microsoft
/
ebpf-for-windows
зеркало из https://github.com/microsoft/ebpf-for-windows.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Isolate eBPF store APIs into atomic km & um libraries. (#2690) 

* draft

* wip

* wip

* wip

* wip

* wip - km & um compile

* fix

* fix include order

* wip

* wip

* wip

* wip - api_common

* wip - updated projects

* wip

* wip

* fix merge issues

* wip

* fix C28196/C6387

* wip

* wip

* fix SAL

* cleanup

* fix SAL bugs

* wip - cmake

* add cmake files

* wip

* wip

* update msi artifacts

* wip

* cleanup

* collapse null-checks

* clean-up headers

* refactor return types to ebpf_result_t

* replace ebpf_registry_result_t with ebpf_result_t

* update header

* remove cpp wrapper, misc cleanup.

* rename um/km registry helpers

* cleanup

* cleanup

* update

* nit

* fix

* Added KERNEL_MODE var, so to default to USER_MODE.

* fix cmake

* align result var names with ebpf_result_t

* pr feedback

* add project refs

* Add NativeOnly* cfgs to ebpf_store_helper_km

* Update docs, API reordering in source.

* pr feedback

* Rename types to abstract use of registry

* Normalize all registry API names.

* rename

* merge sln

* fix var typo

* refactor store root keys

* feedback

* doc/comments

* remove KERNEL_MODE

* Force ignore format on all preprocessor code paths.
This commit is contained in:
Gianni Trevisiol 2023-08-07 12:53:24 -07:00 коммит произвёл GitHub
Родитель ced7990d27
Коммит 4cb79e547d
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
52 изменённых файлов: 1642 добавлений и 893 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

