Merge pull request #4 from sn99/master

refactor and user application

Author: sn99

.gitignore

@@ -1,4 +1,2 @@
-/target
-/Cargo.lock
-
-DriverCertificate.cer
+Cargo.lock
+/target/

Cargo.toml

@@ -1,27 +1,11 @@
-[package]
-name = "driver"
-version = "0.1.0"
-edition = "2021"
-build = "build.rs"
-
-[lib]
-path = "src/lib.rs"
-crate-type = ["cdylib"]
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
-[profile.dev]
-panic = "abort"
-
-[profile.release]
-panic = "abort"
-
-[build-dependencies]
-thiserror = "1.0"
-winreg = "0.11.0"
-
-[dependencies]
-windows-kernel-sys = { path = "windows-kernel-sys" }
-windows-kernel-macros = { path = "windows-kernel-macros" }
-windows-kernel-string = {path = "windows-kernel-string"}
-windows-kernel-alloc = {path = "windows-kernel-alloc"}
+[workspace]
+members = [
+    "windows-kernel-alloc",
+    "windows-kernel-macros",
+    "windows-kernel-string",
+    "windows-kernel-sys",
+    "windows-rust-minifilter",
+]
+exclude = [
+    "windows-rust-application"
+]

README.md

@@ -21,6 +21,8 @@ You can set up a VM for testing by following [DEBUG](DEBUG.md).
 
 ## Building
 
+From inside [windows-rust-minifilter](windows-rust-minifilter), run:
+
 `cargo make --profile production all`
 
 **Note: You might need to run `cargo clean` before rebuilding again.**

windows-kernel-alloc/src/kernel_alloc.rs

@@ -1,12 +1,11 @@
-//it must be defined in lib.rs
-//#![feature(alloc_error_handler)]
+// It must be defined in lib.rs
+// #![feature(alloc_error_handler)]
 #[allow(unused_imports)]
 use alloc::alloc::handle_alloc_error;
 use core::alloc::{GlobalAlloc, Layout};
 use windows_kernel_sys::base::{SIZE_T, ULONG64};
 use windows_kernel_sys::ntoskrnl::{ExAllocatePool2, ExFreePool};
 
-
 pub const POOL_TAG: u32 = u32::from_ne_bytes(*b"TSUR");
 pub const POOL_FLAG_PAGED: ULONG64 = 0x0000000000000100;
 

windows-kernel-alloc/src/lib.rs

@@ -1,4 +1,4 @@
-//source idea: https://os.phil-opp.com/minimal-rust-kernel/
+// source idea: https://os.phil-opp.com/minimal-rust-kernel/
 #![no_std]
 #![feature(lang_items)]
 #![feature(alloc_error_handler)]

windows-kernel-macros/src/lib.rs

@@ -34,10 +34,11 @@ pub unsafe fn InitializeObjectAttributes(
     s: windows_kernel_sys::base::PVOID,
 ) {
     use core::mem::size_of;
-    (*p).Length = size_of::<windows_kernel_sys::base::OBJECT_ATTRIBUTES>() as  windows_kernel_sys::base::ULONG;
+    (*p).Length =
+        size_of::<windows_kernel_sys::base::OBJECT_ATTRIBUTES>() as windows_kernel_sys::base::ULONG;
     (*p).RootDirectory = r;
     (*p).Attributes = a;
     (*p).ObjectName = n;
     (*p).SecurityDescriptor = s;
     (*p).SecurityQualityOfService = NULL;
-}
+}

windows-kernel-string/src/lib.rs

@@ -1,13 +1,14 @@
 #![no_std]
 #![allow(non_camel_case_types)]
 #![allow(non_snake_case)]
+#![allow(clippy::upper_case_acronyms)]
 
 extern crate alloc;
 
 use alloc::string::String;
 use core::fmt::{Display, Formatter};
-use windows_kernel_sys::base::{BOOLEAN, LONG, NTSTATUS, TRUE, ULONG, ULONGLONG};
 use windows_kernel_sys::base;
+use windows_kernel_sys::base::{BOOLEAN, LONG, NTSTATUS, TRUE, ULONG, ULONGLONG};
 
 type PCSZ = *const u8;
 type PCWSTR = *const u16;
@@ -31,9 +32,11 @@ impl<'a> From<&'a [u8]> for ANSI_STRING {
         let mut str = ANSI_STRING::default();
 
