2021-10-07 09:40:17 +03:00
|
|
|
|
# Copyright (c) Microsoft Corporation
|
|
|
|
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
|
|
|
|
|
|
|
|
param ([Parameter(Mandatory=$True)] [string] $WorkingDirectory,
|
|
|
|
|
|
[Parameter(Mandatory=$True)] [string] $LogFileName)
|
|
|
|
|
|
|
|
|
|
|
|
Push-Location $WorkingDirectory
|
|
|
|
|
|
|
2022-07-08 22:58:56 +03:00
|
|
|
|
$BinaryPath = "$Env:systemroot\system32";
|
|
|
|
|
|
|
|
|
|
|
|
Import-Module $PSScriptRoot\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue
|
2021-10-07 09:40:17 +03:00
|
|
|
|
|
|
|
|
|
|
# eBPF Drivers.
|
|
|
|
|
|
$EbpfDrivers =
|
|
|
|
|
|
@{
|
|
|
|
|
|
"EbpfCore" = "ebpfcore.sys";
|
|
|
|
|
|
"NetEbpfExt" = "netebpfext.sys";
|
|
|
|
|
|
"SampleEbpfExt" = "sample_ebpf_ext.sys"
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
# Uninstall eBPF components.
|
|
|
|
|
|
#
|
|
|
|
|
|
function Unregister-eBPFComponents
|
|
|
|
|
|
{
|
|
|
|
|
|
# Uninstall drivers.
|
|
|
|
|
|
$EbpfDrivers.GetEnumerator() | ForEach-Object {
|
|
|
|
|
|
# New-Service does not support installing drivers.
|
|
|
|
|
|
sc.exe delete $_.Name 2>&1 | Write-Log
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# Uninstall user mode service.
|
2021-10-21 07:18:31 +03:00
|
|
|
|
sc.exe delete eBPFSvc 2>&1 | Write-Log
|
2021-10-07 09:40:17 +03:00
|
|
|
|
|
|
|
|
|
|
# Delete the eBPF netsh helper.
|
2022-07-08 22:58:56 +03:00
|
|
|
|
netsh delete helper ebpfnetsh.dll 2>&1 | Write-Log
|
Remove XDP hook support from netebpfext.sys (#3040)
* replace XDP guids with XDP_TEST guids
* updated missde instance
* update bpf2c
* leave xdp_hook as is
* remove extra files
* update with new XDP_TEST guid, update other tests to use sample_ext
* update some tests, update test_helper
* update fuzzer
* temporarily remove bpftool tests
* update execution context test
* replace XDP guids with XDP_TEST guids
* updated missde instance
* update bpf2c
* leave xdp_hook as is
* remove extra files
* update with new XDP_TEST guid, update other tests to use sample_ext
* update some tests, update test_helper
* update fuzzer
* temporarily remove bpftool tests
* update execution context test
* build failures
* update sample ext with context_allocate and destroy
* update vm script to use xdp_test
* switch api tests to use sample program
* rename to xdp_Test
* update sample ext
* update incorrect SAL, update netsh tests
* update sample, update tests to use sample where applicable
* update tests
* fix up tests
* fix libbpf tets
* revert unnecessary changes
* remove extra prints
* add back in bpftool tests
* update to use xdp instead of xdp_test for bpftool test
* update atomic_instructions_others.o
* extra debug logs
* updated expected, update bpftool tests
* correct bpftool tests
* more debug logs
* add reg debug
* clear program info
* Attempt fix of buffer overrun
* remove debug logs, minor cleanup, set XDP guids back to their original names
* update docs with xdp_test
* fix guid usage
* CR: remove program, update comments, fix commented out tests, update bpf_program__attach_xdp
* revert changes in libbpf, as they need to use the actual XDP guids
* update comment
* update some XDP tests to use sample ext, comment out some expected failing tests
* update bpftool tests
* fix up bpf prog test run expected output, move to #if instead of comments
* fix up return code issue
* fix bpftool testes
* add some failed xdp tests, set some params to null for sample tests
* update comment
* tmp commit - move to xdp mock
* update unit tests to use mock XDP where possible
* made some samples back to XDP type
* netebpfext unit tests should use xdp_test
* CR
2023-12-06 20:12:17 +03:00
|
|
|
|
|
|
|
|
|
|
# Execute export_program_info
|
|
|
|
|
|
if (Test-Path -Path "export_program_info.exe") {
|
|
|
|
|
|
.\export_program_info.exe --clear
|
|
|
|
|
|
if ($LASTEXITCODE -ne 0) {
|
|
|
|
|
|
throw ("Failed to run 'export_program_info.exe --clear'.");
|
|
|
|
|
|
} else {
|
|
|
|
|
|
Write-Log "'export_program_info.exe --clear' succeeded." -ForegroundColor Green
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-10-07 09:40:17 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