44
docs/eBpfExtensions.md
Просмотреть файл

@ -296,14 +296,48 @@ The helper function ID for a general helper function must be in the range 0 - 65
The parameter and return types for these helper functions must adhere to the `ebpf_argument_type_t` and
`ebpf_return_type_t` enums.
### 2.7 Registering Program Types and Attach Types
### 2.7 Registering Program Types and Attach Types - eBPF Store
The eBPF Execution Context loads an eBPF program from an ELF file that has program section(s) with section names. The
prefix to these names determines the program type. For example, the section name `"xdp"` implies that the corresponding
program type is `EBPF_PROGRAM_TYPE_XDP`. The Execution Context discovers the program type associated with a section
prefix by reading the data from Windows registry. When an eBPF extension is installed, it must update the registry with
the program types it implements along with the associated section prefixes.
program type is `EBPF_PROGRAM_TYPE_XDP`.
_Note: The registry location and data format are TBD. This is currently tracked by issue #223._
The *Execution Context* discovers the program type associated with a section prefix by reading the data from the ***"eBPF store"***, which is currently kept in the Windows registry.
When an eBPF extension is installed, it must update the eBPF store with the program types it implements along with the associated section prefixes.
To operate on the eBPF store, the extension must link the `\lib\ebpf_store_helper_km.lib` kernel-mode library and include the related `\include\ebpf_store_helper.h` header file, both distributed within the [eBPF for Windows NuGet package](https://www.nuget.org/packages/eBPF-for-Windows/). With these, the extension can use the following APIs to register program types, attach types and helper functions:
- `ebpf_store_update_helper_prototype`: updates the program type specific helper information in the eBPF store, given a pointer to the store key to be initialized and a pointer to the helper function prototype (i.e., `_ebpf_helper_function_prototype`):
```c
ebpf_result_t
ebpf_store_update_helper_prototype(
ebpf_store_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info);
```c
```
- `ebpf_store_update_global_helper_information`: updates the global helper information in the eBPF store, given a pointer to an array of helper function prototypes:
```c
ebpf_result_t
ebpf_store_update_global_helper_information(
_In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count);
```
- `ebpf_store_update_section_information`: updates the section information in the eBPF store, given a pointer to an array of section information (i.e., `_ebpf_program_section_info`):
```c
ebpf_result_t
ebpf_store_update_section_information(
_In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count);
```
- `ebpf_store_update_program_information`: updates program information in the eBPF store, given a pointer to an array of program information (i.e., `_ebpf_program_info`):
```c
ebpf_result_t
ebpf_store_update_program_information(
_In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count);
```
### 2.8 eBPF Sample Driver
The eBPF for Windows project provides a

174
ebpf-for-windows.sln
Просмотреть файл

@ -215,6 +215,10 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "redist-package", "tools\red
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ebpf_stress_tests_km", "tests\stress\km\ebpf_stress_tests_km.vcxproj", "{4F082524-9496-44FA-8CBA-4BC0BDC62568}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ebpf_store_helper_km", "libs\store_helper\kernel\ebpf_store_helper_km.vcxproj", "{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ebpf_store_helper_um", "libs\store_helper\user\ebpf_store_helper_um.vcxproj", "{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "usersim", "external\usersim\src\usersim.vcxproj", "{030A7AC6-14DC-45CF-AF34-891057AB1402}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libbtf", "external\ebpf-verifier\build\external\libbtf\libbtf\libbtf.vcxproj", "{249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}"
@ -2624,6 +2628,132 @@ Global
{4F082524-9496-44FA-8CBA-4BC0BDC62568}.RelWithDebInfo|x64.Build.0 = Release|x64
{4F082524-9496-44FA-8CBA-4BC0BDC62568}.RelWithDebInfo|x86.ActiveCfg = Release|x64
{4F082524-9496-44FA-8CBA-4BC0BDC62568}.RelWithDebInfo|x86.Build.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|ARM64.ActiveCfg = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|ARM64.Build.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|ARM64.Deploy.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|x64.ActiveCfg = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|x64.Build.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|x64.Deploy.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|x86.ActiveCfg = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|x86.Build.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Debug|x86.Deploy.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|ARM64.ActiveCfg = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|ARM64.Build.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|ARM64.Deploy.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|x64.ActiveCfg = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|x64.Build.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|x64.Deploy.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|x86.ActiveCfg = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|x86.Build.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.FuzzerDebug|x86.Deploy.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|ARM64.ActiveCfg = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|ARM64.Build.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|ARM64.Deploy.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|x64.ActiveCfg = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|x64.Build.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|x64.Deploy.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|x86.ActiveCfg = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|x86.Build.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.MinSizeRel|x86.Deploy.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|ARM64.ActiveCfg = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|ARM64.Build.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|ARM64.Deploy.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x64.ActiveCfg = NativeOnlyDebug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x64.Build.0 = NativeOnlyDebug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x64.Deploy.0 = NativeOnlyDebug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x86.ActiveCfg = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x86.Build.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyDebug|x86.Deploy.0 = Debug|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|ARM64.ActiveCfg = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|ARM64.Build.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|ARM64.Deploy.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x64.ActiveCfg = NativeOnlyRelease|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x64.Build.0 = NativeOnlyRelease|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x64.Deploy.0 = NativeOnlyRelease|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x86.ActiveCfg = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x86.Build.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.NativeOnlyRelease|x86.Deploy.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|ARM64.ActiveCfg = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|ARM64.Build.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|ARM64.Deploy.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|x64.ActiveCfg = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|x64.Build.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|x64.Deploy.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|x86.ActiveCfg = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|x86.Build.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.Release|x86.Deploy.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|ARM64.ActiveCfg = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|ARM64.Build.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|ARM64.Deploy.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x64.ActiveCfg = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x64.Build.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x64.Deploy.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x86.ActiveCfg = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x86.Build.0 = Release|x64
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E}.RelWithDebInfo|x86.Deploy.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|ARM64.ActiveCfg = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|ARM64.Build.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|ARM64.Deploy.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|x64.ActiveCfg = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|x64.Build.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|x64.Deploy.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|x86.ActiveCfg = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|x86.Build.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Debug|x86.Deploy.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|ARM64.ActiveCfg = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|ARM64.Build.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|ARM64.Deploy.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|x64.ActiveCfg = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|x64.Build.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|x64.Deploy.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|x86.ActiveCfg = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|x86.Build.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.FuzzerDebug|x86.Deploy.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|ARM64.ActiveCfg = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|ARM64.Build.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|ARM64.Deploy.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|x64.ActiveCfg = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|x64.Build.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|x64.Deploy.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|x86.ActiveCfg = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|x86.Build.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.MinSizeRel|x86.Deploy.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|ARM64.ActiveCfg = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|ARM64.Build.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|ARM64.Deploy.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|x64.ActiveCfg = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|x64.Build.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|x64.Deploy.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|x86.ActiveCfg = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|x86.Build.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyDebug|x86.Deploy.0 = Debug|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|ARM64.ActiveCfg = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|ARM64.Build.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|ARM64.Deploy.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|x64.ActiveCfg = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|x64.Build.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|x64.Deploy.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|x86.ActiveCfg = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|x86.Build.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.NativeOnlyRelease|x86.Deploy.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|ARM64.ActiveCfg = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|ARM64.Build.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|ARM64.Deploy.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|x64.ActiveCfg = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|x64.Build.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|x64.Deploy.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|x86.ActiveCfg = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|x86.Build.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.Release|x86.Deploy.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|ARM64.ActiveCfg = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|ARM64.Build.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|ARM64.Deploy.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|x64.ActiveCfg = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|x64.Build.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|x64.Deploy.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|x86.ActiveCfg = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|x86.Build.0 = Release|x64
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}.RelWithDebInfo|x86.Deploy.0 = Release|x64
{030A7AC6-14DC-45CF-AF34-891057AB1402}.Debug|ARM64.ActiveCfg = Debug|x64
{030A7AC6-14DC-45CF-AF34-891057AB1402}.Debug|ARM64.Build.0 = Debug|x64
{030A7AC6-14DC-45CF-AF34-891057AB1402}.Debug|x64.ActiveCfg = Debug|x64
@ -2666,6 +2796,48 @@ Global
{030A7AC6-14DC-45CF-AF34-891057AB1402}.RelWithDebInfo|x64.Build.0 = Release|x64
{030A7AC6-14DC-45CF-AF34-891057AB1402}.RelWithDebInfo|x86.ActiveCfg = Release|Win32
{030A7AC6-14DC-45CF-AF34-891057AB1402}.RelWithDebInfo|x86.Build.0 = Release|Win32
