26 Jul 2023 11:43:33 -0700 Subject: [PATCH 33/60] refactor return types to ebpf_result_t --- include/ebpf_store_helper.h | 24 ++--- libs/store_helper/ebpf_store_helper.c | 100 ++++++++++-------- .../kernel/ebpf_registry_helper_km.h | 51 ++++----- .../user/ebpf_registry_helper_um.h | 1 + 4 files changed, 87 insertions(+), 89 deletions(-) diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index de999a3fcd..a851c691ba 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -6,9 +6,7 @@ #ifndef USER_MODE #include "framework.h" #else -#define WIN32_LEAN_AND_MEAN -#include -#include +#include "ebpf_utilities.h" #endif #include "ebpf_program_types.h" @@ -17,18 +15,10 @@ #define GUID_STRING_LENGTH 38 // not including the null terminator. #ifndef USER_MODE -#define __return_type NTSTATUS -#define _SUCCESS STATUS_SUCCESS -#define IS_SUCCESS(x) (NT_SUCCESS(x)) typedef HANDLE ebpf_registry_key_t; -typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; #else -#define __return_type uint32_t -#define IS_SUCCESS(x) (x == ERROR_SUCCESS) -#define _SUCCESS NO_ERROR typedef HKEY ebpf_registry_key_t; extern ebpf_registry_key_t ebpf_root_registry_key; -typedef _Return_type_success_(return == EBPF_SUCCESS) uint32_t ebpf_registry_result_t; #endif /** @@ -38,7 +28,7 @@ typedef _Return_type_success_(return == EBPF_SUCCESS) uint32_t ebpf_registry_res * * @returns Status of the operation. */ -uint32_t +ebpf_result_t ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key); /** @@ -49,7 +39,7 @@ ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provi * * @return Status of the operation. */ -__return_type +ebpf_result_t ebpf_store_update_helper_prototype( ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); @@ -61,7 +51,7 @@ ebpf_store_update_helper_prototype( * * @returns Status of the operation. */ -__return_type +ebpf_result_t ebpf_store_update_section_information( _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count); @@ -73,7 +63,7 @@ ebpf_store_update_section_information( * * @returns Status of the operation. */ -__return_type +ebpf_result_t ebpf_store_update_program_information( _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count); @@ -85,6 +75,6 @@ ebpf_store_update_program_information( * * @returns Status of the operation. */ -__return_type +ebpf_result_t ebpf_store_update_global_helper_information( - _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); \ No newline at end of file + _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index e81e4f89d4..c5a6a5a104 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -11,25 +11,34 @@ #include "ebpf_store_helper.h" #include "ebpf_windows.h" -uint32_t +#ifndef USER_MODE +#define _EBPF_RESULT(x) (NT_SUCCESS(x) ? EBPF_SUCCESS : EBPF_FAILED) +#else +#define _EBPF_RESULT(x) win32_error_code_to_ebpf_result(x) +#endif + +#define IS_SUCCESS(x) (x == EBPF_SUCCESS) + +ebpf_result_t ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key) { - __return_type status = _SUCCESS; + ebpf_result_t status = EBPF_SUCCESS; ebpf_registry_key_t root_key = NULL; *provider_key = NULL; // Open (or create) root eBPF registry path. #ifdef USER_MODE - status = create_registry_key(ebpf_root_registry_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); + status = + _EBPF_RESULT(create_registry_key(ebpf_root_registry_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key)); #else - status = create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); + status = _EBPF_RESULT(create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key)); #endif if (!IS_SUCCESS(status)) { goto Exit; } // Open (or create) program data registry path. - status = create_registry_key(root_key, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, provider_key); + status = _EBPF_RESULT(create_registry_key(root_key, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, provider_key)); if (!IS_SUCCESS(status)) { goto Exit; } @@ -39,16 +48,17 @@ ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provi return status; } -__return_type +ebpf_result_t ebpf_store_update_helper_prototype( ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info) { - __return_type status = _SUCCESS; + ebpf_result_t status = EBPF_SUCCESS; uint32_t offset; ebpf_registry_key_t helper_function_key = NULL; char serialized_data[sizeof(ebpf_helper_function_prototype_t)] = {0}; - status = create_registry_key_ansi(helper_info_key, helper_info->name, REG_CREATE_FLAGS, &helper_function_key); + status = _EBPF_RESULT( + create_registry_key_ansi(helper_info_key, helper_info->name, REG_CREATE_FLAGS, &helper_function_key)); if (!IS_SUCCESS(status)) { goto Exit; } @@ -65,8 +75,8 @@ ebpf_store_update_helper_prototype( offset += sizeof(helper_info->arguments); // Save the helper prototype data. - status = write_registry_value_binary( - helper_function_key, EBPF_HELPER_DATA_PROTOTYPE, (uint8_t*)&serialized_data[0], offset); + status = _EBPF_RESULT(write_registry_value_binary( + helper_function_key, EBPF_HELPER_DATA_PROTOTYPE, (uint8_t*)&serialized_data[0], offset)); if (!IS_SUCCESS(status)) { goto Exit; } @@ -85,11 +95,11 @@ ebpf_store_update_helper_prototype( * * @returns Status of the operation. */ -__return_type +ebpf_result_t ebpf_store_update_section_information( _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count) { - __return_type status = _SUCCESS; + ebpf_result_t status = EBPF_SUCCESS; ebpf_registry_key_t provider_key = NULL; ebpf_registry_key_t section_info_key = NULL; @@ -104,7 +114,8 @@ ebpf_store_update_section_information( } // Open (or create) section data key. - status = create_registry_key(provider_key, EBPF_SECTIONS_REGISTRY_PATH, REG_CREATE_FLAGS, §ion_info_key); + status = _EBPF_RESULT( + create_registry_key(provider_key, EBPF_SECTIONS_REGISTRY_PATH, REG_CREATE_FLAGS, §ion_info_key)); if (!IS_SUCCESS(status)) { goto Exit; } @@ -113,42 +124,45 @@ ebpf_store_update_section_information( ebpf_registry_key_t section_key = NULL; // Open or create the registry path. - status = create_registry_key(section_info_key, section_info[i].section_name, REG_CREATE_FLAGS, §ion_key); + status = _EBPF_RESULT( + create_registry_key(section_info_key, section_info[i].section_name, REG_CREATE_FLAGS, §ion_key)); if (!IS_SUCCESS(status)) { goto Exit; } // Save program type. - status = write_registry_value_binary( + status = _EBPF_RESULT(write_registry_value_binary( section_key, EBPF_SECTION_DATA_PROGRAM_TYPE, (uint8_t*)section_info[i].program_type, - sizeof(ebpf_program_type_t)); + sizeof(ebpf_program_type_t))); if (!IS_SUCCESS(status)) { close_registry_key(section_key); goto Exit; } // Save attach type. - status = write_registry_value_binary( + status = _EBPF_RESULT(write_registry_value_binary( section_key, EBPF_SECTION_DATA_ATTACH_TYPE, (uint8_t*)section_info[i].attach_type, - sizeof(ebpf_attach_type_t)); + sizeof(ebpf_attach_type_t))); if (!IS_SUCCESS(status)) { close_registry_key(section_key); goto Exit; } // Save bpf_prog_type. - status = write_registry_value_dword(section_key, EBPF_DATA_BPF_PROG_TYPE, section_info[i].bpf_program_type); + status = _EBPF_RESULT( + write_registry_value_dword(section_key, EBPF_DATA_BPF_PROG_TYPE, section_info[i].bpf_program_type)); if (!IS_SUCCESS(status)) { close_registry_key(section_key); goto Exit; } // Save bpf_attach_type. - status = write_registry_value_dword(section_key, EBPF_DATA_BPF_ATTACH_TYPE, section_info[i].bpf_attach_type); + status = _EBPF_RESULT( + write_registry_value_dword(section_key, EBPF_DATA_BPF_ATTACH_TYPE, section_info[i].bpf_attach_type)); if (!IS_SUCCESS(status)) { close_registry_key(section_key); goto Exit; @@ -172,11 +186,11 @@ ebpf_store_update_section_information( * * @returns Status of the operation. */ -__return_type +ebpf_result_t ebpf_store_update_program_information( _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count) { - __return_type status = _SUCCESS; + ebpf_result_t status = EBPF_SUCCESS; ebpf_registry_key_t provider_key = NULL; ebpf_registry_key_t program_info_key = NULL; @@ -191,7 +205,8 @@ ebpf_store_update_program_information( } // Open (or create) program data registry path. - status = create_registry_key(provider_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, REG_CREATE_FLAGS, &program_info_key); + status = _EBPF_RESULT( + create_registry_key(provider_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, REG_CREATE_FLAGS, &program_info_key)); if (!IS_SUCCESS(status)) { goto Exit; } @@ -202,55 +217,55 @@ ebpf_store_update_program_information( // Convert program type GUID to string. wchar_t guid_string[GUID_STRING_LENGTH + 1]; - status = convert_guid_to_string( - &program_info[i].program_type_descriptor.program_type, guid_string, GUID_STRING_LENGTH + 1); - if (status != _SUCCESS) { + status = _EBPF_RESULT(convert_guid_to_string( + &program_info[i].program_type_descriptor.program_type, guid_string, GUID_STRING_LENGTH + 1)); + if (!IS_SUCCESS(status)) { return status; } - status = create_registry_key(program_info_key, guid_string, REG_CREATE_FLAGS, &program_key); + status = _EBPF_RESULT(create_registry_key(program_info_key, guid_string, REG_CREATE_FLAGS, &program_key)); if (!IS_SUCCESS(status)) { goto Exit; } // Save the friendly program type name. - status = write_registry_value_ansi_string( - program_key, EBPF_PROGRAM_DATA_NAME, program_info[i].program_type_descriptor.name); + status = _EBPF_RESULT(write_registry_value_ansi_string( + program_key, EBPF_PROGRAM_DATA_NAME, program_info[i].program_type_descriptor.name)); if (!IS_SUCCESS(status)) { close_registry_key(program_key); goto Exit; } // Save context descriptor. - status = write_registry_value_binary( + status = _EBPF_RESULT(write_registry_value_binary( program_key, EBPF_PROGRAM_DATA_CONTEXT_DESCRIPTOR, (uint8_t*)program_info[i].program_type_descriptor.context_descriptor, - sizeof(ebpf_context_descriptor_t)); + sizeof(ebpf_context_descriptor_t))); if (!IS_SUCCESS(status)) { close_registry_key(program_key); goto Exit; } // Save bpf_prog_type. - status = write_registry_value_dword( - program_key, EBPF_DATA_BPF_PROG_TYPE, program_info[i].program_type_descriptor.bpf_prog_type); + status = _EBPF_RESULT(write_registry_value_dword( + program_key, EBPF_DATA_BPF_PROG_TYPE, program_info[i].program_type_descriptor.bpf_prog_type)); if (!IS_SUCCESS(status)) { close_registry_key(program_key); goto Exit; } // Save "is_privileged". - status = write_registry_value_dword( - program_key, EBPF_PROGRAM_DATA_PRIVILEGED, program_info[i].program_type_descriptor.is_privileged); + status = _EBPF_RESULT(write_registry_value_dword( + program_key, EBPF_PROGRAM_DATA_PRIVILEGED, program_info[i].program_type_descriptor.is_privileged)); if (!IS_SUCCESS(status)) { close_registry_key(program_key); goto Exit; } // Save helper count. - status = write_registry_value_dword( - program_key, EBPF_PROGRAM_DATA_HELPER_COUNT, program_info[i].count_of_program_type_specific_helpers); + status = _EBPF_RESULT(write_registry_value_dword( + program_key, EBPF_PROGRAM_DATA_HELPER_COUNT, program_info[i].count_of_program_type_specific_helpers)); if (!IS_SUCCESS(status)) { close_registry_key(program_key); goto Exit; @@ -258,8 +273,8 @@ ebpf_store_update_program_information( if (program_info[i].count_of_program_type_specific_helpers != 0) { // Create (or open) helper registry path. - status = create_registry_key( - program_key, EBPF_PROGRAM_DATA_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key); + status = _EBPF_RESULT(create_registry_key( + program_key, EBPF_PROGRAM_DATA_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key)); if (!IS_SUCCESS(status)) { close_registry_key(program_key); goto Exit; @@ -296,11 +311,11 @@ ebpf_store_update_program_information( * * @returns Status of the operation. */ -__return_type +ebpf_result_t ebpf_store_update_global_helper_information( _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count) { - __return_type status = _SUCCESS; + ebpf_result_t status = EBPF_SUCCESS; ebpf_registry_key_t provider_key = NULL; ebpf_registry_key_t helper_info_key = NULL; @@ -315,7 +330,8 @@ ebpf_store_update_global_helper_information( } // Open (or create) global helpers registry path. - status = create_registry_key(provider_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key); + status = _EBPF_RESULT( + create_registry_key(provider_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key)); if (!IS_SUCCESS(status)) { goto Exit; } diff --git a/libs/store_helper/kernel/ebpf_registry_helper_km.h b/libs/store_helper/kernel/ebpf_registry_helper_km.h index 3554608094..d43f5a1587 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper_km.h +++ b/libs/store_helper/kernel/ebpf_registry_helper_km.h @@ -10,40 +10,31 @@ #endif #define REG_CREATE_FLAGS 0 -#ifdef __cplusplus -extern "C" -{ -#endif - - NTSTATUS - convert_guid_to_string( - _In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length); +typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; - void - close_registry_key(ebpf_registry_key_t key); +NTSTATUS +convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length); - _Must_inspect_result_ ebpf_registry_result_t - write_registry_value_binary( - ebpf_registry_key_t key, - _In_z_ const wchar_t* value_name, - _In_reads_(value_size) uint8_t* value, - size_t value_size); +void +close_registry_key(ebpf_registry_key_t key); - _Must_inspect_result_ ebpf_registry_result_t - write_registry_value_ansi_string( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); +_Must_inspect_result_ ebpf_registry_result_t +write_registry_value_binary( + ebpf_registry_key_t key, + _In_z_ const wchar_t* value_name, + _In_reads_(value_size) uint8_t* value, + size_t value_size); - _Must_inspect_result_ ebpf_registry_result_t - write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); +_Must_inspect_result_ ebpf_registry_result_t +write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); - _Must_inspect_result_ ebpf_registry_result_t - create_registry_key( - ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); +_Must_inspect_result_ ebpf_registry_result_t +write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); - _Must_inspect_result_ ebpf_registry_result_t - create_registry_key_ansi( - ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); +_Must_inspect_result_ ebpf_registry_result_t +create_registry_key( + ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); -#ifdef __cplusplus -} /* extern "C" */ -#endif \ No newline at end of file +_Must_inspect_result_ ebpf_registry_result_t +create_registry_key_ansi( + ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_registry_helper_um.h b/libs/store_helper/user/ebpf_registry_helper_um.h index 1e6aa1c652..f6c5a2d904 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.h +++ b/libs/store_helper/user/ebpf_registry_helper_um.h @@ -9,6 +9,7 @@ #define REG_OPEN_FLAGS (DELETE | KEY_READ) extern ebpf_registry_key_t ebpf_root_registry_key; +typedef _Return_type_success_(return == EBPF_SUCCESS) uint32_t ebpf_registry_result_t; void close_registry_key(ebpf_registry_key_t key); From 836e0a7a1a45e8e37d11229d430d718bb0f737d3 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 26 Jul 2023 16:40:42 -0700 Subject: [PATCH 34/60] replace ebpf_registry_result_t with ebpf_result_t --- libs/api_common/store_helper_internal.cpp | 124 ++++++++---------- libs/store_helper/ebpf_store_helper.c | 76 +++++------ .../kernel/ebpf_registry_helper_km.c | 35 +++-- .../kernel/ebpf_registry_helper_km.h | 14 +- .../user/ebpf_registry_helper_um.cpp | 96 +++++++------- .../user/ebpf_registry_helper_um.h | 28 ++-- 6 files changed, 169 insertions(+), 204 deletions(-) diff --git a/libs/api_common/store_helper_internal.cpp b/libs/api_common/store_helper_internal.cpp index 8727ffd295..4cd2c5270e 100644 --- a/libs/api_common/store_helper_internal.cpp +++ b/libs/api_common/store_helper_internal.cpp @@ -14,14 +14,15 @@ ebpf_registry_key_t root_registry_key_local_machine = HKEY_LOCAL_MACHINE; // TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE ebpf_registry_key_t ebpf_root_registry_key = HKEY_CURRENT_USER; -static uint32_t +static ebpf_result_t _open_ebpf_store_key(_Out_ ebpf_registry_key_t* store_key) { // Open root registry path. *store_key = nullptr; // First try to open the HKCU registry key. - uint32_t result = open_registry_key(root_registry_key_current_user, EBPF_STORE_REGISTRY_PATH, KEY_READ, store_key); + ebpf_result_t result = + open_registry_key(root_registry_key_current_user, EBPF_STORE_REGISTRY_PATH, KEY_READ, store_key); if (result != ERROR_SUCCESS) { // Failed to open ebpf store path in HKCU. Fall back to HKLM. result = open_registry_key(root_registry_key_local_machine, EBPF_STORE_REGISTRY_PATH, KEY_READ, store_key); @@ -110,9 +111,9 @@ _load_program_data_information( *program_info = nullptr; try { - status = + result = open_registry_key(program_data_key, program_type_string, KEY_READ, (ebpf_registry_key_t*)&program_info_key); - if (status != ERROR_SUCCESS) { + if (result != EBPF_SUCCESS) { // Registry path is not present. result = EBPF_FILE_NOT_FOUND; goto Exit; @@ -124,16 +125,14 @@ _load_program_data_information( goto Exit; } - status = convert_string_to_guid(program_type_string, program_type); - if (status != ERROR_SUCCESS) { - result = win32_error_code_to_ebpf_result(status); + result = convert_string_to_guid(program_type_string, program_type); + if (result != EBPF_SUCCESS) { goto Exit; } // Read the friendly program type name. - status = read_registry_value_string(program_info_key, EBPF_PROGRAM_DATA_NAME, &program_type_name); - if (status != ERROR_SUCCESS) { - result = win32_error_code_to_ebpf_result(status); + result = read_registry_value_string(program_info_key, EBPF_PROGRAM_DATA_NAME, &program_type_name); + if (result != EBPF_SUCCESS) { goto Exit; } @@ -143,34 +142,30 @@ _load_program_data_information( result = EBPF_NO_MEMORY; goto Exit; } - status = read_registry_value_binary( + result = read_registry_value_binary( program_info_key, EBPF_PROGRAM_DATA_CONTEXT_DESCRIPTOR, (uint8_t*)descriptor, sizeof(ebpf_context_descriptor_t)); - if (status != ERROR_SUCCESS) { - result = win32_error_code_to_ebpf_result(status); + if (result != EBPF_SUCCESS) { goto Exit; } // Read "is_privileged". - status = read_registry_value_dword(program_info_key, EBPF_PROGRAM_DATA_PRIVILEGED, &is_privileged); - if (status != ERROR_SUCCESS) { - result = win32_error_code_to_ebpf_result(status); + result = read_registry_value_dword(program_info_key, EBPF_PROGRAM_DATA_PRIVILEGED, &is_privileged); + if (result != EBPF_SUCCESS) { goto Exit; } // Read bpf program type. - status = read_registry_value_dword(program_info_key, EBPF_DATA_BPF_PROG_TYPE, &bpf_program_type); - if (status != ERROR_SUCCESS) { - result = win32_error_code_to_ebpf_result(status); + result = read_registry_value_dword(program_info_key, EBPF_DATA_BPF_PROG_TYPE, &bpf_program_type); + if (result != EBPF_SUCCESS) { goto Exit; } // Read helper count. - status = read_registry_value_dword(program_info_key, EBPF_PROGRAM_DATA_HELPER_COUNT, &helper_count); - if (status != ERROR_SUCCESS) { - result = win32_error_code_to_ebpf_result(status); + result = read_registry_value_dword(program_info_key, EBPF_PROGRAM_DATA_HELPER_COUNT, &helper_count); + if (result != EBPF_SUCCESS) { goto Exit; } @@ -312,21 +307,19 @@ ebpf_store_load_program_information( *program_info = nullptr; *program_info_count = 0; - status = _open_ebpf_store_key(&store_key); - if (status != ERROR_SUCCESS) { - if (status != ERROR_FILE_NOT_FOUND) { - result = win32_error_code_to_ebpf_result(status); + result = _open_ebpf_store_key(&store_key); + if (result != EBPF_SUCCESS) { + if (result != EBPF_FILE_NOT_FOUND) { __analysis_assume(result != EBPF_SUCCESS); } goto Exit; } // Open program data registry path. - status = open_registry_key( + result = open_registry_key( store_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, KEY_READ, (ebpf_registry_key_t*)&program_data_key); - if (status != ERROR_SUCCESS) { - if (status != ERROR_FILE_NOT_FOUND) { - result = win32_error_code_to_ebpf_result(status); + if (result != EBPF_SUCCESS) { + if (result != EBPF_FILE_NOT_FOUND) { __analysis_assume(result != EBPF_SUCCESS); } goto Exit; @@ -401,7 +394,6 @@ _load_section_data_information( _In_z_ const wchar_t* section_name, _Outptr_ ebpf_section_definition_t** section_info) noexcept { - int32_t status; ebpf_result_t result = EBPF_SUCCESS; HKEY section_info_key = nullptr; ebpf_program_type_t* program_type = nullptr; @@ -412,8 +404,8 @@ _load_section_data_information( ebpf_section_definition_t* section_information = nullptr; try { - status = open_registry_key(section_data_key, section_name, KEY_READ, (ebpf_registry_key_t*)§ion_info_key); - if (status != ERROR_SUCCESS) { + result = open_registry_key(section_data_key, section_name, KEY_READ, (ebpf_registry_key_t*)§ion_info_key); + if (result != EBPF_SUCCESS) { // Registry path is not present. result = EBPF_FILE_NOT_FOUND; goto Exit; @@ -432,33 +424,31 @@ _load_section_data_information( } // Read program type. - status = read_registry_value_binary( + result = read_registry_value_binary( section_info_key, EBPF_SECTION_DATA_PROGRAM_TYPE, (uint8_t*)program_type, sizeof(ebpf_program_type_t)); - if (status != ERROR_SUCCESS) { - result = win32_error_code_to_ebpf_result(status); + if (result != EBPF_SUCCESS) { __analysis_assume(result != EBPF_SUCCESS); goto Exit; } // Read attach type. - status = read_registry_value_binary( + result = read_registry_value_binary( section_info_key, EBPF_SECTION_DATA_ATTACH_TYPE, (uint8_t*)attach_type, sizeof(ebpf_attach_type_t)); - if (status != ERROR_SUCCESS) { - result = win32_error_code_to_ebpf_result(status); + if (result != EBPF_SUCCESS) { __analysis_assume(result != EBPF_SUCCESS); goto Exit; } // Read bpf program type. - status = read_registry_value_dword(section_info_key, EBPF_DATA_BPF_PROG_TYPE, (uint32_t*)&bpf_program_type); - if (status != ERROR_SUCCESS) { + result = read_registry_value_dword(section_info_key, EBPF_DATA_BPF_PROG_TYPE, (uint32_t*)&bpf_program_type); + if (result != EBPF_SUCCESS) { bpf_program_type = BPF_PROG_TYPE_UNSPEC; result = EBPF_SUCCESS; } // Read bpf attach type. - status = read_registry_value_dword(section_info_key, EBPF_DATA_BPF_ATTACH_TYPE, (uint32_t*)&bpf_attach_type); - if (status != ERROR_SUCCESS) { + result = read_registry_value_dword(section_info_key, EBPF_DATA_BPF_ATTACH_TYPE, (uint32_t*)&bpf_attach_type); + if (result != EBPF_SUCCESS) { bpf_attach_type = BPF_ATTACH_TYPE_UNSPEC; result = EBPF_SUCCESS; } @@ -518,10 +508,9 @@ ebpf_store_load_section_information( *section_info = nullptr; *section_info_count = 0; - status = _open_ebpf_store_key(&store_key); - if (status != ERROR_SUCCESS) { - if (status != ERROR_FILE_NOT_FOUND) { - result = win32_error_code_to_ebpf_result(status); + result = _open_ebpf_store_key(&store_key); + if (result != EBPF_SUCCESS) { + if (result != EBPF_FILE_NOT_FOUND) { __analysis_assume(result != EBPF_SUCCESS); } goto Exit; @@ -617,21 +606,19 @@ ebpf_store_load_global_helper_information( *global_helper_info = nullptr; *global_helper_info_count = 0; - status = _open_ebpf_store_key(&store_key); - if (status != ERROR_SUCCESS) { - if (status != ERROR_FILE_NOT_FOUND) { - result = win32_error_code_to_ebpf_result(status); + result = _open_ebpf_store_key(&store_key); + if (result != EBPF_SUCCESS) { + if (result != EBPF_FILE_NOT_FOUND) { __analysis_assume(result != EBPF_SUCCESS); } goto Exit; } // Open program data registry path. - status = open_registry_key( + result = open_registry_key( store_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, KEY_READ, (ebpf_registry_key_t*)&global_helpers_key); - if (status != ERROR_SUCCESS) { - if (status != ERROR_FILE_NOT_FOUND) { - result = win32_error_code_to_ebpf_result(status); + if (result != EBPF_SUCCESS) { + if (result != EBPF_FILE_NOT_FOUND) { __analysis_assume(result != EBPF_SUCCESS); } goto Exit; @@ -722,43 +709,36 @@ ebpf_store_clear(_In_ const ebpf_registry_key_t root_key_path) { ebpf_registry_key_t root_handle = {0}; ebpf_registry_key_t provider_handle = {0}; - uint32_t status; ebpf_result_t result = EBPF_FAILED; // Open root registry key. - status = open_registry_key(root_key_path, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_handle); - if (status != ERROR_SUCCESS) { - if (status == ERROR_FILE_NOT_FOUND) { + result = open_registry_key(root_key_path, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_handle); + if (result != EBPF_SUCCESS) { + if (result == EBPF_FILE_NOT_FOUND) { result = EBPF_SUCCESS; - } else { - result = win32_error_code_to_ebpf_result(status); } goto Exit; } // Open "providers" registry key. - status = open_registry_key(root_handle, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, &provider_handle); - if (status != ERROR_SUCCESS) { - if (status == ERROR_FILE_NOT_FOUND) { + result = open_registry_key(root_handle, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, &provider_handle); + if (result != EBPF_SUCCESS) { + if (result == EBPF_FILE_NOT_FOUND) { result = EBPF_SUCCESS; - } else { - result = win32_error_code_to_ebpf_result(status); } goto Exit; } // Delete subtree of provider reg key. - status = delete_registry_tree(provider_handle, NULL); - if (status != ERROR_SUCCESS) { - result = win32_error_code_to_ebpf_result(status); + result = delete_registry_tree(provider_handle, NULL); + if (result != EBPF_SUCCESS) { goto Exit; } close_registry_key(provider_handle); provider_handle = nullptr; - status = delete_registry_key(root_handle, EBPF_PROVIDERS_REGISTRY_PATH); - if (status != ERROR_SUCCESS) { - result = win32_error_code_to_ebpf_result(status); + result = delete_registry_key(root_handle, EBPF_PROVIDERS_REGISTRY_PATH); + if (result != EBPF_SUCCESS) { goto Exit; } diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index c5a6a5a104..f5ff619064 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -11,12 +11,6 @@ #include "ebpf_store_helper.h" #include "ebpf_windows.h" -#ifndef USER_MODE -#define _EBPF_RESULT(x) (NT_SUCCESS(x) ? EBPF_SUCCESS : EBPF_FAILED) -#else -#define _EBPF_RESULT(x) win32_error_code_to_ebpf_result(x) -#endif - #define IS_SUCCESS(x) (x == EBPF_SUCCESS) ebpf_result_t @@ -28,17 +22,16 @@ ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provi // Open (or create) root eBPF registry path. #ifdef USER_MODE - status = - _EBPF_RESULT(create_registry_key(ebpf_root_registry_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key)); + status = create_registry_key(ebpf_root_registry_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); #else - status = _EBPF_RESULT(create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key)); + status = create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); #endif if (!IS_SUCCESS(status)) { goto Exit; } // Open (or create) program data registry path. - status = _EBPF_RESULT(create_registry_key(root_key, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, provider_key)); + status = create_registry_key(root_key, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, provider_key); if (!IS_SUCCESS(status)) { goto Exit; } @@ -57,8 +50,7 @@ ebpf_store_update_helper_prototype( ebpf_registry_key_t helper_function_key = NULL; char serialized_data[sizeof(ebpf_helper_function_prototype_t)] = {0}; - status = _EBPF_RESULT( - create_registry_key_ansi(helper_info_key, helper_info->name, REG_CREATE_FLAGS, &helper_function_key)); + status = create_registry_key_ansi(helper_info_key, helper_info->name, REG_CREATE_FLAGS, &helper_function_key); if (!IS_SUCCESS(status)) { goto Exit; } @@ -75,8 +67,8 @@ ebpf_store_update_helper_prototype( offset += sizeof(helper_info->arguments); // Save the helper prototype data. - status = _EBPF_RESULT(write_registry_value_binary( - helper_function_key, EBPF_HELPER_DATA_PROTOTYPE, (uint8_t*)&serialized_data[0], offset)); + status = write_registry_value_binary( + helper_function_key, EBPF_HELPER_DATA_PROTOTYPE, (uint8_t*)&serialized_data[0], offset); if (!IS_SUCCESS(status)) { goto Exit; } @@ -114,8 +106,7 @@ ebpf_store_update_section_information( } // Open (or create) section data key. - status = _EBPF_RESULT( - create_registry_key(provider_key, EBPF_SECTIONS_REGISTRY_PATH, REG_CREATE_FLAGS, §ion_info_key)); + status = create_registry_key(provider_key, EBPF_SECTIONS_REGISTRY_PATH, REG_CREATE_FLAGS, §ion_info_key); if (!IS_SUCCESS(status)) { goto Exit; } @@ -124,45 +115,42 @@ ebpf_store_update_section_information( ebpf_registry_key_t section_key = NULL; // Open or create the registry path. - status = _EBPF_RESULT( - create_registry_key(section_info_key, section_info[i].section_name, REG_CREATE_FLAGS, §ion_key)); + status = create_registry_key(section_info_key, section_info[i].section_name, REG_CREATE_FLAGS, §ion_key); if (!IS_SUCCESS(status)) { goto Exit; } // Save program type. - status = _EBPF_RESULT(write_registry_value_binary( + status = write_registry_value_binary( section_key, EBPF_SECTION_DATA_PROGRAM_TYPE, (uint8_t*)section_info[i].program_type, - sizeof(ebpf_program_type_t))); + sizeof(ebpf_program_type_t)); if (!IS_SUCCESS(status)) { close_registry_key(section_key); goto Exit; } // Save attach type. - status = _EBPF_RESULT(write_registry_value_binary( + status = write_registry_value_binary( section_key, EBPF_SECTION_DATA_ATTACH_TYPE, (uint8_t*)section_info[i].attach_type, - sizeof(ebpf_attach_type_t))); + sizeof(ebpf_attach_type_t)); if (!IS_SUCCESS(status)) { close_registry_key(section_key); goto Exit; } // Save bpf_prog_type. - status = _EBPF_RESULT( - write_registry_value_dword(section_key, EBPF_DATA_BPF_PROG_TYPE, section_info[i].bpf_program_type)); + status = write_registry_value_dword(section_key, EBPF_DATA_BPF_PROG_TYPE, section_info[i].bpf_program_type); if (!IS_SUCCESS(status)) { close_registry_key(section_key); goto Exit; } // Save bpf_attach_type. - status = _EBPF_RESULT( - write_registry_value_dword(section_key, EBPF_DATA_BPF_ATTACH_TYPE, section_info[i].bpf_attach_type)); + status = write_registry_value_dword(section_key, EBPF_DATA_BPF_ATTACH_TYPE, section_info[i].bpf_attach_type); if (!IS_SUCCESS(status)) { close_registry_key(section_key); goto Exit; @@ -205,8 +193,7 @@ ebpf_store_update_program_information( } // Open (or create) program data registry path. - status = _EBPF_RESULT( - create_registry_key(provider_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, REG_CREATE_FLAGS, &program_info_key)); + status = create_registry_key(provider_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, REG_CREATE_FLAGS, &program_info_key); if (!IS_SUCCESS(status)) { goto Exit; } @@ -217,55 +204,55 @@ ebpf_store_update_program_information( // Convert program type GUID to string. wchar_t guid_string[GUID_STRING_LENGTH + 1]; - status = _EBPF_RESULT(convert_guid_to_string( - &program_info[i].program_type_descriptor.program_type, guid_string, GUID_STRING_LENGTH + 1)); + status = convert_guid_to_string( + &program_info[i].program_type_descriptor.program_type, guid_string, GUID_STRING_LENGTH + 1); if (!IS_SUCCESS(status)) { return status; } - status = _EBPF_RESULT(create_registry_key(program_info_key, guid_string, REG_CREATE_FLAGS, &program_key)); + status = create_registry_key(program_info_key, guid_string, REG_CREATE_FLAGS, &program_key); if (!IS_SUCCESS(status)) { goto Exit; } // Save the friendly program type name. - status = _EBPF_RESULT(write_registry_value_ansi_string( - program_key, EBPF_PROGRAM_DATA_NAME, program_info[i].program_type_descriptor.name)); + status = write_registry_value_ansi_string( + program_key, EBPF_PROGRAM_DATA_NAME, program_info[i].program_type_descriptor.name); if (!IS_SUCCESS(status)) { close_registry_key(program_key); goto Exit; } // Save context descriptor. - status = _EBPF_RESULT(write_registry_value_binary( + status = write_registry_value_binary( program_key, EBPF_PROGRAM_DATA_CONTEXT_DESCRIPTOR, (uint8_t*)program_info[i].program_type_descriptor.context_descriptor, - sizeof(ebpf_context_descriptor_t))); + sizeof(ebpf_context_descriptor_t)); if (!IS_SUCCESS(status)) { close_registry_key(program_key); goto Exit; } // Save bpf_prog_type. - status = _EBPF_RESULT(write_registry_value_dword( - program_key, EBPF_DATA_BPF_PROG_TYPE, program_info[i].program_type_descriptor.bpf_prog_type)); + status = write_registry_value_dword( + program_key, EBPF_DATA_BPF_PROG_TYPE, program_info[i].program_type_descriptor.bpf_prog_type); if (!IS_SUCCESS(status)) { close_registry_key(program_key); goto Exit; } // Save "is_privileged". - status = _EBPF_RESULT(write_registry_value_dword( - program_key, EBPF_PROGRAM_DATA_PRIVILEGED, program_info[i].program_type_descriptor.is_privileged)); + status = write_registry_value_dword( + program_key, EBPF_PROGRAM_DATA_PRIVILEGED, program_info[i].program_type_descriptor.is_privileged); if (!IS_SUCCESS(status)) { close_registry_key(program_key); goto Exit; } // Save helper count. - status = _EBPF_RESULT(write_registry_value_dword( - program_key, EBPF_PROGRAM_DATA_HELPER_COUNT, program_info[i].count_of_program_type_specific_helpers)); + status = write_registry_value_dword( + program_key, EBPF_PROGRAM_DATA_HELPER_COUNT, program_info[i].count_of_program_type_specific_helpers); if (!IS_SUCCESS(status)) { close_registry_key(program_key); goto Exit; @@ -273,8 +260,8 @@ ebpf_store_update_program_information( if (program_info[i].count_of_program_type_specific_helpers != 0) { // Create (or open) helper registry path. - status = _EBPF_RESULT(create_registry_key( - program_key, EBPF_PROGRAM_DATA_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key)); + status = create_registry_key( + program_key, EBPF_PROGRAM_DATA_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key); if (!IS_SUCCESS(status)) { close_registry_key(program_key); goto Exit; @@ -330,8 +317,7 @@ ebpf_store_update_global_helper_information( } // Open (or create) global helpers registry path. - status = _EBPF_RESULT( - create_registry_key(provider_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key)); + status = create_registry_key(provider_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key); if (!IS_SUCCESS(status)) { goto Exit; } diff --git a/libs/store_helper/kernel/ebpf_registry_helper_km.c b/libs/store_helper/kernel/ebpf_registry_helper_km.c index afa09ae0a9..51b832ea02 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper_km.c +++ b/libs/store_helper/kernel/ebpf_registry_helper_km.c @@ -3,18 +3,20 @@ #include "ebpf_registry_helper_km.h" -NTSTATUS +#define _EBPF_RESULT(x) (NT_SUCCESS(x) ? EBPF_SUCCESS : EBPF_FAILED) + +ebpf_result_t convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length) { UNICODE_STRING unicode_string = {0}; - NTSTATUS status = RtlStringFromGUID(guid, &unicode_string); - if (status != STATUS_SUCCESS) { + ebpf_result_t result = _EBPF_RESULT(RtlStringFromGUID(guid, &unicode_string)); + if (result != EBPF_SUCCESS) { goto Exit; } if (string_length < GUID_STRING_LENGTH + 1) { - status = STATUS_BUFFER_TOO_SMALL; + result = EBPF_INSUFFICIENT_BUFFER; goto Exit; } @@ -29,7 +31,7 @@ convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wc if (unicode_string.Buffer != NULL) { RtlFreeUnicodeString(&unicode_string); } - return status; + return result; } void @@ -40,17 +42,17 @@ close_registry_key(ebpf_registry_key_t key) } } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t write_registry_value_binary( ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) { UNICODE_STRING unicode_value_name; RtlInitUnicodeString(&unicode_value_name, value_name); - return ZwSetValueKey(key, &unicode_value_name, 0, REG_BINARY, value, (ULONG)value_size); + return _EBPF_RESULT(ZwSetValueKey(key, &unicode_value_name, 0, REG_BINARY, value, (ULONG)value_size)); } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) { NTSTATUS status; @@ -70,22 +72,21 @@ write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* RtlFreeUnicodeString(&unicode_value); Exit: - return status; + return _EBPF_RESULT(status); } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) { UNICODE_STRING unicode_name; RtlInitUnicodeString(&unicode_name, value_name); - return ZwSetValueKey(key, &unicode_name, 0, REG_DWORD, &value, sizeof(uint32_t)); + return _EBPF_RESULT(ZwSetValueKey(key, &unicode_name, 0, REG_DWORD, &value, sizeof(uint32_t))); } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t create_registry_key( ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) { - NTSTATUS status = STATUS_SUCCESS; UNICODE_STRING registry_path; OBJECT_ATTRIBUTES object_attributes = {0}; @@ -95,12 +96,10 @@ create_registry_key( InitializeObjectAttributes( &object_attributes, ®istry_path, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, root_key, NULL); - status = ZwCreateKey(key, KEY_WRITE, &object_attributes, 0, NULL, REG_OPTION_NON_VOLATILE, NULL); - - return status; + return _EBPF_RESULT(ZwCreateKey(key, KEY_WRITE, &object_attributes, 0, NULL, REG_OPTION_NON_VOLATILE, NULL)); } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t create_registry_key_ansi( ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) { @@ -125,5 +124,5 @@ create_registry_key_ansi( RtlFreeUnicodeString(®istry_path); Exit: - return status; + return _EBPF_RESULT(status); } diff --git a/libs/store_helper/kernel/ebpf_registry_helper_km.h b/libs/store_helper/kernel/ebpf_registry_helper_km.h index d43f5a1587..988a845748 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper_km.h +++ b/libs/store_helper/kernel/ebpf_registry_helper_km.h @@ -10,31 +10,29 @@ #endif #define REG_CREATE_FLAGS 0 -typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t; - -NTSTATUS +ebpf_result_t convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length); void close_registry_key(ebpf_registry_key_t key); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t write_registry_value_binary( ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t create_registry_key( ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t create_registry_key_ansi( ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_registry_helper_um.cpp b/libs/store_helper/user/ebpf_registry_helper_um.cpp index 1e19a3c67c..055ce96fed 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.cpp +++ b/libs/store_helper/user/ebpf_registry_helper_um.cpp @@ -12,6 +12,7 @@ #include #define GUID_STRING_LENGTH 38 // not including the null terminator. +#define _EBPF_RESULT(x) win32_error_code_to_ebpf_result(x) static std::wstring _get_wstring_from_string(std::string text) @@ -30,125 +31,126 @@ close_registry_key(ebpf_registry_key_t key) RegCloseKey(key); } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t write_registry_value_binary( ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) { ebpf_assert(value_name); ebpf_assert(value); - return RegSetValueEx(key, value_name, 0, REG_BINARY, value, (unsigned long)value_size); + return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_BINARY, value, (unsigned long)value_size)); } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t write_registry_value_wide_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const wchar_t* value) { ebpf_assert(value_name); ebpf_assert(value); auto length = (wcslen(value) + 1) * sizeof(wchar_t); - return RegSetValueEx(key, value_name, 0, REG_SZ, (uint8_t*)value, (unsigned long)length); + return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_SZ, (uint8_t*)value, (unsigned long)length)); } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) { - uint32_t result; + ebpf_result_t result; try { auto wide_string = _get_wstring_from_string(value); - result = write_registry_value_wide_string(key, value_name, wide_string.c_str()); + result = _EBPF_RESULT(write_registry_value_wide_string(key, value_name, wide_string.c_str())); } catch (...) { - result = ERROR_NOT_ENOUGH_MEMORY; + result = EBPF_NO_MEMORY; } return result; } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) { ebpf_assert(key); - return RegSetValueEx(key, value_name, 0, REG_DWORD, (PBYTE)&value, sizeof(value)); + return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_DWORD, (PBYTE)&value, sizeof(value))); } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t create_registry_key( ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) { *key = nullptr; if (root_key == nullptr) { - return ERROR_INVALID_PARAMETER; + return EBPF_INVALID_ARGUMENT; } - return RegCreateKeyEx(root_key, sub_key, 0, nullptr, 0, flags, nullptr, key, nullptr); + return _EBPF_RESULT(RegCreateKeyEx(root_key, sub_key, 0, nullptr, 0, flags, nullptr, key, nullptr)); } -_Success_(return == ERROR_SUCCESS) uint32_t open_registry_key( +_Must_inspect_result_ ebpf_result_t +open_registry_key( ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) { ebpf_assert(root_key != nullptr); _Analysis_assume_(root_key != nullptr); - return RegOpenKeyEx(root_key, sub_key, 0, flags, key); + return _EBPF_RESULT(RegOpenKeyEx(root_key, sub_key, 0, flags, key)); } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key) { - return RegDeleteKeyEx(root_key, sub_key, 0, 0); + return _EBPF_RESULT(RegDeleteKeyEx(root_key, sub_key, 0, 0)); } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key) { - return RegDeleteTree(root_key, sub_key); + return _EBPF_RESULT(RegDeleteTree(root_key, sub_key)); } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t create_registry_key_ansi( ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) { - uint32_t result; + ebpf_result_t result; try { auto wide_string = _get_wstring_from_string(sub_key); result = create_registry_key(root_key, wide_string.c_str(), flags, key); } catch (...) { - result = ERROR_NOT_ENOUGH_MEMORY; + result = EBPF_NO_MEMORY; } return result; } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t read_registry_value_string( ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value) { - uint32_t status = ERROR_SUCCESS; + ebpf_result_t status = EBPF_SUCCESS; unsigned long type = REG_SZ; unsigned long value_size = 0; wchar_t* string_value = nullptr; if (value == nullptr) { - return ERROR_INVALID_PARAMETER; + return EBPF_INVALID_ARGUMENT; } *value = nullptr; - status = RegQueryValueEx(key, value_name, 0, &type, nullptr, &value_size); - if (status != ERROR_SUCCESS || type != REG_SZ) { + status = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, nullptr, &value_size)); + if (status != EBPF_SUCCESS || type != REG_SZ) { if (type != REG_SZ) { - status = ERROR_INVALID_PARAMETER; + status = EBPF_INVALID_ARGUMENT; } return status; } string_value = (wchar_t*)ebpf_allocate((value_size + sizeof(wchar_t))); if (string_value == nullptr) { - return ERROR_NOT_ENOUGH_MEMORY; + return EBPF_NO_MEMORY; } memset(string_value, 0, value_size + sizeof(wchar_t)); - status = RegQueryValueEx(key, value_name, 0, &type, (PBYTE)string_value, &value_size); - if (status != ERROR_SUCCESS) { + status = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, (PBYTE)string_value, &value_size)); + if (status != EBPF_SUCCESS) { goto Exit; } @@ -162,29 +164,29 @@ read_registry_value_string( return status; } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value) { unsigned long type = REG_QWORD; unsigned long value_size = sizeof(uint32_t); - return RegQueryValueEx(key, value_name, 0, &type, (PBYTE)value, &value_size); + return _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, (PBYTE)value, &value_size)); } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t read_registry_value_binary( ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_writes_(value_size) uint8_t* value, size_t value_size) { - uint32_t status = NO_ERROR; + ebpf_result_t status = EBPF_SUCCESS; unsigned long type = REG_BINARY; unsigned long local_value_size = (unsigned long)value_size; - status = RegQueryValueEx(key, value_name, 0, &type, value, &local_value_size); - if (status != ERROR_SUCCESS || type != REG_BINARY || local_value_size != value_size) { - if (status != ERROR_SUCCESS) { - status = ERROR_INVALID_PARAMETER; + status = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, value, &local_value_size)); + if (status != EBPF_SUCCESS || type != REG_BINARY || local_value_size != value_size) { + if (status != EBPF_SUCCESS) { + status = EBPF_INVALID_ARGUMENT; } goto Exit; } @@ -193,23 +195,23 @@ read_registry_value_binary( return status; } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size) { - uint32_t status = ERROR_SUCCESS; + ebpf_result_t status = EBPF_SUCCESS; wchar_t* value_name = nullptr; try { *string = 0; if (string_size < GUID_STRING_LENGTH + 1) { - return ERROR_INSUFFICIENT_BUFFER; + return EBPF_INSUFFICIENT_BUFFER; } // Convert program type GUID to string. RPC_STATUS rpc_status = UuidToString(guid, (RPC_WSTR*)&value_name); if (rpc_status != RPC_S_OK) { - return ERROR_INVALID_PARAMETER; + return EBPF_INVALID_ARGUMENT; } std::wstring value_name_string(value_name); @@ -221,16 +223,16 @@ convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wcha memcpy(string, value_name_string.c_str(), GUID_STRING_LENGTH * 2); string[GUID_STRING_LENGTH] = L'\0'; } catch (...) { - status = ERROR_NOT_ENOUGH_MEMORY; + status = EBPF_NO_MEMORY; } return status; } -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid) { - uint32_t status = ERROR_SUCCESS; + ebpf_result_t status = EBPF_SUCCESS; // The UUID string read from registry also contains the opening and closing braces. // Remove those before converting to UUID. @@ -240,7 +242,7 @@ convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid) // Convert program type string to GUID auto rpc_status = UuidFromString((RPC_WSTR)truncated_string, guid); if (rpc_status != RPC_S_OK) { - status = ERROR_INVALID_PARAMETER; + status = EBPF_INVALID_ARGUMENT; } return status; diff --git a/libs/store_helper/user/ebpf_registry_helper_um.h b/libs/store_helper/user/ebpf_registry_helper_um.h index f6c5a2d904..7c77d66482 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.h +++ b/libs/store_helper/user/ebpf_registry_helper_um.h @@ -9,57 +9,57 @@ #define REG_OPEN_FLAGS (DELETE | KEY_READ) extern ebpf_registry_key_t ebpf_root_registry_key; -typedef _Return_type_success_(return == EBPF_SUCCESS) uint32_t ebpf_registry_result_t; void close_registry_key(ebpf_registry_key_t key); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t write_registry_value_binary( ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t create_registry_key( ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); -_Success_(return == ERROR_SUCCESS) uint32_t open_registry_key( +_Must_inspect_result_ ebpf_result_t +open_registry_key( ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t read_registry_value_binary( ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_writes_(value_size) uint8_t* value, size_t value_size); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t create_registry_key_ansi( ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); -_Must_inspect_result_ ebpf_registry_result_t +_Must_inspect_result_ ebpf_result_t read_registry_value_string( ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value); From 6759086f8a76b2813ffa3602d6e9de03d9fa7326 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 26 Jul 2023 16:50:20 -0700 Subject: [PATCH 35/60] update header --- tests/netebpfext_unit/netebpf_ext_helper.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/netebpfext_unit/netebpf_ext_helper.cpp b/tests/netebpfext_unit/netebpf_ext_helper.cpp index 678a9a11f9..cc9f772fad 100644 --- a/tests/netebpfext_unit/netebpf_ext_helper.cpp +++ b/tests/netebpfext_unit/netebpf_ext_helper.cpp @@ -1,7 +1,7 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT -#include "..\libs\store_helper\user\ebpf_registry_helper_um.h" +#include "ebpf_store_helper.h" #include "net_ebpf_ext_sock_addr.h" #include "netebpf_ext_helper.h" From 6de71837d3be82ecb140db98e7a43273ca1dabdd Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 26 Jul 2023 17:49:13 -0700 Subject: [PATCH 36/60] remove cpp wrapper, misc cleanup. --- include/ebpf_store_helper.h | 117 +++++++++-------- .../user/ebpf_registry_helper_um.h | 121 ++++++++++-------- libs/store_helper/user/ebpf_store_helper.cpp | 5 - .../user/ebpf_store_helper_um.vcxproj | 2 +- .../user/ebpf_store_helper_um.vcxproj.filters | 2 +- 5 files changed, 131 insertions(+), 116 deletions(-) delete mode 100644 libs/store_helper/user/ebpf_store_helper.cpp diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index a851c691ba..3333c679fe 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -14,67 +14,76 @@ #define GUID_STRING_LENGTH 38 // not including the null terminator. +#ifdef __cplusplus +extern "C" +{ +#endif + #ifndef USER_MODE -typedef HANDLE ebpf_registry_key_t; + typedef HANDLE ebpf_registry_key_t; #else typedef HKEY ebpf_registry_key_t; extern ebpf_registry_key_t ebpf_root_registry_key; #endif -/** - * @brief Open or create the root of the eBPF registry store. - * - * @param[in] provider_key Pointer to the registry key to be initialized. - * - * @returns Status of the operation. - */ -ebpf_result_t -ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key); + /** + * @brief Open or create the root of the eBPF registry store. + * + * @param[in] provider_key Pointer to the registry key to be initialized. + * + * @returns Status of the operation. + */ + ebpf_result_t + ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key); + + /** + * @brief Update the provider prototype information in the eBPF registry store. + * + * @param[in] helper_info_key Pointer to the registry key to be initialized. + * @param[in] helper_info Pointer to the helper function prototype. + * + * @return Status of the operation. + */ + ebpf_result_t + ebpf_store_update_helper_prototype( + ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); -/** - * @brief Update the provider prototype information in the eBPF registry store. - * - * @param[in] helper_info_key Pointer to the registry key to be initialized. - * @param[in] helper_info Pointer to the helper function prototype. - * - * @return Status of the operation. - */ -ebpf_result_t -ebpf_store_update_helper_prototype( - ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); + /** + * @brief Update section information in eBPF store. + * + * @param[in] section_info Pointer to an array of section information. + * @param[in] section_info_count Count of section information entries. + * + * @returns Status of the operation. + */ + ebpf_result_t + ebpf_store_update_section_information( + _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count); -/** - * @brief Update section information in eBPF store. - * - * @param[in] section_info Pointer to an array of section information. - * @param[in] section_info_count Count of section information entries. - * - * @returns Status of the operation. - */ -ebpf_result_t -ebpf_store_update_section_information( - _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count); + /** + * @brief Update program information in eBPF store. + * + * @param[in] program_info Pointer to an array of program information. + * @param[in] program_info_count Count of program information entries. + * + * @returns Status of the operation. + */ + ebpf_result_t + ebpf_store_update_program_information( + _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count); -/** - * @brief Update program information in eBPF store. - * - * @param[in] program_info Pointer to an array of program information. - * @param[in] program_info_count Count of program information entries. - * - * @returns Status of the operation. - */ -ebpf_result_t -ebpf_store_update_program_information( - _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count); + /** + * @brief Update global helper information in eBPF store. + * + * @param[in] helper_info Pointer to an array of helper function prototypes. + * @param[in] helper_info_count Count of helper function prototypes. + * + * @returns Status of the operation. + */ + ebpf_result_t + ebpf_store_update_global_helper_information( + _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); -/** - * @brief Update global helper information in eBPF store. - * - * @param[in] helper_info Pointer to an array of helper function prototypes. - * @param[in] helper_info_count Count of helper function prototypes. - * - * @returns Status of the operation. - */ -ebpf_result_t -ebpf_store_update_global_helper_information( - _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_registry_helper_um.h b/libs/store_helper/user/ebpf_registry_helper_um.h index 7c77d66482..d52f8c7a7a 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.h +++ b/libs/store_helper/user/ebpf_registry_helper_um.h @@ -8,58 +8,69 @@ #define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ) #define REG_OPEN_FLAGS (DELETE | KEY_READ) -extern ebpf_registry_key_t ebpf_root_registry_key; - -void -close_registry_key(ebpf_registry_key_t key); - -_Must_inspect_result_ ebpf_result_t -write_registry_value_binary( - ebpf_registry_key_t key, - _In_z_ const wchar_t* value_name, - _In_reads_(value_size) uint8_t* value, - size_t value_size); - -_Must_inspect_result_ ebpf_result_t -write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); - -_Must_inspect_result_ ebpf_result_t -write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); - -_Must_inspect_result_ ebpf_result_t -create_registry_key( - ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); - -_Must_inspect_result_ ebpf_result_t -open_registry_key( - ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); - -_Must_inspect_result_ ebpf_result_t -delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key); - -_Must_inspect_result_ ebpf_result_t -delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key); - -_Must_inspect_result_ ebpf_result_t -read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value); - -_Must_inspect_result_ ebpf_result_t -read_registry_value_binary( - ebpf_registry_key_t key, - _In_z_ const wchar_t* value_name, - _Out_writes_(value_size) uint8_t* value, - size_t value_size); - -_Must_inspect_result_ ebpf_result_t -convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size); - -_Must_inspect_result_ ebpf_result_t -convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid); - -_Must_inspect_result_ ebpf_result_t -create_registry_key_ansi( - ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); - -_Must_inspect_result_ ebpf_result_t -read_registry_value_string( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value); +#ifdef __cplusplus +extern "C" +{ +#endif + + void + close_registry_key(ebpf_registry_key_t key); + + _Must_inspect_result_ ebpf_result_t + write_registry_value_binary( + ebpf_registry_key_t key, + _In_z_ const wchar_t* value_name, + _In_reads_(value_size) uint8_t* value, + size_t value_size); + + _Must_inspect_result_ ebpf_result_t + write_registry_value_ansi_string( + ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); + + _Must_inspect_result_ ebpf_result_t + write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); + + _Must_inspect_result_ ebpf_result_t + create_registry_key( + ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); + + _Must_inspect_result_ ebpf_result_t + open_registry_key( + ebpf_registry_key_t root_key, + _In_opt_z_ const wchar_t* sub_key, + uint32_t flags, + _Out_ ebpf_registry_key_t* key); + + _Must_inspect_result_ ebpf_result_t + delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key); + + _Must_inspect_result_ ebpf_result_t + delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key); + + _Must_inspect_result_ ebpf_result_t + read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value); + + _Must_inspect_result_ ebpf_result_t + read_registry_value_binary( + ebpf_registry_key_t key, + _In_z_ const wchar_t* value_name, + _Out_writes_(value_size) uint8_t* value, + size_t value_size); + + _Must_inspect_result_ ebpf_result_t + convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size); + + _Must_inspect_result_ ebpf_result_t + convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid); + + _Must_inspect_result_ ebpf_result_t + create_registry_key_ansi( + ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); + + _Must_inspect_result_ ebpf_result_t + read_registry_value_string( + ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value); + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_store_helper.cpp b/libs/store_helper/user/ebpf_store_helper.cpp deleted file mode 100644 index c3ef732a3f..0000000000 --- a/libs/store_helper/user/ebpf_store_helper.cpp +++ /dev/null @@ -1,5 +0,0 @@ -// Copyright (c) Microsoft Corporation -// SPDX-License-Identifier: MIT - -// Include the same C code as CPP -#include "..