# Install eBPF components.
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
function Register-eBPFComponents
|
|
|
|
|
|
{
|
2022-07-08 22:58:56 +03:00
|
|
|
|
# Uninstall previous installations (if any).
|
2021-10-07 09:40:17 +03:00
|
|
|
|
Unregister-eBPFComponents
|
|
|
|
|
|
|
|
|
|
|
|
# Install drivers.
|
|
|
|
|
|
$EbpfDrivers.GetEnumerator() | ForEach-Object {
|
2022-07-08 22:58:56 +03:00
|
|
|
|
if (Test-Path -Path ("$BinaryPath\{0}" -f $_.Value)) {
|
|
|
|
|
|
Write-Log ("Installing {0}..." -f $_.Name) -ForegroundColor Green
|
|
|
|
|
|
# New-Service does not support installing drivers.
|
|
|
|
|
|
sc.exe create $_.Name type=kernel start=demand binpath=("$BinaryPath\{0}" -f $_.Value) 2>&1 | Write-Log
|
|
|
|
|
|
if ($LASTEXITCODE -ne 0) {
|
|
|
|
|
|
throw ("Failed to create $_.Name driver.")
|
|
|
|
|
|
} else {
|
|
|
|
|
|
Write-Log ("{0} driver created." -f $_.Name) -ForegroundColor Green
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
if (Test-Path -Path ("$BinaryPath\drivers\{0}" -f $_.Value)) {
|
|
|
|
|
|
Write-Log ("Installing {0}..." -f $_.Name) -ForegroundColor Green
|
|
|
|
|
|
# New-Service does not support installing drivers.
|
|
|
|
|
|
sc.exe create $_.Name type=kernel start=demand binpath=("$BinaryPath\drivers\{0}" -f $_.Value) 2>&1 | Write-Log
|
|
|
|
|
|
if ($LASTEXITCODE -ne 0) {
|
|
|
|
|
|
throw ("Failed to create $_.Name driver.")
|
|
|
|
|
|
} else {
|
|
|
|
|
|
Write-Log ("{0} driver created." -f $_.Name) -ForegroundColor Green
|
|
|
|
|
|
}
|
2021-10-07 09:40:17 +03:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# Install user mode service.
|
2023-06-07 18:49:03 +03:00
|
|
|
|
if (Test-Path -Path "ebpfsvc.exe") {
|
|
|
|
|
|
.\eBPFSvc.exe install 2>&1 | Write-Log
|
|
|
|
|
|
if ($LASTEXITCODE -ne 0) {
|
|
|
|
|
|
throw ("Failed to create eBPF user mode service.")
|
|
|
|
|
|
} else {
|
|
|
|
|
|
Write-Log "eBPF user mode service created." -ForegroundColor Green
|
|
|
|
|
|
}
|
2021-10-07 09:40:17 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# Add the eBPF netsh helper.
|
2022-07-08 22:58:56 +03:00
|
|
|
|
netsh add helper ebpfnetsh.dll 2>&1 | Write-Log
|
2021-10-07 09:40:17 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-09-03 20:32:39 +03:00
|
|
|
|
function Enable-KMDFVerifier
|
|
|
|
|
|
{
|
|
|
|
|
|
# Install drivers.
|
|
|
|
|
|
$EbpfDrivers.GetEnumerator() | ForEach-Object {
|
|
|
|
|
|
New-Item -Path ("HKLM:\System\CurrentControlSet\Services\{0}\Parameters\Wdf" -f $_.Name) -Force -ErrorAction Stop
|
|
|
|
|
|
New-ItemProperty -Path ("HKLM:\System\CurrentControlSet\Services\{0}\Parameters\Wdf" -f $_.Name) -Name "VerifierOn" -Value 1 -PropertyType DWord -Force -ErrorAction Stop
|
|
|
|
|
|
New-ItemProperty -Path ("HKLM:\System\CurrentControlSet\Services\{0}\Parameters\Wdf" -f $_.Name) -Name "TrackHandles" -Value "*" -PropertyType MultiString -Force -ErrorAction Stop
