Merge pull request #2 from sn99/master

Enable communication with user space application

Author: sn99

Cargo.toml

@@ -21,4 +21,7 @@ thiserror = "1.0"
 winreg = "0.11.0"
 
 [dependencies]
-windows-kernel-sys = { path = "windows-kernel-sys"}
+windows-kernel-sys = { path = "windows-kernel-sys" }
+windows-kernel-macros = { path = "windows-kernel-macros" }
+windows-kernel-string = {path = "windows-kernel-string"}
+windows-kernel-alloc = {path = "windows-kernel-alloc"}

src/lib.rs

@@ -1,56 +1,40 @@
 #![no_std]
 #![allow(non_snake_case)]
 
+extern crate alloc;
+use windows_kernel_alloc;
+use windows_kernel_alloc::kernel_alloc::POOL_TAG;
+
+pub mod shared_def;
+
 use core::panic::PanicInfo;
 use core::ptr::null_mut;
+use windows_kernel_macros::{InitializeObjectAttributes, NT_SUCCESS, PAGED_CODE};
+use windows_kernel_string::UNICODE_STRING;
 
 use windows_kernel_sys::base::_FLT_PREOP_CALLBACK_STATUS::FLT_PREOP_SUCCESS_NO_CALLBACK;
 use windows_kernel_sys::base::{
     DRIVER_OBJECT, FLT_FILESYSTEM_TYPE, FLT_FILTER_UNLOAD_FLAGS, FLT_INSTANCE_QUERY_TEARDOWN_FLAGS,
     FLT_INSTANCE_SETUP_FLAGS, FLT_INSTANCE_TEARDOWN_FLAGS, FLT_OPERATION_REGISTRATION,
-    FLT_PREOP_CALLBACK_STATUS, FLT_REGISTRATION, FLT_REGISTRATION_VERSION, NTSTATUS,
-    PCFLT_RELATED_OBJECTS, PFLT_CALLBACK_DATA, PFLT_FILTER, PVOID, STATUS_SUCCESS, ULONG,
-    UNICODE_STRING, USHORT,
+    FLT_PORT_ALL_ACCESS, FLT_PREOP_CALLBACK_STATUS, FLT_REGISTRATION, FLT_REGISTRATION_VERSION,
+    NTSTATUS, OBJECT_ATTRIBUTES, OBJ_CASE_INSENSITIVE, OBJ_KERNEL_HANDLE, PCFLT_RELATED_OBJECTS,
+    PCHAR, PFLT_CALLBACK_DATA, PFLT_FILTER, PFLT_PORT, PSECURITY_DESCRIPTOR, PULONG, PVOID,
+    STATUS_SUCCESS, ULONG, USHORT,
 };
 use windows_kernel_sys::fltmgr::{
-    DbgPrint, FltRegisterFilter, FltStartFiltering, FltUnregisterFilter,
+    strcpy, DbgPrint, FltBuildDefaultSecurityDescriptor, FltCloseClientPort,
+    FltCloseCommunicationPort, FltCreateCommunicationPort, FltFreeSecurityDescriptor,
+    FltRegisterFilter, FltStartFiltering, FltUnregisterFilter,
 };
 
-#[panic_handler]
-fn panic(_info: &PanicInfo) -> ! {
-    loop {}
-}
-
-#[macro_export]
-macro_rules! NT_SUCCESS {
-    ($status:expr) => {
-        $status as NTSTATUS >= 0
-    };
-}
+static mut PORT: PFLT_PORT = null_mut();
+static mut CLIENT_PORT: PFLT_PORT = null_mut();
 
-#[macro_export]
-macro_rules! PAGED_CODE {
-    () => {
-        unsafe {
-            if u64::from(windows_kernel_sys::fltmgr::KeGetCurrentIrql())
-                > windows_kernel_sys::base::APC_LEVEL as u64
-            {
-                return windows_kernel_sys::base::STATUS_UNSUCCESSFUL;
-            }
-        }
-    };
-}
-
-///
 /// The minifilter handle that results from a call to FltRegisterFilter
 /// NOTE: This handle must be passed to FltUnregisterFilter during minifilter unloading
-///
 static mut G_MINIFILTER_HANDLE: PFLT_FILTER = null_mut();
 
-
-///
 /// The FLT_REGISTRATION structure provides information about a file system minifilter to the filter manager.
-///
 const G_FILTER_REGISTRATION: FLT_REGISTRATION = FLT_REGISTRATION {
     Size: core::mem::size_of::<FLT_REGISTRATION>() as USHORT, //  Size
     Version: FLT_REGISTRATION_VERSION as USHORT,
@@ -122,9 +106,9 @@ unsafe extern "C" fn PreOperationCreate(
 extern "C" fn InstanceFilterUnloadCallback(_Flags: FLT_FILTER_UNLOAD_FLAGS) -> NTSTATUS {
     PAGED_CODE!();
 