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Debug|ARM64.ActiveCfg = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Debug|ARM64.Build.0 = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Debug|x64.ActiveCfg = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Debug|x64.Build.0 = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Debug|x86.ActiveCfg = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Debug|x86.Build.0 = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.FuzzerDebug|ARM64.ActiveCfg = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.FuzzerDebug|ARM64.Build.0 = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.FuzzerDebug|x64.ActiveCfg = FuzzerDebug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.FuzzerDebug|x64.Build.0 = FuzzerDebug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.FuzzerDebug|x86.ActiveCfg = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.FuzzerDebug|x86.Build.0 = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.MinSizeRel|ARM64.ActiveCfg = MinSizeRel|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.MinSizeRel|ARM64.Build.0 = MinSizeRel|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.MinSizeRel|x64.ActiveCfg = MinSizeRel|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.MinSizeRel|x64.Build.0 = MinSizeRel|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.MinSizeRel|x86.ActiveCfg = MinSizeRel|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.MinSizeRel|x86.Build.0 = MinSizeRel|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyDebug|ARM64.ActiveCfg = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyDebug|ARM64.Build.0 = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyDebug|x64.ActiveCfg = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyDebug|x64.Build.0 = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyDebug|x86.ActiveCfg = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyDebug|x86.Build.0 = Debug|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyRelease|ARM64.ActiveCfg = Release|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyRelease|ARM64.Build.0 = Release|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyRelease|x64.ActiveCfg = Release|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyRelease|x64.Build.0 = Release|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyRelease|x86.ActiveCfg = Release|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.NativeOnlyRelease|x86.Build.0 = Release|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Release|ARM64.ActiveCfg = Release|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Release|ARM64.Build.0 = Release|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Release|x64.ActiveCfg = Release|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Release|x64.Build.0 = Release|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Release|x86.ActiveCfg = Release|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.Release|x86.Build.0 = Release|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.RelWithDebInfo|ARM64.ActiveCfg = RelWithDebInfo|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.RelWithDebInfo|ARM64.Build.0 = RelWithDebInfo|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.RelWithDebInfo|x64.ActiveCfg = RelWithDebInfo|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.RelWithDebInfo|x64.Build.0 = RelWithDebInfo|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.RelWithDebInfo|x86.ActiveCfg = RelWithDebInfo|x64
{BC45D39C-F956-3951-BD46-44EAE20EC7C9}.RelWithDebInfo|x86.Build.0 = RelWithDebInfo|x64
{249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Debug|ARM64.ActiveCfg = Debug|x64
{249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Debug|ARM64.Build.0 = Debug|x64
{249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5}.Debug|x64.ActiveCfg = Debug|x64
@ -2815,6 +2987,8 @@ Global
{E51A27F5-A1D5-40DA-A09B-850203D6B13D} = {492C9B22-9237-4996-9E33-CA14D3533616}
{A08B9A8B-FCD0-4E93-8811-D60EED639BE0} = {B09749EC-3D14-414B-BA9B-CD20E218DC84}
{4F082524-9496-44FA-8CBA-4BC0BDC62568} = {492C9B22-9237-4996-9E33-CA14D3533616}
{3569E946-C8B4-49EE-A89D-EDD09DC9F36E} = {7C2E30D9-E07F-4913-BD8A-345B38F18A81}
{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B}
{030A7AC6-14DC-45CF-AF34-891057AB1402} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B}
{249E3FBC-0098-3E3E-80AE-C8F8EF6AB0E5} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B}
{1937DB41-F3EB-4955-A636-6386DCB394F6} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B}

8
ebpfapi/ebpfapi.vcxproj
Просмотреть файл

@ -239,12 +239,12 @@
<ProjectReference Include="..\external\ebpf-verifier\build\ebpfverifier.vcxproj">
<Project>{7d5b4e68-c0fa-3f86-9405-f6400219b440}</Project>
</ProjectReference>
<ProjectReference Include="..\external\ebpf-verifier\build\external\libbtf\libbtf\libbtf.vcxproj">
<Project>{bc45d39c-f956-3951-bd46-44eae20ec7c9}</Project>
</ProjectReference>
<ProjectReference Include="..\external\usersim\src\usersim.vcxproj">
<Project>{030a7ac6-14dc-45cf-af34-891057ab1402}</Project>
</ProjectReference>
<ProjectReference Include="..\external\ebpf-verifier\external\libbtf\build\libbtf\libbtf.vcxproj">
<Project>{c034859f-e0d6-3ae6-b4fe-71b012fdc618}</Project>
</ProjectReference>
<ProjectReference Include="..\libs\api\api.vcxproj">
<Project>{c8bf60c3-40a9-43ad-891a-8aa34f1c3a68}</Project>
</ProjectReference>
@ -276,4 +276,4 @@
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
</Project>

4
ebpfcore/CMakeLists.txt
Просмотреть файл

@ -15,9 +15,10 @@ wdk_add_driver("EbpfCore" WINVER "${EBPFFORWINDOWS_WDK_WINVER}" KMDF "${EBPFFORW
target_include_directories("EbpfCore" PRIVATE
"${CMAKE_SOURCE_DIR}/include"
"${CMAKE_SOURCE_DIR}/libs/execution_context"
"${CMAKE_SOURCE_DIR}/libs/platform"
"${CMAKE_SOURCE_DIR}/libs/platform/kernel"
"${CMAKE_SOURCE_DIR}/libs/execution_context"
"${CMAKE_SOURCE_DIR}/libs/store_helper/kernel"
"${CMAKE_SOURCE_DIR}/resource"
"${CMAKE_CURRENT_SOURCE_DIR}"
)
@ -28,6 +29,7 @@ target_link_directories("EbpfCore" PRIVATE
target_link_libraries("EbpfCore"
"ebpf_for_windows_common_settings"
"ebpf_store_helper_km"
"execution_context_kernel"
"platform_kernel"
"external::ebpfverifier_headers"

401
include/ebpf_store_helper.h
Просмотреть файл

@ -3,350 +3,79 @@
#pragma once
#ifndef USER_MODE
#include "framework.h"
#else
#include "ebpf_utilities.h"
#endif
#include "ebpf_program_types.h"
#include "ebpf_registry_helper.h"
#include "ebpf_windows.h"
#ifdef USER_MODE
extern ebpf_registry_key_t ebpf_root_registry_key;
#define GUID_STRING_LENGTH 38 // not including the null terminator.
#ifdef __cplusplus
extern "C"
{
#endif
static uint32_t
_ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_registry_key_t* provider_key)
{
__return_type status = _SUCCESS;
ebpf_registry_key_t root_key = NULL;
*provider_key = NULL;
// Open (or create) root eBPF registry path.
#ifndef USER_MODE
status = create_registry_key(NULL, EBPF_ROOT_REGISTRY_PATH, REG_CREATE_FLAGS, &root_key);
typedef HANDLE ebpf_store_key_t;
#else
status = create_registry_key(ebpf_root_registry_key, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_key);
typedef HKEY ebpf_store_key_t;
#endif
if (!IS_SUCCESS(status)) {
goto Exit;
}
// Open (or create) program data registry path.
status = create_registry_key(root_key, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, provider_key);
if (!IS_SUCCESS(status)) {
goto Exit;
}
extern ebpf_store_key_t ebpf_store_root_key;
extern const wchar_t* ebpf_store_root_sub_key;
Exit:
if (root_key) {
close_registry_key(root_key);
}
return status;
/**
* @brief Update the provider prototype information in the eBPF store.
*
* @param[in] helper_info_key Pointer to the store key to be initialized.
* @param[in] helper_info Pointer to the helper function prototype.
*
* @return Status of the operation.
*/
ebpf_result_t
ebpf_store_update_helper_prototype(
ebpf_store_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info);
/**
* @brief Update global helper information in the eBPF store.
*
* @param[in] helper_info Pointer to an array of helper function prototypes.
* @param[in] helper_info_count Count of helper function prototypes.
*
* @returns Status of the operation.
*/
ebpf_result_t
ebpf_store_update_global_helper_information(
_In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count);
/**
* @brief Update section information in the eBPF store.
*
* @param[in] section_info Pointer to an array of section information.
* @param[in] section_info_count Count of section information entries.
*
* @returns Status of the operation.
*/
ebpf_result_t
ebpf_store_update_section_information(
_In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count);
/**
* @brief Update program information in the eBPF store.
*
* @param[in] program_info Pointer to an array of program information.
* @param[in] program_info_count Count of program information entries.
*
* @returns Status of the operation.
*/
ebpf_result_t
ebpf_store_update_program_information(
_In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count);
#ifdef __cplusplus
}
static __return_type
_ebpf_store_update_helper_prototype(
ebpf_registry_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info)
{
__return_type status = _SUCCESS;
uint32_t offset;
ebpf_registry_key_t helper_function_key = NULL;
char serialized_data[sizeof(ebpf_helper_function_prototype_t)] = {0};
status = create_registry_key_ansi(helper_info_key, helper_info->name, REG_CREATE_FLAGS, &helper_function_key);
if (!IS_SUCCESS(status)) {
goto Exit;
}
// Serialize the helper prototype.
offset = 0;
memcpy(serialized_data, &helper_info->helper_id, sizeof(helper_info->helper_id));
offset += sizeof(helper_info->helper_id);
memcpy(serialized_data + offset, &helper_info->return_type, sizeof(helper_info->return_type));
offset += sizeof(helper_info->return_type);
memcpy(serialized_data + offset, helper_info->arguments, sizeof(helper_info->arguments));
offset += sizeof(helper_info->arguments);
// Save the helper prototype data.
status = write_registry_value_binary(
helper_function_key, EBPF_HELPER_DATA_PROTOTYPE, (uint8_t*)&serialized_data[0], offset);
if (!IS_SUCCESS(status)) {
goto Exit;
}
Exit:
if (helper_function_key) {
close_registry_key(helper_function_key);
}
return status;
}
/**
* @brief Update section information in eBPF store.
*
* @param[in] section_info Pointer to an array of section information.
* @param[in] section_info_count Count of section information entries.
*
* @returns Status of the operation.
*/
static __return_type
_ebpf_store_update_section_information(
_In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count)
{
__return_type status = _SUCCESS;
ebpf_registry_key_t provider_key = NULL;
ebpf_registry_key_t section_info_key = NULL;
if (section_info_count == 0) {
return status;
}
// Open (or create) provider registry path.
status = _ebpf_store_open_or_create_provider_registry_key(&provider_key);
if (!IS_SUCCESS(status)) {
goto Exit;
}
// Open (or create) section data key.
status = create_registry_key(provider_key, EBPF_SECTIONS_REGISTRY_PATH, REG_CREATE_FLAGS, &section_info_key);
if (!IS_SUCCESS(status)) {
goto Exit;
}
for (uint32_t i = 0; i < section_info_count; i++) {
ebpf_registry_key_t section_key = NULL;
// Open or create the registry path.
status = create_registry_key(section_info_key, section_info[i].section_name, REG_CREATE_FLAGS, &section_key);
if (!IS_SUCCESS(status)) {
goto Exit;
}
// Save program type.
status = write_registry_value_binary(
section_key,
EBPF_SECTION_DATA_PROGRAM_TYPE,
(uint8_t*)section_info[i].program_type,
sizeof(ebpf_program_type_t));
if (!IS_SUCCESS(status)) {
close_registry_key(section_key);
goto Exit;
}
// Save attach type.
status = write_registry_value_binary(
section_key,
EBPF_SECTION_DATA_ATTACH_TYPE,
(uint8_t*)section_info[i].attach_type,
sizeof(ebpf_attach_type_t));
if (!IS_SUCCESS(status)) {
close_registry_key(section_key);
goto Exit;
}
// Save bpf_prog_type.
status = write_registry_value_dword(section_key, EBPF_DATA_BPF_PROG_TYPE, section_info[i].bpf_program_type);
if (!IS_SUCCESS(status)) {
close_registry_key(section_key);
goto Exit;
}
// Save bpf_attach_type.
status = write_registry_value_dword(section_key, EBPF_DATA_BPF_ATTACH_TYPE, section_info[i].bpf_attach_type);
if (!IS_SUCCESS(status)) {
close_registry_key(section_key);
goto Exit;
}
close_registry_key(section_key);
}
Exit:
if (section_info_key) {
close_registry_key(section_info_key);
}
if (provider_key) {
close_registry_key(provider_key);
}
return status;
}
/**
* @brief Update program information in eBPF store.
*
* @param[in] program_info Pointer to an array of program information.
* @param[in] program_info_count Count of program information entries.
*
* @returns Status of the operation.
*/
static __return_type
_ebpf_store_update_program_information(
_In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count)
{
__return_type status = _SUCCESS;
ebpf_registry_key_t provider_key = NULL;
ebpf_registry_key_t program_info_key = NULL;
if (program_info_count == 0) {
return status;
}
// Open (or create) provider registry path.
status = _ebpf_store_open_or_create_provider_registry_key(&provider_key);
if (!IS_SUCCESS(status)) {
goto Exit;
}
// Open (or create) program data registry path.
status = create_registry_key(provider_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, REG_CREATE_FLAGS, &program_info_key);
if (!IS_SUCCESS(status)) {
goto Exit;
}
for (uint32_t i = 0; i < program_info_count; i++) {
ebpf_registry_key_t program_key = {0};
ebpf_registry_key_t helper_info_key = {0};
// Convert program type GUID to string.
wchar_t guid_string[GUID_STRING_LENGTH + 1];
status = convert_guid_to_string(
&program_info[i].program_type_descriptor.program_type, guid_string, GUID_STRING_LENGTH + 1);
if (status != _SUCCESS) {
return status;
}
status = create_registry_key(program_info_key, guid_string, REG_CREATE_FLAGS, &program_key);
if (!IS_SUCCESS(status)) {
goto Exit;
}
// Save the friendly program type name.
status = write_registry_value_ansi_string(
program_key, EBPF_PROGRAM_DATA_NAME, program_info[i].program_type_descriptor.name);
if (!IS_SUCCESS(status)) {
close_registry_key(program_key);
goto Exit;
}
// Save context descriptor.
status = write_registry_value_binary(
program_key,
EBPF_PROGRAM_DATA_CONTEXT_DESCRIPTOR,
(uint8_t*)program_info[i].program_type_descriptor.context_descriptor,
sizeof(ebpf_context_descriptor_t));
if (!IS_SUCCESS(status)) {
close_registry_key(program_key);
goto Exit;
}
// Save bpf_prog_type.
status = write_registry_value_dword(
program_key, EBPF_DATA_BPF_PROG_TYPE, program_info[i].program_type_descriptor.bpf_prog_type);
if (!IS_SUCCESS(status)) {
close_registry_key(program_key);
goto Exit;
}
// Save "is_privileged".