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-10-26 22:01:46 +03:00
|
|
|
|
#
|
|
|
|
|
|
# Start file/memory based wpr tracing (if enabled).
|
|
|
|
|
|
#
|
|
|
|
|
|
function Start-WPRTrace
|
|
|
|
|
|
{
|
|
|
|
|
|
param([parameter(Mandatory=$true)][bool] $KmTracing,
|
|
|
|
|
|
[parameter(Mandatory=$true)][string] $KmTraceType)
|
|
|
|
|
|
|
|
|
|
|
|
Write-Log ("kernel mode ETW tracing: " + $KmTracing)
|
|
|
|
|
|
|
|
|
|
|
|
if ($KmTracing) {
|
|
|
|
|
|
if ($KmTraceType -eq "file") {
|
|
|
|
|
|
Write-Log "Starting KM ETW tracing (File)"
|
|
|
|
|
|
$ProcInfo = Start-Process -FilePath "wpr.exe" `
|
|
|
|
|
|
-ArgumentList "-start EbpfForWindows.wprp!EbpfForWindowsProvider-File -filemode" `
|
|
|
|
|
|
-NoNewWindow -Wait -PassThru `
|
|
|
|
|
|
-RedirectStandardError .\StdErr.txt
|
|
|
|
|
|
} else {
|
|
|
|
|
|
Write-Log "Starting KM ETW tracing (Memory)"
|
|
|
|
|
|
$ProcInfo = Start-Process -FilePath "wpr.exe" `
|
|
|
|
|
|
-ArgumentList "-start EbpfForWindows.wprp!EbpfForWindowsProvider-Memory" `
|
|
|
|
|
|
-NoNewWindow -Wait -PassThru `
|
|
|
|
|
|
-RedirectStandardError .\StdErr.txt
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ($ProcInfo.ExitCode -ne 0) {
|
|
|
|
|
|
Write-log ("wpr.exe start ETL trace failed. Exit code: " + $ProcInfo.ExitCode)
|
|
|
|
|
|
Write-log "wpr.exe (start) error output: "
|
|
|
|
|
|
foreach ($line in get-content -Path .\StdErr.txt) {
|
|
|
|
|
|
write-log ( "`t" + $line)
|
|
|
|
|
|
}
|
|
|
|
|
|
throw "Start ETL trace failed."
|
|
|
|
|
|
}
|
|
|
|
|
|
Write-Log ("Start ETL trace success. wpr.exe exit code: " + $ProcInfo.ExitCode + "`n")
|
|
|
|
|
|
|
|
|
|
|
|
Write-Log "Query ETL tracing status after trace start"
|
|
|
|
|
|
$ProcInfo = Start-Process -FilePath "wpr.exe" `
|
|
|
|
|
|
-ArgumentList "-status profiles collectors -details" `
|
|
|
|
|
|
-NoNewWindow -Wait -PassThru `
|
|
|
|
|
|
-RedirectStandardOut .\StdOut.txt -RedirectStandardError .\StdErr.txt
|
|
|
|
|
|
if ($ProcInfo.ExitCode -ne 0) {
|
|
|
|
|
|
Write-log ("wpr.exe query ETL trace status failed. Exit code: " + $ProcInfo.ExitCode)
|
|
|
|
|
|
Write-log "wpr.exe (query) error output: "
|
|
|
|
|
|
foreach ($line in get-content -Path .\StdErr.txt) {
|
|
|
|
|
|
write-log ( "`t" + $line)
|
|
|
|
|
|
}
|
|
|
|
|
|
throw "Query ETL trace status failed."
|
|
|
|
|
|
} else {
|
|
|
|
|
|
Write-log "wpr.exe (query) results: "
|
|
|
|
|
|
foreach ($line in get-content -Path .\StdOut.txt) {
|
|
|
|
|
|
write-log ( " `t" + $line)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
Write-Log ("Query ETL trace status success. wpr.exe exit code: " + $ProcInfo.ExitCode + "`n" )
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-07 09:40:17 +03:00
|
|
|
|
#
|
|
|
|
|
|
# Start service and drivers.
|
|
|
|
|
|
#
|
|
|
|
|
|
function Start-eBPFComponents
|
|
|
|
|
|
{
|
2023-10-26 22:01:46 +03:00
|
|
|
|
param([parameter(Mandatory=$true)] [bool] $KmTracing,
|
|
|
|
|
|
[parameter(Mandatory=$true)] [string] $KmTraceType)
|
2022-07-08 22:58:56 +03:00
|
|
|
|
|
2023-10-26 22:01:46 +03:00
|
|
|
|
Start-WPRTrace -KmTracing $KmTracing -KmTraceType $KmTraceType
|
2021-11-03 18:33:40 +03:00
|
|
|
|
|
2021-10-07 09:40:17 +03:00
|
|
|
|
# Start drivers.
|
|
|
|
|
|
$EbpfDrivers.GetEnumerator() | ForEach-Object {
|
2022-07-08 22:58:56 +03:00
|
|
|
|
if (Test-Path -Path ("$BinaryPath\drivers\{0}" -f $_.Value)) {
|
|
|
|
|
|
Start-Service $_.Name -ErrorAction Stop | Write-Log
|
|
|
|
|
|
Write-Host ("{0} Driver started." -f $_.Name)
|
|
|
|
|
|
}
|
2021-10-07 09:40:17 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-10-10 20:17:03 +03:00
|
|
|
|
if (Test-Path -Path "ebpfsvc.exe") {
|
|
|
|
|
|
# Start user mode service.
|
|
|
|
|
|
Start-Service "eBPFSvc" -ErrorAction Stop | Write-Log
|
|
|
|
|
|
Write-Host "eBPFSvc service started."