-
     unsafe {
-        DbgPrint("Unloading\0\n".as_ptr() as _);
+        DbgPrint("Unloading rust minifilter\0\n".as_ptr() as _);
+        FltCloseCommunicationPort(PORT);
 
         FltUnregisterFilter(G_MINIFILTER_HANDLE);
     }
@@ -170,6 +154,10 @@ pub extern "system" fn DriverEntry(
     driver: &mut DRIVER_OBJECT,
     _registry_path: *const UNICODE_STRING,
 ) -> NTSTATUS {
+    let mut sd: PSECURITY_DESCRIPTOR = null_mut();
+    let mut oa: OBJECT_ATTRIBUTES = unsafe { core::mem::zeroed() };
+    let mut name: UNICODE_STRING = UNICODE_STRING::create("\\mf");
+
     unsafe {
         DbgPrint("Hello from Rust!\0".as_ptr() as _);
     }
@@ -184,27 +172,103 @@ pub extern "system" fn DriverEntry(
         return status;
     }
 
-    driver.DriverUnload = Some(driver_exit);
+    status = unsafe { FltBuildDefaultSecurityDescriptor(&mut sd, FLT_PORT_ALL_ACCESS) };
 
+    if NT_SUCCESS!(status) {
+        unsafe {
+            InitializeObjectAttributes(
+                &mut oa,
+                &mut name,
+                OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
+                null_mut(),
+                sd,
+            );
+        }
 
-    //
-    // start minifilter driver
-    //
-    status = unsafe { FltStartFiltering(G_MINIFILTER_HANDLE) };
+        status = unsafe {
+            FltCreateCommunicationPort(
+                G_MINIFILTER_HANDLE,
+                &mut PORT,
+                &mut oa,
+                null_mut(),
+                Some(MiniConnect),
+                Some(MiniDisconnect),
+                Some(MiniSendRec),
+                1,
+            )
+        };
 
-    if !NT_SUCCESS!(status) {
         unsafe {
-            FltUnregisterFilter(G_MINIFILTER_HANDLE);
+            FltFreeSecurityDescriptor(sd);
+        }
+
+        if NT_SUCCESS!(status) {
+            // driver.DriverUnload = Some(driver_exit);
+
+            // start minifilter driver
+            status = unsafe { FltStartFiltering(G_MINIFILTER_HANDLE) };
+
+            if !NT_SUCCESS!(status) {
+                unsafe {
+                    FltUnregisterFilter(G_MINIFILTER_HANDLE);
+                }
+            }
         }
     }
 
     status
 }
 
+unsafe extern "C" fn MiniConnect(
+    ClientPort: PFLT_PORT,
+    ServerPortCookie: PVOID,
+    ConnectionContext: PVOID,
+    SizeOfContext: ULONG,
+    ConnectionPortCookie: *mut PVOID,
+) -> NTSTATUS {
+    CLIENT_PORT = ClientPort;
+    DbgPrint("Rust connect fromm application\n\0".as_ptr() as _);
+
+    STATUS_SUCCESS
+}
+
+unsafe extern "C" fn MiniDisconnect(ConnectionCookie: PVOID) {
+    DbgPrint("Rust disconnect form application\n\0".as_ptr() as _);
+    FltCloseClientPort(G_MINIFILTER_HANDLE, &mut CLIENT_PORT);
+}
+
+unsafe extern "C" fn MiniSendRec(
+    PortCookie: PVOID,
+    InputBuffer: PVOID,
+    InputBufferLength: ULONG,
+    OutputBuffer: PVOID,
+    OutputBufferLength: ULONG,
+    ReturnOutputBufferLength: PULONG,
+) -> NTSTATUS {
+    // let mut msg: PCHAR = "Rust from kernel".as_mut_ptr() as *mut i8;
+    unsafe {
+        DbgPrint(
+            "Rust message from application: %s\n\0".as_ptr() as _,
+            InputBuffer as PCHAR,
+        );
+    }
+
+    unsafe {
+        strcpy(
+            OutputBuffer as PCHAR,
+            "Rust from kernel".as_ptr() as *mut i8,
+        );
+    }
+
+    STATUS_SUCCESS
+}
+
+/*
 unsafe extern "C" fn driver_exit(_driver: *mut DRIVER_OBJECT) {
     FltUnregisterFilter(G_MINIFILTER_HANDLE);
 