status = write_registry_value_dword(
program_key, EBPF_PROGRAM_DATA_PRIVILEGED, program_info[i].program_type_descriptor.is_privileged);
if (!IS_SUCCESS(status)) {
close_registry_key(program_key);
goto Exit;
}
// Save helper count.
status = write_registry_value_dword(
program_key, EBPF_PROGRAM_DATA_HELPER_COUNT, program_info[i].count_of_program_type_specific_helpers);
if (!IS_SUCCESS(status)) {
close_registry_key(program_key);
goto Exit;
}
if (program_info[i].count_of_program_type_specific_helpers != 0) {
// Create (or open) helper registry path.
status = create_registry_key(
program_key, EBPF_PROGRAM_DATA_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key);
if (!IS_SUCCESS(status)) {
close_registry_key(program_key);
goto Exit;
}
// Iterate over all the helper prototypes and save in registry.
for (uint32_t count = 0; count < program_info[i].count_of_program_type_specific_helpers; count++) {
status = _ebpf_store_update_helper_prototype(
helper_info_key, &(program_info[i].program_type_specific_helper_prototype[count]));
if (!IS_SUCCESS(status)) {
close_registry_key(program_key);
close_registry_key(helper_info_key);
goto Exit;
}
}
close_registry_key(helper_info_key);
}
close_registry_key(program_key);
}
Exit:
if (program_info_key) {
close_registry_key(program_info_key);
}
if (provider_key) {
close_registry_key(provider_key);
}
return status;
}
/**
* @brief Update global helper information in eBPF store.
*
* @param[in] helper_info Pointer to an array of helper function prototypes.
* @param[in] helper_info_count Count of helper function prototypes.
*
* @returns Status of the operation.
*/
static __return_type
_ebpf_store_update_global_helper_information(
_In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count)
{
__return_type status = _SUCCESS;
ebpf_registry_key_t provider_key = NULL;
ebpf_registry_key_t helper_info_key = NULL;
if (helper_info_count == 0) {
return status;
}
// Open (or create) provider registry path.
status = _ebpf_store_open_or_create_provider_registry_key(&provider_key);
if (!IS_SUCCESS(status)) {
goto Exit;
}
// Open (or create) global helpers registry path.
status = create_registry_key(provider_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key);
if (!IS_SUCCESS(status)) {
goto Exit;
}
for (uint32_t i = 0; i < helper_info_count; i++) {
status = _ebpf_store_update_helper_prototype(helper_info_key, &helper_info[i]);
if (!IS_SUCCESS(status)) {
goto Exit;
}
}
Exit:
if (helper_info_key) {
close_registry_key(helper_info_key);
}
if (provider_key) {
close_registry_key(provider_key);
}
return status;
}
#endif

76
include/user/ebpf_registry_helper.h
Просмотреть файл

@ -1,76 +0,0 @@
// Copyright (c) Microsoft Corporation
// SPDX-License-Identifier: MIT
#pragma once
#include "ebpf_api.h"
#include "ebpf_platform.h"
#include "platform.h"
#define __return_type uint32_t
#define IS_SUCCESS(x) (x == ERROR_SUCCESS)
#define _SUCCESS NO_ERROR
#define GUID_STRING_LENGTH 38 // not including the null terminator.
#define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ)
#define REG_OPEN_FLAGS (DELETE | KEY_READ)
typedef _Return_type_success_(return == 0) uint32_t ebpf_registry_result_t;
typedef HKEY ebpf_registry_key_t;
// Issue: #1542 - All API's should be annotated with _Must_inspect_result_
void
close_registry_key(ebpf_registry_key_t key);
_Must_inspect_result_ ebpf_registry_result_t
write_registry_value_binary(
ebpf_registry_key_t key,
_In_z_ const wchar_t* value_name,
_In_reads_(value_size) uint8_t* value,
size_t value_size);
_Must_inspect_result_ ebpf_registry_result_t
write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value);
_Must_inspect_result_ ebpf_registry_result_t
write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value);
_Must_inspect_result_ ebpf_registry_result_t
create_registry_key(
ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key);
_Success_(return == ERROR_SUCCESS) uint32_t open_registry_key(
ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key);
_Must_inspect_result_ ebpf_registry_result_t
delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key);
_Must_inspect_result_ ebpf_registry_result_t
delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key);
_Must_inspect_result_ ebpf_registry_result_t
read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value);
_Must_inspect_result_ ebpf_registry_result_t
read_registry_value_binary(
ebpf_registry_key_t key,
_In_z_ const wchar_t* value_name,
_Out_writes_(value_size) uint8_t* value,
size_t value_size);
_Must_inspect_result_ ebpf_registry_result_t
convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size);
_Must_inspect_result_ ebpf_registry_result_t
convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid);
_Must_inspect_result_ ebpf_registry_result_t
create_registry_key_ansi(
ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key);
_Must_inspect_result_ ebpf_registry_result_t
read_registry_value_string(
ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_z_ wchar_t** value);

15
installer/Product.wxs
Просмотреть файл

@ -427,11 +427,7 @@ SPDX-License-Identifier: MIT
<File Id="LIBBPF_LEGACY.H" Name="libbpf_legacy.h" Source="$(var.SolutionDir)include\bpf\libbpf_legacy.h" />
</Component>
</ComponentGroup>
<ComponentGroup Id="eBPF_Development_include_kernel" Directory="dir_include_kernel">
<Component Id="EBPF_REGISTRY_HELPER.H" DiskId="1" Guid="{26717067-176B-4B94-8716-57A675E5F918}">
<File Id="EBPF_REGISTRY_HELPER.H" Name="ebpf_registry_helper.h" Source="$(var.SolutionDir)include\kernel\ebpf_registry_helper.h" />
</Component>
</ComponentGroup>
<ComponentGroup Id="eBPF_Development_include_kernel" Directory="dir_include_kernel"/>
<ComponentGroup Id="eBPF_Development_include_linux" Directory="dir_include_linux">
<Component Id="BPF.H_2" DiskId="1" Guid="{ED4F7D03-0334-4FB3-A3AC-1DAD36FF1228}">
<File Id="BPF.H_2" Name="bpf.h" Source="$(var.SolutionDir)include\linux\bpf.h" />
@ -597,15 +593,14 @@ SPDX-License-Identifier: MIT
<File Id="TCP.H" Name="tcp.h" Source="$(var.SolutionDir)include\uapi\linux\tcp.h" />
</Component>
</ComponentGroup>
<ComponentGroup Id="eBPF_Development_include_user" Directory="dir_include_user">
<Component Id="EBPF_REGISTRY_HELPER.H_1" DiskId="1" Guid="{D1BF1F4F-BD3D-484E-89D9-77A94522FC97}">
<File Id="EBPF_REGISTRY_HELPER.H_1" Name="ebpf_registry_helper.h" Source="$(var.SolutionDir)include\user\ebpf_registry_helper.h" />
</Component>
</ComponentGroup>
<ComponentGroup Id="eBPF_Development_include_user" Directory="dir_include_user"/>
<ComponentGroup Id="eBPF_Development_libs" Directory="dir_lib">
<Component Id="eBPFApi_lib" Guid="{A164197B-3C57-4ECA-B138-CBF558DA4401}">
<File Id="EbpfApi.lib" Name="EbpfApi.lib" DiskId="1" Source="$(var.api.TargetDir)EbpfApi.lib" />
</Component>
<Component Id="EBPF_STORE_HELPER_KM_lib" Guid="{F8A8A1D9-3F61-4F30-B75B-E51B63D6DB40}">
<File Id="EBPF_STORE_HELPER_KM.LIB" Name="ebpf_store_helper_km.lib" Source="$(var.ebpf_store_helper_km.TargetDir)ebpf_store_helper_km.lib" />
</Component>
</ComponentGroup>
</Fragment>

10
installer/ebpf-for-windows.wixproj
Просмотреть файл

@ -94,6 +94,14 @@ SPDX-License-Identifier: MIT
<RefProjectOutputGroups>Binaries;Content;Satellites</RefProjectOutputGroups>
<RefTargetDir>INSTALLFOLDER</RefTargetDir>
</ProjectReference>
<ProjectReference Include="..\libs\store_helper\kernel\ebpf_store_helper_km.vcxproj">
<Name>ebpf_store_helper_km</Name>
<Project>{3569e946-c8b4-49ee-a89d-edd09dc9f36e}</Project>
<Private>True</Private>
<DoNotHarvest>True</DoNotHarvest>
<RefProjectOutputGroups>Binaries;Content;Satellites</RefProjectOutputGroups>
<RefTargetDir>INSTALLFOLDER</RefTargetDir>
</ProjectReference>
<ProjectReference Include="..\netebpfext\sys\netebpfext.vcxproj">
<Name>netebpfext</Name>
<Project>{55499e36-37d4-4f86-b694-9f2990315758}</Project>
@ -244,4 +252,4 @@ SPDX-License-Identifier: MIT
<Target Name="AfterBuild">
</Target>
-->
</Project>
</Project>

1
libs/CMakeLists.txt
Просмотреть файл

@ -9,4 +9,5 @@ add_subdirectory("pe-parse")
add_subdirectory("platform")
add_subdirectory("ebpfnetsh")
add_subdirectory("service")
add_subdirectory("store_helper")
add_subdirectory("ubpf")

8
libs/api_common/CMakeLists.txt
Просмотреть файл

@ -17,8 +17,6 @@ add_library("api_common" STATIC
device_helper.hpp
device_helper.cpp
registry_helper.cpp
store_helper_internal.h
store_helper_internal.cpp
@ -30,9 +28,11 @@ target_include_directories("api_common" PRIVATE
"${CMAKE_SOURCE_DIR}/libs/api"
"${CMAKE_SOURCE_DIR}/include"
"${CMAKE_SOURCE_DIR}/include/user"
"${CMAKE_SOURCE_DIR}/libs/execution_context"
"${CMAKE_SOURCE_DIR}/libs/platform"
"${CMAKE_SOURCE_DIR}/libs/platform/user"
"${CMAKE_SOURCE_DIR}/libs/execution_context"
"${CMAKE_SOURCE_DIR}/libs/store_helper"
"${CMAKE_SOURCE_DIR}/libs/store_helper/user"
"${CMAKE_SOURCE_DIR}/external/ubpf/vm"
"${CMAKE_SOURCE_DIR}/external/ubpf/vm/inc"
"${CMAKE_BINARY_DIR}/external/ubpf/vm"
@ -43,6 +43,7 @@ target_include_directories("api_common" PRIVATE
target_link_libraries("api_common" PRIVATE
"ebpf_for_windows_cpp_settings"
"ebpf_store_helper_um"
"NetEbpfExt_headers"
"external::boost"
"external::ebpfverifier"
@ -51,6 +52,7 @@ target_link_libraries("api_common" PRIVATE
target_compile_definitions("api_common" PRIVATE
_WINDOWS
_USRDLL
USER_MODE
)
# In order to get around cyclic dependency issues, create an interface

20
libs/api_common/api_common.vcxproj
Просмотреть файл

@ -104,7 +104,7 @@
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeader>NotUsing</PrecompiledHeader>
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
@ -115,10 +115,11 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableUAC>false</EnableUAC>
</Link>
<Lib />
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyDebug|x64'">
<ClCompile>
<PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeader>NotUsing</PrecompiledHeader>
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
@ -129,10 +130,11 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableUAC>false</EnableUAC>
</Link>
<Lib />
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='FuzzerDebug|x64'">
<ClCompile>
<PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeader>NotUsing</PrecompiledHeader>
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
@ -149,7 +151,7 @@
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<PreprocessorDefinitions>NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeader>NotUsing</PrecompiledHeader>
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
@ -162,10 +164,11 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableUAC>false</EnableUAC>
</Link>
<Lib />
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyRelease|x64'">
<ClCompile>
<PreprocessorDefinitions>NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeader>NotUsing</PrecompiledHeader>
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
@ -178,6 +181,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableUAC>false</EnableUAC>
</Link>
<Lib />
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="device_helper.cpp" />
@ -185,7 +189,6 @@
<ClCompile Include="api_common.cpp" />
<ClCompile Include="store_helper_internal.cpp" />
<ClCompile Include="utilities.cpp" />
<ClCompile Include="registry_helper.cpp" />
<ClCompile Include="windows_helpers.cpp" />
<ClCompile Include="windows_platform_common.cpp" />
</ItemGroup>
@ -199,5 +202,10 @@
<ClInclude Include="windows_platform_common.hpp" />
<ClInclude Include="windows_program_type.h" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\store_helper\user\ebpf_store_helper_um.vcxproj">
<Project>{aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a}</Project>
</ProjectReference>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>

3
libs/api_common/api_common.vcxproj.filters
Просмотреть файл

@ -31,9 +31,6 @@
<ClCompile Include="utilities.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="registry_helper.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="store_helper_internal.cpp">
<Filter>Source Files</Filter>
</ClCompile>

238
libs/api_common/registry_helper.cpp
Просмотреть файл

@ -1,238 +0,0 @@
// Copyright (c) Microsoft Corporation
// SPDX-License-Identifier: MIT
/**
* @file
* @brief Contains user mode registry related helper APIs.
*/
#define _SILENCE_CXX17_CODECVT_HEADER_DEPRECATION_WARNING
#include "api_common.hpp"
#include "ebpf_registry_helper.h"
#include <codecvt>
#define GUID_STRING_LENGTH 38 // not including the null terminator.
static std::wstring
_get_wstring_from_string(std::string text)
{
std::wstring_convert<std::codecvt_utf8_utf16<wchar_t>> converter;
std::wstring wide = converter.from_bytes(text);
return wide;
}
void
close_registry_key(ebpf_registry_key_t key)
{
ebpf_assert(key);
RegCloseKey(key);
}
_Must_inspect_result_ ebpf_registry_result_t
write_registry_value_binary(
ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size)
{
ebpf_assert(value_name);
ebpf_assert(value);
return RegSetValueEx(key, value_name, 0, REG_BINARY, value, (unsigned long)value_size);
}
_Must_inspect_result_ ebpf_registry_result_t
write_registry_value_wide_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const wchar_t* value)
{
ebpf_assert(value_name);
ebpf_assert(value);
auto length = (wcslen(value) + 1) * sizeof(wchar_t);
return RegSetValueEx(key, value_name, 0, REG_SZ, (uint8_t*)value, (unsigned long)length);
}
_Must_inspect_result_ ebpf_registry_result_t
write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value)
{
uint32_t result;
try {
auto wide_string = _get_wstring_from_string(value);
result = write_registry_value_wide_string(key, value_name, wide_string.c_str());
} catch (...) {
result = ERROR_NOT_ENOUGH_MEMORY;
}
return result;
}
_Must_inspect_result_ ebpf_registry_result_t
write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value)
{
ebpf_assert(key);
return RegSetValueEx(key, value_name, 0, REG_DWORD, (PBYTE)&value, sizeof(value));
}
_Must_inspect_result_ ebpf_registry_result_t
create_registry_key(
ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key)
{
*key = nullptr;
if (root_key == nullptr) {
return ERROR_INVALID_PARAMETER;
}
return RegCreateKeyEx(root_key, sub_key, 0, nullptr, 0, flags, nullptr, key, nullptr);