\ebpf_store_helper.c" \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_store_helper_um.vcxproj b/libs/store_helper/user/ebpf_store_helper_um.vcxproj index 6a6182062a..e3b7b09824 100644 --- a/libs/store_helper/user/ebpf_store_helper_um.vcxproj +++ b/libs/store_helper/user/ebpf_store_helper_um.vcxproj @@ -91,8 +91,8 @@ + - diff --git a/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters b/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters index ba3b1e4dcc..dfcc6b434d 100644 --- a/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters +++ b/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters @@ -16,7 +16,7 @@ Source Files - + Source Files From 42cb0088cd032a57ca9433e70ba522ccb5e1997e Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 26 Jul 2023 21:49:04 -0700 Subject: [PATCH 37/60] rename um/km registry helpers --- libs/api_common/store_helper_internal.cpp | 2 +- libs/store_helper/ebpf_store_helper.c | 8 +- libs/store_helper/kernel/CMakeLists.txt | 5 +- ...try_helper_km.c => ebpf_registry_helper.c} | 2 +- ...try_helper_km.h => ebpf_registry_helper.h} | 0 .../kernel/ebpf_store_helper_km.vcxproj | 8 +- .../ebpf_store_helper_km.vcxproj.filters | 4 +- libs/store_helper/user/CMakeLists.txt | 5 +- .../user/ebpf_registry_helper.cpp | 249 ++++++++++++++++++ ...try_helper_um.h => ebpf_registry_helper.h} | 0 .../user/ebpf_registry_helper_um.cpp | 2 +- .../user/ebpf_store_helper_um.vcxproj | 8 +- .../user/ebpf_store_helper_um.vcxproj.filters | 4 +- 13 files changed, 271 insertions(+), 26 deletions(-) rename libs/store_helper/kernel/{ebpf_registry_helper_km.c => ebpf_registry_helper.c} (99%) rename libs/store_helper/kernel/{ebpf_registry_helper_km.h => ebpf_registry_helper.h} (100%) create mode 100644 libs/store_helper/user/ebpf_registry_helper.cpp rename libs/store_helper/user/{ebpf_registry_helper_um.h => ebpf_registry_helper.h} (100%) diff --git a/libs/api_common/store_helper_internal.cpp b/libs/api_common/store_helper_internal.cpp index 4cd2c5270e..f896a420ae 100644 --- a/libs/api_common/store_helper_internal.cpp +++ b/libs/api_common/store_helper_internal.cpp @@ -1,7 +1,7 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT -#include "..\libs\store_helper\user\ebpf_registry_helper_um.h" +#include "..\libs\store_helper\user\ebpf_registry_helper.h" #include "ebpf_program_attach_type_guids.h" #include "ebpf_serialize.h" #include "ebpf_store_helper.h" diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index f5ff619064..d601fd9435 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -1,13 +1,7 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT - -#ifndef USER_MODE -#include "kernel\ebpf_registry_helper_km.h" -#else -#include "user\ebpf_registry_helper_um.h" -#endif - #include "ebpf_program_types.h" +#include "ebpf_registry_helper.h" #include "ebpf_store_helper.h" #include "ebpf_windows.h" diff --git a/libs/store_helper/kernel/CMakeLists.txt b/libs/store_helper/kernel/CMakeLists.txt index 77db8305b3..d311d508f6 100644 --- a/libs/store_helper/kernel/CMakeLists.txt +++ b/libs/store_helper/kernel/CMakeLists.txt @@ -7,8 +7,8 @@ list(APPEND CMAKE_MODULE_PATH find_package(WDK REQUIRED) wdk_add_library("ebpf_store_helper_km" STATIC WINVER "${EBPFFORWINDOWS_WDK_WINVER}" - ebpf_registry_helper_km.c - ../ebpf_store_helper.c + ebpf_registry_helper.c + ebpf_store_helper.c ) target_link_directories("ebpf_store_helper_km" PRIVATE @@ -19,6 +19,7 @@ target_include_directories("ebpf_store_helper_km" PRIVATE "${CMAKE_SOURCE_DIR}/include" "${CMAKE_SOURCE_DIR}/libs/platform" "${CMAKE_SOURCE_DIR}/libs/platform/kernel" +"${CMAKE_SOURCE_DIR}/libs/store_helper" "${CMAKE_SOURCE_DIR}/libs/store_helper/kernel" "${CMAKE_SOURCE_DIR}/external/ebpf-verifier/src" ) diff --git a/libs/store_helper/kernel/ebpf_registry_helper_km.c b/libs/store_helper/kernel/ebpf_registry_helper.c similarity index 99% rename from libs/store_helper/kernel/ebpf_registry_helper_km.c rename to libs/store_helper/kernel/ebpf_registry_helper.c index 51b832ea02..a38dd9fdc8 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper_km.c +++ b/libs/store_helper/kernel/ebpf_registry_helper.c @@ -1,7 +1,7 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT -#include "ebpf_registry_helper_km.h" +#include "ebpf_registry_helper.h" #define _EBPF_RESULT(x) (NT_SUCCESS(x) ? EBPF_SUCCESS : EBPF_FAILED) diff --git a/libs/store_helper/kernel/ebpf_registry_helper_km.h b/libs/store_helper/kernel/ebpf_registry_helper.h similarity index 100% rename from libs/store_helper/kernel/ebpf_registry_helper_km.h rename to libs/store_helper/kernel/ebpf_registry_helper.h diff --git a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj index 8af341b726..1f868e0eb7 100644 --- a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj +++ b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj @@ -51,11 +51,11 @@ - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\kernel;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src $(SolutionDir)$(Platform)\$(Configuration)\ - $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\kernel;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src $(SolutionDir)$(Platform)\$(Configuration)\ @@ -90,11 +90,11 @@ - + - + diff --git a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj.filters b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj.filters index 4480991cce..0455968435 100644 --- a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj.filters +++ b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj.filters @@ -16,12 +16,12 @@ Header Files - + Header Files - + Source Files diff --git a/libs/store_helper/user/CMakeLists.txt b/libs/store_helper/user/CMakeLists.txt index a7fdec4e46..7e718eba05 100644 --- a/libs/store_helper/user/CMakeLists.txt +++ b/libs/store_helper/user/CMakeLists.txt @@ -2,14 +2,15 @@ # SPDX-License-Identifier: MIT add_library("ebpf_store_helper_um" STATIC - ebpf_registry_helper_um.cpp - ebpf_store_helper.cpp + ebpf_registry_helper.cpp + ebpf_store_helper.c ) target_include_directories("ebpf_store_helper_um" PRIVATE "${CMAKE_SOURCE_DIR}/include" "${CMAKE_SOURCE_DIR}/libs/platform" "${CMAKE_SOURCE_DIR}/libs/platform/user" + "${CMAKE_SOURCE_DIR}/libs/store_helper" "${CMAKE_SOURCE_DIR}/libs/store_helper/user" "${CMAKE_SOURCE_DIR}/external/usersim/inc" "${CMAKE_SOURCE_DIR}/external/ebpf-verifier/src" diff --git a/libs/store_helper/user/ebpf_registry_helper.cpp b/libs/store_helper/user/ebpf_registry_helper.cpp new file mode 100644 index 0000000000..c18ea8d021 --- /dev/null +++ b/libs/store_helper/user/ebpf_registry_helper.cpp @@ -0,0 +1,249 @@ +// Copyright (c) Microsoft Corporation +// SPDX-License-Identifier: MIT + +/** + * @file + * @brief Contains user mode registry related helper APIs. + */ + +#include "ebpf_platform.h" +#include "ebpf_registry_helper.h" + +#include + +#define GUID_STRING_LENGTH 38 // not including the null terminator. +#define _EBPF_RESULT(x) win32_error_code_to_ebpf_result(x) + +static std::wstring +_get_wstring_from_string(std::string text) +{ + int length = MultiByteToWideChar(CP_UTF8, 0, text.c_str(), -1, nullptr, 0); + std::wstring wide(length, 0); + MultiByteToWideChar(CP_UTF8, 0, text.c_str(), -1, &wide[0], length); + + return wide; +} + +void +close_registry_key(ebpf_registry_key_t key) +{ + ebpf_assert(key); + RegCloseKey(key); +} + +_Must_inspect_result_ ebpf_result_t +write_registry_value_binary( + ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) +{ + ebpf_assert(value_name); + ebpf_assert(value); + + return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_BINARY, value, (unsigned long)value_size)); +} + +_Must_inspect_result_ ebpf_result_t +write_registry_value_wide_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const wchar_t* value) +{ + ebpf_assert(value_name); + ebpf_assert(value); + + auto length = (wcslen(value) + 1) * sizeof(wchar_t); + return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_SZ, (uint8_t*)value, (unsigned long)length)); +} + +_Must_inspect_result_ ebpf_result_t +write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) +{ + ebpf_result_t result; + try { + auto wide_string = _get_wstring_from_string(value); + result = _EBPF_RESULT(write_registry_value_wide_string(key, value_name, wide_string.c_str())); + } catch (...) { + result = EBPF_NO_MEMORY; + } + + return result; +} + +_Must_inspect_result_ ebpf_result_t +write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) +{ + ebpf_assert(key); + return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_DWORD, (PBYTE)&value, sizeof(value))); +} + +_Must_inspect_result_ ebpf_result_t +create_registry_key( + ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) +{ + *key = nullptr; + if (root_key == nullptr) { + return EBPF_INVALID_ARGUMENT; + } + + return _EBPF_RESULT(RegCreateKeyEx(root_key, sub_key, 0, nullptr, 0, flags, nullptr, key, nullptr)); +} + +_Must_inspect_result_ ebpf_result_t +open_registry_key( + ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) +{ + ebpf_assert(root_key != nullptr); + _Analysis_assume_(root_key != nullptr); + + return _EBPF_RESULT(RegOpenKeyEx(root_key, sub_key, 0, flags, key)); +} + +_Must_inspect_result_ ebpf_result_t +delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key) +{ + return _EBPF_RESULT(RegDeleteKeyEx(root_key, sub_key, 0, 0)); +} + +_Must_inspect_result_ ebpf_result_t +delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key) +{ + return _EBPF_RESULT(RegDeleteTree(root_key, sub_key)); +} + +_Must_inspect_result_ ebpf_result_t +create_registry_key_ansi( + ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) +{ + ebpf_result_t result; + try { + auto wide_string = _get_wstring_from_string(sub_key); + result = create_registry_key(root_key, wide_string.c_str(), flags, key); + } catch (...) { + result = EBPF_NO_MEMORY; + } + + return result; +} + +_Must_inspect_result_ ebpf_result_t +read_registry_value_string( + ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value) +{ + ebpf_result_t status = EBPF_SUCCESS; + unsigned long type = REG_SZ; + unsigned long value_size = 0; + wchar_t* string_value = nullptr; + + if (value == nullptr) { + return EBPF_INVALID_ARGUMENT; + } + + *value = nullptr; + status = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, nullptr, &value_size)); + if (status != EBPF_SUCCESS || type != REG_SZ) { + if (type != REG_SZ) { + status = EBPF_INVALID_ARGUMENT; + } + return status; + } + + string_value = (wchar_t*)ebpf_allocate((value_size + sizeof(wchar_t))); + if (string_value == nullptr) { + return EBPF_NO_MEMORY; + } + + memset(string_value, 0, value_size + sizeof(wchar_t)); + status = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, (PBYTE)string_value, &value_size)); + if (status != EBPF_SUCCESS) { + goto Exit; + } + + *value = string_value; + string_value = nullptr; + +Exit: + if (string_value) { + ebpf_free(string_value); + } + return status; +} + +_Must_inspect_result_ ebpf_result_t +read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value) +{ + unsigned long type = REG_QWORD; + unsigned long value_size = sizeof(uint32_t); + return _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, (PBYTE)value, &value_size)); +} + +_Must_inspect_result_ ebpf_result_t +read_registry_value_binary( + ebpf_registry_key_t key, + _In_z_ const wchar_t* value_name, + _Out_writes_(value_size) uint8_t* value, + size_t value_size) +{ + ebpf_result_t status = EBPF_SUCCESS; + unsigned long type = REG_BINARY; + unsigned long local_value_size = (unsigned long)value_size; + + status = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, value, &local_value_size)); + if (status != EBPF_SUCCESS || type != REG_BINARY || local_value_size != value_size) { + if (status != EBPF_SUCCESS) { + status = EBPF_INVALID_ARGUMENT; + } + goto Exit; + } + +Exit: + return status; +} + +_Must_inspect_result_ ebpf_result_t +convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size) +{ + ebpf_result_t status = EBPF_SUCCESS; + wchar_t* value_name = nullptr; + + try { + *string = 0; + + if (string_size < GUID_STRING_LENGTH + 1) { + return EBPF_INSUFFICIENT_BUFFER; + } + + // Convert program type GUID to string. + RPC_STATUS rpc_status = UuidToString(guid, (RPC_WSTR*)&value_name); + if (rpc_status != RPC_S_OK) { + return EBPF_INVALID_ARGUMENT; + } + + std::wstring value_name_string(value_name); + + // UuidToString returns string without braces. Add braces to the resulting string. + value_name_string = L"{" + value_name_string + L"}"; + + // Copy the buffer to the output string. + memcpy(string, value_name_string.c_str(), GUID_STRING_LENGTH * 2); + string[GUID_STRING_LENGTH] = L'\0'; + } catch (...) { + status = EBPF_NO_MEMORY; + } + + return status; +} + +_Must_inspect_result_ ebpf_result_t +convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid) +{ + ebpf_result_t status = EBPF_SUCCESS; + + // The UUID string read from registry also contains the opening and closing braces. + // Remove those before converting to UUID. + wchar_t truncated_string[GUID_STRING_LENGTH + 1] = {0}; + memcpy(truncated_string, string + 1, (wcslen(string) - 2) * sizeof(wchar_t)); + + // Convert program type string to GUID + auto rpc_status = UuidFromString((RPC_WSTR)truncated_string, guid); + if (rpc_status != RPC_S_OK) { + status = EBPF_INVALID_ARGUMENT; + } + + return status; +} diff --git a/libs/store_helper/user/ebpf_registry_helper_um.h b/libs/store_helper/user/ebpf_registry_helper.h similarity index 100% rename from libs/store_helper/user/ebpf_registry_helper_um.h rename to libs/store_helper/user/ebpf_registry_helper.h diff --git a/libs/store_helper/user/ebpf_registry_helper_um.cpp b/libs/store_helper/user/ebpf_registry_helper_um.cpp index 055ce96fed..c18ea8d021 100644 --- a/libs/store_helper/user/ebpf_registry_helper_um.cpp +++ b/libs/store_helper/user/ebpf_registry_helper_um.cpp @@ -7,7 +7,7 @@ */ #include "ebpf_platform.h" -#include "ebpf_registry_helper_um.h" +#include "ebpf_registry_helper.h" #include diff --git a/libs/store_helper/user/ebpf_store_helper_um.vcxproj b/libs/store_helper/user/ebpf_store_helper_um.vcxproj index e3b7b09824..af15e950dd 100644 --- a/libs/store_helper/user/ebpf_store_helper_um.vcxproj +++ b/libs/store_helper/user/ebpf_store_helper_um.vcxproj @@ -47,12 +47,12 @@ - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;$(SolutionDir)external\usersim\inc + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\user;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;$(SolutionDir)external\usersim\inc $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64) $(SolutionDir)$(Platform)\$(Configuration)\ - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;$(SolutionDir)external\usersim\inc + $(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\user;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;$(SolutionDir)external\usersim\inc $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64) $(SolutionDir)$(Platform)\$(Configuration)\ @@ -88,11 +88,11 @@ - + - + diff --git a/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters b/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters index dfcc6b434d..a381e558ac 100644 --- a/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters +++ b/libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters @@ -13,7 +13,7 @@ - + Source Files @@ -24,7 +24,7 @@ Header Files - + Header Files From 60d07c46ebb92281389f7c332eca2d70d5612cf1 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 26 Jul 2023 21:56:33 -0700 Subject: [PATCH 38/60] cleanup --- .../user/ebpf_registry_helper_um.cpp | 249 ------------------ 1 file changed, 249 deletions(-) delete mode 100644 libs/store_helper/user/ebpf_registry_helper_um.cpp diff --git a/libs/store_helper/user/ebpf_registry_helper_um.cpp b/libs/store_helper/user/ebpf_registry_helper_um.cpp deleted file mode 100644 index c18ea8d021..0000000000 --- a/libs/store_helper/user/ebpf_registry_helper_um.cpp +++ /dev/null @@ -1,249 +0,0 @@ -// Copyright (c) Microsoft Corporation -// SPDX-License-Identifier: MIT - -/** - * @file - * @brief Contains user mode registry related helper APIs. - */ - -#include "ebpf_platform.h" -#include "ebpf_registry_helper.h" - -#include - -#define GUID_STRING_LENGTH 38 // not including the null terminator. -#define _EBPF_RESULT(x) win32_error_code_to_ebpf_result(x) - -static std::wstring -_get_wstring_from_string(std::string text) -{ - int length = MultiByteToWideChar(CP_UTF8, 0, text.c_str(), -1, nullptr, 0); - std::wstring wide(length, 0); - MultiByteToWideChar(CP_UTF8, 0, text.c_str(), -1, &wide[0], length); - - return wide; -} - -void -close_registry_key(ebpf_registry_key_t key) -{ - ebpf_assert(key); - RegCloseKey(key); -} - -_Must_inspect_result_ ebpf_result_t -write_registry_value_binary( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) -{ - ebpf_assert(value_name); - ebpf_assert(value); - - return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_BINARY, value, (unsigned long)value_size)); -} - -_Must_inspect_result_ ebpf_result_t -write_registry_value_wide_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const wchar_t* value) -{ - ebpf_assert(value_name); - ebpf_assert(value); - - auto length = (wcslen(value) + 1) * sizeof(wchar_t); - return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_SZ, (uint8_t*)value, (unsigned long)length)); -} - -_Must_inspect_result_ ebpf_result_t -write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) -{ - ebpf_result_t result; - try { - auto wide_string = _get_wstring_from_string(value); - result = _EBPF_RESULT(write_registry_value_wide_string(key, value_name, wide_string.c_str())); - } catch (...) { - result = EBPF_NO_MEMORY; - } - - return result; -} - -_Must_inspect_result_ ebpf_result_t -write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) -{ - ebpf_assert(key); - return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_DWORD, (PBYTE)&value, sizeof(value))); -} - -_Must_inspect_result_ ebpf_result_t -create_registry_key( - ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) -{ - *key = nullptr; - if (root_key == nullptr) { - return EBPF_INVALID_ARGUMENT; - } - - return _EBPF_RESULT(RegCreateKeyEx(root_key, sub_key, 0, nullptr, 0, flags, nullptr, key, nullptr)); -} - -_Must_inspect_result_ ebpf_result_t -open_registry_key( - ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) -{ - ebpf_assert(root_key != nullptr); - _Analysis_assume_(root_key != nullptr); - - return _EBPF_RESULT(RegOpenKeyEx(root_key, sub_key, 0, flags, key)); -} - -_Must_inspect_result_ ebpf_result_t -delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key) -{ - return _EBPF_RESULT(RegDeleteKeyEx(root_key, sub_key, 0, 0)); -} - -_Must_inspect_result_ ebpf_result_t -delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key) -{ - return _EBPF_RESULT(RegDeleteTree(root_key, sub_key)); -} - -_Must_inspect_result_ ebpf_result_t -create_registry_key_ansi( - ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) -{ - ebpf_result_t result; - try { - auto wide_string = _get_wstring_from_string(sub_key); - result = create_registry_key(root_key, wide_string.c_str(), flags, key); - } catch (...) { - result = EBPF_NO_MEMORY; - } - - return result; -} - -_Must_inspect_result_ ebpf_result_t -read_registry_value_string( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value) -{ - ebpf_result_t status = EBPF_SUCCESS; - unsigned long type = REG_SZ; - unsigned long value_size = 0; - wchar_t* string_value = nullptr; - - if (value == nullptr) { - return EBPF_INVALID_ARGUMENT; - } - - *value = nullptr; - status = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, nullptr, &value_size)); - if (status != EBPF_SUCCESS || type != REG_SZ) { - if (type != REG_SZ) { - status = EBPF_INVALID_ARGUMENT; - } - return status; - } - - string_value = (wchar_t*)ebpf_allocate((value_size + sizeof(wchar_t))); - if (string_value == nullptr) { - return EBPF_NO_MEMORY; - } - - memset(string_value, 0, value_size + sizeof(wchar_t)); - status = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, (PBYTE)string_value, &value_size)); - if (status != EBPF_SUCCESS) { - goto Exit; - } - - *value = string_value; - string_value = nullptr; - -Exit: - if (string_value) { - ebpf_free(string_value); - } - return status; -} - -_Must_inspect_result_ ebpf_result_t -read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value) -{ - unsigned long type = REG_QWORD; - unsigned long value_size = sizeof(uint32_t); - return _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, (PBYTE)value, &value_size)); -} - -_Must_inspect_result_ ebpf_result_t -read_registry_value_binary( - ebpf_registry_key_t key, - _In_z_ const wchar_t* value_name, - _Out_writes_(value_size) uint8_t* value, - size_t value_size) -{ - ebpf_result_t status = EBPF_SUCCESS; - unsigned long type = REG_BINARY; - unsigned long local_value_size = (unsigned long)value_size; - - status = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, value, &local_value_size)); - if (status != EBPF_SUCCESS || type != REG_BINARY || local_value_size != value_size) { - if (status != EBPF_SUCCESS) { - status = EBPF_INVALID_ARGUMENT; - } - goto Exit; - } - -Exit: - return status; -} - -_Must_inspect_result_ ebpf_result_t -convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size) -{ - ebpf_result_t status = EBPF_SUCCESS; - wchar_t* value_name = nullptr; - - try { - *string = 0; - - if (string_size < GUID_STRING_LENGTH + 1) { - return EBPF_INSUFFICIENT_BUFFER; - } - - // Convert program type GUID to string. - RPC_STATUS rpc_status = UuidToString(guid, (RPC_WSTR*)&value_name); - if (rpc_status != RPC_S_OK) { - return EBPF_INVALID_ARGUMENT; - } - - std::wstring value_name_string(value_name); - - // UuidToString returns string without braces. Add braces to the resulting string. - value_name_string = L"{" + value_name_string + L"}"; - - // Copy the buffer to the output string. - memcpy(string, value_name_string.c_str(), GUID_STRING_LENGTH * 2); - string[GUID_STRING_LENGTH] = L'\0'; - } catch (...) { - status = EBPF_NO_MEMORY; - } - - return status; -} - -_Must_inspect_result_ ebpf_result_t -convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid) -{ - ebpf_result_t status = EBPF_SUCCESS; - - // The UUID string read from registry also contains the opening and closing braces. - // Remove those before converting to UUID. - wchar_t truncated_string[GUID_STRING_LENGTH + 1] = {0}; - memcpy(truncated_string, string + 1, (wcslen(string) - 2) * sizeof(wchar_t)); - - // Convert program type string to GUID - auto rpc_status = UuidFromString((RPC_WSTR)truncated_string, guid); - if (rpc_status != RPC_S_OK) { - status = EBPF_INVALID_ARGUMENT; - } - - return status; -} From 858320382787d272233d7a7c45e72a319ce28c31 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 26 Jul 2023 22:09:52 -0700 Subject: [PATCH 39/60] cleanup --- libs/store_helper/ebpf_store_helper.c | 1 + libs/store_helper/kernel/ebpf_registry_helper.c | 5 +++++ libs/store_helper/kernel/ebpf_registry_helper.h | 3 --- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index d601fd9435..28c9dda858 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -1,5 +1,6 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT + #include "ebpf_program_types.h" #include "ebpf_registry_helper.h" #include "ebpf_store_helper.h" diff --git a/libs/store_helper/kernel/ebpf_registry_helper.c b/libs/store_helper/kernel/ebpf_registry_helper.c index a38dd9fdc8..67160c9cca 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper.c +++ b/libs/store_helper/kernel/ebpf_registry_helper.c @@ -1,6 +1,11 @@ // Copyright (c) Microsoft Corporation // SPDX-License-Identifier: MIT +/** + * @file + * @brief Contains kernel mode registry related helper APIs. + */ + #include "ebpf_registry_helper.h" #define _EBPF_RESULT(x) (NT_SUCCESS(x) ? EBPF_SUCCESS : EBPF_FAILED) diff --git a/libs/store_helper/kernel/ebpf_registry_helper.h b/libs/store_helper/kernel/ebpf_registry_helper.h index 988a845748..b969d9ca7c 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper.h +++ b/libs/store_helper/kernel/ebpf_registry_helper.h @@ -5,9 +5,6 @@ #include "ebpf_store_helper.h" -#ifdef USER_MODE -#undefine USER_MODE -#endif #define REG_CREATE_FLAGS 0 ebpf_result_t From c270f554df26b4f05792dfec4560be43677c6217 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 26 Jul 2023 22:27:30 -0700 Subject: [PATCH 40/60] update --- libs/store_helper/kernel/CMakeLists.txt | 2 +- libs/store_helper/user/CMakeLists.