     unsafe {
         DbgPrint("\nBye bye from Rust!\0".as_ptr() as _);
     }
 }
+*/

src/shared_def.rs

@@ -0,0 +1 @@
+

windows-kernel-alloc/.gitignore

@@ -0,0 +1,2 @@
+Cargo.lock
+target

windows-kernel-alloc/Cargo.toml

@@ -0,0 +1,13 @@
+[package]
+name = "windows-kernel-alloc"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+windows-kernel-sys = {path = "../windows-kernel-sys"}
+
+[features]
+default = []
+alloc_panic = []

windows-kernel-alloc/src/kernel_alloc.rs

@@ -0,0 +1,35 @@
+//it must be defined in lib.rs
+//#![feature(alloc_error_handler)]
+#[allow(unused_imports)]
+use alloc::alloc::handle_alloc_error;
+use core::alloc::{GlobalAlloc, Layout};
+use windows_kernel_sys::base::{SIZE_T, ULONG64};
+use windows_kernel_sys::ntoskrnl::{ExAllocatePool2, ExFreePool};
+
+
+pub const POOL_TAG: u32 = u32::from_ne_bytes(*b"TSUR");
+pub const POOL_FLAG_PAGED: ULONG64 = 0x0000000000000100;
+
+pub struct KernelAlloc;
+
+unsafe impl GlobalAlloc for KernelAlloc {
+    unsafe fn alloc(&self, layout: Layout) -> *mut u8 {
+        let pool = ExAllocatePool2(POOL_FLAG_PAGED, layout.size() as SIZE_T, POOL_TAG);
+
+        #[cfg(feature = "alloc_panic")]
+        if pool.is_null() {
+            handle_alloc_error(layout);
+        }
+
+        pool as _
+    }
+
+    unsafe fn dealloc(&self, ptr: *mut u8, _layout: Layout) {
+        ExFreePool(ptr as _);
+    }
+}
+
+#[alloc_error_handler]
+fn alloc_error(layout: Layout) -> ! {
+    panic!("allocation error: {:?}", layout);
+}

windows-kernel-alloc/src/lib.rs

@@ -0,0 +1,60 @@
+//source idea: https://os.phil-opp.com/minimal-rust-kernel/
+#![no_std]
+#![feature(lang_items)]
+#![feature(alloc_error_handler)]
+
+extern crate alloc;
+
+use alloc::string::ToString;
+use core::{ffi::c_void, panic::PanicInfo};
+
+pub mod kernel_alloc;
+
+#[cfg(not(test))]
+#[global_allocator]
+static GLOBAL: kernel_alloc::KernelAlloc = kernel_alloc::KernelAlloc;
+
+#[cfg(not(test))]
+#[export_name = "_fltused"]
+static _FLTUSED: i32 = 0;
+
+#[cfg(not(test))]
+#[no_mangle]
+extern "system" fn __CxxFrameHandler3(_: *mut u8, _: *mut u8, _: *mut u8, _: *mut u8) -> i32 {
+    unimplemented!()
+}
+
+/// Base code
+const BUGCHECK_CODE: u32 = 0xDEAD0000;
+
+#[cfg(not(test))]
+#[cfg_attr(all(target_env = "msvc", feature = "kernel"), link(name = "ntoskrnl"))]
+extern "system" {
+    fn KeBugCheckEx(
+        BugCheckCode: u32,
+        BugCheckParameter1: u32,
+        BugCheckParameter2: u32,
+        BugCheckParameter3: u32,
+        BugCheckParameter4: u32,
+    ) -> c_void;
+}
+
+#[cfg(not(test))]
+/// An unrecoverable error will cause the kernel to crash.
+fn unrecoverable_error(info: &PanicInfo) {
+    let msg = info.to_string();
+    unsafe {
+        KeBugCheckEx(BUGCHECK_CODE, msg.as_ptr() as u32, 0, 0, 0);
+    }
+}
+
+#[cfg(not(test))]
+#[panic_handler]
+fn panic(info: &PanicInfo) -> ! {
+    unrecoverable_error(info);
+    loop {}
+}
+
+#[cfg(not(test))]
+#[lang = "eh_personality"]
+extern "C" fn eh_personality() {}

windows-kernel-macros/.gitignore

@@ -0,0 +1,2 @@
+Cargo.lock
+target

windows-kernel-macros/Cargo.toml

@@ -0,0 +1,10 @@
+[package]
+name = "windows-kernel-macros"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+windows-kernel-sys = { path = "../windows-kernel-sys"}
+windows-kernel-string = { path = "../windows-kernel-string"}