}
_Success_(return == ERROR_SUCCESS) uint32_t open_registry_key(
ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key)
{
ebpf_assert(root_key != nullptr);
_Analysis_assume_(root_key != nullptr);
return RegOpenKeyEx(root_key, sub_key, 0, flags, key);
}
_Must_inspect_result_ ebpf_registry_result_t
delete_registry_key(ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key)
{
return RegDeleteKeyEx(root_key, sub_key, 0, 0);
}
_Must_inspect_result_ ebpf_registry_result_t
delete_registry_tree(ebpf_registry_key_t root_key, _In_opt_z_ const wchar_t* sub_key)
{
return RegDeleteTree(root_key, sub_key);
}
_Must_inspect_result_ ebpf_registry_result_t
create_registry_key_ansi(
ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key)
{
uint32_t result;
try {
auto wide_string = _get_wstring_from_string(sub_key);
result = create_registry_key(root_key, wide_string.c_str(), flags, key);
} catch (...) {
result = ERROR_NOT_ENOUGH_MEMORY;
}
return result;
}
_Must_inspect_result_ ebpf_registry_result_t
read_registry_value_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_z_ wchar_t** value)
{
uint32_t status = ERROR_SUCCESS;
unsigned long type = REG_SZ;
unsigned long value_size = 0;
wchar_t* string_value = nullptr;
*value = nullptr;
status = RegQueryValueEx(key, value_name, 0, &type, nullptr, &value_size);
if (status != ERROR_SUCCESS || type != REG_SZ) {
if (type != REG_SZ) {
status = ERROR_INVALID_PARAMETER;
}
return status;
}
string_value = (wchar_t*)ebpf_allocate((value_size + sizeof(wchar_t)));
if (string_value == nullptr) {
return ERROR_NOT_ENOUGH_MEMORY;
}
memset(string_value, 0, value_size + sizeof(wchar_t));
status = RegQueryValueEx(key, value_name, 0, &type, (PBYTE)string_value, &value_size);
if (status != ERROR_SUCCESS) {
goto Exit;
}
*value = string_value;
string_value = nullptr;
Exit:
if (string_value) {
ebpf_free(string_value);
}
return status;
}
_Must_inspect_result_ ebpf_registry_result_t
read_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value)
{
unsigned long type = REG_QWORD;
unsigned long value_size = sizeof(uint32_t);
return RegQueryValueEx(key, value_name, 0, &type, (PBYTE)value, &value_size);
}
_Must_inspect_result_ ebpf_registry_result_t
read_registry_value_binary(
ebpf_registry_key_t key,
_In_z_ const wchar_t* value_name,
_Out_writes_(value_size) uint8_t* value,
size_t value_size)
{
uint32_t status = NO_ERROR;
unsigned long type = REG_BINARY;
unsigned long local_value_size = (unsigned long)value_size;
status = RegQueryValueEx(key, value_name, 0, &type, value, &local_value_size);
if (status != ERROR_SUCCESS || type != REG_BINARY || local_value_size != value_size) {
if (status != ERROR_SUCCESS) {
status = ERROR_INVALID_PARAMETER;
}
goto Exit;
}
Exit:
return status;
}
_Must_inspect_result_ ebpf_registry_result_t
convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size)
{
uint32_t status = ERROR_SUCCESS;
wchar_t* value_name = nullptr;
try {
if (string_size < GUID_STRING_LENGTH + 1) {
return ERROR_INSUFFICIENT_BUFFER;
}
// Convert program type GUID to string.
RPC_STATUS rpc_status = UuidToString(guid, (RPC_WSTR*)&value_name);
if (rpc_status != RPC_S_OK) {
return ERROR_INVALID_PARAMETER;
}
std::wstring value_name_string(value_name);
// UuidToString returns string without braces. Add braces to the resulting string.
value_name_string = L"{" + value_name_string + L"}";
// Copy the buffer to the output string.
memcpy(string, value_name_string.c_str(), GUID_STRING_LENGTH * 2);
string[GUID_STRING_LENGTH] = L'\0';
} catch (...) {
status = ERROR_NOT_ENOUGH_MEMORY;
}
return status;
}
_Must_inspect_result_ ebpf_registry_result_t
convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid)
{
uint32_t status = ERROR_SUCCESS;
// The UUID string read from registry also contains the opening and closing braces.
// Remove those before converting to UUID.
wchar_t truncated_string[GUID_STRING_LENGTH + 1] = {0};
memcpy(truncated_string, string + 1, (wcslen(string) - 2) * sizeof(wchar_t));
// Convert program type string to GUID
auto rpc_status = UuidFromString((RPC_WSTR)truncated_string, guid);
if (rpc_status != RPC_S_OK) {
status = ERROR_INVALID_PARAMETER;
}
return status;
}

193
libs/api_common/store_helper_internal.cpp
Просмотреть файл

@ -1,28 +1,29 @@
// Copyright (c) Microsoft Corporation
// SPDX-License-Identifier: MIT
#include "ebpf_registry_helper.h"
#include "..\libs\store_helper\user\ebpf_registry_helper.h"
#include "ebpf_program_attach_type_guids.h"
#include "ebpf_serialize.h"
#include "ebpf_store_helper.h"
#include "ebpf_utilities.h"
#include "store_helper_internal.h"
#include "utilities.hpp"
ebpf_registry_key_t root_registry_key_current_user = HKEY_CURRENT_USER;
ebpf_registry_key_t root_registry_key_local_machine = HKEY_LOCAL_MACHINE;
// TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE
ebpf_registry_key_t ebpf_root_registry_key = HKEY_CURRENT_USER;
ebpf_store_key_t root_registry_key_current_user = HKEY_CURRENT_USER;
ebpf_store_key_t root_registry_key_local_machine = HKEY_LOCAL_MACHINE;
static uint32_t
_open_ebpf_store_key(_Out_ ebpf_registry_key_t* store_key)
static ebpf_result_t
_open_ebpf_store_key(_Out_ ebpf_store_key_t* store_key)
{
// Open root registry path.
*store_key = nullptr;
// First try to open the HKCU registry key.
uint32_t result = open_registry_key(root_registry_key_current_user, EBPF_STORE_REGISTRY_PATH, KEY_READ, store_key);
ebpf_result_t result =
ebpf_open_registry_key(root_registry_key_current_user, EBPF_STORE_REGISTRY_PATH, KEY_READ, store_key);
if (result != ERROR_SUCCESS) {
// Failed to open ebpf store path in HKCU. Fall back to HKLM.
result = open_registry_key(root_registry_key_local_machine, EBPF_STORE_REGISTRY_PATH, KEY_READ, store_key);
result = ebpf_open_registry_key(root_registry_key_local_machine, EBPF_STORE_REGISTRY_PATH, KEY_READ, store_key);
}
return result;
@ -51,7 +52,7 @@ _load_helper_prototype(
size_t expected_size = sizeof(helper_prototype->helper_id) + sizeof(helper_prototype->return_type) +
sizeof(helper_prototype->arguments);
status = read_registry_value_binary(
status = ebpf_read_registry_value_binary(
helper_info_key, EBPF_HELPER_DATA_PROTOTYPE, (uint8_t*)serialized_data, expected_size);
if (status != ERROR_SUCCESS) {
result = win32_error_code_to_ebpf_result(status);
@ -81,7 +82,7 @@ _load_helper_prototype(
Exit:
if (helper_info_key) {
close_registry_key(helper_info_key);
ebpf_close_registry_key(static_cast<ebpf_store_key_t>(helper_info_key));
}
return result;
}
@ -108,8 +109,9 @@ _load_program_data_information(
*program_info = nullptr;
try {
status = open_registry_key(program_data_key, program_type_string, KEY_READ, &program_info_key);
if (status != ERROR_SUCCESS) {
result = ebpf_open_registry_key(
program_data_key, program_type_string, KEY_READ, (ebpf_store_key_t*)&program_info_key);
if (result != EBPF_SUCCESS) {
// Registry path is not present.
result = EBPF_FILE_NOT_FOUND;
goto Exit;
@ -121,16 +123,14 @@ _load_program_data_information(
goto Exit;
}
status = convert_string_to_guid(program_type_string, program_type);
if (status != ERROR_SUCCESS) {
result = win32_error_code_to_ebpf_result(status);
result = ebpf_convert_string_to_guid(program_type_string, program_type);
if (result != EBPF_SUCCESS) {
goto Exit;
}
// Read the friendly program type name.
status = read_registry_value_string(program_info_key, EBPF_PROGRAM_DATA_NAME, &program_type_name);
if (status != ERROR_SUCCESS) {
result = win32_error_code_to_ebpf_result(status);
result = ebpf_read_registry_value_string(program_info_key, EBPF_PROGRAM_DATA_NAME, &program_type_name);
if (result != EBPF_SUCCESS) {
goto Exit;
}
@ -140,38 +140,36 @@ _load_program_data_information(
result = EBPF_NO_MEMORY;
goto Exit;
}
status = read_registry_value_binary(
result = ebpf_read_registry_value_binary(
program_info_key,
EBPF_PROGRAM_DATA_CONTEXT_DESCRIPTOR,
(uint8_t*)descriptor,
sizeof(ebpf_context_descriptor_t));
if (status != ERROR_SUCCESS) {
result = win32_error_code_to_ebpf_result(status);
if (result != EBPF_SUCCESS) {
goto Exit;
}
// Read "is_privileged".
status = read_registry_value_dword(program_info_key, EBPF_PROGRAM_DATA_PRIVILEGED, &is_privileged);
if (status != ERROR_SUCCESS) {
result = win32_error_code_to_ebpf_result(status);
result = ebpf_read_registry_value_dword(program_info_key, EBPF_PROGRAM_DATA_PRIVILEGED, &is_privileged);
if (result != EBPF_SUCCESS) {
goto Exit;
}
// Read bpf program type.
status = read_registry_value_dword(program_info_key, EBPF_DATA_BPF_PROG_TYPE, &bpf_program_type);
if (status != ERROR_SUCCESS) {
result = win32_error_code_to_ebpf_result(status);
result = ebpf_read_registry_value_dword(program_info_key, EBPF_DATA_BPF_PROG_TYPE, &bpf_program_type);
if (result != EBPF_SUCCESS) {
goto Exit;
}
// Read helper count.
status = read_registry_value_dword(program_info_key, EBPF_PROGRAM_DATA_HELPER_COUNT, &helper_count);
if (status != ERROR_SUCCESS) {
result = win32_error_code_to_ebpf_result(status);
result = ebpf_read_registry_value_dword(program_info_key, EBPF_PROGRAM_DATA_HELPER_COUNT, &helper_count);
if (result != EBPF_SUCCESS) {
goto Exit;
}
auto program_type_name_string = ebpf_down_cast_from_wstring(std::wstring(program_type_name));
auto program_type_name_string = (program_type_name != nullptr)
? ebpf_down_cast_from_wstring(std::wstring(program_type_name))
: ebpf_down_cast_from_wstring(std::wstring(L""));
program_information = (ebpf_program_info_t*)ebpf_allocate(sizeof(ebpf_program_info_t));
if (program_information == nullptr) {
@ -279,13 +277,13 @@ Exit:
ebpf_program_info_free(program_information);
}
if (program_info_key) {
close_registry_key(program_info_key);
ebpf_close_registry_key(program_info_key);
}
ebpf_free(program_type_name);
ebpf_free(program_type);
if (helper_key) {
close_registry_key(helper_key);
ebpf_close_registry_key(helper_key);
}
return result;
}
@ -301,27 +299,26 @@ ebpf_store_load_program_information(
wchar_t program_type_key[GUID_STRING_LENGTH + 1];
unsigned long key_size = 0;
uint32_t index = 0;
ebpf_registry_key_t store_key = nullptr;
ebpf_store_key_t store_key = nullptr;
std::vector<ebpf_program_info_t*> program_info_array;
*program_info = nullptr;
*program_info_count = 0;
status = _open_ebpf_store_key(&store_key);
if (status != ERROR_SUCCESS) {
if (status != ERROR_FILE_NOT_FOUND) {
result = win32_error_code_to_ebpf_result(status);
__analysis_assume(result != EBPF_SUCCESS);
result = _open_ebpf_store_key(&store_key);
if (result != EBPF_SUCCESS) {
if (result == EBPF_FILE_NOT_FOUND) {
result = EBPF_SUCCESS;
}
goto Exit;
}
// Open program data registry path.
status = open_registry_key(store_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, KEY_READ, &program_data_key);
if (status != ERROR_SUCCESS) {
if (status != ERROR_FILE_NOT_FOUND) {
result = win32_error_code_to_ebpf_result(status);
__analysis_assume(result != EBPF_SUCCESS);
result = ebpf_open_registry_key(
store_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, KEY_READ, (ebpf_store_key_t*)&program_data_key);
if (result != EBPF_SUCCESS) {
if (result == EBPF_FILE_NOT_FOUND) {
result = EBPF_SUCCESS;
}
goto Exit;
}
@ -383,7 +380,7 @@ Exit:
}
if (program_data_key) {
close_registry_key(program_data_key);
ebpf_close_registry_key(program_data_key);
}
return result;
@ -395,7 +392,6 @@ _load_section_data_information(
_In_z_ const wchar_t* section_name,
_Outptr_ ebpf_section_definition_t** section_info) noexcept
{
int32_t status;
ebpf_result_t result = EBPF_SUCCESS;
HKEY section_info_key = nullptr;
ebpf_program_type_t* program_type = nullptr;
@ -406,8 +402,8 @@ _load_section_data_information(
ebpf_section_definition_t* section_information = nullptr;
try {
status = open_registry_key(section_data_key, section_name, KEY_READ, &section_info_key);
if (status != ERROR_SUCCESS) {
result = ebpf_open_registry_key(section_data_key, section_name, KEY_READ, (ebpf_store_key_t*)&section_info_key);
if (result != EBPF_SUCCESS) {
// Registry path is not present.
result = EBPF_FILE_NOT_FOUND;
goto Exit;
@ -426,33 +422,33 @@ _load_section_data_information(
}
// Read program type.
status = read_registry_value_binary(
result = ebpf_read_registry_value_binary(
section_info_key, EBPF_SECTION_DATA_PROGRAM_TYPE, (uint8_t*)program_type, sizeof(ebpf_program_type_t));
if (status != ERROR_SUCCESS) {
result = win32_error_code_to_ebpf_result(status);
if (result != EBPF_SUCCESS) {
__analysis_assume(result != EBPF_SUCCESS);
goto Exit;
}
// Read attach type.
status = read_registry_value_binary(
result = ebpf_read_registry_value_binary(
section_info_key, EBPF_SECTION_DATA_ATTACH_TYPE, (uint8_t*)attach_type, sizeof(ebpf_attach_type_t));
if (status != ERROR_SUCCESS) {
result = win32_error_code_to_ebpf_result(status);
if (result != EBPF_SUCCESS) {
__analysis_assume(result != EBPF_SUCCESS);
goto Exit;
}
// Read bpf program type.
status = read_registry_value_dword(section_info_key, EBPF_DATA_BPF_PROG_TYPE, (uint32_t*)&bpf_program_type);
if (status != ERROR_SUCCESS) {
result =
ebpf_read_registry_value_dword(section_info_key, EBPF_DATA_BPF_PROG_TYPE, (uint32_t*)&bpf_program_type);
if (result != EBPF_SUCCESS) {
bpf_program_type = BPF_PROG_TYPE_UNSPEC;
result = EBPF_SUCCESS;
}
// Read bpf attach type.
status = read_registry_value_dword(section_info_key, EBPF_DATA_BPF_ATTACH_TYPE, (uint32_t*)&bpf_attach_type);
if (status != ERROR_SUCCESS) {
result =
ebpf_read_registry_value_dword(section_info_key, EBPF_DATA_BPF_ATTACH_TYPE, (uint32_t*)&bpf_attach_type);
if (result != EBPF_SUCCESS) {
bpf_attach_type = BPF_ATTACH_TYPE_UNSPEC;
result = EBPF_SUCCESS;
}
@ -490,7 +486,7 @@ Exit:
ebpf_free(section_information);
}
if (section_info_key) {
close_registry_key(section_info_key);
ebpf_close_registry_key(section_info_key);
}
return result;
}
@ -506,22 +502,21 @@ ebpf_store_load_section_information(
wchar_t section_name_key[MAX_PATH];
unsigned long key_size = 0;
uint32_t index = 0;
ebpf_registry_key_t store_key = nullptr;
ebpf_store_key_t store_key = nullptr;
std::vector<ebpf_section_definition_t*> section_info_array;
*section_info = nullptr;
*section_info_count = 0;
status = _open_ebpf_store_key(&store_key);
if (status != ERROR_SUCCESS) {
if (status != ERROR_FILE_NOT_FOUND) {
result = win32_error_code_to_ebpf_result(status);