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/store_helper/kernel/CMakeLists.txt b/libs/store_helper/kernel/CMakeLists.txt index d311d508f6..12275df460 100644 --- a/libs/store_helper/kernel/CMakeLists.txt +++ b/libs/store_helper/kernel/CMakeLists.txt @@ -8,7 +8,7 @@ find_package(WDK REQUIRED) wdk_add_library("ebpf_store_helper_km" STATIC WINVER "${EBPFFORWINDOWS_WDK_WINVER}" ebpf_registry_helper.c - ebpf_store_helper.c + ../ebpf_store_helper.c ) target_link_directories("ebpf_store_helper_km" PRIVATE diff --git a/libs/store_helper/user/CMakeLists.txt b/libs/store_helper/user/CMakeLists.txt index 7e718eba05..52bc7e2b37 100644 --- a/libs/store_helper/user/CMakeLists.txt +++ b/libs/store_helper/user/CMakeLists.txt @@ -3,7 +3,7 @@ add_library("ebpf_store_helper_um" STATIC ebpf_registry_helper.cpp - ebpf_store_helper.c + ../ebpf_store_helper.c ) target_include_directories("ebpf_store_helper_um" PRIVATE From 6eb6212e0f2104324c2447ad6ac6632b34751f87 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 26 Jul 2023 23:57:32 -0700 Subject: [PATCH 41/60] nit --- libs/api_common/CMakeLists.txt | 1 + netebpfext/sys/CMakeLists.txt | 1 + tools/export_program_info/CMakeLists.txt | 1 + 3 files changed, 3 insertions(+) diff --git a/libs/api_common/CMakeLists.txt b/libs/api_common/CMakeLists.txt index 860e5f35df..6a138a5f74 100644 --- a/libs/api_common/CMakeLists.txt +++ b/libs/api_common/CMakeLists.txt @@ -31,6 +31,7 @@ target_include_directories("api_common" PRIVATE "${CMAKE_SOURCE_DIR}/libs/execution_context" "${CMAKE_SOURCE_DIR}/libs/platform" "${CMAKE_SOURCE_DIR}/libs/platform/user" + "${CMAKE_SOURCE_DIR}/libs/store_helper" "${CMAKE_SOURCE_DIR}/libs/store_helper/user" "${CMAKE_SOURCE_DIR}/external/ubpf/vm" "${CMAKE_SOURCE_DIR}/external/ubpf/vm/inc" diff --git a/netebpfext/sys/CMakeLists.txt b/netebpfext/sys/CMakeLists.txt index a068f337f6..70c7f0a90f 100644 --- a/netebpfext/sys/CMakeLists.txt +++ b/netebpfext/sys/CMakeLists.txt @@ -44,6 +44,7 @@ target_include_directories("NetEbpfExt" PRIVATE "${CMAKE_SOURCE_DIR}/include/kernel" "${CMAKE_SOURCE_DIR}/libs/platform" "${CMAKE_SOURCE_DIR}/libs/platform/kernel" + "${CMAKE_SOURCE_DIR}/libs/store_helper" "${CMAKE_SOURCE_DIR}/libs/store_helper/kernel" "${CMAKE_SOURCE_DIR}/netebpfext/sys" "${CMAKE_SOURCE_DIR}/netebpfext" diff --git a/tools/export_program_info/CMakeLists.txt b/tools/export_program_info/CMakeLists.txt index e73d9ef318..b26e23a5b0 100644 --- a/tools/export_program_info/CMakeLists.txt +++ b/tools/export_program_info/CMakeLists.txt @@ -16,6 +16,7 @@ target_include_directories("export_program_info" PRIVATE "${CMAKE_SOURCE_DIR}/libs/execution_context" "${CMAKE_SOURCE_DIR}/libs/platform" "${CMAKE_SOURCE_DIR}/libs/platform/user" + "${CMAKE_SOURCE_DIR}/libs/store_helper" "${CMAKE_SOURCE_DIR}/libs/store_helper/user" "${CMAKE_SOURCE_DIR}/libs/thunk" "${CMAKE_SOURCE_DIR}/netebpfext" From 74b6bf84e06b31e536f40b3a33e9d121a8cf867e Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 27 Jul 2023 00:18:27 -0700 Subject: [PATCH 42/60] fix --- libs/api_common/store_helper_internal.cpp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/libs/api_common/store_helper_internal.cpp b/libs/api_common/store_helper_internal.cpp index f896a420ae..d11fe3bcbe 100644 --- a/libs/api_common/store_helper_internal.cpp +++ b/libs/api_common/store_helper_internal.cpp @@ -309,8 +309,8 @@ ebpf_store_load_program_information( result = _open_ebpf_store_key(&store_key); if (result != EBPF_SUCCESS) { - if (result != EBPF_FILE_NOT_FOUND) { - __analysis_assume(result != EBPF_SUCCESS); + if (result == EBPF_FILE_NOT_FOUND) { + result = EBPF_SUCCESS; } goto Exit; } @@ -319,8 +319,8 @@ ebpf_store_load_program_information( result = open_registry_key( store_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, KEY_READ, (ebpf_registry_key_t*)&program_data_key); if (result != EBPF_SUCCESS) { - if (result != EBPF_FILE_NOT_FOUND) { - __analysis_assume(result != EBPF_SUCCESS); + if (result == EBPF_FILE_NOT_FOUND) { + result = EBPF_SUCCESS; } goto Exit; } @@ -510,8 +510,8 @@ ebpf_store_load_section_information( result = _open_ebpf_store_key(&store_key); if (result != EBPF_SUCCESS) { - if (result != EBPF_FILE_NOT_FOUND) { - __analysis_assume(result != EBPF_SUCCESS); + if (result == EBPF_FILE_NOT_FOUND) { + result = EBPF_SUCCESS; } goto Exit; } @@ -608,8 +608,8 @@ ebpf_store_load_global_helper_information( result = _open_ebpf_store_key(&store_key); if (result != EBPF_SUCCESS) { - if (result != EBPF_FILE_NOT_FOUND) { - __analysis_assume(result != EBPF_SUCCESS); + if (result == EBPF_FILE_NOT_FOUND) { + result = EBPF_SUCCESS; } goto Exit; } @@ -618,8 +618,8 @@ ebpf_store_load_global_helper_information( result = open_registry_key( store_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, KEY_READ, (ebpf_registry_key_t*)&global_helpers_key); if (result != EBPF_SUCCESS) { - if (result != EBPF_FILE_NOT_FOUND) { - __analysis_assume(result != EBPF_SUCCESS); + if (result == EBPF_FILE_NOT_FOUND) { + result = EBPF_SUCCESS; } goto Exit; } From ed033f14dc948b27125dd123ab6a0efa050d11a3 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 27 Jul 2023 10:46:48 -0700 Subject: [PATCH 43/60] Added KERNEL_MODE var, so to default to USER_MODE. --- ebpfcore/CMakeLists.txt | 1 + include/ebpf_store_helper.h | 4 ++-- installer/ebpf-for-windows.wixproj | 8 -------- libs/platform/kernel/platform_kernel.vcxproj | 8 ++++---- libs/store_helper/ebpf_store_helper.c | 7 ++++--- libs/store_helper/kernel/CMakeLists.txt | 1 + libs/store_helper/kernel/ebpf_store_helper_km.vcxproj | 4 ++-- netebpfext/sys/CMakeLists.txt | 1 + netebpfext/sys/netebpfext.vcxproj | 8 ++++---- tests/sample/ext/drv/CMakeLists.txt | 1 + tests/sample/ext/drv/sample_ext.vcxproj | 8 ++++---- 11 files changed, 24 insertions(+), 27 deletions(-) diff --git a/ebpfcore/CMakeLists.txt b/ebpfcore/CMakeLists.txt index 6a907f7ab8..e3c217452f 100644 --- a/ebpfcore/CMakeLists.txt +++ b/ebpfcore/CMakeLists.txt @@ -40,6 +40,7 @@ target_link_libraries("EbpfCore" ) target_compile_definitions("EbpfCore" PRIVATE + KERNEL_MODE BINARY_COMPATIBLE=0 NT NDIS60 diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index 3333c679fe..c0871c8a66 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -3,7 +3,7 @@ #pragma once -#ifndef USER_MODE +#ifdef KERNEL_MODE #include "framework.h" #else #include "ebpf_utilities.h" @@ -19,7 +19,7 @@ extern "C" { #endif -#ifndef USER_MODE +#ifdef KERNEL_MODE typedef HANDLE ebpf_registry_key_t; #else typedef HKEY ebpf_registry_key_t; diff --git a/installer/ebpf-for-windows.wixproj b/installer/ebpf-for-windows.wixproj index d3be001411..ab81d29c4b 100644 --- a/installer/ebpf-for-windows.wixproj +++ b/installer/ebpf-for-windows.wixproj @@ -94,14 +94,6 @@ SPDX-License-Identifier: MIT Binaries;Content;Satellites INSTALLFOLDER - - ebpf_store_helper_km - {3569e946-c8b4-49ee-a89d-edd09dc9f36e} - True - True - Binaries;Content;Satellites - INSTALLFOLDER - ebpf_store_helper_um {aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a} diff --git a/libs/platform/kernel/platform_kernel.vcxproj b/libs/platform/kernel/platform_kernel.vcxproj index a086a71503..e02fcdee1a 100644 --- a/libs/platform/kernel/platform_kernel.vcxproj +++ b/libs/platform/kernel/platform_kernel.vcxproj @@ -131,7 +131,7 @@ - _DEBUG;WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;%(PreprocessorDefinitions);_KRPCENV_;_NO_CRT_STDIO_INLINE=1 + _DEBUG;WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;_KRPCENV_;_NO_CRT_STDIO_INLINE=1;KERNEL_MODE;%(PreprocessorDefinitions) $(SolutionDir)libs\execution_context;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(SolutionDir)libs\epoch;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;%(AdditionalIncludeDirectories) @@ -143,7 +143,7 @@ - WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;_KRPCENV_;%(PreprocessorDefinitions);_NO_CRT_STDIO_INLINE=1 + WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;_KRPCENV_;_NO_CRT_STDIO_INLINE=1;KERNEL_MODE;%(PreprocessorDefinitions) $(SolutionDir)libs\execution_context;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(SolutionDir)libs\epoch;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;%(AdditionalIncludeDirectories) @@ -155,12 +155,12 @@ - _DEBUG;WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;%(PreprocessorDefinitions) + _DEBUG;WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;KERNEL_MODE;%(PreprocessorDefinitions) - WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;%(PreprocessorDefinitions) + WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;KERNEL_MODE;%(PreprocessorDefinitions) diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index 28c9dda858..f207c35a9f 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -16,11 +16,12 @@ ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provi *provider_key = NULL; // Open (or create) root eBPF registry path. -#ifdef USER_MODE - status = create_registry_key(ebpf_root_registry_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); -#else +#ifdef KERNEL_MODE status = create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); +#else + status = create_registry_key(ebpf_root_registry_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); #endif + if (!IS_SUCCESS(status)) { goto Exit; } diff --git a/libs/store_helper/kernel/CMakeLists.txt b/libs/store_helper/kernel/CMakeLists.txt index 12275df460..d21c35de87 100644 --- a/libs/store_helper/kernel/CMakeLists.txt +++ b/libs/store_helper/kernel/CMakeLists.txt @@ -25,6 +25,7 @@ target_include_directories("ebpf_store_helper_km" PRIVATE ) target_compile_definitions("ebpf_store_helper_km" PRIVATE + KERNEL_MODE WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP WINAPI_PARTITION_DESKTOP=1 WINAPI_PARTITION_SYSTEM=1 diff --git a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj index 1f868e0eb7..12e39085b0 100644 --- a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj +++ b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj @@ -62,7 +62,7 @@ Level3 true - _DEBUG;_LIB;%(PreprocessorDefinitions) + _DEBUG;_LIB;KERNEL_MODE;%(PreprocessorDefinitions) true NotUsing @@ -77,7 +77,7 @@ true true true - NDEBUG;_LIB;%(PreprocessorDefinitions) + NDEBUG;_LIB;KERNEL_MODE;%(PreprocessorDefinitions) true NotUsing diff --git a/netebpfext/sys/CMakeLists.txt b/netebpfext/sys/CMakeLists.txt index 70c7f0a90f..ba67350178 100644 --- a/netebpfext/sys/CMakeLists.txt +++ b/netebpfext/sys/CMakeLists.txt @@ -66,6 +66,7 @@ target_link_libraries("NetEbpfExt" ) target_compile_definitions("NetEbpfExt" PRIVATE + KERNEL_MODE BINARY_COMPATIBLE=0 NT NDIS60 diff --git a/netebpfext/sys/netebpfext.vcxproj b/netebpfext/sys/netebpfext.vcxproj index e82e2e15ea..96aa78ea7c 100644 --- a/netebpfext/sys/netebpfext.vcxproj +++ b/netebpfext/sys/netebpfext.vcxproj @@ -121,7 +121,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;$(SolutionDir)netebpfext;$(SolutionDir)netebpfext\sys;$(SolutionDir)resource - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE stacksize4096 @@ -144,7 +144,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;$(SolutionDir)netebpfext;$(SolutionDir)netebpfext\sys;$(SolutionDir)resource - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE stacksize4096 @@ -166,7 +166,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;$(SolutionDir)netebpfext;$(SolutionDir)netebpfext\sys;$(SolutionDir)resource - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE %(AdditionalIncludeDirectories);$(DDK_INC_PATH) @@ -187,7 +187,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;$(SolutionDir)netebpfext;$(SolutionDir)netebpfext\sys;$(SolutionDir)resource - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE %(AdditionalIncludeDirectories);$(DDK_INC_PATH) diff --git a/tests/sample/ext/drv/CMakeLists.txt b/tests/sample/ext/drv/CMakeLists.txt index 4511726c87..bb840c5039 100644 --- a/tests/sample/ext/drv/CMakeLists.txt +++ b/tests/sample/ext/drv/CMakeLists.txt @@ -37,6 +37,7 @@ target_link_libraries("sample_ebpf_ext" ) target_compile_definitions("sample_ebpf_ext" PRIVATE + KERNEL_MODE BINARY_COMPATIBLE=0 NT POOL_NX_OPTIN_AUTO diff --git a/tests/sample/ext/drv/sample_ext.vcxproj b/tests/sample/ext/drv/sample_ext.vcxproj index 49fc86304c..9966a8cab1 100644 --- a/tests/sample/ext/drv/sample_ext.vcxproj +++ b/tests/sample/ext/drv/sample_ext.vcxproj @@ -119,7 +119,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE @@ -140,7 +140,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE @@ -161,7 +161,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE @@ -182,7 +182,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE From b16652f9819fe5a1d2fae0b3ffabbe81e972b467 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 27 Jul 2023 11:54:06 -0700 Subject: [PATCH 44/60] fix cmake --- libs/platform/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/libs/platform/CMakeLists.txt b/libs/platform/CMakeLists.txt index 38c00a934e..054bb16313 100644 --- a/libs/platform/CMakeLists.txt +++ b/libs/platform/CMakeLists.txt @@ -106,6 +106,7 @@ target_link_libraries("platform_kernel" PRIVATE ) target_compile_definitions("platform_kernel" PRIVATE + KERNEL_MODE WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP WINAPI_PARTITION_DESKTOP=1 WINAPI_PARTITION_SYSTEM=1 From d8d220395c2261ac2dd3a102db6ea118edcb29ea Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 27 Jul 2023 13:46:49 -0700 Subject: [PATCH 45/60] align result var names with ebpf_result_t --- libs/store_helper/ebpf_store_helper.c | 130 +++++++++--------- .../user/ebpf_registry_helper.cpp | 40 +++--- 2 files changed, 85 insertions(+), 85 deletions(-) diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index f207c35a9f..b2452a0e6a 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -11,43 +11,43 @@ ebpf_result_t ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key) { - ebpf_result_t status = EBPF_SUCCESS; + ebpf_result_t result = EBPF_SUCCESS; ebpf_registry_key_t root_key = NULL; *provider_key = NULL; // Open (or create) root eBPF registry path. #ifdef KERNEL_MODE - status = create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); + result = create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); #else - status = create_registry_key(ebpf_root_registry_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); + result = create_registry_key(ebpf_root_registry_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); #endif - if (!IS_SUCCESS(status)) { + if (!IS_SUCCESS(result)) { goto Exit; } // Open (or create) program data registry path. - status = create_registry_key(root_key, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, provider_key); - if (!IS_SUCCESS(status)) { + result = create_registry_key(root_key, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, provider_key); + if (!IS_SUCCESS(result)) { goto Exit; } Exit: close_registry_key(root_key); - return status; + return result; } ebpf_result_t ebpf_store_update_helper_prototype( ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info) { - ebpf_result_t status = EBPF_SUCCESS; + ebpf_result_t result = EBPF_SUCCESS; uint32_t offset; ebpf_registry_key_t helper_function_key = NULL; char serialized_data[sizeof(ebpf_helper_function_prototype_t)] = {0}; - status = create_registry_key_ansi(helper_info_key, helper_info->name, REG_CREATE_FLAGS, &helper_function_key); - if (!IS_SUCCESS(status)) { + result = create_registry_key_ansi(helper_info_key, helper_info->name, REG_CREATE_FLAGS, &helper_function_key); + if (!IS_SUCCESS(result)) { goto Exit; } @@ -63,16 +63,16 @@ ebpf_store_update_helper_prototype( offset += sizeof(helper_info->arguments); // Save the helper prototype data. - status = write_registry_value_binary( + result = write_registry_value_binary( helper_function_key, EBPF_HELPER_DATA_PROTOTYPE, (uint8_t*)&serialized_data[0], offset); - if (!IS_SUCCESS(status)) { + if (!IS_SUCCESS(result)) { goto Exit; } Exit: close_registry_key(helper_function_key); - return status; + return result; } /** @@ -87,23 +87,23 @@ ebpf_result_t ebpf_store_update_section_information( _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count) { - ebpf_result_t status = EBPF_SUCCESS; + ebpf_result_t result = EBPF_SUCCESS; ebpf_registry_key_t provider_key = NULL; ebpf_registry_key_t section_info_key = NULL; if (section_info_count == 0) { - return status; + return result; } // Open (or create) provider registry path. - status = ebpf_store_open_or_create_provider_registry_key(&provider_key); - if (!IS_SUCCESS(status)) { + result = ebpf_store_open_or_create_provider_registry_key(&provider_key); + if (!IS_SUCCESS(result)) { goto Exit; } // Open (or create) section data key. - status = create_registry_key(provider_key, EBPF_SECTIONS_REGISTRY_PATH, REG_CREATE_FLAGS, §ion_info_key); - if (!IS_SUCCESS(status)) { + result = create_registry_key(provider_key, EBPF_SECTIONS_REGISTRY_PATH, REG_CREATE_FLAGS, §ion_info_key); + if (!IS_SUCCESS(result)) { goto Exit; } @@ -111,43 +111,43 @@ ebpf_store_update_section_information( ebpf_registry_key_t section_key = NULL; // Open or create the registry path. - status = create_registry_key(section_info_key, section_info[i].section_name, REG_CREATE_FLAGS, §ion_key); - if (!IS_SUCCESS(status)) { + result = create_registry_key(section_info_key, section_info[i].section_name, REG_CREATE_FLAGS, §ion_key); + if (!IS_SUCCESS(result)) { goto Exit; } // Save program type. - status = write_registry_value_binary( + result = write_registry_value_binary( section_key, EBPF_SECTION_DATA_PROGRAM_TYPE, (uint8_t*)section_info[i].program_type, sizeof(ebpf_program_type_t)); - if (!IS_SUCCESS(status)) { + if (!IS_SUCCESS(result)) { close_registry_key(section_key); goto Exit; } // Save attach type. - status = write_registry_value_binary( + result = write_registry_value_binary( section_key, EBPF_SECTION_DATA_ATTACH_TYPE, (uint8_t*)section_info[i].attach_type, sizeof(ebpf_attach_type_t)); - if (!IS_SUCCESS(status)) { + if (!IS_SUCCESS(result)) { close_registry_key(section_key); goto Exit; } // Save bpf_prog_type. - status = write_registry_value_dword(section_key, EBPF_DATA_BPF_PROG_TYPE, section_info[i].bpf_program_type); - if (!IS_SUCCESS(status)) { + result = write_registry_value_dword(section_key, EBPF_DATA_BPF_PROG_TYPE, section_info[i].bpf_program_type); + if (!IS_SUCCESS(result)) { close_registry_key(section_key); goto Exit; } // Save bpf_attach_type. - status = write_registry_value_dword(section_key, EBPF_DATA_BPF_ATTACH_TYPE, section_info[i].bpf_attach_type); - if (!IS_SUCCESS(status)) { + result = write_registry_value_dword(section_key, EBPF_DATA_BPF_ATTACH_TYPE, section_info[i].bpf_attach_type); + if (!IS_SUCCESS(result)) { close_registry_key(section_key); goto Exit; } @@ -159,7 +159,7 @@ ebpf_store_update_section_information( close_registry_key(section_info_key); close_registry_key(provider_key); - return status; + return result; } /** @@ -174,23 +174,23 @@ ebpf_result_t ebpf_store_update_program_information( _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count) { - ebpf_result_t status = EBPF_SUCCESS; + ebpf_result_t result = EBPF_SUCCESS; ebpf_registry_key_t provider_key = NULL; ebpf_registry_key_t program_info_key = NULL; if (program_info_count == 0) { - return status; + return result; } // Open (or create) provider registry path. - status = ebpf_store_open_or_create_provider_registry_key(&provider_key); - if (!IS_SUCCESS(status)) { + result = ebpf_store_open_or_create_provider_registry_key(&provider_key); + if (!IS_SUCCESS(result)) { goto Exit; } // Open (or create) program data registry path. - status = create_registry_key(provider_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, REG_CREATE_FLAGS, &program_info_key); - if (!IS_SUCCESS(status)) { + result = create_registry_key(provider_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, REG_CREATE_FLAGS, &program_info_key); + if (!IS_SUCCESS(result)) { goto Exit; } @@ -200,74 +200,74 @@ ebpf_store_update_program_information( // Convert program type GUID to string. wchar_t guid_string[GUID_STRING_LENGTH + 1]; - status = convert_guid_to_string( + result = convert_guid_to_string( &program_info[i].program_type_descriptor.program_type, guid_string, GUID_STRING_LENGTH + 1); - if (!IS_SUCCESS(status)) { - return status; + if (!IS_SUCCESS(result)) { + return result; } - status = create_registry_key(program_info_key, guid_string, REG_CREATE_FLAGS, &program_key); - if (!IS_SUCCESS(status)) { + result = create_registry_key(program_info_key, guid_string, REG_CREATE_FLAGS, &program_key); + if (!IS_SUCCESS(result)) { goto Exit; } // Save the friendly program type name. - status = write_registry_value_ansi_string( + result = write_registry_value_ansi_string( program_key, EBPF_PROGRAM_DATA_NAME, program_info[i].program_type_descriptor.name); - if (!IS_SUCCESS(status)) { + if (!IS_SUCCESS(result)) { close_registry_key(program_key); goto Exit; } // Save context descriptor. - status = write_registry_value_binary( + result = write_registry_value_binary( program_key, EBPF_PROGRAM_DATA_CONTEXT_DESCRIPTOR, (uint8_t*)program_info[i].program_type_descriptor.context_descriptor, sizeof(ebpf_context_descriptor_t)); - if (!IS_SUCCESS(status)) { + if (!IS_SUCCESS(result)) { close_registry_key(program_key); goto Exit; } // Save bpf_prog_type. - status = write_registry_value_dword( + result = write_registry_value_dword( program_key, EBPF_DATA_BPF_PROG_TYPE, program_info[i].program_type_descriptor.bpf_prog_type); - if (!IS_SUCCESS(status)) { + if (!IS_SUCCESS(result)) { close_registry_key(program_key); goto Exit; } // Save "is_privileged". - status = write_registry_value_dword( + result = write_registry_value_dword( program_key, EBPF_PROGRAM_DATA_PRIVILEGED, program_info[i].program_type_descriptor.is_privileged); - if (!IS_SUCCESS(status)) { + if (!IS_SUCCESS(result)) { close_registry_key(program_key); goto Exit; } // Save helper count. - status = write_registry_value_dword( + result = write_registry_value_dword( program_key, EBPF_PROGRAM_DATA_HELPER_COUNT, program_info[i].count_of_program_type_specific_helpers); - if (!IS_SUCCESS(status)) { + if (!IS_SUCCESS(result)) { close_registry_key(program_key); goto Exit; } if (program_info[i].count_of_program_type_specific_helpers != 0) { // Create (or open) helper registry path. - status = create_registry_key( + result = create_registry_key( program_key, EBPF_PROGRAM_DATA_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key); - if (!IS_SUCCESS(status)) { + if (!IS_SUCCESS(result)) { close_registry_key(program_key); goto Exit; } // Iterate over all the helper prototypes and save in registry. for (uint32_t count = 0; count < program_info[i].count_of_program_type_specific_helpers; count++) { - status = ebpf_store_update_helper_prototype( + result = ebpf_store_update_helper_prototype( helper_info_key, &(program_info[i].program_type_specific_helper_prototype[count])); - if (!IS_SUCCESS(status)) { + if (!IS_SUCCESS(result)) { close_registry_key(program_key); close_registry_key(helper_info_key); goto Exit; @@ -283,7 +283,7 @@ ebpf_store_update_program_information( close_registry_key(program_info_key); close_registry_key(provider_key); - return status; + return result; } /** @@ -298,30 +298,30 @@ ebpf_result_t ebpf_store_update_global_helper_information( _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count) { - ebpf_result_t status = EBPF_SUCCESS; + ebpf_result_t result = EBPF_SUCCESS; ebpf_registry_key_t provider_key = NULL; ebpf_registry_key_t helper_info_key = NULL; if (helper_info_count == 0) { - return status; + return result; } // Open (or create) provider registry path. - status = ebpf_store_open_or_create_provider_registry_key(&provider_key); - if (!IS_SUCCESS(status)) { + result = ebpf_store_open_or_create_provider_registry_key(&provider_key); + if (!IS_SUCCESS(result)) { goto Exit; } // Open (or create) global helpers registry path. - status = create_registry_key(provider_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key); - if (!IS_SUCCESS(status)) { + result = create_registry_key(provider_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key); + if (!IS_SUCCESS(result)) { goto Exit; } for (uint32_t i = 0; i < helper_info_count; i++) { - status = ebpf_store_update_helper_prototype(helper_info_key, &helper_info[i]); - if (!IS_SUCCESS(status)) { + result = ebpf_store_update_helper_prototype(helper_info_key, &helper_info[i]); + if (!IS_SUCCESS(result)) { goto Exit; } } @@ -330,5 +330,5 @@ ebpf_store_update_global_helper_information( close_registry_key(helper_info_key); close_registry_key(provider_key); - return status; + return result; } \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_registry_helper.cpp b/libs/store_helper/user/ebpf_registry_helper.cpp index c18ea8d021..57b17fab32 100644 --- a/libs/store_helper/user/ebpf_registry_helper.cpp +++ b/libs/store_helper/user/ebpf_registry_helper.cpp @@ -125,7 +125,7 @@ _Must_inspect_result_ ebpf_result_t read_registry_value_string( ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value) { - ebpf_result_t status = EBPF_SUCCESS; + ebpf_result_t result = EBPF_SUCCESS; unsigned long type = REG_SZ; unsigned long value_size = 0; wchar_t* string_value = nullptr; @@ -135,12 +135,12 @@ read_registry_value_string( } *value = nullptr; - status = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, nullptr, &value_size)); - if (status != EBPF_SUCCESS || type != REG_SZ) { + result = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, nullptr, &value_size)); + if (result != EBPF_SUCCESS || type != REG_SZ) { if (type != REG_SZ) { - status = EBPF_INVALID_ARGUMENT; + result = EBPF_INVALID_ARGUMENT; } - return status; + return result; } string_value = (wchar_t*)ebpf_allocate((value_size + sizeof(wchar_t))); @@ -149,8 +149,8 @@ read_registry_value_string( } memset(string_value, 0, value_size + sizeof(wchar_t)); - status = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, (PBYTE)string_value, &value_size)); - if (status != EBPF_SUCCESS) { + result = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, (PBYTE)string_value, &value_size)); + if (result != EBPF_SUCCESS) { goto Exit; } @@ -161,7 +161,7 @@ read_registry_value_string( if (string_value) { ebpf_free(string_value); } - return status; + return result; } _Must_inspect_result_ ebpf_result_t @@ -179,26 +179,26 @@ read_registry_value_binary( _Out_writes_(value_size) uint8_t* value, size_t value_size) { - ebpf_result_t status = EBPF_SUCCESS; + ebpf_result_t result = EBPF_SUCCESS; unsigned long type = REG_BINARY; unsigned long local_value_size = (unsigned long)value_size; - status = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, value, &local_value_size)); - if (status != EBPF_SUCCESS || type != REG_BINARY || local_value_size != value_size) { - if (status != EBPF_SUCCESS) { - status = EBPF_INVALID_ARGUMENT; + result = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, value, &local_value_size)); + if (result != EBPF_SUCCESS || type != REG_BINARY || local_value_size != value_size) { + if (result != EBPF_SUCCESS) { + result = EBPF_INVALID_ARGUMENT; } goto Exit; } Exit: - return status; + return result; } _Must_inspect_result_ ebpf_result_t convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size) { - ebpf_result_t status = EBPF_SUCCESS; + ebpf_result_t result = EBPF_SUCCESS; wchar_t* value_name = nullptr; try { @@ -223,16 +223,16 @@ convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wcha memcpy(string, value_name_string.c_str(), GUID_STRING_LENGTH * 2); string[GUID_STRING_LENGTH] = L'\0'; } catch (...) { - status = EBPF_NO_MEMORY; + result = EBPF_NO_MEMORY; } - return status; + return result; } _Must_inspect_result_ ebpf_result_t convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid) { - ebpf_result_t status = EBPF_SUCCESS; + ebpf_result_t result = EBPF_SUCCESS; // The UUID string read from registry also contains the opening and closing braces. // Remove those before converting to UUID. @@ -242,8 +242,8 @@ convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid) // Convert program type string to GUID auto rpc_status = UuidFromString((RPC_WSTR)truncated_string, guid); if (rpc_status != RPC_S_OK) { - status = EBPF_INVALID_ARGUMENT; + result = EBPF_INVALID_ARGUMENT; } - return status; + return result; } From 7cd581ab6a7992affd81b0468b564ec5c91e0443 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 27 Jul 2023 16:52:46 -0700 Subject: [PATCH 46/60] pr feedback --- include/ebpf_store_helper.h | 14 ++------------ installer/Product.wxs | 4 ++-- installer/ebpf-for-windows.wixproj | 6 +++--- libs/store_helper/ebpf_store_helper.c | 16 ++++++++-------- tools/nuget/ebpf-for-windows.nuspec.in | 1 + 5 files changed, 16 insertions(+), 25 deletions(-) diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index c0871c8a66..1ccc770c86 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -3,7 +3,7 @@ #pragma once -#ifdef KERNEL_MODE +#ifndef USER_MODE #include "framework.h" #else #include "ebpf_utilities.h" @@ -19,23 +19,13 @@ extern "C" { #endif -#ifdef KERNEL_MODE +#ifndef USER_MODE typedef HANDLE ebpf_registry_key_t; #else typedef HKEY ebpf_registry_key_t; extern ebpf_registry_key_t ebpf_root_registry_key; #endif - /** - * @brief Open or create the root of the eBPF registry store. - * - * @param[in] provider_key Pointer to the registry key to be initialized. - * - * @returns Status of the operation. - */ - ebpf_result_t - ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key); - /** * @brief Update the provider prototype information in the eBPF registry store. * diff --git a/installer/Product.wxs b/installer/Product.wxs index 7c89981d7a..737f928474 100644 --- a/installer/Product.wxs +++ b/installer/Product.wxs @@ -589,8 +589,8 @@ SPDX-License-Identifier: MIT - - + + diff --git a/installer/ebpf-for-windows.wixproj b/installer/ebpf-for-windows.wixproj index ab81d29c4b..eda2b0b8b4 100644 --- a/installer/ebpf-for-windows.wixproj +++ b/installer/ebpf-for-windows.wixproj @@ -94,9 +94,9 @@ SPDX-License-Identifier: MIT Binaries;Content;Satellites INSTALLFOLDER - - ebpf_store_helper_um - {aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a} + + ebpf_store_helper_km + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} True True Binaries;Content;Satellites diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index b2452a0e6a..9c2505ac72 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -8,18 +8,18 @@ #define IS_SUCCESS(x) (x == EBPF_SUCCESS) -ebpf_result_t -ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key) +static ebpf_result_t +_ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key) { ebpf_result_t result = EBPF_SUCCESS; ebpf_registry_key_t root_key = NULL; *provider_key = NULL; // Open (or create) root eBPF registry path. -#ifdef KERNEL_MODE - result = create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); -#else +#ifdef USER_MODE result = create_registry_key(ebpf_root_registry_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); +#else + result = create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); #endif if (!IS_SUCCESS(result)) { @@ -96,7 +96,7 @@ ebpf_store_update_section_information( } // Open (or create) provider registry path. - result = ebpf_store_open_or_create_provider_registry_key(&provider_key); + result = _ebpf_store_open_or_create_provider_registry_key(&provider_key); if (!IS_SUCCESS(result)) { goto Exit; } @@ -183,7 +183,7 @@ ebpf_store_update_program_information( } // Open (or create) provider registry path. - result = ebpf_store_open_or_create_provider_registry_key(&provider_key); + result = _ebpf_store_open_or_create_provider_registry_key(&provider_key); if (!IS_SUCCESS(result)) { goto Exit; } @@ -307,7 +307,7 @@ ebpf_store_update_global_helper_information( } // Open (or create) provider registry path. - result = ebpf_store_open_or_create_provider_registry_key(&provider_key); + result = _ebpf_store_open_or_create_provider_registry_key(&provider_key); if (!IS_SUCCESS(result)) { goto Exit; } diff --git a/tools/nuget/ebpf-for-windows.nuspec.in b/tools/nuget/ebpf-for-windows.nuspec.in index 1e10e64678..fde81e0819 100644 --- a/tools/nuget/ebpf-for-windows.nuspec.in +++ b/tools/nuget/ebpf-for-windows.nuspec.in @@ -28,6 +28,7 @@ + From e549384300b6751029f31e4476f84f2603b9625c Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 27 Jul 2023 17:38:33 -0700 Subject: [PATCH 47/60] add project refs --- tools/nuget/nuget.vcxproj | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/nuget/nuget.vcxproj b/tools/nuget/nuget.vcxproj index 7d5a7de289..4bf69db60f 100644 --- a/tools/nuget/nuget.vcxproj +++ b/tools/nuget/nuget.vcxproj @@ -160,6 +160,12 @@ NuGet.exe pack $(OutDir)ebpf-for-windows.nuspec -OutputDirectory $(OutDir) {75fe223a-3e45-4b0e-a2e8-04285e52e440} + + {030a7ac6-14dc-45cf-af34-891057ab1402} + + + {3569e946-c8b4-49ee-a89d-edd09dc9f36e} + {69b97e52-18dc-434e-a6e4-4c0f3e88c44a} From b3bbcca12eb6c7cce110c73630f0e8e6aae44049 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 27 Jul 2023 18:22:09 -0700 Subject: [PATCH 48/60] Add NativeOnly* cfgs to ebpf_store_helper_km --- ebpf-for-windows.sln | 102 +++++++++--------- .../kernel/ebpf_store_helper_km.vcxproj | 66 ++++++++++++ 2 files changed, 118 insertions(+), 50 deletions(-) diff --git a/ebpf-for-windows.sln b/ebpf-for-windows.sln index 370c63b6e9..326ab64754 100644 --- a/ebpf-for-windows.sln +++ b/ebpf-for-windows.sln @@ -218,8 +218,10 @@ EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ebpf_store_helper_km", "libs\store_helper\kernel\ebpf_store_helper_km.vcxproj", "{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ebpf_store_helper_um", "libs\store_helper\user\ebpf_store_helper_um.vcxproj", "{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}" +EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "usersim", "external\usersim\src\usersim.vcxproj", "{030A7AC6-14DC-45CF-AF34-891057AB1402}" -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libbtf", "external\ebpf-verifier\build\external\libbtf\libbtf\libbtf.vcxproj", "{249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libbtf", "external\ebpf-verifier\build\external\libbtf\libbtf\libbtf.vcxproj", "{BC45D39C-F956-3951-BD46-44EAE20EC7C9}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution @@ -2654,18 +2656,18 @@ Global {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|ARM64.ActiveCfg = Debug|x64 {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|ARM64.Build.0 = Debug|x64 {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|ARM64.Deploy.0 = Debug|x64 - {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x64.ActiveCfg = Debug|x64 - {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x64.Build.0 = Debug|x64 - {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x64.Deploy.0 = Debug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x64.ActiveCfg = NativeOnlyDebug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x64.Build.0 = NativeOnlyDebug|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x64.Deploy.0 = NativeOnlyDebug|x64 {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x86.ActiveCfg = Debug|x64 {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x86.Build.0 = Debug|x64 {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x86.Deploy.0 = Debug|x64 {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|ARM64.ActiveCfg = Release|x64 {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|ARM64.Build.0 = Release|x64 {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|ARM64.Deploy.0 = Release|x64 - {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x64.ActiveCfg = Release|x64 - {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x64.Build.0 = Release|x64 - {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x64.Deploy.0 = Release|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x64.ActiveCfg = NativeOnlyRelease|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x64.Build.0 = NativeOnlyRelease|x64 + {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x64.Deploy.0 = NativeOnlyRelease|x64 {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x86.ActiveCfg = Release|x64 {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x86.Build.0 = Release|x64 {3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x86.Deploy.0 = Release|x64 @@ -2792,48 +2794,48 @@ Global {030A7AC6-14DC-45CF-AF34-891057AB1402}.RelWithDebInfo|x64.Build.0 = Release|x64 {030A7AC6-14DC-45CF-AF34-891057AB1402}.RelWithDebInfo|x86.ActiveCfg = Release|Win32 {030A7AC6-14DC-45CF-AF34-891057AB1402}.RelWithDebInfo|x86.Build.0 = Release|Win32 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Debug|ARM64.ActiveCfg = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Debug|ARM64.Build.0 = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Debug|x64.ActiveCfg = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Debug|x64.Build.0 = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Debug|x86.ActiveCfg = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Debug|x86.Build.0 = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.FuzzerDebug|ARM64.ActiveCfg = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.FuzzerDebug|ARM64.Build.0 = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.FuzzerDebug|x64.ActiveCfg = FuzzerDebug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.FuzzerDebug|x64.Build.0 = FuzzerDebug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.FuzzerDebug|x86.ActiveCfg = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.FuzzerDebug|x86.Build.0 = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.MinSizeRel|ARM64.ActiveCfg = MinSizeRel|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.MinSizeRel|ARM64.Build.0 = MinSizeRel|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.MinSizeRel|x64.ActiveCfg = MinSizeRel|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.MinSizeRel|x64.Build.0 = MinSizeRel|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.MinSizeRel|x86.ActiveCfg = MinSizeRel|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.MinSizeRel|x86.Build.0 = MinSizeRel|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.NativeOnlyDebug|ARM64.ActiveCfg = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.NativeOnlyDebug|ARM64.Build.0 = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.NativeOnlyDebug|x64.ActiveCfg = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.NativeOnlyDebug|x64.Build.0 = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.NativeOnlyDebug|x86.ActiveCfg = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.NativeOnlyDebug|x86.Build.0 = Debug|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.NativeOnlyRelease|ARM64.ActiveCfg = Release|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.NativeOnlyRelease|ARM64.Build.0 = Release|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.NativeOnlyRelease|x64.ActiveCfg = Release|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.NativeOnlyRelease|x64.Build.0 = Release|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.NativeOnlyRelease|x86.ActiveCfg = Release|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.NativeOnlyRelease|x86.Build.0 = Release|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Release|ARM64.ActiveCfg = Release|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Release|ARM64.Build.0 = Release|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Release|x64.ActiveCfg = Release|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Release|x64.Build.0 = Release|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Release|x86.ActiveCfg = Release|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Release|x86.Build.0 = Release|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.RelWithDebInfo|ARM64.ActiveCfg = RelWithDebInfo|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.RelWithDebInfo|ARM64.Build.0 = RelWithDebInfo|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.RelWithDebInfo|x64.ActiveCfg = RelWithDebInfo|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.RelWithDebInfo|x64.Build.0 = RelWithDebInfo|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.RelWithDebInfo|x86.ActiveCfg = RelWithDebInfo|x64 - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.RelWithDebInfo|x86.Build.0 = RelWithDebInfo|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Debug|ARM64.ActiveCfg = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Debug|ARM64.Build.0 = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Debug|x64.ActiveCfg = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Debug|x64.Build.0 = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Debug|x86.ActiveCfg = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Debug|x86.Build.0 = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.FuzzerDebug|ARM64.ActiveCfg = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.FuzzerDebug|ARM64.Build.0 = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.FuzzerDebug|x64.ActiveCfg = FuzzerDebug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.FuzzerDebug|x64.Build.0 = FuzzerDebug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.FuzzerDebug|x86.ActiveCfg = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.FuzzerDebug|x86.Build.0 = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.MinSizeRel|ARM64.ActiveCfg = MinSizeRel|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.MinSizeRel|ARM64.Build.0 = MinSizeRel|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.MinSizeRel|x64.ActiveCfg = MinSizeRel|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.MinSizeRel|x64.Build.0 = MinSizeRel|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.MinSizeRel|x86.ActiveCfg = MinSizeRel|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.MinSizeRel|x86.Build.0 = MinSizeRel|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyDebug|ARM64.ActiveCfg = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyDebug|ARM64.Build.0 = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyDebug|x64.ActiveCfg = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyDebug|x64.Build.0 = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyDebug|x86.ActiveCfg = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyDebug|x86.Build.0 = Debug|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyRelease|ARM64.ActiveCfg = Release|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyRelease|ARM64.Build.0 = Release|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyRelease|x64.ActiveCfg = Release|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyRelease|x64.Build.0 = Release|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyRelease|x86.ActiveCfg = Release|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyRelease|x86.Build.0 = Release|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Release|ARM64.ActiveCfg = Release|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Release|ARM64.Build.0 = Release|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Release|x64.ActiveCfg = Release|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Release|x64.Build.0 = Release|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Release|x86.ActiveCfg = Release|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Release|x86.Build.0 = Release|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.RelWithDebInfo|ARM64.ActiveCfg = RelWithDebInfo|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.RelWithDebInfo|ARM64.Build.0 = RelWithDebInfo|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.RelWithDebInfo|x64.ActiveCfg = RelWithDebInfo|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.RelWithDebInfo|x64.Build.0 = RelWithDebInfo|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.RelWithDebInfo|x86.ActiveCfg = RelWithDebInfo|x64 + {BC45D39C-F956-3951-BD46-44EAE20EC7C9}.RelWithDebInfo|x86.Build.0 = RelWithDebInfo|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -2902,7 +2904,7 @@ Global {3569E946-C8B4-49EE-A89D-EDD09DC9F36E} = {7C2E30D9-E07F-4913-BD8A-345B38F18A81} {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B} {030A7AC6-14DC-45CF-AF34-891057AB1402} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B} - {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B} + {BC45D39C-F956-3951-BD46-44EAE20EC7C9} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {3D5F862D-74C6-4357-9F95-0B152E33B7B8} diff --git a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj index 12e39085b0..6874e4523f 100644 --- a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj +++ b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj @@ -9,6 +9,14 @@ Debug x64 + + NativeOnlyDebug + x64 + + + NativeOnlyRelease + x64 + Release x64 @@ -34,6 +42,15 @@ Unicode false + + Windows10 + true + WindowsKernelModeDriver10.0 + Universal + StaticLibrary + Unicode + false + Windows10 false @@ -43,6 +60,15 @@ Unicode false + + Windows10 + false + WindowsKernelModeDriver10.0 + Universal + StaticLibrary + Unicode + false + @@ -54,10 +80,18 @@ $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\kernel;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src $(SolutionDir)$(Platform)\$(Configuration)\ + + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\kernel;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src + $(SolutionDir)$(Platform)\$(Configuration)\ + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\kernel;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src $(SolutionDir)$(Platform)\$(Configuration)\ + + $(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\kernel;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src + $(SolutionDir)$(Platform)\$(Configuration)\ + Level3 @@ -71,6 +105,20 @@ true + + + Level3 + true + _DEBUG;_LIB;KERNEL_MODE;%(PreprocessorDefinitions) + true + NotUsing + + + + + true + + Level3 @@ -88,6 +136,24 @@ true + + + Level3 + true + true + true + NDEBUG;_LIB;KERNEL_MODE;%(PreprocessorDefinitions) + true + NotUsing + + + + + true + true + true + + From 4a29ed1a19cff49428e02327ec5f63638b2982f0 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 31 Jul 2023 11:08:42 -0700 Subject: [PATCH 49/60] Update docs, API reordering in source. --- docs/eBpfExtensions.md | 71 ++++++++++++++++-- include/ebpf_store_helper.h | 24 +++--- libs/store_helper/ebpf_store_helper.c | 102 ++++++++++---------------- 3 files changed, 116 insertions(+), 81 deletions(-) diff --git a/docs/eBpfExtensions.md b/docs/eBpfExtensions.md index 403857d500..9b79867f1f 100644 --- a/docs/eBpfExtensions.md +++ b/docs/eBpfExtensions.md @@ -296,14 +296,73 @@ The helper function ID for a general helper function must be in the range 0 - 65 The parameter and return types for these helper functions must adhere to the `ebpf_argument_type_t` and `ebpf_return_type_t` enums. -### 2.7 Registering Program Types and Attach Types +### 2.7 Registering Program Types and Attach Types - eBPF Store The eBPF Execution Context loads an eBPF program from an ELF file that has program section(s) with section names. The prefix to these names determines the program type. For example, the section name `"xdp"` implies that the corresponding -program type is `EBPF_PROGRAM_TYPE_XDP`. The Execution Context discovers the program type associated with a section -prefix by reading the data from Windows registry. When an eBPF extension is installed, it must update the registry with -the program types it implements along with the associated section prefixes. - -_Note: The registry location and data format are TBD. This is currently tracked by issue #223._ +program type is `EBPF_PROGRAM_TYPE_XDP`. + +The *Execution Context* discovers the program type associated with a section prefix by reading the data from Windows registry, +in what is referred to aa the ***"eBPF Store"***. +When an eBPF extension is installed, it must update the eBPF store with the program types it implements along with the associated section prefixes. + +To operate on the eBPF store, the extension must link the `\build\native\lib\ebpf_store_helper_km.lib` kernel-mode library and include the related `\build\native\include\ebpf_store_helper.h` header file, both distributed within the [eBPF for Windows NuGet package](https://www.nuget.org/packages/eBPF-for-Windows/). With these, the extension can use the following APIs to register program types, attach types and helper functions: + +- `ebpf_store_update_helper_prototype`: updates the provider prototype information in the eBPF registry store, given a pointer to the registry key to be initialized and a pointer to the helper function prototype (i.e., `_ebpf_helper_function_prototype`): + + ```c + ebpf_result_t + ebpf_store_update_helper_prototype( + ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); + + typedef struct _ebpf_helper_function_prototype + { + uint32_t helper_id; + const char* name; + ebpf_return_type_t return_type; + ebpf_argument_type_t arguments[5]; + } ebpf_helper_function_prototype_t;```c + ``` + +- `ebpf_store_update_global_helper_information`: updates the global helper information in the eBPF store, given a pointer to an array of helper function prototypes: + ```c + ebpf_result_t + ebpf_store_update_global_helper_information( + _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); + ``` + +- `ebpf_store_update_section_information`: updates the section information in eBPF store, given a pointer to an array of section information (i.e., `_ebpf_program_section_info`): + + ```c + ebpf_result_t + ebpf_store_update_section_information( + _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count); + + typedef struct _ebpf_program_section_info + { + const wchar_t* section_name; + const GUID* program_type; + const GUID* attach_type; + uint32_t bpf_program_type; + uint32_t bpf_attach_type; + } ebpf_program_section_info_t; + ``` + +- `ebpf_store_update_program_information`: updates the global helper information in eBPF store, given a pointer to an array of program information (i.e., `_ebpf_program_info`): + + ```c + ebpf_result_t + ebpf_store_update_program_information( + _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count); + + typedef struct _ebpf_program_info + { + ebpf_program_type_descriptor_t program_type_descriptor; + uint32_t count_of_program_type_specific_helpers; + const ebpf_helper_function_prototype_t* program_type_specific_helper_prototype; + uint32_t count_of_global_helpers; + const ebpf_helper_function_prototype_t* global_helper_prototype; + } ebpf_program_info_t; + ``` ### 2.8 eBPF Sample Driver The eBPF for Windows project provides a diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index 1ccc770c86..e603c2b834 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -38,6 +38,18 @@ extern ebpf_registry_key_t ebpf_root_registry_key; ebpf_store_update_helper_prototype( ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); + /** + * @brief Update global helper information in the eBPF store. + * + * @param[in] helper_info Pointer to an array of helper function prototypes. + * @param[in] helper_info_count Count of helper function prototypes. + * + * @returns Status of the operation. + */ + ebpf_result_t + ebpf_store_update_global_helper_information( + _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); + /** * @brief Update section information in eBPF store. * @@ -62,18 +74,6 @@ extern ebpf_registry_key_t ebpf_root_registry_key; ebpf_store_update_program_information( _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count); - /** - * @brief Update global helper information in eBPF store. - * - * @param[in] helper_info Pointer to an array of helper function prototypes. - * @param[in] helper_info_count Count of helper function prototypes. - * - * @returns Status of the operation. - */ - ebpf_result_t - ebpf_store_update_global_helper_information( - _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); - #ifdef __cplusplus } #endif \ No newline at end of file diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index 9c2505ac72..a3ffab14d4 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -75,14 +75,45 @@ ebpf_store_update_helper_prototype( return result; } -/** - * @brief Update section information in eBPF store. - * - * @param[in] section_info Pointer to an array of section information. - * @param[in] section_info_count Count of section information entries. - * - * @returns Status of the operation. - */ +ebpf_result_t +ebpf_store_update_global_helper_information( + _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count) +{ + ebpf_result_t result = EBPF_SUCCESS; + ebpf_registry_key_t provider_key = NULL; + ebpf_registry_key_t helper_info_key = NULL; + + if (helper_info_count == 0) { + return result; + } + + // Open (or create) provider registry path. + result = _ebpf_store_open_or_create_provider_registry_key(&provider_key); + if (!IS_SUCCESS(result)) { + goto Exit; + } + + // Open (or create) global helpers registry path. + result = create_registry_key(provider_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key); + if (!IS_SUCCESS(result)) { + goto Exit; + } + + for (uint32_t i = 0; i < helper_info_count; i++) { + + result = ebpf_store_update_helper_prototype(helper_info_key, &helper_info[i]); + if (!IS_SUCCESS(result)) { + goto Exit; + } + } + +Exit: + close_registry_key(helper_info_key); + close_registry_key(provider_key); + + return result; +} + ebpf_result_t ebpf_store_update_section_information( _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count) @@ -162,14 +193,6 @@ ebpf_store_update_section_information( return result; } -/** - * @brief Update program information in eBPF store. - * - * @param[in] program_info Pointer to an array of program information. - * @param[in] program_info_count Count of program information entries. - * - * @returns Status of the operation. - */ ebpf_result_t ebpf_store_update_program_information( _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count) @@ -283,52 +306,5 @@ ebpf_store_update_program_information( close_registry_key(program_info_key); close_registry_key(provider_key); - return result; -} - -/** - * @brief Update global helper information in eBPF store. - * - * @param[in] helper_info Pointer to an array of helper function prototypes. - * @param[in] helper_info_count Count of helper function prototypes. - * - * @returns Status of the operation. - */ -ebpf_result_t -ebpf_store_update_global_helper_information( - _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count) -{ - ebpf_result_t result = EBPF_SUCCESS; - ebpf_registry_key_t provider_key = NULL; - ebpf_registry_key_t helper_info_key = NULL; - - if (helper_info_count == 0) { - return result; - } - - // Open (or create) provider registry path. - result = _ebpf_store_open_or_create_provider_registry_key(&provider_key); - if (!IS_SUCCESS(result)) { - goto Exit; - } - - // Open (or create) global helpers registry path. - result = create_registry_key(provider_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key); - if (!IS_SUCCESS(result)) { - goto Exit; - } - - for (uint32_t i = 0; i < helper_info_count; i++) { - - result = ebpf_store_update_helper_prototype(helper_info_key, &helper_info[i]); - if (!IS_SUCCESS(result)) { - goto Exit; - } - } - -Exit: - close_registry_key(helper_info_key); - close_registry_key(provider_key); - return result; } \ No newline at end of file From 07fa08d84468c73b0744c6bb779d8b78f20e4ed4 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 31 Jul 2023 12:14:51 -0700 Subject: [PATCH 50/60] pr feedback --- docs/eBpfExtensions.md | 35 +++++------------------------------ include/ebpf_store_helper.h | 2 +- 2 files changed, 6 insertions(+), 31 deletions(-) diff --git a/docs/eBpfExtensions.md b/docs/eBpfExtensions.md index 9b79867f1f..b5dbb27a48 100644 --- a/docs/eBpfExtensions.md +++ b/docs/eBpfExtensions.md @@ -301,29 +301,22 @@ The eBPF Execution Context loads an eBPF program from an ELF file that has progr prefix to these names determines the program type. For example, the section name `"xdp"` implies that the corresponding program type is `EBPF_PROGRAM_TYPE_XDP`. -The *Execution Context* discovers the program type associated with a section prefix by reading the data from Windows registry, -in what is referred to aa the ***"eBPF Store"***. +The *Execution Context* discovers the program type associated with a section prefix by reading the data from the ***"eBPF store"***, which is currently kept in the Windows registry. When an eBPF extension is installed, it must update the eBPF store with the program types it implements along with the associated section prefixes. -To operate on the eBPF store, the extension must link the `\build\native\lib\ebpf_store_helper_km.lib` kernel-mode library and include the related `\build\native\include\ebpf_store_helper.h` header file, both distributed within the [eBPF for Windows NuGet package](https://www.nuget.org/packages/eBPF-for-Windows/). With these, the extension can use the following APIs to register program types, attach types and helper functions: +To operate on the eBPF store, the extension must link the `\lib\ebpf_store_helper_km.lib` kernel-mode library and include the related `\include\ebpf_store_helper.h` header file, both distributed within the [eBPF for Windows NuGet package](https://www.nuget.org/packages/eBPF-for-Windows/). With these, the extension can use the following APIs to register program types, attach types and helper functions: -- `ebpf_store_update_helper_prototype`: updates the provider prototype information in the eBPF registry store, given a pointer to the registry key to be initialized and a pointer to the helper function prototype (i.e., `_ebpf_helper_function_prototype`): +- `ebpf_store_update_helper_prototype`: updates the provider prototype information in the eBPF store, given a pointer to the registry key to be initialized and a pointer to the helper function prototype (i.e., `_ebpf_helper_function_prototype`): ```c ebpf_result_t ebpf_store_update_helper_prototype( ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); - - typedef struct _ebpf_helper_function_prototype - { - uint32_t helper_id; - const char* name; - ebpf_return_type_t return_type; - ebpf_argument_type_t arguments[5]; - } ebpf_helper_function_prototype_t;```c + ```c ``` - `ebpf_store_update_global_helper_information`: updates the global helper information in the eBPF store, given a pointer to an array of helper function prototypes: + ```c ebpf_result_t ebpf_store_update_global_helper_information( @@ -336,15 +329,6 @@ To operate on the eBPF store, the extension must link the `\build\native\lib\ebp ebpf_result_t ebpf_store_update_section_information( _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count); - - typedef struct _ebpf_program_section_info - { - const wchar_t* section_name; - const GUID* program_type; - const GUID* attach_type; - uint32_t bpf_program_type; - uint32_t bpf_attach_type; - } ebpf_program_section_info_t; ``` - `ebpf_store_update_program_information`: updates the global helper information in eBPF store, given a pointer to an array of program information (i.e., `_ebpf_program_info`): @@ -353,15 +337,6 @@ To operate on the eBPF store, the extension must link the `\build\native\lib\ebp ebpf_result_t ebpf_store_update_program_information( _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count); - - typedef struct _ebpf_program_info - { - ebpf_program_type_descriptor_t program_type_descriptor; - uint32_t count_of_program_type_specific_helpers; - const ebpf_helper_function_prototype_t* program_type_specific_helper_prototype; - uint32_t count_of_global_helpers; - const ebpf_helper_function_prototype_t* global_helper_prototype; - } ebpf_program_info_t; ``` ### 2.8 eBPF Sample Driver diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index e603c2b834..ea0033a5ea 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -27,7 +27,7 @@ extern ebpf_registry_key_t ebpf_root_registry_key; #endif /** - * @brief Update the provider prototype information in the eBPF registry store. + * @brief Update the provider prototype information in the eBPF store. * * @param[in] helper_info_key Pointer to the registry key to be initialized. * @param[in] helper_info Pointer to the helper function prototype. From 92cd59bab31d27c24cd2093730a777eb3f907f7e Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 31 Jul 2023 12:27:37 -0700 Subject: [PATCH 51/60] Rename types to abstract use of registry --- docs/eBpfExtensions.md | 4 +-- include/ebpf_store_helper.h | 10 +++--- libs/api_common/store_helper_internal.cpp | 32 +++++++++---------- libs/api_common/store_helper_internal.h | 2 +- libs/store_helper/ebpf_store_helper.c | 28 ++++++++-------- .../kernel/ebpf_registry_helper.c | 12 +++---- .../kernel/ebpf_registry_helper.h | 15 ++++----- .../user/ebpf_registry_helper.cpp | 29 ++++++++--------- libs/store_helper/user/ebpf_registry_helper.h | 28 +++++++--------- tests/netebpfext_unit/netebpf_ext_helper.cpp | 2 +- .../export_program_info.cpp | 4 +-- 11 files changed, 78 insertions(+), 88 deletions(-) diff --git a/docs/eBpfExtensions.md b/docs/eBpfExtensions.md index b5dbb27a48..f227cadc87 100644 --- a/docs/eBpfExtensions.md +++ b/docs/eBpfExtensions.md @@ -306,12 +306,12 @@ When an eBPF extension is installed, it must update the eBPF store with the prog To operate on the eBPF store, the extension must link the `\lib\ebpf_store_helper_km.lib` kernel-mode library and include the related `\include\ebpf_store_helper.h` header file, both distributed within the [eBPF for Windows NuGet package](https://www.nuget.org/packages/eBPF-for-Windows/). With these, the extension can use the following APIs to register program types, attach types and helper functions: -- `ebpf_store_update_helper_prototype`: updates the provider prototype information in the eBPF store, given a pointer to the registry key to be initialized and a pointer to the helper function prototype (i.e., `_ebpf_helper_function_prototype`): +- `ebpf_store_update_helper_prototype`: updates the provider prototype information in the eBPF store, given a pointer to the store key to be initialized and a pointer to the helper function prototype (i.e., `_ebpf_helper_function_prototype`): ```c ebpf_result_t ebpf_store_update_helper_prototype( - ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); + ebpf_store_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); ```c ``` diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index ea0033a5ea..044a923582 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -20,23 +20,23 @@ extern "C" #endif #ifndef USER_MODE - typedef HANDLE ebpf_registry_key_t; + typedef HANDLE ebpf_store_key_t; #else -typedef HKEY ebpf_registry_key_t; -extern ebpf_registry_key_t ebpf_root_registry_key; +typedef HKEY ebpf_store_key_t; +extern ebpf_store_key_t ebpf_store_root_key_t; #endif /** * @brief Update the provider prototype information in the eBPF store. * - * @param[in] helper_info_key Pointer to the registry key to be initialized. + * @param[in] helper_info_key Pointer to the store key to be initialized. * @param[in] helper_info Pointer to the helper function prototype. * * @return Status of the operation. */ ebpf_result_t ebpf_store_update_helper_prototype( - ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); + ebpf_store_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info); /** * @brief Update global helper information in the eBPF store. diff --git a/libs/api_common/store_helper_internal.cpp b/libs/api_common/store_helper_internal.cpp index d11fe3bcbe..1ebdd985ef 100644 --- a/libs/api_common/store_helper_internal.cpp +++ b/libs/api_common/store_helper_internal.cpp @@ -9,13 +9,13 @@ #include "store_helper_internal.h" #include "utilities.hpp" -ebpf_registry_key_t root_registry_key_current_user = HKEY_CURRENT_USER; -ebpf_registry_key_t root_registry_key_local_machine = HKEY_LOCAL_MACHINE; +ebpf_store_key_t root_registry_key_current_user = HKEY_CURRENT_USER; +ebpf_store_key_t root_registry_key_local_machine = HKEY_LOCAL_MACHINE; // TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE -ebpf_registry_key_t ebpf_root_registry_key = HKEY_CURRENT_USER; +ebpf_store_key_t ebpf_store_root_key_t = HKEY_CURRENT_USER; static ebpf_result_t -_open_ebpf_store_key(_Out_ ebpf_registry_key_t* store_key) +_open_ebpf_store_key(_Out_ ebpf_store_key_t* store_key) { // Open root registry path. *store_key = nullptr; @@ -84,7 +84,7 @@ _load_helper_prototype( Exit: if (helper_info_key) { - close_registry_key(static_cast(helper_info_key)); + close_registry_key(static_cast(helper_info_key)); } return result; } @@ -112,7 +112,7 @@ _load_program_data_information( try { result = - open_registry_key(program_data_key, program_type_string, KEY_READ, (ebpf_registry_key_t*)&program_info_key); + open_registry_key(program_data_key, program_type_string, KEY_READ, (ebpf_store_key_t*)&program_info_key); if (result != EBPF_SUCCESS) { // Registry path is not present. result = EBPF_FILE_NOT_FOUND; @@ -301,7 +301,7 @@ ebpf_store_load_program_information( wchar_t program_type_key[GUID_STRING_LENGTH + 1]; unsigned long key_size = 0; uint32_t index = 0; - ebpf_registry_key_t store_key = nullptr; + ebpf_store_key_t store_key = nullptr; std::vector program_info_array; *program_info = nullptr; @@ -316,8 +316,8 @@ ebpf_store_load_program_information( } // Open program data registry path. - result = open_registry_key( - store_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, KEY_READ, (ebpf_registry_key_t*)&program_data_key); + result = + open_registry_key(store_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, KEY_READ, (ebpf_store_key_t*)&program_data_key); if (result != EBPF_SUCCESS) { if (result == EBPF_FILE_NOT_FOUND) { result = EBPF_SUCCESS; @@ -404,7 +404,7 @@ _load_section_data_information( ebpf_section_definition_t* section_information = nullptr; try { - result = open_registry_key(section_data_key, section_name, KEY_READ, (ebpf_registry_key_t*)§ion_info_key); + result = open_registry_key(section_data_key, section_name, KEY_READ, (ebpf_store_key_t*)§ion_info_key); if (result != EBPF_SUCCESS) { // Registry path is not present. result = EBPF_FILE_NOT_FOUND; @@ -502,7 +502,7 @@ ebpf_store_load_section_information( wchar_t section_name_key[MAX_PATH]; unsigned long key_size = 0; uint32_t index = 0; - ebpf_registry_key_t store_key = nullptr; + ebpf_store_key_t store_key = nullptr; std::vector section_info_array; *section_info = nullptr; @@ -601,7 +601,7 @@ ebpf_store_load_global_helper_information( uint32_t max_helpers_count = 0; ebpf_helper_function_prototype_t* helper_prototype = nullptr; uint32_t index = 0; - ebpf_registry_key_t store_key = nullptr; + ebpf_store_key_t store_key = nullptr; *global_helper_info = nullptr; *global_helper_info_count = 0; @@ -616,7 +616,7 @@ ebpf_store_load_global_helper_information( // Open program data registry path. result = open_registry_key( - store_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, KEY_READ, (ebpf_registry_key_t*)&global_helpers_key); + store_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, KEY_READ, (ebpf_store_key_t*)&global_helpers_key); if (result != EBPF_SUCCESS) { if (result == EBPF_FILE_NOT_FOUND) { result = EBPF_SUCCESS; @@ -705,10 +705,10 @@ ebpf_store_load_global_helper_information( } _Must_inspect_result_ ebpf_result_t -ebpf_store_clear(_In_ const ebpf_registry_key_t root_key_path) +ebpf_store_clear(_In_ const ebpf_store_key_t root_key_path) { - ebpf_registry_key_t root_handle = {0}; - ebpf_registry_key_t provider_handle = {0}; + ebpf_store_key_t root_handle = {0}; + ebpf_store_key_t provider_handle = {0}; ebpf_result_t result = EBPF_FAILED; // Open root registry key. diff --git a/libs/api_common/store_helper_internal.h b/libs/api_common/store_helper_internal.h index ad5270fb41..abe8e7f050 100644 --- a/libs/api_common/store_helper_internal.h +++ b/libs/api_common/store_helper_internal.h @@ -21,4 +21,4 @@ ebpf_store_load_global_helper_information( _Out_ uint32_t* global_helper_info_count); _Must_inspect_result_ ebpf_result_t -ebpf_store_clear(_In_ const ebpf_registry_key_t root_key_path); \ No newline at end of file +ebpf_store_clear(_In_ const ebpf_store_key_t root_key_path); \ No newline at end of file diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index a3ffab14d4..a6fd380c56 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -9,15 +9,15 @@ #define IS_SUCCESS(x) (x == EBPF_SUCCESS) static ebpf_result_t -_ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key) +_ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_store_key_t* provider_key) { ebpf_result_t result = EBPF_SUCCESS; - ebpf_registry_key_t root_key = NULL; + ebpf_store_key_t root_key = NULL; *provider_key = NULL; // Open (or create) root eBPF registry path. #ifdef USER_MODE - result = create_registry_key(ebpf_root_registry_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); + result = create_registry_key(ebpf_store_root_key_t, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); #else result = create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); #endif @@ -39,11 +39,11 @@ _ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* prov ebpf_result_t ebpf_store_update_helper_prototype( - ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info) + ebpf_store_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info) { ebpf_result_t result = EBPF_SUCCESS; uint32_t offset; - ebpf_registry_key_t helper_function_key = NULL; + ebpf_store_key_t helper_function_key = NULL; char serialized_data[sizeof(ebpf_helper_function_prototype_t)] = {0}; result = create_registry_key_ansi(helper_info_key, helper_info->name, REG_CREATE_FLAGS, &helper_function_key); @@ -80,8 +80,8 @@ ebpf_store_update_global_helper_information( _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count) { ebpf_result_t result = EBPF_SUCCESS; - ebpf_registry_key_t provider_key = NULL; - ebpf_registry_key_t helper_info_key = NULL; + ebpf_store_key_t provider_key = NULL; + ebpf_store_key_t helper_info_key = NULL; if (helper_info_count == 0) { return result; @@ -119,8 +119,8 @@ ebpf_store_update_section_information( _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count) { ebpf_result_t result = EBPF_SUCCESS; - ebpf_registry_key_t provider_key = NULL; - ebpf_registry_key_t section_info_key = NULL; + ebpf_store_key_t provider_key = NULL; + ebpf_store_key_t section_info_key = NULL; if (section_info_count == 0) { return result; @@ -139,7 +139,7 @@ ebpf_store_update_section_information( } for (uint32_t i = 0; i < section_info_count; i++) { - ebpf_registry_key_t section_key = NULL; + ebpf_store_key_t section_key = NULL; // Open or create the registry path. result = create_registry_key(section_info_key, section_info[i].section_name, REG_CREATE_FLAGS, §ion_key); @@ -198,8 +198,8 @@ ebpf_store_update_program_information( _In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count) { ebpf_result_t result = EBPF_SUCCESS; - ebpf_registry_key_t provider_key = NULL; - ebpf_registry_key_t program_info_key = NULL; + ebpf_store_key_t provider_key = NULL; + ebpf_store_key_t program_info_key = NULL; if (program_info_count == 0) { return result; @@ -218,8 +218,8 @@ ebpf_store_update_program_information( } for (uint32_t i = 0; i < program_info_count; i++) { - ebpf_registry_key_t program_key = {0}; - ebpf_registry_key_t helper_info_key = {0}; + ebpf_store_key_t program_key = {0}; + ebpf_store_key_t helper_info_key = {0}; // Convert program type GUID to string. wchar_t guid_string[GUID_STRING_LENGTH + 1]; diff --git a/libs/store_helper/kernel/ebpf_registry_helper.c b/libs/store_helper/kernel/ebpf_registry_helper.c index 67160c9cca..3703af869b 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper.c +++ b/libs/store_helper/kernel/ebpf_registry_helper.c @@ -40,7 +40,7 @@ convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wc } void -close_registry_key(ebpf_registry_key_t key) +close_registry_key(ebpf_store_key_t key) { if (key) { ZwClose(key); @@ -49,7 +49,7 @@ close_registry_key(ebpf_registry_key_t key) _Must_inspect_result_ ebpf_result_t write_registry_value_binary( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) + ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) { UNICODE_STRING unicode_value_name; @@ -58,7 +58,7 @@ write_registry_value_binary( } _Must_inspect_result_ ebpf_result_t -write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) +write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) { NTSTATUS status; UNICODE_STRING unicode_value; @@ -81,7 +81,7 @@ write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* } _Must_inspect_result_ ebpf_result_t -write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) +write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) { UNICODE_STRING unicode_name; RtlInitUnicodeString(&unicode_name, value_name); @@ -90,7 +90,7 @@ write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_ _Must_inspect_result_ ebpf_result_t create_registry_key( - ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) + ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key) { UNICODE_STRING registry_path; OBJECT_ATTRIBUTES object_attributes = {0}; @@ -106,7 +106,7 @@ create_registry_key( _Must_inspect_result_ ebpf_result_t create_registry_key_ansi( - ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) + ebpf_store_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key) { NTSTATUS status = STATUS_SUCCESS; UNICODE_STRING registry_path; diff --git a/libs/store_helper/kernel/ebpf_registry_helper.h b/libs/store_helper/kernel/ebpf_registry_helper.h index b969d9ca7c..5e30330104 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper.h +++ b/libs/store_helper/kernel/ebpf_registry_helper.h @@ -11,25 +11,22 @@ ebpf_result_t convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length); void -close_registry_key(ebpf_registry_key_t key); +close_registry_key(ebpf_store_key_t key); _Must_inspect_result_ ebpf_result_t write_registry_value_binary( - ebpf_registry_key_t key, - _In_z_ const wchar_t* value_name, - _In_reads_(value_size) uint8_t* value, - size_t value_size); + ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size); _Must_inspect_result_ ebpf_result_t -write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); +write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); _Must_inspect_result_ ebpf_result_t -write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); +write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); _Must_inspect_result_ ebpf_result_t create_registry_key( - ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); + ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key); _Must_inspect_result_ ebpf_result_t create_registry_key_ansi( - ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); \ No newline at end of file + ebpf_store_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key); \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_registry_helper.cpp b/libs/store_helper/user/ebpf_registry_helper.cpp index 57b17fab32..41c11758d5 100644 --- a/libs/store_helper/user/ebpf_registry_helper.cpp +++ b/libs/store_helper/user/ebpf_registry_helper.cpp @@ -25,7 +25,7 @@ _get_wstring_from_string(std::string text) } void -close_registry_key(ebpf_registry_key_t key) +close_registry_key(ebpf_store_key_t key) { ebpf_assert(key); RegCloseKey(key); @@ -33,7 +33,7 @@ close_registry_key(ebpf_registry_key_t key) _Must_inspect_result_ ebpf_result_t write_registry_value_binary( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) + ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) { ebpf_assert(value_name); ebpf_assert(value); @@ -42,7 +42,7 @@ write_registry_value_binary( } _Must_inspect_result_ ebpf_result_t -write_registry_value_wide_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const wchar_t* value) +write_registry_value_wide_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const wchar_t* value) { ebpf_assert(value_name); ebpf_assert(value); @@ -52,7 +52,7 @@ write_registry_value_wide_string(ebpf_registry_key_t key, _In_z_ const wchar_t* } _Must_inspect_result_ ebpf_result_t -write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) +write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) { ebpf_result_t result; try { @@ -66,7 +66,7 @@ write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* } _Must_inspect_result_ ebpf_result_t -write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) +write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) { ebpf_assert(key); return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_DWORD, (PBYTE)&value, sizeof(value))); @@ -74,7 +74,7 @@ write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_ _Must_inspect_result_ ebpf_result_t create_registry_key( - ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) + ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key) { *key = nullptr; if (root_key == nullptr) { @@ -86,7 +86,7 @@ create_registry_key( _Must_inspect_result_ ebpf_result_t open_registry_key( - ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) + ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key) { ebpf_assert(root_key != nullptr); _Analysis_assume_(root_key != nullptr); @@ -95,20 +95,20 @@ open_registry_key( } _Must_inspect_result_ ebpf_result_t -delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key) +delete_registry_key(ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key) { return _EBPF_RESULT(RegDeleteKeyEx(root_key, sub_key, 0, 0)); } _Must_inspect_result_ ebpf_result_t -delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key) +delete_registry_tree(ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key) { return _EBPF_RESULT(RegDeleteTree(root_key, sub_key)); } _Must_inspect_result_ ebpf_result_t create_registry_key_ansi( - ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key) + ebpf_store_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key) { ebpf_result_t result; try { @@ -123,7 +123,7 @@ create_registry_key_ansi( _Must_inspect_result_ ebpf_result_t read_registry_value_string( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value) + ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value) { ebpf_result_t result = EBPF_SUCCESS; unsigned long type = REG_SZ; @@ -165,7 +165,7 @@ read_registry_value_string( } _Must_inspect_result_ ebpf_result_t -read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value) +read_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value) { unsigned long type = REG_QWORD; unsigned long value_size = sizeof(uint32_t); @@ -174,10 +174,7 @@ read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_n _Must_inspect_result_ ebpf_result_t read_registry_value_binary( - ebpf_registry_key_t key, - _In_z_ const wchar_t* value_name, - _Out_writes_(value_size) uint8_t* value, - size_t value_size) + ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Out_writes_(value_size) uint8_t* value, size_t value_size) { ebpf_result_t result = EBPF_SUCCESS; unsigned long type = REG_BINARY; diff --git a/libs/store_helper/user/ebpf_registry_helper.h b/libs/store_helper/user/ebpf_registry_helper.h index d52f8c7a7a..d9706bb3fc 100644 --- a/libs/store_helper/user/ebpf_registry_helper.h +++ b/libs/store_helper/user/ebpf_registry_helper.h @@ -14,45 +14,41 @@ extern "C" #endif void - close_registry_key(ebpf_registry_key_t key); + close_registry_key(ebpf_store_key_t key); _Must_inspect_result_ ebpf_result_t write_registry_value_binary( - ebpf_registry_key_t key, + ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size); _Must_inspect_result_ ebpf_result_t - write_registry_value_ansi_string( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); + write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); _Must_inspect_result_ ebpf_result_t - write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); + write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); _Must_inspect_result_ ebpf_result_t create_registry_key( - ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); + ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key); _Must_inspect_result_ ebpf_result_t open_registry_key( - ebpf_registry_key_t root_key, - _In_opt_z_ const wchar_t* sub_key, - uint32_t flags, - _Out_ ebpf_registry_key_t* key); + ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key); _Must_inspect_result_ ebpf_result_t - delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key); + delete_registry_key(ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key); _Must_inspect_result_ ebpf_result_t - delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key); + delete_registry_tree(ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key); _Must_inspect_result_ ebpf_result_t - read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value); + read_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value); _Must_inspect_result_ ebpf_result_t