         let mut buffer = buffer.to_vec();
-        if *buffer.last().expect("bad unwrap on From<&'a [u8]> for ANSI_STRING") != 0 {
-            //let mut buffer = buffer.to_vec();
-            buffer.push(0);
+
+        if let Some(last_byte) = buffer.last() {
+            if *last_byte != 0 {
+                buffer.push(0);
+            }
         }
 
         unsafe {
@@ -55,7 +58,7 @@ impl Default for ANSI_STRING {
     fn default() -> Self {
         Self {
             Length: 0,
-            MaximumLength: 0 as u16,
+            MaximumLength: 0_u16,
             Buffer: core::ptr::null(),
         }
     }
@@ -127,8 +130,11 @@ impl<'a> From<&'a [u16]> for UNICODE_STRING {
         let mut str = UNICODE_STRING::default();
 
         let mut buffer = buffer.to_vec();
-        if *buffer.last().expect("bad unwrap on From<&'a [u16]> for UNICODE_STRING") == 0 {
-            buffer.push(0);
+
+        if let Some(last_byte) = buffer.last(){
+            if *last_byte == 0{
+                buffer.push(0);
+            }
         }
 
         unsafe {
@@ -158,7 +164,7 @@ impl Default for UNICODE_STRING {
     fn default() -> Self {
         Self {
             Length: 0,
-            MaximumLength: 0 as u16,
+            MaximumLength: 0_u16,
             ptr: core::ptr::null(),
         }
     }

windows-kernel-sys/src/base.rs

@@ -1,6 +1,9 @@
 #![allow(non_upper_case_globals)]
 #![allow(non_camel_case_types)]
 #![allow(non_snake_case)]
+#![allow(clippy::useless_transmute)]
+#![allow(clippy::too_many_arguments)]
+#![allow(clippy::unnecessary_cast)]
 
 pub use cty::*;
 

windows-kernel-sys/src/fltmgr.rs

@@ -1,6 +1,9 @@
 #![allow(non_upper_case_globals)]
 #![allow(non_camel_case_types)]
 #![allow(non_snake_case)]
+#![allow(clippy::useless_transmute)]
+#![allow(clippy::too_many_arguments)]
+#![allow(clippy::unnecessary_cast)]
 
 use crate::base::*;
 

windows-kernel-sys/src/lib.rs

@@ -1,4 +1,7 @@
 #![no_std]
+#![allow(clippy::useless_transmute)]
+#![allow(clippy::too_many_arguments)]
+#![allow(clippy::unnecessary_cast)]
 
 pub mod base;
 pub mod fltmgr;

windows-kernel-sys/src/ntoskrnl.rs

@@ -1,6 +1,9 @@
 #![allow(non_upper_case_globals)]
 #![allow(non_camel_case_types)]
 #![allow(non_snake_case)]
+#![allow(clippy::useless_transmute)]
+#![allow(clippy::too_many_arguments)]
+#![allow(clippy::unnecessary_cast)]
 
 use crate::base::*;
 

windows-kernel-sys/src/wrapper.h

@@ -14,55 +14,50 @@
 #include <suppress.h>
 #include <wdm.h>
 
-typedef union _KGDTENTRY64
-{
-    struct
-    {
+typedef union _KGDTENTRY64 {
+    struct {
         unsigned short LimitLow;
         unsigned short BaseLow;
-        union
-        {
-            struct
-            {
+        union {
+            struct {
                 unsigned char BaseMiddle;
                 unsigned char Flags1;
                 unsigned char Flags2;
                 unsigned char BaseHigh;
             } Bytes;
-            struct
-            {
-                unsigned long BaseMiddle : 8;
-                unsigned long Type : 5;
-                unsigned long Dpl : 2;
-                unsigned long Present : 1;
-                unsigned long LimitHigh : 4;
-                unsigned long System : 1;
-                unsigned long LongMode : 1;
-                unsigned long DefaultBig : 1;
-                unsigned long Granularity : 1;
-                unsigned long BaseHigh : 8;
+            struct {
+                unsigned long BaseMiddle: 8;
+                unsigned long Type: 5;
+                unsigned long Dpl: 2;
+                unsigned long Present: 1;
+                unsigned long LimitHigh: 4;
+                unsigned long System: 1;
+                unsigned long LongMode: 1;
+                unsigned long DefaultBig: 1;
+                unsigned long Granularity: 1;
+                unsigned long BaseHigh: 8;
             } Bits;
         };
         unsigned long BaseUpper;
         unsigned long MustBeZero;
     };
-    unsigned __int64 Alignment;
+    unsigned __int64
+    Alignment;
 } KGDTENTRY64, *PKGDTENTRY64;
 