__analysis_assume(result != EBPF_SUCCESS);
result = _open_ebpf_store_key(&store_key);
if (result != EBPF_SUCCESS) {
if (result == EBPF_FILE_NOT_FOUND) {
result = EBPF_SUCCESS;
}
goto Exit;
}
status = RegOpenKeyEx(store_key, EBPF_SECTIONS_REGISTRY_PATH, 0, KEY_READ, &section_data_key);
status = RegOpenKeyEx(static_cast<HKEY>(store_key), EBPF_SECTIONS_REGISTRY_PATH, 0, KEY_READ, &section_data_key);
if (status != ERROR_SUCCESS) {
if (status != ERROR_FILE_NOT_FOUND) {
result = win32_error_code_to_ebpf_result(status);
@ -587,7 +582,7 @@ Exit:
}
}
if (section_data_key) {
close_registry_key(section_data_key);
ebpf_close_registry_key(section_data_key);
}
return result;
}
@ -606,26 +601,25 @@ ebpf_store_load_global_helper_information(
uint32_t max_helpers_count = 0;
ebpf_helper_function_prototype_t* helper_prototype = nullptr;
uint32_t index = 0;
ebpf_registry_key_t store_key = nullptr;
ebpf_store_key_t store_key = nullptr;
*global_helper_info = nullptr;
*global_helper_info_count = 0;
status = _open_ebpf_store_key(&store_key);
if (status != ERROR_SUCCESS) {
if (status != ERROR_FILE_NOT_FOUND) {
result = win32_error_code_to_ebpf_result(status);
__analysis_assume(result != EBPF_SUCCESS);
result = _open_ebpf_store_key(&store_key);
if (result != EBPF_SUCCESS) {
if (result == EBPF_FILE_NOT_FOUND) {
result = EBPF_SUCCESS;
}
goto Exit;
}
// Open program data registry path.
status = open_registry_key(store_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, KEY_READ, &global_helpers_key);
if (status != ERROR_SUCCESS) {
if (status != ERROR_FILE_NOT_FOUND) {
result = win32_error_code_to_ebpf_result(status);
__analysis_assume(result != EBPF_SUCCESS);
result = ebpf_open_registry_key(
store_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, KEY_READ, (ebpf_store_key_t*)&global_helpers_key);
if (result != EBPF_SUCCESS) {
if (result == EBPF_FILE_NOT_FOUND) {
result = EBPF_SUCCESS;
}
goto Exit;
}
@ -696,7 +690,7 @@ ebpf_store_load_global_helper_information(
Exit:
if (global_helpers_key) {
close_registry_key(global_helpers_key);
ebpf_close_registry_key(global_helpers_key);
}
if (result != EBPF_SUCCESS) {
if (helper_prototype) {
@ -711,47 +705,40 @@ Exit:
}
_Must_inspect_result_ ebpf_result_t
ebpf_store_clear(_In_ const ebpf_registry_key_t root_key_path)
ebpf_store_clear(_In_ const ebpf_store_key_t root_key_path)
{
ebpf_registry_key_t root_handle = {0};
ebpf_registry_key_t provider_handle = {0};
uint32_t status;
ebpf_store_key_t root_handle = {0};
ebpf_store_key_t provider_handle = {0};
ebpf_result_t result = EBPF_FAILED;
// Open root registry key.
status = open_registry_key(root_key_path, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_handle);
if (status != ERROR_SUCCESS) {
if (status == ERROR_FILE_NOT_FOUND) {
result = ebpf_open_registry_key(root_key_path, EBPF_ROOT_RELATIVE_PATH, REG_CREATE_FLAGS, &root_handle);
if (result != EBPF_SUCCESS) {
if (result == EBPF_FILE_NOT_FOUND) {
result = EBPF_SUCCESS;
} else {
result = win32_error_code_to_ebpf_result(status);
}
goto Exit;
}
// Open "providers" registry key.
status = open_registry_key(root_handle, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, &provider_handle);
if (status != ERROR_SUCCESS) {
if (status == ERROR_FILE_NOT_FOUND) {
result = ebpf_open_registry_key(root_handle, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, &provider_handle);
if (result != EBPF_SUCCESS) {
if (result == EBPF_FILE_NOT_FOUND) {
result = EBPF_SUCCESS;
} else {
result = win32_error_code_to_ebpf_result(status);
}
goto Exit;
}
// Delete subtree of provider reg key.
status = delete_registry_tree(provider_handle, NULL);
if (status != ERROR_SUCCESS) {
result = win32_error_code_to_ebpf_result(status);
result = ebpf_delete_registry_tree(provider_handle, NULL);
if (result != EBPF_SUCCESS) {
goto Exit;
}
close_registry_key(provider_handle);
ebpf_close_registry_key(provider_handle);
provider_handle = nullptr;
status = delete_registry_key(root_handle, EBPF_PROVIDERS_REGISTRY_PATH);
if (status != ERROR_SUCCESS) {
result = win32_error_code_to_ebpf_result(status);
result = ebpf_delete_registry_key(root_handle, EBPF_PROVIDERS_REGISTRY_PATH);
if (result != EBPF_SUCCESS) {
goto Exit;
}
@ -759,10 +746,10 @@ ebpf_store_clear(_In_ const ebpf_registry_key_t root_key_path)
Exit:
if (provider_handle) {
close_registry_key(provider_handle);
ebpf_close_registry_key(provider_handle);
}
if (root_handle) {
close_registry_key(root_handle);
ebpf_close_registry_key(root_handle);
}
return result;

2
libs/api_common/store_helper_internal.h
Просмотреть файл

@ -21,4 +21,4 @@ ebpf_store_load_global_helper_information(
_Out_ uint32_t* global_helper_info_count);
_Must_inspect_result_ ebpf_result_t
ebpf_store_clear(_In_ const ebpf_registry_key_t root_key_path);
ebpf_store_clear(_In_ const ebpf_store_key_t root_key_path);

2
libs/api_common/windows_platform_common.cpp
Просмотреть файл

@ -8,8 +8,8 @@
#include "ebpf_api.h"
#include "ebpf_nethooks.h"
#include "ebpf_protocol.h"
#include "ebpf_registry_helper.h"
#include "ebpf_serialize.h"
#include "ebpf_store_helper.h"
#include "ebpf_tracelog.h"
#include "helpers.hpp"
#include "map_descriptors.hpp"

2
libs/platform/kernel/ebpf_platform_kernel.c
Просмотреть файл

@ -332,7 +332,7 @@ _Must_inspect_result_ ebpf_result_t
ebpf_update_global_helpers(
_In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count)
{
NTSTATUS status = _ebpf_store_update_global_helper_information(helper_info, helper_info_count);
NTSTATUS status = ebpf_store_update_global_helper_information(helper_info, helper_info_count);
ebpf_result_t result = NT_SUCCESS(status) ? EBPF_SUCCESS : EBPF_FAILED;
return result;

21
libs/platform/kernel/platform_kernel.vcxproj
Просмотреть файл

@ -64,6 +64,11 @@
<ClInclude Include="stdbool.h" />
<ClInclude Include="stdint.h" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\store_helper\kernel\ebpf_store_helper_km.vcxproj">
<Project>{3569e946-c8b4-49ee-a89d-edd09dc9f36e}</Project>
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{FC3F9998-4085-4767-8386-5453F07C3AAD}</ProjectGuid>
<TemplateGuid>{0a049372-4c4d-4ea0-a64e-dc6ad88ceca1}</TemplateGuid>
@ -119,23 +124,35 @@
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PreprocessorDefinitions>_DEBUG;WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;%(PreprocessorDefinitions);_KRPCENV_;_NO_CRT_STDIO_INLINE=1</PreprocessorDefinitions>
<PreprocessorDefinitions>_DEBUG;WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;_KRPCENV_;_NO_CRT_STDIO_INLINE=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>$(SolutionDir)libs\execution_context;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(SolutionDir)libs\epoch;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
<Midl>
<PreprocessorDefinitions>_KRPCENV_;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</Midl>
<Lib>
<AdditionalLibraryDirectories>$(SolutionDir)$(Platform)\$(ConfigurationName)\</AdditionalLibraryDirectories>
</Lib>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<PreprocessorDefinitions>WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;_KRPCENV_;%(PreprocessorDefinitions);_NO_CRT_STDIO_INLINE=1</PreprocessorDefinitions>
<PreprocessorDefinitions>WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP;WINAPI_PARTITION_DESKTOP=1;WINAPI_PARTITION_SYSTEM=1;WINAPI_PARTITION_APP=1;WINAPI_PARTITION_PC_APP=1;_KRPCENV_;_NO_CRT_STDIO_INLINE=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>$(SolutionDir)libs\execution_context;$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\kernel;$(SolutionDir)libs\epoch;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\kernel;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
<Midl>
<PreprocessorDefinitions>_KRPCENV_;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</Midl>
<Lib>
<AdditionalLibraryDirectories>$(SolutionDir)$(Platform)\$(ConfigurationName)\</AdditionalLibraryDirectories>
</Lib>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
<ClCompile>

10
libs/platform/user/framework.h
Просмотреть файл

@ -4,11 +4,11 @@
#pragma once
#include "..\..\..\external\usersim\src\framework.h"
#include "usersim/ex.h"
#include "usersim/ke.h"
#include "usersim/ps.h"
#include "usersim/rtl.h"
#include "usersim/se.h"
#include "usersim\ex.h"
#include "usersim\ke.h"
#include "usersim\ps.h"
#include "usersim\rtl.h"
#include "usersim\se.h"
#ifdef _DEBUG
#define ebpf_assert(x) assert(x)

5
libs/store_helper/CMakeLists.txt Normal file
Просмотреть файл

@ -0,0 +1,5 @@
# Copyright (c) Microsoft Corporation
# SPDX-License-Identifier: MIT
add_subdirectory("kernel")
add_subdirectory("user")

311
libs/store_helper/ebpf_store_helper.c Normal file
Просмотреть файл

@ -0,0 +1,311 @@
// Copyright (c) Microsoft Corporation
// SPDX-License-Identifier: MIT
#include "ebpf_program_types.h"
#include "ebpf_registry_helper.h"
#include "ebpf_store_helper.h"
#include "ebpf_windows.h"
#define IS_SUCCESS(x) (x == EBPF_SUCCESS)
static ebpf_result_t
_ebpf_store_open_or_create_provider_registry_key(_Out_ ebpf_store_key_t* provider_key)
{
ebpf_result_t result = EBPF_SUCCESS;
ebpf_store_key_t root_key = NULL;
*provider_key = NULL;
// Open (or create) root eBPF registry path.
result = ebpf_create_registry_key(ebpf_store_root_key, ebpf_store_root_sub_key, REG_CREATE_FLAGS, &root_key);
if (!IS_SUCCESS(result)) {
goto Exit;
}
// Open (or create) program data registry path.
result = ebpf_create_registry_key(root_key, EBPF_PROVIDERS_REGISTRY_PATH, REG_CREATE_FLAGS, provider_key);
if (!IS_SUCCESS(result)) {
goto Exit;
}
Exit:
ebpf_close_registry_key(root_key);
return result;
}
ebpf_result_t
ebpf_store_update_helper_prototype(
ebpf_store_key_t helper_info_key, _In_ const ebpf_helper_function_prototype_t* helper_info)
{
ebpf_result_t result = EBPF_SUCCESS;
uint32_t offset;
ebpf_store_key_t helper_function_key = NULL;
char serialized_data[sizeof(ebpf_helper_function_prototype_t)] = {0};
result = ebpf_create_registry_key_ansi(helper_info_key, helper_info->name, REG_CREATE_FLAGS, &helper_function_key);
if (!IS_SUCCESS(result)) {
goto Exit;
}
// Serialize the helper prototype.
offset = 0;
memcpy(serialized_data, &helper_info->helper_id, sizeof(helper_info->helper_id));
offset += sizeof(helper_info->helper_id);
memcpy(serialized_data + offset, &helper_info->return_type, sizeof(helper_info->return_type));
offset += sizeof(helper_info->return_type);
memcpy(serialized_data + offset, helper_info->arguments, sizeof(helper_info->arguments));
offset += sizeof(helper_info->arguments);
// Save the helper prototype data.
result = ebpf_write_registry_value_binary(
helper_function_key, EBPF_HELPER_DATA_PROTOTYPE, (uint8_t*)&serialized_data[0], offset);
if (!IS_SUCCESS(result)) {
goto Exit;
}
Exit:
ebpf_close_registry_key(helper_function_key);
return result;
}
ebpf_result_t
ebpf_store_update_global_helper_information(
_In_reads_(helper_info_count) ebpf_helper_function_prototype_t* helper_info, uint32_t helper_info_count)
{
ebpf_result_t result = EBPF_SUCCESS;
ebpf_store_key_t provider_key = NULL;
ebpf_store_key_t helper_info_key = NULL;
if (helper_info_count == 0) {
return result;
}
// Open (or create) provider registry path.
result = _ebpf_store_open_or_create_provider_registry_key(&provider_key);
if (!IS_SUCCESS(result)) {
goto Exit;
}
// Open (or create) global helpers registry path.
result =
ebpf_create_registry_key(provider_key, EBPF_GLOBAL_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key);
if (!IS_SUCCESS(result)) {
goto Exit;
}
for (uint32_t i = 0; i < helper_info_count; i++) {
result = ebpf_store_update_helper_prototype(helper_info_key, &helper_info[i]);
if (!IS_SUCCESS(result)) {
goto Exit;
}
}
Exit:
ebpf_close_registry_key(helper_info_key);
ebpf_close_registry_key(provider_key);
return result;
}
ebpf_result_t
ebpf_store_update_section_information(
_In_reads_(section_info_count) const ebpf_program_section_info_t* section_info, uint32_t section_info_count)
{
ebpf_result_t result = EBPF_SUCCESS;
ebpf_store_key_t provider_key = NULL;
ebpf_store_key_t section_info_key = NULL;
if (section_info_count == 0) {
return result;
}
// Open (or create) provider registry path.
result = _ebpf_store_open_or_create_provider_registry_key(&provider_key);
if (!IS_SUCCESS(result)) {
goto Exit;
}
// Open (or create) section data key.
result = ebpf_create_registry_key(provider_key, EBPF_SECTIONS_REGISTRY_PATH, REG_CREATE_FLAGS, &section_info_key);
if (!IS_SUCCESS(result)) {
goto Exit;
}
for (uint32_t i = 0; i < section_info_count; i++) {
ebpf_store_key_t section_key = NULL;
// Open or create the registry path.
result =
ebpf_create_registry_key(section_info_key, section_info[i].section_name, REG_CREATE_FLAGS, &section_key);
if (!IS_SUCCESS(result)) {
goto Exit;
}
// Save program type.
result = ebpf_write_registry_value_binary(
section_key,
EBPF_SECTION_DATA_PROGRAM_TYPE,
(uint8_t*)section_info[i].program_type,
sizeof(ebpf_program_type_t));
if (!IS_SUCCESS(result)) {
ebpf_close_registry_key(section_key);
goto Exit;
}
// Save attach type.
result = ebpf_write_registry_value_binary(
section_key,
EBPF_SECTION_DATA_ATTACH_TYPE,
(uint8_t*)section_info[i].attach_type,
sizeof(ebpf_attach_type_t));
if (!IS_SUCCESS(result)) {
ebpf_close_registry_key(section_key);
goto Exit;
}
// Save bpf_prog_type.
result =
ebpf_write_registry_value_dword(section_key, EBPF_DATA_BPF_PROG_TYPE, section_info[i].bpf_program_type);
if (!IS_SUCCESS(result)) {
ebpf_close_registry_key(section_key);
goto Exit;
}
// Save bpf_attach_type.
result =
ebpf_write_registry_value_dword(section_key, EBPF_DATA_BPF_ATTACH_TYPE, section_info[i].bpf_attach_type);
if (!IS_SUCCESS(result)) {
ebpf_close_registry_key(section_key);
goto Exit;
}
ebpf_close_registry_key(section_key);
}
Exit:
ebpf_close_registry_key(section_info_key);
ebpf_close_registry_key(provider_key);
return result;
}
ebpf_result_t
ebpf_store_update_program_information(
_In_reads_(program_info_count) const ebpf_program_info_t* program_info, uint32_t program_info_count)
{
ebpf_result_t result = EBPF_SUCCESS;
ebpf_store_key_t provider_key = NULL;
ebpf_store_key_t program_info_key = NULL;
if (program_info_count == 0) {
return result;
}
// Open (or create) provider registry path.