|
|
|
|
|
|
}
|
2021-10-07 09:40:17 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function Install-eBPFComponents
|
|
|
|
|
|
{
|
2023-10-26 22:01:46 +03:00
|
|
|
|
param([parameter(Mandatory=$true)] [bool] $KmTracing,
|
|
|
|
|
|
[parameter(Mandatory=$true)] [string] $KmTraceType,
|
2022-09-03 20:32:39 +03:00
|
|
|
|
[parameter(Mandatory=$false)] [bool] $KMDFVerifier = $false)
|
2022-07-08 22:58:56 +03:00
|
|
|
|
|
2021-10-21 07:18:31 +03:00
|
|
|
|
# Stop eBPF Components
|
|
|
|
|
|
Stop-eBPFComponents
|
|
|
|
|
|
|
2021-10-07 09:40:17 +03:00
|
|
|
|
# Copy all binaries to system32.
|
|
|
|
|
|
Copy-Item *.sys -Destination "$Env:systemroot\system32\drivers" -Force -ErrorAction Stop 2>&1 | Write-Log
|
2022-07-08 22:58:56 +03:00
|
|
|
|
if (Test-Path -Path "drivers") {
|
|
|
|
|
|
Copy-Item drivers\*.sys -Destination "$Env:systemroot\system32\drivers" -Force -ErrorAction Stop 2>&1 | Write-Log
|
|
|
|
|
|
}
|
|
|
|
|
|
if (Test-Path -Path "testing\testing") {
|
|
|
|
|
|
Copy-Item testing\testing\*.sys -Destination "$Env:systemroot\system32\drivers" -Force -ErrorAction Stop 2>&1 | Write-Log
|
|
|
|
|
|
}
|
2021-10-07 09:40:17 +03:00
|
|
|
|
Copy-Item *.dll -Destination "$Env:systemroot\system32" -Force -ErrorAction Stop 2>&1 | Write-Log
|
|
|
|
|
|
Copy-Item *.exe -Destination "$Env:systemroot\system32" -Force -ErrorAction Stop 2>&1 | Write-Log
|
|
|
|
|
|
|
|
|
|
|
|
# Register all components.
|
|
|
|
|
|
Register-eBPFComponents
|
|
|
|
|
|
|
2022-09-03 20:32:39 +03:00
|
|
|
|
if ($KMDFVerifier) {
|
|
|
|
|
|
# Enable KMDF verifier and tag tracking.
|
|
|
|
|
|
Enable-KMDFVerifier
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-07 09:40:17 +03:00
|
|
|
|
# Start all components.
|
2023-10-26 22:01:46 +03:00
|
|
|
|
Start-eBPFComponents -KmTracing $KmTracing -KmTraceType $KmTraceType
|
2021-10-07 09:40:17 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function Stop-eBPFComponents
|
|
|
|
|
|
{
|
|
|
|
|
|
# Stop user mode service.
|
2021-10-21 07:18:31 +03:00
|
|
|
|
Stop-Service "eBPFSvc" -ErrorAction Ignore 2>&1 | Write-Log
|
2021-10-07 09:40:17 +03:00
|
|
|
|
|
|
|
|
|
|
# Stop the drivers.
|
|
|
|
|
|
$EbpfDrivers.GetEnumerator() | ForEach-Object {
|
2021-10-21 07:18:31 +03:00
|
|
|
|
Stop-Service $_.Name -ErrorAction Ignore 2>&1 | Write-Log
|
2021-10-07 09:40:17 +03:00
|
|
|
|
}
|
2022-07-08 22:58:56 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function Uninstall-eBPFComponents
|
|
|
|
|
|
{
|
|
|
|
|
|
Stop-eBPFComponents
|
|
|
|
|
|
Unregister-eBPFComponents
|
|
|
|
|
|
Remove-Item "$Env:systemroot\system32\drivers\*bpf*" -Force -ErrorAction Stop 2>&1 | Write-Log
|
|
|
|
|
|
Remove-Item "$Env:systemroot\system32\*bpf*" -Force -ErrorAction Stop 2>&1 | Write-Log
|
|
|
|
|
|
wpr.exe -cancel
|
|
|
|
|
|
}
|