read_registry_value_binary( - ebpf_registry_key_t key, + ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Out_writes_(value_size) uint8_t* value, size_t value_size); @@ -65,11 +61,11 @@ extern "C" _Must_inspect_result_ ebpf_result_t create_registry_key_ansi( - ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key); + ebpf_store_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key); _Must_inspect_result_ ebpf_result_t read_registry_value_string( - ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value); + ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value); #ifdef __cplusplus } diff --git a/tests/netebpfext_unit/netebpf_ext_helper.cpp b/tests/netebpfext_unit/netebpf_ext_helper.cpp index b6884a6b0f..2845d26f5c 100644 --- a/tests/netebpfext_unit/netebpf_ext_helper.cpp +++ b/tests/netebpfext_unit/netebpf_ext_helper.cpp @@ -6,7 +6,7 @@ #include "netebpf_ext_helper.h" // TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE -ebpf_registry_key_t ebpf_root_registry_key = HKEY_CURRENT_USER; +ebpf_store_key_t ebpf_store_root_key_t = HKEY_CURRENT_USER; DEVICE_OBJECT* _net_ebpf_ext_driver_device_object; constexpr uint32_t _test_destination_ipv4_address = 0x01020304; diff --git a/tools/export_program_info/export_program_info.cpp b/tools/export_program_info/export_program_info.cpp index a96b59ad8a..815f9220a8 100644 --- a/tools/export_program_info/export_program_info.cpp +++ b/tools/export_program_info/export_program_info.cpp @@ -17,7 +17,7 @@ #define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ) #define REG_OPEN_FLAGS (DELETE | KEY_READ) -extern ebpf_registry_key_t ebpf_root_registry_key; +extern ebpf_store_key_t ebpf_store_root_key_t; typedef struct _ebpf_program_section_info_with_count { @@ -84,7 +84,7 @@ clear_all_ebpf_stores() { // TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE std::cout << "Clearing eBPF store HKEY_CURRENT_USER" << std::endl; - return ebpf_store_clear(ebpf_root_registry_key); + return ebpf_store_clear(ebpf_store_root_key_t); } void From a391fa22f5018b81db71a4e64545105f3b189950 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 31 Jul 2023 13:06:26 -0700 Subject: [PATCH 52/60] Normalize all registry API names. --- libs/api_common/store_helper_internal.cpp | 68 +++++++------- libs/store_helper/ebpf_store_helper.c | 91 ++++++++++--------- .../kernel/ebpf_registry_helper.c | 15 +-- .../kernel/ebpf_registry_helper.h | 15 +-- .../user/ebpf_registry_helper.cpp | 30 +++--- libs/store_helper/user/ebpf_registry_helper.h | 30 +++--- 6 files changed, 130 insertions(+), 119 deletions(-) diff --git a/libs/api_common/store_helper_internal.cpp b/libs/api_common/store_helper_internal.cpp index 1ebdd985ef..9a726a5097 100644 --- a/libs/api_common/store_helper_internal.cpp +++ b/libs/api_common/store_helper_internal.cpp @@ -22,10 +22,10 @@ _open_ebpf_store_key(_Out_ ebpf_store_key_t* store_key) // First try to open the HKCU registry key. ebpf_result_t result = - open_registry_key(root_registry_key_current_user, EBPF_STORE_REGISTRY_PATH, KEY_READ, store_key); + ebpf_open_registry_key(root_registry_key_current_user, EBPF_STORE_REGISTRY_PATH, KEY_READ, store_key); if (result != ERROR_SUCCESS) { // Failed to open ebpf store path in HKCU. Fall back to HKLM. - result = open_registry_key(root_registry_key_local_machine, EBPF_STORE_REGISTRY_PATH, KEY_READ, store_key); + result = ebpf_open_registry_key(root_registry_key_local_machine, EBPF_STORE_REGISTRY_PATH, KEY_READ, store_key); } return result; @@ -54,7 +54,7 @@ _load_helper_prototype( size_t expected_size = sizeof(helper_prototype->helper_id) + sizeof(helper_prototype->return_type) + sizeof(helper_prototype->arguments); - status = read_registry_value_binary( + status = ebpf_read_registry_value_binary( helper_info_key, EBPF_HELPER_DATA_PROTOTYPE, (uint8_t*)serialized_data, expected_size); if (status != ERROR_SUCCESS) { result = win32_error_code_to_ebpf_result(status); @@ -84,7 +84,7 @@ _load_helper_prototype( Exit: if (helper_info_key) { - close_registry_key(static_cast(helper_info_key)); + ebpf_close_registry_key(static_cast(helper_info_key)); } return result; } @@ -111,8 +111,8 @@ _load_program_data_information( *program_info = nullptr; try { - result = - open_registry_key(program_data_key, program_type_string, KEY_READ, (ebpf_store_key_t*)&program_info_key); + result = ebpf_open_registry_key( + program_data_key, program_type_string, KEY_READ, (ebpf_store_key_t*)&program_info_key); if (result != EBPF_SUCCESS) { // Registry path is not present. result = EBPF_FILE_NOT_FOUND; @@ -125,13 +125,13 @@ _load_program_data_information( goto Exit; } - result = convert_string_to_guid(program_type_string, program_type); + result = ebpf_convert_string_to_guid(program_type_string, program_type); if (result != EBPF_SUCCESS) { goto Exit; } // Read the friendly program type name. - result = read_registry_value_string(program_info_key, EBPF_PROGRAM_DATA_NAME, &program_type_name); + result = ebpf_read_registry_value_string(program_info_key, EBPF_PROGRAM_DATA_NAME, &program_type_name); if (result != EBPF_SUCCESS) { goto Exit; } @@ -142,7 +142,7 @@ _load_program_data_information( result = EBPF_NO_MEMORY; goto Exit; } - result = read_registry_value_binary( + result = ebpf_read_registry_value_binary( program_info_key, EBPF_PROGRAM_DATA_CONTEXT_DESCRIPTOR, (uint8_t*)descriptor, @@ -152,19 +152,19 @@ _load_program_data_information( } // Read "is_privileged". - result = read_registry_value_dword(program_info_key, EBPF_PROGRAM_DATA_PRIVILEGED, &is_privileged); + result = ebpf_read_registry_value_dword(program_info_key, EBPF_PROGRAM_DATA_PRIVILEGED, &is_privileged); if (result != EBPF_SUCCESS) { goto Exit; } // Read bpf program type. - result = read_registry_value_dword(program_info_key, EBPF_DATA_BPF_PROG_TYPE, &bpf_program_type); + result = ebpf_read_registry_value_dword(program_info_key, EBPF_DATA_BPF_PROG_TYPE, &bpf_program_type); if (result != EBPF_SUCCESS) { goto Exit; } // Read helper count. - result = read_registry_value_dword(program_info_key, EBPF_PROGRAM_DATA_HELPER_COUNT, &helper_count); + result = ebpf_read_registry_value_dword(program_info_key, EBPF_PROGRAM_DATA_HELPER_COUNT, &helper_count); if (result != EBPF_SUCCESS) { goto Exit; } @@ -279,13 +279,13 @@ _load_program_data_information( ebpf_program_info_free(program_information); } if (program_info_key) { - close_registry_key(program_info_key); + ebpf_close_registry_key(program_info_key); } ebpf_free(program_type_name); ebpf_free(program_type); if (helper_key) { - close_registry_key(helper_key); + ebpf_close_registry_key(helper_key); } return result; } @@ -316,8 +316,8 @@ ebpf_store_load_program_information( } // Open program data registry path. - result = - open_registry_key(store_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, KEY_READ, (ebpf_store_key_t*)&program_data_key); + result = ebpf_open_registry_key( + store_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, KEY_READ, (ebpf_store_key_t*)&program_data_key); if (result != EBPF_SUCCESS) { if (result == EBPF_FILE_NOT_FOUND) { result = EBPF_SUCCESS; @@ -382,7 +382,7 @@ ebpf_store_load_program_information( } if (program_data_key) { - close_registry_key(program_data_key); + ebpf_close_registry_key(program_data_key); } return result; @@ -404,7 +404,7 @@ _load_section_data_information( ebpf_section_definition_t* section_information = nullptr; try { - result = open_registry_key(section_data_key, section_name, KEY_READ, (ebpf_store_key_t*)§ion_info_key); + result = ebpf_open_registry_key(section_data_key, section_name, KEY_READ, (ebpf_store_key_t*)§ion_info_key); if (result != EBPF_SUCCESS) { // Registry path is not present. result = EBPF_FILE_NOT_FOUND; @@ -424,7 +424,7 @@ _load_section_data_information( } // Read program type. - result = read_registry_value_binary( + result = ebpf_read_registry_value_binary( section_info_key, EBPF_SECTION_DATA_PROGRAM_TYPE, (uint8_t*)program_type, sizeof(ebpf_program_type_t)); if (result != EBPF_SUCCESS) { __analysis_assume(result != EBPF_SUCCESS); @@ -432,7 +432,7 @@ _load_section_data_information( } // Read attach type. - result = read_registry_value_binary( + result = ebpf_read_registry_value_binary( section_info_key, EBPF_SECTION_DATA_ATTACH_TYPE, (uint8_t*)attach_type, sizeof(ebpf_attach_type_t)); if (result != EBPF_SUCCESS) { __analysis_assume(result != EBPF_SUCCESS); @@ -440,14 +440,16 @@ _load_section_data_information( } // Read bpf program type. - result = read_registry_value_dword(section_info_key, EBPF_DATA_BPF_PROG_TYPE, (uint32_t*)&bpf_program_type); + result = + ebpf_read_registry_value_dword(section_info_key, EBPF_DATA_BPF_PROG_TYPE, (uint32_t*)&bpf_program_type); if (result != EBPF_SUCCESS) { bpf_program_type = BPF_PROG_TYPE_UNSPEC; result = EBPF_SUCCESS; } // Read bpf attach type. - result = read_registry_value_dword(section_info_key, EBPF_DATA_BPF_ATTACH_TYPE, (uint32_t*)&bpf_attach_type); + result = + ebpf_read_registry_value_dword(section_info_key, EBPF_DATA_BPF_ATTACH_TYPE, (uint32_t*)&bpf_attach_type); if (result != EBPF_SUCCESS) { bpf_attach_type = BPF_ATTACH_TYPE_UNSPEC; result = EBPF_SUCCESS; @@ -486,7 +488,7 @@ _load_section_data_information( ebpf_free(section_information); } if (section_info_key) { - close_registry_key(section_info_key); + ebpf_close_registry_key(section_info_key); } return result; } @@ -582,7 +584,7 @@ ebpf_store_load_section_information( } } if (section_data_key) { - close_registry_key(section_data_key); + ebpf_close_registry_key(section_data_key); } return result; } @@ -615,7 +617,7 @@ ebpf_store_load_global_helper_information( } // Open program data registry path. - result = open_registry_key( + result = ebpf_open_registry_key( store_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, KEY_READ, (ebpf_store_key_t*)&global_helpers_key); if (result != EBPF_SUCCESS) { if (result == EBPF_FILE_NOT_FOUND) { @@ -690,7 +692,7 @@ ebpf_store_load_global_helper_information( Exit: if (global_helpers_key) { - close_registry_key(global_helpers_key); + ebpf_close_registry_key(global_helpers_key); } if (result != EBPF_SUCCESS) { if (helper_prototype) { @@ -712,7 +714,7 @@ ebpf_store_clear(_In_ const ebpf_store_key_t root_key_path) ebpf_result_t result = EBPF_FAILED; // Open root registry key. - result = open_registry_key(root_key_path, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_handle); + result = ebpf_open_registry_key(root_key_path, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_handle); if (result != EBPF_SUCCESS) { if (result == EBPF_FILE_NOT_FOUND) { result = EBPF_SUCCESS; @@ -721,7 +723,7 @@ ebpf_store_clear(_In_ const ebpf_store_key_t root_key_path) } // Open "providers" registry key. - result = open_registry_key(root_handle, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, &provider_handle); + result = ebpf_open_registry_key(root_handle, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, &provider_handle); if (result != EBPF_SUCCESS) { if (result == EBPF_FILE_NOT_FOUND) { result = EBPF_SUCCESS; @@ -730,14 +732,14 @@ ebpf_store_clear(_In_ const ebpf_store_key_t root_key_path) } // Delete subtree of provider reg key. - result = delete_registry_tree(provider_handle, NULL); + result = ebpf_delete_registry_tree(provider_handle, NULL); if (result != EBPF_SUCCESS) { goto Exit; } - close_registry_key(provider_handle); + ebpf_close_registry_key(provider_handle); provider_handle = nullptr; - result = delete_registry_key(root_handle, EBPF_PROVIDERS_REGISTRY_PATH); + result = ebpf_delete_registry_key(root_handle, EBPF_PROVIDERS_REGISTRY_PATH); if (result != EBPF_SUCCESS) { goto Exit; } @@ -746,10 +748,10 @@ ebpf_store_clear(_In_ const ebpf_store_key_t root_key_path) Exit: if (provider_handle) { - close_registry_key(provider_handle); + ebpf_close_registry_key(provider_handle); } if (root_handle) { - close_registry_key(root_handle); + ebpf_close_registry_key(root_handle); } return result; diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index a6fd380c56..2c27d4a950 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -17,7 +17,7 @@ _ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_store_key_t* provide // Open (or create) root eBPF registry path. #ifdef USER_MODE - result = create_registry_key(ebpf_store_root_key_t, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); + result = ebpf_create_registry_key(ebpf_store_root_key_t, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); #else result = create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); #endif @@ -27,13 +27,13 @@ _ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_store_key_t* provide } // Open (or create) program data registry path. - result = create_registry_key(root_key, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, provider_key); + result = ebpf_create_registry_key(root_key, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, provider_key); if (!IS_SUCCESS(result)) { goto Exit; } Exit: - close_registry_key(root_key); + ebpf_close_registry_key(root_key); return result; } @@ -46,7 +46,7 @@ ebpf_store_update_helper_prototype( ebpf_store_key_t helper_function_key = NULL; char serialized_data[sizeof(ebpf_helper_function_prototype_t)] = {0}; - result = create_registry_key_ansi(helper_info_key, helper_info->name, REG_CREATE_FLAGS, &helper_function_key); + result = ebpf_create_registry_key_ansi(helper_info_key, helper_info->name, REG_CREATE_FLAGS, &helper_function_key); if (!IS_SUCCESS(result)) { goto Exit; } @@ -63,14 +63,14 @@ ebpf_store_update_helper_prototype( offset += sizeof(helper_info->arguments); // Save the helper prototype data. - result = write_registry_value_binary( + result = ebpf_write_registry_value_binary( helper_function_key, EBPF_HELPER_DATA_PROTOTYPE, (uint8_t*)&serialized_data[0], offset); if (!IS_SUCCESS(result)) { goto Exit; } Exit: - close_registry_key(helper_function_key); + ebpf_close_registry_key(helper_function_key); return result; } @@ -94,7 +94,8 @@ ebpf_store_update_global_helper_information( } // Open (or create) global helpers registry path. - result = create_registry_key(provider_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key); + result = + ebpf_create_registry_key(provider_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key); if (!IS_SUCCESS(result)) { goto Exit; } @@ -108,8 +109,8 @@ ebpf_store_update_global_helper_information( } Exit: - close_registry_key(helper_info_key); - close_registry_key(provider_key); + ebpf_close_registry_key(helper_info_key); + ebpf_close_registry_key(provider_key); return result; } @@ -133,7 +134,7 @@ ebpf_store_update_section_information( } // Open (or create) section data key. - result = create_registry_key(provider_key, EBPF_SECTIONS_REGISTRY_PATH, REG_CREATE_FLAGS, §ion_info_key); + result = ebpf_create_registry_key(provider_key, EBPF_SECTIONS_REGISTRY_PATH, REG_CREATE_FLAGS, §ion_info_key); if (!IS_SUCCESS(result)) { goto Exit; } @@ -142,53 +143,56 @@ ebpf_store_update_section_information( ebpf_store_key_t section_key = NULL; // Open or create the registry path. - result = create_registry_key(section_info_key, section_info[i].section_name, REG_CREATE_FLAGS, §ion_key); + result = + ebpf_create_registry_key(section_info_key, section_info[i].section_name, REG_CREATE_FLAGS, §ion_key); if (!IS_SUCCESS(result)) { goto Exit; } // Save program type. - result = write_registry_value_binary( + result = ebpf_write_registry_value_binary( section_key, EBPF_SECTION_DATA_PROGRAM_TYPE, (uint8_t*)section_info[i].program_type, sizeof(ebpf_program_type_t)); if (!IS_SUCCESS(result)) { - close_registry_key(section_key); + ebpf_close_registry_key(section_key); goto Exit; } // Save attach type. - result = write_registry_value_binary( + result = ebpf_write_registry_value_binary( section_key, EBPF_SECTION_DATA_ATTACH_TYPE, (uint8_t*)section_info[i].attach_type, sizeof(ebpf_attach_type_t)); if (!IS_SUCCESS(result)) { - close_registry_key(section_key); + ebpf_close_registry_key(section_key); goto Exit; } // Save bpf_prog_type. - result = write_registry_value_dword(section_key, EBPF_DATA_BPF_PROG_TYPE, section_info[i].bpf_program_type); + result = + ebpf_write_registry_value_dword(section_key, EBPF_DATA_BPF_PROG_TYPE, section_info[i].bpf_program_type); if (!IS_SUCCESS(result)) { - close_registry_key(section_key); + ebpf_close_registry_key(section_key); goto Exit; } // Save bpf_attach_type. - result = write_registry_value_dword(section_key, EBPF_DATA_BPF_ATTACH_TYPE, section_info[i].bpf_attach_type); + result = + ebpf_write_registry_value_dword(section_key, EBPF_DATA_BPF_ATTACH_TYPE, section_info[i].bpf_attach_type); if (!IS_SUCCESS(result)) { - close_registry_key(section_key); + ebpf_close_registry_key(section_key); goto Exit; } - close_registry_key(section_key); + ebpf_close_registry_key(section_key); } Exit: - close_registry_key(section_info_key); - close_registry_key(provider_key); + ebpf_close_registry_key(section_info_key); + ebpf_close_registry_key(provider_key); return result; } @@ -212,7 +216,8 @@ ebpf_store_update_program_information( } // Open (or create) program data registry path. - result = create_registry_key(provider_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, REG_CREATE_FLAGS, &program_info_key); + result = + ebpf_create_registry_key(provider_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, REG_CREATE_FLAGS, &program_info_key); if (!IS_SUCCESS(result)) { goto Exit; } @@ -223,66 +228,66 @@ ebpf_store_update_program_information( // Convert program type GUID to string. wchar_t guid_string[GUID_STRING_LENGTH + 1]; - result = convert_guid_to_string( + result = ebpf_convert_guid_to_string( &program_info[i].program_type_descriptor.program_type, guid_string, GUID_STRING_LENGTH + 1); if (!IS_SUCCESS(result)) { return result; } - result = create_registry_key(program_info_key, guid_string, REG_CREATE_FLAGS, &program_key); + result = ebpf_create_registry_key(program_info_key, guid_string, REG_CREATE_FLAGS, &program_key); if (!IS_SUCCESS(result)) { goto Exit; } // Save the friendly program type name. - result = write_registry_value_ansi_string( + result = ebpf_write_registry_value_ansi_string( program_key, EBPF_PROGRAM_DATA_NAME, program_info[i].program_type_descriptor.name); if (!IS_SUCCESS(result)) { - close_registry_key(program_key); + ebpf_close_registry_key(program_key); goto Exit; } // Save context descriptor. - result = write_registry_value_binary( + result = ebpf_write_registry_value_binary( program_key, EBPF_PROGRAM_DATA_CONTEXT_DESCRIPTOR, (uint8_t*)program_info[i].program_type_descriptor.context_descriptor, sizeof(ebpf_context_descriptor_t)); if (!IS_SUCCESS(result)) { - close_registry_key(program_key); + ebpf_close_registry_key(program_key); goto Exit; } // Save bpf_prog_type. - result = write_registry_value_dword( + result = ebpf_write_registry_value_dword( program_key, EBPF_DATA_BPF_PROG_TYPE, program_info[i].program_type_descriptor.bpf_prog_type); if (!IS_SUCCESS(result)) { - close_registry_key(program_key); + ebpf_close_registry_key(program_key); goto Exit; } // Save "is_privileged". - result = write_registry_value_dword( + result = ebpf_write_registry_value_dword( program_key, EBPF_PROGRAM_DATA_PRIVILEGED, program_info[i].program_type_descriptor.is_privileged); if (!IS_SUCCESS(result)) { - close_registry_key(program_key); + ebpf_close_registry_key(program_key); goto Exit; } // Save helper count. - result = write_registry_value_dword( + result = ebpf_write_registry_value_dword( program_key, EBPF_PROGRAM_DATA_HELPER_COUNT, program_info[i].count_of_program_type_specific_helpers); if (!IS_SUCCESS(result)) { - close_registry_key(program_key); + ebpf_close_registry_key(program_key); goto Exit; } if (program_info[i].count_of_program_type_specific_helpers != 0) { // Create (or open) helper registry path. - result = create_registry_key( + result = ebpf_create_registry_key( program_key, EBPF_PROGRAM_DATA_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key); if (!IS_SUCCESS(result)) { - close_registry_key(program_key); + ebpf_close_registry_key(program_key); goto Exit; } @@ -291,20 +296,20 @@ ebpf_store_update_program_information( result = ebpf_store_update_helper_prototype( helper_info_key, &(program_info[i].program_type_specific_helper_prototype[count])); if (!IS_SUCCESS(result)) { - close_registry_key(program_key); - close_registry_key(helper_info_key); + ebpf_close_registry_key(program_key); + ebpf_close_registry_key(helper_info_key); goto Exit; } } - close_registry_key(helper_info_key); + ebpf_close_registry_key(helper_info_key); } - close_registry_key(program_key); + ebpf_close_registry_key(program_key); } Exit: - close_registry_key(program_info_key); - close_registry_key(provider_key); + ebpf_close_registry_key(program_info_key); + ebpf_close_registry_key(provider_key); return result; } \ No newline at end of file diff --git a/libs/store_helper/kernel/ebpf_registry_helper.c b/libs/store_helper/kernel/ebpf_registry_helper.c index 3703af869b..480807a8ad 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper.c +++ b/libs/store_helper/kernel/ebpf_registry_helper.c @@ -11,7 +11,8 @@ #define _EBPF_RESULT(x) (NT_SUCCESS(x) ? EBPF_SUCCESS : EBPF_FAILED) ebpf_result_t -convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length) +ebpf_convert_guid_to_string( + _In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length) { UNICODE_STRING unicode_string = {0}; @@ -40,7 +41,7 @@ convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wc } void -close_registry_key(ebpf_store_key_t key) +ebpf_close_registry_key(ebpf_store_key_t key) { if (key) { ZwClose(key); @@ -48,7 +49,7 @@ close_registry_key(ebpf_store_key_t key) } _Must_inspect_result_ ebpf_result_t -write_registry_value_binary( +ebpf_write_registry_value_binary( ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) { UNICODE_STRING unicode_value_name; @@ -58,7 +59,7 @@ write_registry_value_binary( } _Must_inspect_result_ ebpf_result_t -write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) +ebpf_write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) { NTSTATUS status; UNICODE_STRING unicode_value; @@ -81,7 +82,7 @@ write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* val } _Must_inspect_result_ ebpf_result_t -write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) +ebpf_write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) { UNICODE_STRING unicode_name; RtlInitUnicodeString(&unicode_name, value_name); @@ -89,7 +90,7 @@ write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_nam } _Must_inspect_result_ ebpf_result_t -create_registry_key( +ebpf_create_registry_key( ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key) { UNICODE_STRING registry_path; @@ -105,7 +106,7 @@ create_registry_key( } _Must_inspect_result_ ebpf_result_t -create_registry_key_ansi( +ebpf_create_registry_key_ansi( ebpf_store_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key) { NTSTATUS status = STATUS_SUCCESS; diff --git a/libs/store_helper/kernel/ebpf_registry_helper.h b/libs/store_helper/kernel/ebpf_registry_helper.h index 5e30330104..8141dfdc40 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper.h +++ b/libs/store_helper/kernel/ebpf_registry_helper.h @@ -8,25 +8,26 @@ #define REG_CREATE_FLAGS 0 ebpf_result_t -convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length); +ebpf_convert_guid_to_string( + _In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length); void -close_registry_key(ebpf_store_key_t key); +ebpf_close_registry_key(ebpf_store_key_t key); _Must_inspect_result_ ebpf_result_t -write_registry_value_binary( +ebpf_write_registry_value_binary( ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size); _Must_inspect_result_ ebpf_result_t -write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); +ebpf_write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); _Must_inspect_result_ ebpf_result_t -write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); +ebpf_write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); _Must_inspect_result_ ebpf_result_t -create_registry_key( +ebpf_create_registry_key( ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key); _Must_inspect_result_ ebpf_result_t -create_registry_key_ansi( +ebpf_create_registry_key_ansi( ebpf_store_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key); \ No newline at end of file diff --git a/libs/store_helper/user/ebpf_registry_helper.cpp b/libs/store_helper/user/ebpf_registry_helper.cpp index 41c11758d5..298def2b43 100644 --- a/libs/store_helper/user/ebpf_registry_helper.cpp +++ b/libs/store_helper/user/ebpf_registry_helper.cpp @@ -25,14 +25,14 @@ _get_wstring_from_string(std::string text) } void -close_registry_key(ebpf_store_key_t key) +ebpf_close_registry_key(ebpf_store_key_t key) { ebpf_assert(key); RegCloseKey(key); } _Must_inspect_result_ ebpf_result_t -write_registry_value_binary( +ebpf_write_registry_value_binary( ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size) { ebpf_assert(value_name); @@ -52,7 +52,7 @@ write_registry_value_wide_string(ebpf_store_key_t key, _In_z_ const wchar_t* val } _Must_inspect_result_ ebpf_result_t -write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) +ebpf_write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value) { ebpf_result_t result; try { @@ -66,14 +66,14 @@ write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* val } _Must_inspect_result_ ebpf_result_t -write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) +ebpf_write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value) { ebpf_assert(key); return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_DWORD, (PBYTE)&value, sizeof(value))); } _Must_inspect_result_ ebpf_result_t -create_registry_key( +ebpf_create_registry_key( ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key) { *key = nullptr; @@ -85,7 +85,7 @@ create_registry_key( } _Must_inspect_result_ ebpf_result_t -open_registry_key( +ebpf_open_registry_key( ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key) { ebpf_assert(root_key != nullptr); @@ -95,25 +95,25 @@ open_registry_key( } _Must_inspect_result_ ebpf_result_t -delete_registry_key(ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key) +ebpf_delete_registry_key(ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key) { return _EBPF_RESULT(RegDeleteKeyEx(root_key, sub_key, 0, 0)); } _Must_inspect_result_ ebpf_result_t -delete_registry_tree(ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key) +ebpf_delete_registry_tree(ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key) { return _EBPF_RESULT(RegDeleteTree(root_key, sub_key)); } _Must_inspect_result_ ebpf_result_t -create_registry_key_ansi( +ebpf_create_registry_key_ansi( ebpf_store_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key) { ebpf_result_t result; try { auto wide_string = _get_wstring_from_string(sub_key); - result = create_registry_key(root_key, wide_string.c_str(), flags, key); + result = ebpf_create_registry_key(root_key, wide_string.c_str(), flags, key); } catch (...) { result = EBPF_NO_MEMORY; } @@ -122,7 +122,7 @@ create_registry_key_ansi( } _Must_inspect_result_ ebpf_result_t -read_registry_value_string( +ebpf_read_registry_value_string( ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value) { ebpf_result_t result = EBPF_SUCCESS; @@ -165,7 +165,7 @@ read_registry_value_string( } _Must_inspect_result_ ebpf_result_t -read_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value) +ebpf_read_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value) { unsigned long type = REG_QWORD; unsigned long value_size = sizeof(uint32_t); @@ -173,7 +173,7 @@ read_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name } _Must_inspect_result_ ebpf_result_t -read_registry_value_binary( +ebpf_read_registry_value_binary( ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Out_writes_(value_size) uint8_t* value, size_t value_size) { ebpf_result_t result = EBPF_SUCCESS; @@ -193,7 +193,7 @@ read_registry_value_binary( } _Must_inspect_result_ ebpf_result_t -convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size) +ebpf_convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size) { ebpf_result_t result = EBPF_SUCCESS; wchar_t* value_name = nullptr; @@ -227,7 +227,7 @@ convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wcha } _Must_inspect_result_ ebpf_result_t -convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid) +ebpf_convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid) { ebpf_result_t result = EBPF_SUCCESS; diff --git a/libs/store_helper/user/ebpf_registry_helper.h b/libs/store_helper/user/ebpf_registry_helper.h index d9706bb3fc..011c1ed936 100644 --- a/libs/store_helper/user/ebpf_registry_helper.h +++ b/libs/store_helper/user/ebpf_registry_helper.h @@ -14,57 +14,59 @@ extern "C" #endif void - close_registry_key(ebpf_store_key_t key); + ebpf_close_registry_key(ebpf_store_key_t key); _Must_inspect_result_ ebpf_result_t - write_registry_value_binary( + ebpf_write_registry_value_binary( ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size); _Must_inspect_result_ ebpf_result_t - write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); + ebpf_write_registry_value_ansi_string( + ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value); _Must_inspect_result_ ebpf_result_t - write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); + ebpf_write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value); _Must_inspect_result_ ebpf_result_t - create_registry_key( + ebpf_create_registry_key( ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key); _Must_inspect_result_ ebpf_result_t - open_registry_key( + ebpf_open_registry_key( ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key); _Must_inspect_result_ ebpf_result_t - delete_registry_key(ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key); + ebpf_delete_registry_key(ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key); _Must_inspect_result_ ebpf_result_t - delete_registry_tree(ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key); + ebpf_delete_registry_tree(ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key); _Must_inspect_result_ ebpf_result_t - read_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value); + ebpf_read_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value); _Must_inspect_result_ ebpf_result_t - read_registry_value_binary( + ebpf_read_registry_value_binary( ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Out_writes_(value_size) uint8_t* value, size_t value_size); _Must_inspect_result_ ebpf_result_t - convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size); + ebpf_convert_guid_to_string( + _In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size); _Must_inspect_result_ ebpf_result_t - convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid); + ebpf_convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid); _Must_inspect_result_ ebpf_result_t - create_registry_key_ansi( + ebpf_create_registry_key_ansi( ebpf_store_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key); _Must_inspect_result_ ebpf_result_t - read_registry_value_string( + ebpf_read_registry_value_string( ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value); #ifdef __cplusplus From 1c82d6241f48f2bf680ad3e354bd4ef5b4886c6c Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 31 Jul 2023 16:52:29 -0700 Subject: [PATCH 53/60] rename --- libs/store_helper/ebpf_store_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index 2c27d4a950..813fa2f961 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -19,7 +19,7 @@ _ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_store_key_t* provide #ifdef USER_MODE result = ebpf_create_registry_key(ebpf_store_root_key_t, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); #else - result = create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); + result = ebpf_create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); #endif if (!IS_SUCCESS(result)) { From 99f6ba00d63cb7aee08b7387276bfd24bbb0a289 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 31 Jul 2023 16:54:36 -0700 Subject: [PATCH 54/60] merge sln --- ebpf-for-windows.sln | 1 - 1 file changed, 1 deletion(-) diff --git a/ebpf-for-windows.sln b/ebpf-for-windows.sln index 0f2a5bcf48..cd3153dc38 100644 --- a/ebpf-for-windows.sln +++ b/ebpf-for-windows.sln @@ -2990,7 +2990,6 @@ Global {3569E946-C8B4-49EE-A89D-EDD09DC9F36E} = {7C2E30D9-E07F-4913-BD8A-345B38F18A81} {AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B} {030A7AC6-14DC-45CF-AF34-891057AB1402} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B} - {BC45D39C-F956-3951-BD46-44EAE20EC7C9} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B} {249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B} {1937DB41-F3EB-4955-A636-6386DCB394F6} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B} EndGlobalSection From d434ac6a155293d82d425638478953e32bc5e3ce Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 3 Aug 2023 13:49:57 -0700 Subject: [PATCH 55/60] fix var typo --- include/ebpf_store_helper.h | 2 +- libs/api_common/store_helper_internal.cpp | 2 +- libs/store_helper/ebpf_store_helper.c | 2 +- tests/netebpfext_unit/netebpf_ext_helper.cpp | 2 +- tools/export_program_info/export_program_info.cpp | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index 044a923582..cb00e34f1a 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -23,7 +23,7 @@ extern "C" typedef HANDLE ebpf_store_key_t; #else typedef HKEY ebpf_store_key_t; -extern ebpf_store_key_t ebpf_store_root_key_t; +extern ebpf_store_key_t ebpf_store_root_key; #endif /** diff --git a/libs/api_common/store_helper_internal.cpp b/libs/api_common/store_helper_internal.cpp index 9a726a5097..90bff29b4d 100644 --- a/libs/api_common/store_helper_internal.cpp +++ b/libs/api_common/store_helper_internal.cpp @@ -12,7 +12,7 @@ ebpf_store_key_t root_registry_key_current_user = HKEY_CURRENT_USER; ebpf_store_key_t root_registry_key_local_machine = HKEY_LOCAL_MACHINE; // TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE -ebpf_store_key_t ebpf_store_root_key_t = HKEY_CURRENT_USER; +ebpf_store_key_t ebpf_store_root_key = HKEY_CURRENT_USER; static ebpf_result_t _open_ebpf_store_key(_Out_ ebpf_store_key_t* store_key) diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index 813fa2f961..7483f62105 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -17,7 +17,7 @@ _ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_store_key_t* provide // Open (or create) root eBPF registry path. #ifdef USER_MODE - result = ebpf_create_registry_key(ebpf_store_root_key_t, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); + result = ebpf_create_registry_key(ebpf_store_root_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); #else result = ebpf_create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); #endif diff --git a/tests/netebpfext_unit/netebpf_ext_helper.cpp b/tests/netebpfext_unit/netebpf_ext_helper.cpp index 2845d26f5c..ea07c44def 100644 --- a/tests/netebpfext_unit/netebpf_ext_helper.cpp +++ b/tests/netebpfext_unit/netebpf_ext_helper.cpp @@ -6,7 +6,7 @@ #include "netebpf_ext_helper.h" // TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE -ebpf_store_key_t ebpf_store_root_key_t = HKEY_CURRENT_USER; +ebpf_store_key_t ebpf_store_root_key = HKEY_CURRENT_USER; DEVICE_OBJECT* _net_ebpf_ext_driver_device_object; constexpr uint32_t _test_destination_ipv4_address = 0x01020304; diff --git a/tools/export_program_info/export_program_info.cpp b/tools/export_program_info/export_program_info.cpp index 815f9220a8..9848cda15e 100644 --- a/tools/export_program_info/export_program_info.cpp +++ b/tools/export_program_info/export_program_info.cpp @@ -17,7 +17,7 @@ #define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ) #define REG_OPEN_FLAGS (DELETE | KEY_READ) -extern ebpf_store_key_t ebpf_store_root_key_t; +extern ebpf_store_key_t ebpf_store_root_key; typedef struct _ebpf_program_section_info_with_count { @@ -84,7 +84,7 @@ clear_all_ebpf_stores() { // TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE std::cout << "Clearing eBPF store HKEY_CURRENT_USER" << std::endl; - return ebpf_store_clear(ebpf_store_root_key_t); + return ebpf_store_clear(ebpf_store_root_key); } void From 4a8bfb79e6c75a92e241946ff392a6ca29707a1a Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 3 Aug 2023 17:36:03 -0700 Subject: [PATCH 56/60] refactor store root keys --- include/ebpf_store_helper.h | 4 +++- libs/api_common/store_helper_internal.cpp | 2 -- libs/store_helper/ebpf_store_helper.c | 6 +----- libs/store_helper/kernel/ebpf_registry_helper.c | 3 +++ libs/store_helper/user/ebpf_registry_helper.cpp | 3 +++ tests/netebpfext_unit/netebpf_ext_helper.cpp | 2 -- tools/export_program_info/export_program_info.cpp | 5 +---- 7 files changed, 11 insertions(+), 14 deletions(-) diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index cb00e34f1a..0994bc48ef 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -23,9 +23,11 @@ extern "C" typedef HANDLE ebpf_store_key_t; #else typedef HKEY ebpf_store_key_t; -extern ebpf_store_key_t ebpf_store_root_key; #endif + extern ebpf_store_key_t ebpf_store_root_key; + extern const wchar_t* ebpf_store_root_sub_key; + /** * @brief Update the provider prototype information in the eBPF store. * diff --git a/libs/api_common/store_helper_internal.cpp b/libs/api_common/store_helper_internal.cpp index 90bff29b4d..5800533934 100644 --- a/libs/api_common/store_helper_internal.cpp +++ b/libs/api_common/store_helper_internal.cpp @@ -11,8 +11,6 @@ ebpf_store_key_t root_registry_key_current_user = HKEY_CURRENT_USER; ebpf_store_key_t root_registry_key_local_machine = HKEY_LOCAL_MACHINE; -// TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE -ebpf_store_key_t ebpf_store_root_key = HKEY_CURRENT_USER; static ebpf_result_t _open_ebpf_store_key(_Out_ ebpf_store_key_t* store_key) diff --git a/libs/store_helper/ebpf_store_helper.c b/libs/store_helper/ebpf_store_helper.c index 7483f62105..a082cb75e5 100644 --- a/libs/store_helper/ebpf_store_helper.c +++ b/libs/store_helper/ebpf_store_helper.c @@ -16,11 +16,7 @@ _ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_store_key_t* provide *provider_key = NULL; // Open (or create) root eBPF registry path. -#ifdef USER_MODE - result = ebpf_create_registry_key(ebpf_store_root_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key); -#else - result = ebpf_create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key); -#endif + result = ebpf_create_registry_key(ebpf_store_root_key, ebpf_store_root_sub_key, REG_CREATE_FLAGS, &root_key); if (!IS_SUCCESS(result)) { goto Exit; diff --git a/libs/store_helper/kernel/ebpf_registry_helper.c b/libs/store_helper/kernel/ebpf_registry_helper.c index 480807a8ad..967d744990 100644 --- a/libs/store_helper/kernel/ebpf_registry_helper.c +++ b/libs/store_helper/kernel/ebpf_registry_helper.c @@ -10,6 +10,9 @@ #define _EBPF_RESULT(x) (NT_SUCCESS(x) ? EBPF_SUCCESS : EBPF_FAILED) +ebpf_store_key_t ebpf_store_root_key = NULL; +const wchar_t* ebpf_store_root_sub_key = EBPF_ROOT_REGISTRY_PATH; + ebpf_result_t ebpf_convert_guid_to_string( _In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length) diff --git a/libs/store_helper/user/ebpf_registry_helper.cpp b/libs/store_helper/user/ebpf_registry_helper.cpp index 298def2b43..6bef7f1f11 100644 --- a/libs/store_helper/user/ebpf_registry_helper.cpp +++ b/libs/store_helper/user/ebpf_registry_helper.cpp @@ -14,6 +14,9 @@ #define GUID_STRING_LENGTH 38 // not including the null terminator. #define _EBPF_RESULT(x) win32_error_code_to_ebpf_result(x) +ebpf_store_key_t ebpf_store_root_key = HKEY_CURRENT_USER; // TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE +const wchar_t* ebpf_store_root_sub_key = EBPF_ROOT_RELATIVE_PATH; + static std::wstring _get_wstring_from_string(std::string text) { diff --git a/tests/netebpfext_unit/netebpf_ext_helper.cpp b/tests/netebpfext_unit/netebpf_ext_helper.cpp index ea07c44def..51b637b189 100644 --- a/tests/netebpfext_unit/netebpf_ext_helper.cpp +++ b/tests/netebpfext_unit/netebpf_ext_helper.cpp @@ -5,8 +5,6 @@ #include "net_ebpf_ext_sock_addr.h" #include "netebpf_ext_helper.h" -// TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE -ebpf_store_key_t ebpf_store_root_key = HKEY_CURRENT_USER; DEVICE_OBJECT* _net_ebpf_ext_driver_device_object; constexpr uint32_t _test_destination_ipv4_address = 0x01020304; diff --git a/tools/export_program_info/export_program_info.cpp b/tools/export_program_info/export_program_info.cpp index 9848cda15e..50d3f536e2 100644 --- a/tools/export_program_info/export_program_info.cpp +++ b/tools/export_program_info/export_program_info.cpp @@ -17,8 +17,6 @@ #define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ) #define REG_OPEN_FLAGS (DELETE | KEY_READ) -extern ebpf_store_key_t ebpf_store_root_key; - typedef struct _ebpf_program_section_info_with_count { _Field_size_(section_info_count) const ebpf_program_section_info_t* section_info; @@ -82,8 +80,7 @@ export_global_helper_information() uint32_t clear_all_ebpf_stores() { - // TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE - std::cout << "Clearing eBPF store HKEY_CURRENT_USER" << std::endl; + std::cout << "Clearing eBPF store" << std::endl; return ebpf_store_clear(ebpf_store_root_key); } From a0883cf67353a23db64570c4c4f19894553af5ba Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Fri, 4 Aug 2023 21:42:24 -0700 Subject: [PATCH 57/60] feedback --- docs/eBpfExtensions.md | 2 +- tests/sample/ext/drv/CMakeLists.txt | 1 - tools/export_program_info/CMakeLists.txt | 2 -- 3 files changed, 1 insertion(+), 4 deletions(-) diff --git a/docs/eBpfExtensions.md b/docs/eBpfExtensions.md index f227cadc87..d4461f9869 100644 --- a/docs/eBpfExtensions.md +++ b/docs/eBpfExtensions.md @@ -306,7 +306,7 @@ When an eBPF extension is installed, it must update the eBPF store with the prog To operate on the eBPF store, the extension must link the `\lib\ebpf_store_helper_km.lib` kernel-mode library and include the related `\include\ebpf_store_helper.h` header file, both distributed within the [eBPF for Windows NuGet package](https://www.nuget.org/packages/eBPF-for-Windows/). With these, the extension can use the following APIs to register program types, attach types and helper functions: -- `ebpf_store_update_helper_prototype`: updates the provider prototype information in the eBPF store, given a pointer to the store key to be initialized and a pointer to the helper function prototype (i.e., `_ebpf_helper_function_prototype`): +- `ebpf_store_update_helper_prototype`: updates the program type specific helper information in the eBPF store, given a pointer to the store key to be initialized and a pointer to the helper function prototype (i.e., `_ebpf_helper_function_prototype`): ```c ebpf_result_t diff --git a/tests/sample/ext/drv/CMakeLists.txt b/tests/sample/ext/drv/CMakeLists.txt index bb840c5039..0e5e44e587 100644 --- a/tests/sample/ext/drv/CMakeLists.txt +++ b/tests/sample/ext/drv/CMakeLists.txt @@ -18,7 +18,6 @@ target_include_directories("sample_ebpf_ext" PRIVATE "${CMAKE_SOURCE_DIR}/include/kernel" "${CMAKE_SOURCE_DIR}/libs/platform" "${CMAKE_SOURCE_DIR}/libs/platform/kernel" - "${CMAKE_SOURCE_DIR}/libs/store_helper/kernel" "${CMAKE_SOURCE_DIR}/tests/sample" "${CMAKE_SOURCE_DIR}/tests/sample/ext/inc" ) diff --git a/tools/export_program_info/CMakeLists.txt b/tools/export_program_info/CMakeLists.txt index 56941eec81..241ffe0fd6 100644 --- a/tools/export_program_info/CMakeLists.txt +++ b/tools/export_program_info/CMakeLists.txt @@ -16,8 +16,6 @@ target_include_directories("export_program_info" PRIVATE "${CMAKE_SOURCE_DIR}/libs/execution_context" "${CMAKE_SOURCE_DIR}/libs/platform" "${CMAKE_SOURCE_DIR}/libs/platform/user" - "${CMAKE_SOURCE_DIR}/libs/store_helper" - "${CMAKE_SOURCE_DIR}/libs/store_helper/user" "${CMAKE_SOURCE_DIR}/libs/thunk" "${CMAKE_SOURCE_DIR}/netebpfext" "${CMAKE_SOURCE_DIR}/tests/sample/ext/inc" From bfa8321b9084931077c7429af3fcedf3a82c492d Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Fri, 4 Aug 2023 22:14:17 -0700 Subject: [PATCH 58/60] doc/comments --- docs/eBpfExtensions.md | 2 +- include/ebpf_store_helper.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/eBpfExtensions.md b/docs/eBpfExtensions.md index d4461f9869..f00b519465 100644 --- a/docs/eBpfExtensions.md +++ b/docs/eBpfExtensions.md @@ -331,7 +331,7 @@ To operate on the eBPF store, the extension must link the `\lib\ebpf_store_helpe _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count); ``` -- `ebpf_store_update_program_information`: updates the global helper information in eBPF store, given a pointer to an array of program information (i.e., `_ebpf_program_info`): +- `ebpf_store_update_program_information`: updates program information in the eBPF store, given a pointer to an array of program information (i.e., `_ebpf_program_info`): ```c ebpf_result_t diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index 0994bc48ef..56e239ead4 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -53,7 +53,7 @@ typedef HKEY ebpf_store_key_t; _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); /** - * @brief Update section information in eBPF store. + * @brief Update section information in the eBPF store. * * @param[in] section_info Pointer to an array of section information. * @param[in] section_info_count Count of section information entries. @@ -65,7 +65,7 @@ typedef HKEY ebpf_store_key_t; _In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count); /** - * @brief Update program information in eBPF store. + * @brief Update program information in the eBPF store. * * @param[in] program_info Pointer to an array of program information. * @param[in] program_info_count Count of program information entries. From b493d3ee4c4bc7080ae99a8e2209b031193f2f4d Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 7 Aug 2023 01:10:25 -0700 Subject: [PATCH 59/60] remove KERNEL_MODE --- ebpfcore/CMakeLists.txt | 1 - libs/platform/CMakeLists.txt | 1 - libs/platform/kernel/platform_kernel.vcxproj | 8 ++++---- libs/store_helper/kernel/CMakeLists.txt | 1 - libs/store_helper/kernel/ebpf_store_helper_km.vcxproj | 8 ++++---- netebpfext/sys/CMakeLists.txt | 1 - netebpfext/sys/netebpfext.vcxproj | 8 ++++---- tests/sample/ext/drv/CMakeLists.txt | 1 - tests/sample/ext/drv/sample_ext.vcxproj | 8 ++++---- 9 files changed, 16 insertions(+), 21 deletions(-) diff --git a/ebpfcore/CMakeLists.txt b/ebpfcore/CMakeLists.txt index e3c217452f..6a907f7ab8 100644 --- a/ebpfcore/CMakeLists.txt +++ b/ebpfcore/CMakeLists.txt @@ -40,7 +40,6 @@ target_link_libraries("EbpfCore" ) target_compile_definitions("EbpfCore" PRIVATE - KERNEL_MODE BINARY_COMPATIBLE=0 NT NDIS60 diff --git a/libs/platform/CMakeLists.txt b/libs/platform/CMakeLists.txt index 054bb16313..38c00a934e 100644 --- a/libs/platform/CMakeLists.txt +++ b/libs/platform/CMakeLists.txt @@ -106,7 +106,6 @@ target_link_libraries("platform_kernel" PRIVATE ) target_compile_definitions("platform_kernel" PRIVATE - KERNEL_MODE WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP WINAPI_PARTITION_DESKTOP=1 WINAPI_PARTITION_SYSTEM=1 diff --git a/libs/platform/kernel/platform_kernel.vcxproj b/libs/platform/kernel/platform_kernel.vcxproj index e02fcdee1a..9e635b6da0 100644 --- a/libs/platform/kernel/platform_kernel.vcxproj +++ b/libs/platform/kernel/platform_kernel.vcxproj @@ -131,7 +131,7 @@ - _DEBUG;WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;_KRPCENV_;_NO_CRT_STDIO_INLINE=1;KERNEL_MODE;%(PreprocessorDefinitions) + _DEBUG;WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;_KRPCENV_;_NO_CRT_STDIO_INLINE=1;%(PreprocessorDefinitions) $(SolutionDir)libs\execution_context;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(SolutionDir)libs\epoch;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;%(AdditionalIncludeDirectories) @@ -143,7 +143,7 @@ - WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;_KRPCENV_;_NO_CRT_STDIO_INLINE=1;KERNEL_MODE;%(PreprocessorDefinitions) + WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;_KRPCENV_;_NO_CRT_STDIO_INLINE=1;%(PreprocessorDefinitions) $(SolutionDir)libs\execution_context;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(SolutionDir)libs\epoch;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;%(AdditionalIncludeDirectories) @@ -155,12 +155,12 @@ - _DEBUG;WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;KERNEL_MODE;%(PreprocessorDefinitions) + _DEBUG;WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;%(PreprocessorDefinitions) - WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;KERNEL_MODE;%(PreprocessorDefinitions) + WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;%(PreprocessorDefinitions) diff --git a/libs/store_helper/kernel/CMakeLists.txt b/libs/store_helper/kernel/CMakeLists.txt index d21c35de87..12275df460 100644 --- a/libs/store_helper/kernel/CMakeLists.txt +++ b/libs/store_helper/kernel/CMakeLists.txt @@ -25,7 +25,6 @@ target_include_directories("ebpf_store_helper_km" PRIVATE ) target_compile_definitions("ebpf_store_helper_km" PRIVATE - KERNEL_MODE WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP WINAPI_PARTITION_DESKTOP=1 WINAPI_PARTITION_SYSTEM=1 diff --git a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj index 6874e4523f..bd43de23e8 100644 --- a/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj +++ b/libs/store_helper/kernel/ebpf_store_helper_km.vcxproj @@ -96,7 +96,7 @@ Level3 true - _DEBUG;_LIB;KERNEL_MODE;%(PreprocessorDefinitions) + _DEBUG;_LIB;%(PreprocessorDefinitions) true NotUsing @@ -109,7 +109,7 @@ Level3 true - _DEBUG;_LIB;KERNEL_MODE;%(PreprocessorDefinitions) + _DEBUG;_LIB;%(PreprocessorDefinitions) true NotUsing @@ -125,7 +125,7 @@ true true true - NDEBUG;_LIB;KERNEL_MODE;%(PreprocessorDefinitions) + NDEBUG;_LIB;%(PreprocessorDefinitions) true NotUsing @@ -142,7 +142,7 @@ true true true - NDEBUG;_LIB;KERNEL_MODE;%(PreprocessorDefinitions) + NDEBUG;_LIB;%(PreprocessorDefinitions) true NotUsing diff --git a/netebpfext/sys/CMakeLists.txt b/netebpfext/sys/CMakeLists.txt index ba67350178..70c7f0a90f 100644 --- a/netebpfext/sys/CMakeLists.txt +++ b/netebpfext/sys/CMakeLists.txt @@ -66,7 +66,6 @@ target_link_libraries("NetEbpfExt" ) target_compile_definitions("NetEbpfExt" PRIVATE - KERNEL_MODE BINARY_COMPATIBLE=0 NT NDIS60 diff --git a/netebpfext/sys/netebpfext.vcxproj b/netebpfext/sys/netebpfext.vcxproj index 96aa78ea7c..e82e2e15ea 100644 --- a/netebpfext/sys/netebpfext.vcxproj +++ b/netebpfext/sys/netebpfext.vcxproj @@ -121,7 +121,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;$(SolutionDir)netebpfext;$(SolutionDir)netebpfext\sys;$(SolutionDir)resource - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO stacksize4096 @@ -144,7 +144,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;$(SolutionDir)netebpfext;$(SolutionDir)netebpfext\sys;$(SolutionDir)resource - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO stacksize4096 @@ -166,7 +166,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;$(SolutionDir)netebpfext;$(SolutionDir)netebpfext\sys;$(SolutionDir)resource - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO %(AdditionalIncludeDirectories);$(DDK_INC_PATH) @@ -187,7 +187,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;$(SolutionDir)netebpfext;$(SolutionDir)netebpfext\sys;$(SolutionDir)resource - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO %(AdditionalIncludeDirectories);$(DDK_INC_PATH) diff --git a/tests/sample/ext/drv/CMakeLists.txt b/tests/sample/ext/drv/CMakeLists.txt index 0e5e44e587..9177ccdc2f 100644 --- a/tests/sample/ext/drv/CMakeLists.txt +++ b/tests/sample/ext/drv/CMakeLists.txt @@ -36,7 +36,6 @@ target_link_libraries("sample_ebpf_ext" ) target_compile_definitions("sample_ebpf_ext" PRIVATE - KERNEL_MODE BINARY_COMPATIBLE=0 NT POOL_NX_OPTIN_AUTO diff --git a/tests/sample/ext/drv/sample_ext.vcxproj b/tests/sample/ext/drv/sample_ext.vcxproj index 9966a8cab1..49fc86304c 100644 --- a/tests/sample/ext/drv/sample_ext.vcxproj +++ b/tests/sample/ext/drv/sample_ext.vcxproj @@ -119,7 +119,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO @@ -140,7 +140,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO @@ -161,7 +161,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO @@ -182,7 +182,7 @@ %(AdditionalIncludeDirectories);$(DDK_INC_PATH);$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel - %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO;KERNEL_MODE + %(PreprocessorDefinitions);BINARY_COMPATIBLE=0;NT;UNICODE;_UNICODE;NDIS60;POOL_NX_OPTIN_AUTO From 0514697d34f18276cb87e9dfe4a431a25c0efaf2 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 7 Aug 2023 08:52:12 -0700 Subject: [PATCH 60/60] Force ignore format on all preprocessor code paths. --- docs/eBpfExtensions.md | 2 +- include/ebpf_store_helper.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/eBpfExtensions.md b/docs/eBpfExtensions.md index f00b519465..dfff2c2e3f 100644 --- a/docs/eBpfExtensions.md +++ b/docs/eBpfExtensions.md @@ -323,7 +323,7 @@ To operate on the eBPF store, the extension must link the `\lib\ebpf_store_helpe _In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count); ``` -- `ebpf_store_update_section_information`: updates the section information in eBPF store, given a pointer to an array of section information (i.e., `_ebpf_program_section_info`): +- `ebpf_store_update_section_information`: updates the section information in the eBPF store, given a pointer to an array of section information (i.e., `_ebpf_program_section_info`): ```c ebpf_result_t diff --git a/include/ebpf_store_helper.h b/include/ebpf_store_helper.h index 56e239ead4..6eec5b768e 100644 --- a/include/ebpf_store_helper.h +++ b/include/ebpf_store_helper.h @@ -22,7 +22,7 @@ extern "C" #ifndef USER_MODE typedef HANDLE ebpf_store_key_t; #else -typedef HKEY ebpf_store_key_t; + typedef HKEY ebpf_store_key_t; #endif extern ebpf_store_key_t ebpf_store_root_key;