result = _ebpf_store_open_or_create_provider_registry_key(&provider_key);
if (!IS_SUCCESS(result)) {
goto Exit;
}
// Open (or create) program data registry path.
result =
ebpf_create_registry_key(provider_key, EBPF_PROGRAM_DATA_REGISTRY_PATH, REG_CREATE_FLAGS, &program_info_key);
if (!IS_SUCCESS(result)) {
goto Exit;
}
for (uint32_t i = 0; i < program_info_count; i++) {
ebpf_store_key_t program_key = {0};
ebpf_store_key_t helper_info_key = {0};
// Convert program type GUID to string.
wchar_t guid_string[GUID_STRING_LENGTH + 1];
result = ebpf_convert_guid_to_string(
&program_info[i].program_type_descriptor.program_type, guid_string, GUID_STRING_LENGTH + 1);
if (!IS_SUCCESS(result)) {
return result;
}
result = ebpf_create_registry_key(program_info_key, guid_string, REG_CREATE_FLAGS, &program_key);
if (!IS_SUCCESS(result)) {
goto Exit;
}
// Save the friendly program type name.
result = ebpf_write_registry_value_ansi_string(
program_key, EBPF_PROGRAM_DATA_NAME, program_info[i].program_type_descriptor.name);
if (!IS_SUCCESS(result)) {
ebpf_close_registry_key(program_key);
goto Exit;
}
// Save context descriptor.
result = ebpf_write_registry_value_binary(
program_key,
EBPF_PROGRAM_DATA_CONTEXT_DESCRIPTOR,
(uint8_t*)program_info[i].program_type_descriptor.context_descriptor,
sizeof(ebpf_context_descriptor_t));
if (!IS_SUCCESS(result)) {
ebpf_close_registry_key(program_key);
goto Exit;
}
// Save bpf_prog_type.
result = ebpf_write_registry_value_dword(
program_key, EBPF_DATA_BPF_PROG_TYPE, program_info[i].program_type_descriptor.bpf_prog_type);
if (!IS_SUCCESS(result)) {
ebpf_close_registry_key(program_key);
goto Exit;
}
// Save "is_privileged".
result = ebpf_write_registry_value_dword(
program_key, EBPF_PROGRAM_DATA_PRIVILEGED, program_info[i].program_type_descriptor.is_privileged);
if (!IS_SUCCESS(result)) {
ebpf_close_registry_key(program_key);
goto Exit;
}
// Save helper count.
result = ebpf_write_registry_value_dword(
program_key, EBPF_PROGRAM_DATA_HELPER_COUNT, program_info[i].count_of_program_type_specific_helpers);
if (!IS_SUCCESS(result)) {
ebpf_close_registry_key(program_key);
goto Exit;
}
if (program_info[i].count_of_program_type_specific_helpers != 0) {
// Create (or open) helper registry path.
result = ebpf_create_registry_key(
program_key, EBPF_PROGRAM_DATA_HELPERS_REGISTRY_PATH, REG_CREATE_FLAGS, &helper_info_key);
if (!IS_SUCCESS(result)) {
ebpf_close_registry_key(program_key);
goto Exit;
}
// Iterate over all the helper prototypes and save in registry.
for (uint32_t count = 0; count < program_info[i].count_of_program_type_specific_helpers; count++) {
result = ebpf_store_update_helper_prototype(
helper_info_key, &(program_info[i].program_type_specific_helper_prototype[count]));
if (!IS_SUCCESS(result)) {
ebpf_close_registry_key(program_key);
ebpf_close_registry_key(helper_info_key);
goto Exit;
}
}
ebpf_close_registry_key(helper_info_key);
}
ebpf_close_registry_key(program_key);
}
Exit:
ebpf_close_registry_key(program_info_key);
ebpf_close_registry_key(provider_key);
return result;
}

35
libs/store_helper/kernel/CMakeLists.txt Normal file
Просмотреть файл

@ -0,0 +1,35 @@
# Copyright (c) Microsoft Corporation
# SPDX-License-Identifier: MIT
list(APPEND CMAKE_MODULE_PATH
"${CMAKE_SOURCE_DIR}/external/usersim/external/FindWDK/cmake"
)
find_package(WDK REQUIRED)
wdk_add_library("ebpf_store_helper_km" STATIC WINVER "${EBPFFORWINDOWS_WDK_WINVER}"
ebpf_registry_helper.c
../ebpf_store_helper.c
)
target_link_directories("ebpf_store_helper_km" PRIVATE
"${WDK_ROOT}/Lib/${WDK_VERSION}/km/x64"
)
target_include_directories("ebpf_store_helper_km" PRIVATE
"${CMAKE_SOURCE_DIR}/include"
"${CMAKE_SOURCE_DIR}/libs/platform"
"${CMAKE_SOURCE_DIR}/libs/platform/kernel"
"${CMAKE_SOURCE_DIR}/libs/store_helper"
"${CMAKE_SOURCE_DIR}/libs/store_helper/kernel"
"${CMAKE_SOURCE_DIR}/external/ebpf-verifier/src"
)
target_compile_definitions("ebpf_store_helper_km" PRIVATE
WINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP
WINAPI_PARTITION_DESKTOP=1
WINAPI_PARTITION_SYSTEM=1
WINAPI_PARTITION_APP=1
WINAPI_PARTITION_PC_APP=1
_KRPCENV_
_NO_CRT_STDIO_INLINE=1
)

85
include/kernel/ebpf_registry_helper.h → libs/store_helper/kernel/ebpf_registry_helper.c
Просмотреть файл

@ -1,39 +1,31 @@
// Copyright (c) Microsoft Corporation
// SPDX-License-Identifier: MIT
#pragma once
/**
* @file
* @brief Contains kernel mode registry related helper APIs.
*/
#include "framework.h"
#include "ebpf_registry_helper.h"
#define __return_type NTSTATUS
#define _SUCCESS STATUS_SUCCESS
#define IS_SUCCESS(x) (NT_SUCCESS(x))
#define _EBPF_RESULT(x) (NT_SUCCESS(x) ? EBPF_SUCCESS : EBPF_FAILED)
#define REG_CREATE_FLAGS 0
#define GUID_STRING_LENGTH 38 // not including the null terminator.
ebpf_store_key_t ebpf_store_root_key = NULL;
const wchar_t* ebpf_store_root_sub_key = EBPF_ROOT_REGISTRY_PATH;
typedef _Return_type_success_(NT_SUCCESS(return )) uint32_t ebpf_registry_result_t;
typedef HANDLE ebpf_registry_key_t;
static void
close_registry_key(ebpf_registry_key_t key)
{
ZwClose(key);
}
static NTSTATUS
convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length)
ebpf_result_t
ebpf_convert_guid_to_string(
_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length)
{
UNICODE_STRING unicode_string = {0};
NTSTATUS status = RtlStringFromGUID(guid, &unicode_string);
if (status != STATUS_SUCCESS) {
ebpf_result_t result = _EBPF_RESULT(RtlStringFromGUID(guid, &unicode_string));
if (result != EBPF_SUCCESS) {
goto Exit;
}
if (string_length < GUID_STRING_LENGTH + 1) {
status = STATUS_BUFFER_TOO_SMALL;
result = EBPF_INSUFFICIENT_BUFFER;
goto Exit;
}
@ -48,21 +40,29 @@ Exit:
if (unicode_string.Buffer != NULL) {
RtlFreeUnicodeString(&unicode_string);
}
return status;
return result;
}
static _Must_inspect_result_ ebpf_registry_result_t
write_registry_value_binary(
ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size)
void
ebpf_close_registry_key(ebpf_store_key_t key)
{
if (key) {
ZwClose(key);
}
}
_Must_inspect_result_ ebpf_result_t
ebpf_write_registry_value_binary(
ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size)
{
UNICODE_STRING unicode_value_name;
RtlInitUnicodeString(&unicode_value_name, value_name);
return ZwSetValueKey(key, &unicode_value_name, 0, REG_BINARY, value, (ULONG)value_size);
return _EBPF_RESULT(ZwSetValueKey(key, &unicode_value_name, 0, REG_BINARY, value, (ULONG)value_size));
}
static _Must_inspect_result_ ebpf_registry_result_t
write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value)
_Must_inspect_result_ ebpf_result_t
ebpf_write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value)
{
NTSTATUS status;
UNICODE_STRING unicode_value;
@ -81,22 +81,21 @@ write_registry_value_ansi_string(ebpf_registry_key_t key, _In_z_ const wchar_t*
RtlFreeUnicodeString(&unicode_value);
Exit:
return status;
return _EBPF_RESULT(status);
}
static _Must_inspect_result_ ebpf_registry_result_t
write_registry_value_dword(ebpf_registry_key_t key, _In_z_ const wchar_t* value_name, uint32_t value)
_Must_inspect_result_ ebpf_result_t
ebpf_write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value)
{
UNICODE_STRING unicode_name;
RtlInitUnicodeString(&unicode_name, value_name);
return ZwSetValueKey(key, &unicode_name, 0, REG_DWORD, &value, sizeof(uint32_t));
return _EBPF_RESULT(ZwSetValueKey(key, &unicode_name, 0, REG_DWORD, &value, sizeof(uint32_t)));
}
static _Must_inspect_result_ ebpf_registry_result_t
create_registry_key(
ebpf_registry_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key)
_Must_inspect_result_ ebpf_result_t
ebpf_create_registry_key(
ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key)
{
NTSTATUS status = STATUS_SUCCESS;
UNICODE_STRING registry_path;
OBJECT_ATTRIBUTES object_attributes = {0};
@ -106,14 +105,12 @@ create_registry_key(
InitializeObjectAttributes(
&object_attributes, &registry_path, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, root_key, NULL);
status = ZwCreateKey(key, KEY_WRITE, &object_attributes, 0, NULL, REG_OPTION_NON_VOLATILE, NULL);
return status;
return _EBPF_RESULT(ZwCreateKey(key, KEY_WRITE, &object_attributes, 0, NULL, REG_OPTION_NON_VOLATILE, NULL));
}
static _Must_inspect_result_ ebpf_registry_result_t
create_registry_key_ansi(
ebpf_registry_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_registry_key_t* key)
_Must_inspect_result_ ebpf_result_t
ebpf_create_registry_key_ansi(
ebpf_store_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key)
{
NTSTATUS status = STATUS_SUCCESS;
UNICODE_STRING registry_path;
@ -136,5 +133,5 @@ create_registry_key_ansi(
RtlFreeUnicodeString(&registry_path);
Exit:
return status;
return _EBPF_RESULT(status);
}

33
libs/store_helper/kernel/ebpf_registry_helper.h Normal file
Просмотреть файл

@ -0,0 +1,33 @@
// Copyright (c) Microsoft Corporation
// SPDX-License-Identifier: MIT
#pragma once
#include "ebpf_store_helper.h"
#define REG_CREATE_FLAGS 0
ebpf_result_t
ebpf_convert_guid_to_string(
_In_ const GUID* guid, _Out_writes_all_(string_length) wchar_t* string, size_t string_length);
void
ebpf_close_registry_key(ebpf_store_key_t key);
_Must_inspect_result_ ebpf_result_t
ebpf_write_registry_value_binary(
ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size);
_Must_inspect_result_ ebpf_result_t
ebpf_write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value);
_Must_inspect_result_ ebpf_result_t
ebpf_write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value);
_Must_inspect_result_ ebpf_result_t
ebpf_create_registry_key(
ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key);
_Must_inspect_result_ ebpf_result_t
ebpf_create_registry_key_ansi(
ebpf_store_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key);

168
libs/store_helper/kernel/ebpf_store_helper_km.vcxproj Normal file
Просмотреть файл

@ -0,0 +1,168 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: MIT
-->
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="NativeOnlyDebug|x64">
<Configuration>NativeOnlyDebug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="NativeOnlyRelease|x64">
<Configuration>NativeOnlyRelease</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{3569e946-c8b4-49ee-a89d-edd09dc9f36e}</ProjectGuid>
<MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
<Configuration>Debug</Configuration>
<Platform Condition="'$(Platform)' == ''">Win32</Platform>
<DriverType>KMDF</DriverType>
<RootNamespace>store_helper_km</RootNamespace>
<ProjectName>ebpf_store_helper_km</ProjectName>
<WindowsTargetPlatformVersion>$(LatestTargetPlatformVersion)</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
<ConfigurationType>StaticLibrary</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<EnableASAN>false</EnableASAN>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyDebug|x64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
<ConfigurationType>StaticLibrary</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<EnableASAN>false</EnableASAN>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
<ConfigurationType>StaticLibrary</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<EnableASAN>false</EnableASAN>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyRelease|x64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
<ConfigurationType>StaticLibrary</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<EnableASAN>false</EnableASAN>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\kernel;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src</IncludePath>
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyDebug|x64'">
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\kernel;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src</IncludePath>
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\kernel;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src</IncludePath>
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyRelease|x64'">
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\kernel;$(SolutionDir)\libs\platform\kernel;$(SolutionDir)\external\ebpf-verifier\src</IncludePath>
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
<Link>
<SubSystem />
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyDebug|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
<Link>
<SubSystem>
</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
<Link>
<SubSystem />
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyRelease|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
<Link>
<SubSystem>
</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClInclude Include="..\..\..\include\ebpf_store_helper.h" />
<ClInclude Include="ebpf_registry_helper.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\ebpf_store_helper.c" />
<ClCompile Include="ebpf_registry_helper.c" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

31
libs/store_helper/kernel/ebpf_store_helper_km.vcxproj.filters Normal file
Просмотреть файл

@ -0,0 +1,31 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: MIT
-->
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Header Files">
<UniqueIdentifier>{f18f64a4-4935-458c-b74d-6e4b7b62cf98}</UniqueIdentifier>
</Filter>
<Filter Include="Source Files">
<UniqueIdentifier>{96641f48-dc1b-4f88-bf4e-bc8f00152973}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\..\include\ebpf_store_helper.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="ebpf_registry_helper.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="ebpf_registry_helper.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\ebpf_store_helper.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
</Project>

25
libs/store_helper/user/CMakeLists.txt Normal file
Просмотреть файл

@ -0,0 +1,25 @@
# Copyright (c) Microsoft Corporation
# SPDX-License-Identifier: MIT
add_library("ebpf_store_helper_um" STATIC
ebpf_registry_helper.cpp
../ebpf_store_helper.c
)
target_include_directories("ebpf_store_helper_um" PRIVATE
"${CMAKE_SOURCE_DIR}/include"
"${CMAKE_SOURCE_DIR}/libs/platform"
"${CMAKE_SOURCE_DIR}/libs/platform/user"
"${CMAKE_SOURCE_DIR}/libs/store_helper"
"${CMAKE_SOURCE_DIR}/libs/store_helper/user"
"${CMAKE_SOURCE_DIR}/external/usersim/inc"
"${CMAKE_SOURCE_DIR}/external/ebpf-verifier/src"
)