-typedef union _KIDTENTRY64
-{
-    struct
-    {
+typedef union _KIDTENTRY64 {
+    struct {
         unsigned short OffsetLow;
         unsigned short Selector;
-        unsigned short IstIndex : 3;
-        unsigned short Reserved0 : 5;
-        unsigned short Type : 5;
-        unsigned short Dpl : 2;
-        unsigned short Present : 1;
+        unsigned short IstIndex: 3;
+        unsigned short Reserved0: 5;
+        unsigned short Type: 5;
+        unsigned short Dpl: 2;
+        unsigned short Present: 1;
         unsigned short OffsetMiddle;
         unsigned long OffsetHigh;
         unsigned long Reserved1;
     };
-    unsigned __int64 Alignment;
+    unsigned __int64
+    Alignment;
 } KIDTENTRY64, *PKIDTENTRY64;

windows-rust-application/.gitignore

@@ -0,0 +1,2 @@
+Cargo.lock
+target

windows-rust-application/Cargo.toml

@@ -0,0 +1,25 @@
+[package]
+name = "rust"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+
+[dependencies.windows-sys]
+version = "0.45.0"
+features = [
+    "Win32_Storage_InstallableFileSystems",
+    "Win32_Foundation",
+    "Win32_Security",
+    "Win32_Storage_FileSystem",
+    "Win32_System_Threading",
+    "Win32_System_ProcessStatus",
+    "Win32_System_Diagnostics_Debug",
+]
+
+[profile.release]
+lto = true
+codegen-units = 1
+opt-level = 3

windows-rust-application/README.md

@@ -0,0 +1,3 @@
+# Rust windows Application
+
+To be run with [Rust Minifilter POC](https://github.com/SubconsciousCompute/poc-windows-rust-filter)

windows-rust-application/src/main.rs

@@ -0,0 +1,43 @@
+use std::ffi::c_void;
+use std::ptr::null;
+
+use windows_sys::w;
+use windows_sys::Win32::Foundation::HANDLE;
+use windows_sys::Win32::Storage::InstallableFileSystems::{
+    FilterConnectCommunicationPort, FilterSendMessage,
+};
+
+static mut PORT: HANDLE = -1;
+
+fn main() {
+    println!("Press ctrl-z to ctrl-c to exit...");
+
+    let mut byterec = 0;
+    let buffer = "Hello from Rust user application\n\0".as_bytes().as_ptr() as *const c_void;
+    let bufferlen = 50;
+    let rbuffer_size = 256;
+    let mut rbuffer: Vec<u8> = vec![0; rbuffer_size];
+    let recbuffer: *mut c_void = rbuffer.as_mut_ptr() as *mut c_void;
+
+    unsafe {
+        if PORT == -1
+            && FilterConnectCommunicationPort(w!("\\mf"), 0, null(), 0, null(), &mut PORT) != 0
+        {
+            panic!("port connection failed");
+        }
+    }
+
+    unsafe {
+        if FilterSendMessage(PORT, buffer, bufferlen as u32, recbuffer, 50, &mut byterec) != 0 {
+            println!("failed to get message");
+        } else {
+            let pchar = recbuffer as *mut i8;
+            let string = std::ffi::CStr::from_ptr(pchar)
+                .to_str()
+                .expect("Not a valid String");
+            print!("{}", string);
+        }
+    }
+
+    loop {}
+}

.cargo/config renamed to windows-rust-minifilter/.cargo/config

@@ -0,0 +1,4 @@
+/target
+/Cargo.lock
+
+DriverCertificate.cer

windows-rust-minifilter/.gitignore

@@ -0,0 +1,27 @@
+[package]
+name = "driver"
+version = "0.1.0"
+edition = "2021"
+build = "build.rs"
+
+[lib]
+path = "src/lib.rs"
+crate-type = ["cdylib"]
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[profile.dev]
+panic = "abort"
+
+[profile.release]
+panic = "abort"
+
+[build-dependencies]
+thiserror = "1.0"
+winreg = "0.11.0"
+
+[dependencies]
+windows-kernel-sys = { path = "../windows-kernel-sys" }
+windows-kernel-macros = { path = "../windows-kernel-macros" }
+windows-kernel-string = {path = "../windows-kernel-string"}
+windows-kernel-alloc = {path = "../windows-kernel-alloc"}