target_compile_definitions("ebpf_store_helper_um" PRIVATE
_WINDOWS
_LIB
UNICODE
_UNICODE
USER_MODE
)

249
libs/store_helper/user/ebpf_registry_helper.cpp Normal file
Просмотреть файл

@ -0,0 +1,249 @@
// Copyright (c) Microsoft Corporation
// SPDX-License-Identifier: MIT
/**
* @file
* @brief Contains user mode registry related helper APIs.
*/
#include "ebpf_platform.h"
#include "ebpf_registry_helper.h"
#include <string>
#define GUID_STRING_LENGTH 38 // not including the null terminator.
#define _EBPF_RESULT(x) win32_error_code_to_ebpf_result(x)
ebpf_store_key_t ebpf_store_root_key = HKEY_CURRENT_USER; // TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE
const wchar_t* ebpf_store_root_sub_key = EBPF_ROOT_RELATIVE_PATH;
static std::wstring
_get_wstring_from_string(std::string text)
{
int length = MultiByteToWideChar(CP_UTF8, 0, text.c_str(), -1, nullptr, 0);
std::wstring wide(length, 0);
MultiByteToWideChar(CP_UTF8, 0, text.c_str(), -1, &wide[0], length);
return wide;
}
void
ebpf_close_registry_key(ebpf_store_key_t key)
{
ebpf_assert(key);
RegCloseKey(key);
}
_Must_inspect_result_ ebpf_result_t
ebpf_write_registry_value_binary(
ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_reads_(value_size) uint8_t* value, size_t value_size)
{
ebpf_assert(value_name);
ebpf_assert(value);
return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_BINARY, value, (unsigned long)value_size));
}
_Must_inspect_result_ ebpf_result_t
write_registry_value_wide_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const wchar_t* value)
{
ebpf_assert(value_name);
ebpf_assert(value);
auto length = (wcslen(value) + 1) * sizeof(wchar_t);
return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_SZ, (uint8_t*)value, (unsigned long)length));
}
_Must_inspect_result_ ebpf_result_t
ebpf_write_registry_value_ansi_string(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value)
{
ebpf_result_t result;
try {
auto wide_string = _get_wstring_from_string(value);
result = _EBPF_RESULT(write_registry_value_wide_string(key, value_name, wide_string.c_str()));
} catch (...) {
result = EBPF_NO_MEMORY;
}
return result;
}
_Must_inspect_result_ ebpf_result_t
ebpf_write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value)
{
ebpf_assert(key);
return _EBPF_RESULT(RegSetValueEx(key, value_name, 0, REG_DWORD, (PBYTE)&value, sizeof(value)));
}
_Must_inspect_result_ ebpf_result_t
ebpf_create_registry_key(
ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key)
{
*key = nullptr;
if (root_key == nullptr) {
return EBPF_INVALID_ARGUMENT;
}
return _EBPF_RESULT(RegCreateKeyEx(root_key, sub_key, 0, nullptr, 0, flags, nullptr, key, nullptr));
}
_Must_inspect_result_ ebpf_result_t
ebpf_open_registry_key(
ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key)
{
ebpf_assert(root_key != nullptr);
_Analysis_assume_(root_key != nullptr);
return _EBPF_RESULT(RegOpenKeyEx(root_key, sub_key, 0, flags, key));
}
_Must_inspect_result_ ebpf_result_t
ebpf_delete_registry_key(ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key)
{
return _EBPF_RESULT(RegDeleteKeyEx(root_key, sub_key, 0, 0));
}
_Must_inspect_result_ ebpf_result_t
ebpf_delete_registry_tree(ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key)
{
return _EBPF_RESULT(RegDeleteTree(root_key, sub_key));
}
_Must_inspect_result_ ebpf_result_t
ebpf_create_registry_key_ansi(
ebpf_store_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key)
{
ebpf_result_t result;
try {
auto wide_string = _get_wstring_from_string(sub_key);
result = ebpf_create_registry_key(root_key, wide_string.c_str(), flags, key);
} catch (...) {
result = EBPF_NO_MEMORY;
}
return result;
}
_Must_inspect_result_ ebpf_result_t
ebpf_read_registry_value_string(
ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value)
{
ebpf_result_t result = EBPF_SUCCESS;
unsigned long type = REG_SZ;
unsigned long value_size = 0;
wchar_t* string_value = nullptr;
if (value == nullptr) {
return EBPF_INVALID_ARGUMENT;
}
*value = nullptr;
result = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, nullptr, &value_size));
if (result != EBPF_SUCCESS || type != REG_SZ) {
if (type != REG_SZ) {
result = EBPF_INVALID_ARGUMENT;
}
return result;
}
string_value = (wchar_t*)ebpf_allocate((value_size + sizeof(wchar_t)));
if (string_value == nullptr) {
return EBPF_NO_MEMORY;
}
memset(string_value, 0, value_size + sizeof(wchar_t));
result = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, (PBYTE)string_value, &value_size));
if (result != EBPF_SUCCESS) {
goto Exit;
}
*value = string_value;
string_value = nullptr;
Exit:
if (string_value) {
ebpf_free(string_value);
}
return result;
}
_Must_inspect_result_ ebpf_result_t
ebpf_read_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value)
{
unsigned long type = REG_QWORD;
unsigned long value_size = sizeof(uint32_t);
return _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, (PBYTE)value, &value_size));
}
_Must_inspect_result_ ebpf_result_t
ebpf_read_registry_value_binary(
ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Out_writes_(value_size) uint8_t* value, size_t value_size)
{
ebpf_result_t result = EBPF_SUCCESS;
unsigned long type = REG_BINARY;
unsigned long local_value_size = (unsigned long)value_size;
result = _EBPF_RESULT(RegQueryValueEx(key, value_name, 0, &type, value, &local_value_size));
if (result != EBPF_SUCCESS || type != REG_BINARY || local_value_size != value_size) {
if (result != EBPF_SUCCESS) {
result = EBPF_INVALID_ARGUMENT;
}
goto Exit;
}
Exit:
return result;
}
_Must_inspect_result_ ebpf_result_t
ebpf_convert_guid_to_string(_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size)
{
ebpf_result_t result = EBPF_SUCCESS;
wchar_t* value_name = nullptr;
try {
*string = 0;
if (string_size < GUID_STRING_LENGTH + 1) {
return EBPF_INSUFFICIENT_BUFFER;
}
// Convert program type GUID to string.
RPC_STATUS rpc_status = UuidToString(guid, (RPC_WSTR*)&value_name);
if (rpc_status != RPC_S_OK) {
return EBPF_INVALID_ARGUMENT;
}
std::wstring value_name_string(value_name);
// UuidToString returns string without braces. Add braces to the resulting string.
value_name_string = L"{" + value_name_string + L"}";
// Copy the buffer to the output string.
memcpy(string, value_name_string.c_str(), GUID_STRING_LENGTH * 2);
string[GUID_STRING_LENGTH] = L'\0';
} catch (...) {
result = EBPF_NO_MEMORY;
}
return result;
}
_Must_inspect_result_ ebpf_result_t
ebpf_convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid)
{
ebpf_result_t result = EBPF_SUCCESS;
// The UUID string read from registry also contains the opening and closing braces.
// Remove those before converting to UUID.
wchar_t truncated_string[GUID_STRING_LENGTH + 1] = {0};
memcpy(truncated_string, string + 1, (wcslen(string) - 2) * sizeof(wchar_t));
// Convert program type string to GUID
auto rpc_status = UuidFromString((RPC_WSTR)truncated_string, guid);
if (rpc_status != RPC_S_OK) {
result = EBPF_INVALID_ARGUMENT;
}
return result;
}

74
libs/store_helper/user/ebpf_registry_helper.h Normal file
Просмотреть файл

@ -0,0 +1,74 @@
// Copyright (c) Microsoft Corporation
// SPDX-License-Identifier: MIT
#pragma once
#include "ebpf_store_helper.h"
#define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ)
#define REG_OPEN_FLAGS (DELETE | KEY_READ)
#ifdef __cplusplus
extern "C"
{
#endif
void
ebpf_close_registry_key(ebpf_store_key_t key);
_Must_inspect_result_ ebpf_result_t
ebpf_write_registry_value_binary(
ebpf_store_key_t key,
_In_z_ const wchar_t* value_name,
_In_reads_(value_size) uint8_t* value,
size_t value_size);
_Must_inspect_result_ ebpf_result_t
ebpf_write_registry_value_ansi_string(
ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _In_z_ const char* value);
_Must_inspect_result_ ebpf_result_t
ebpf_write_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, uint32_t value);
_Must_inspect_result_ ebpf_result_t
ebpf_create_registry_key(
ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key);
_Must_inspect_result_ ebpf_result_t
ebpf_open_registry_key(
ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key);
_Must_inspect_result_ ebpf_result_t
ebpf_delete_registry_key(ebpf_store_key_t root_key, _In_z_ const wchar_t* sub_key);
_Must_inspect_result_ ebpf_result_t
ebpf_delete_registry_tree(ebpf_store_key_t root_key, _In_opt_z_ const wchar_t* sub_key);
_Must_inspect_result_ ebpf_result_t
ebpf_read_registry_value_dword(ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Out_ uint32_t* value);
_Must_inspect_result_ ebpf_result_t
ebpf_read_registry_value_binary(
ebpf_store_key_t key,
_In_z_ const wchar_t* value_name,
_Out_writes_(value_size) uint8_t* value,
size_t value_size);
_Must_inspect_result_ ebpf_result_t
ebpf_convert_guid_to_string(
_In_ const GUID* guid, _Out_writes_all_(string_size) wchar_t* string, size_t string_size);
_Must_inspect_result_ ebpf_result_t
ebpf_convert_string_to_guid(_In_z_ const wchar_t* string, _Out_ GUID* guid);
_Must_inspect_result_ ebpf_result_t
ebpf_create_registry_key_ansi(
ebpf_store_key_t root_key, _In_z_ const char* sub_key, uint32_t flags, _Out_ ebpf_store_key_t* key);
_Must_inspect_result_ ebpf_result_t
ebpf_read_registry_value_string(
ebpf_store_key_t key, _In_z_ const wchar_t* value_name, _Outptr_result_maybenull_ wchar_t** value);
#ifdef __cplusplus
}
#endif

100
libs/store_helper/user/ebpf_store_helper_um.vcxproj Normal file
Просмотреть файл

@ -0,0 +1,100 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: MIT
-->
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{AA933B9F-B5D8-4AA8-AC18-98FE1A161E8A}</ProjectGuid>
<MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
<Configuration>Debug</Configuration>
<RootNamespace>store_helper_um</RootNamespace>
<ProjectName>ebpf_store_helper_um</ProjectName>
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<ConfigurationType>StaticLibrary</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<EnableASAN>false</EnableASAN>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<ConfigurationType>StaticLibrary</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<EnableASAN>false</EnableASAN>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\user;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;$(SolutionDir)external\usersim\inc</IncludePath>
<LibraryPath>$(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64)</LibraryPath>
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\include;$(SolutionDir)\libs\store_helper\user;$(SolutionDir)\libs\platform;$(SolutionDir)\libs\platform\user;$(SolutionDir)\external\ebpf-verifier\src;$(SolutionDir)external\usersim\inc</IncludePath>
<LibraryPath>$(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64)</LibraryPath>
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>_DEBUG;_LIB;USER_MODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
<Link>
<SubSystem />
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>NDEBUG;_LIB;USER_MODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
<Link>
<SubSystem />
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClInclude Include="..\..\..\include\ebpf_store_helper.h" />
<ClInclude Include="ebpf_registry_helper.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\ebpf_store_helper.c" />
<ClCompile Include="ebpf_registry_helper.cpp" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

31
libs/store_helper/user/ebpf_store_helper_um.vcxproj.filters Normal file
Просмотреть файл

@ -0,0 +1,31 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: MIT
-->
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{fc986e3b-0dc2-4bd3-9087-b44ce64ca07c}</UniqueIdentifier>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{589ce50f-4aa5-42c3-9b32-d8f3f8a1eeec}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="ebpf_registry_helper.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\ebpf_store_helper.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\..\include\ebpf_store_helper.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="ebpf_registry_helper.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>

4
netebpfext/net_ebpf_ext_bind.c
Просмотреть файл

@ -158,13 +158,13 @@ _net_ebpf_bind_update_store_entries()
// Update section information.
uint32_t section_info_count = sizeof(_ebpf_bind_section_info) / sizeof(ebpf_program_section_info_t);
status = _ebpf_store_update_section_information(&_ebpf_bind_section_info[0], section_info_count);
status = ebpf_store_update_section_information(&_ebpf_bind_section_info[0], section_info_count);
if (!NT_SUCCESS(status)) {
return status;
}
// Update program information.
status = _ebpf_store_update_program_information(&_ebpf_bind_program_info, 1);
status = ebpf_store_update_program_information(&_ebpf_bind_program_info, 1);
return status;
}

4
netebpfext/net_ebpf_ext_sock_addr.c
Просмотреть файл

@ -585,13 +585,13 @@ _net_ebpf_sock_addr_update_store_entries()
// Update section information.
uint32_t section_info_count = sizeof(_ebpf_sock_addr_section_info) / sizeof(ebpf_program_section_info_t);
status = _ebpf_store_update_section_information(&_ebpf_sock_addr_section_info[0], section_info_count);
status = ebpf_store_update_section_information(&_ebpf_sock_addr_section_info[0], section_info_count);
if (!NT_SUCCESS(status)) {
NET_EBPF_EXT_RETURN_NTSTATUS(status);
}
// Update program information.
status = _ebpf_store_update_program_information(&_ebpf_sock_addr_program_info, 1);
status = ebpf_store_update_program_information(&_ebpf_sock_addr_program_info, 1);
NET_EBPF_EXT_RETURN_NTSTATUS(status);
}

4
netebpfext/net_ebpf_ext_sock_ops.c
Просмотреть файл

@ -259,13 +259,13 @@ _net_ebpf_sock_ops_update_store_entries()
// Update section information.
uint32_t section_info_count = sizeof(_ebpf_sock_ops_section_info) / sizeof(ebpf_program_section_info_t);
status = _ebpf_store_update_section_information(&_ebpf_sock_ops_section_info[0], section_info_count);
status = ebpf_store_update_section_information(&_ebpf_sock_ops_section_info[0], section_info_count);
if (!NT_SUCCESS(status)) {
return status;
}
// Update program information.
status = _ebpf_store_update_program_information(&_ebpf_sock_ops_program_info, 1);
status = ebpf_store_update_program_information(&_ebpf_sock_ops_program_info, 1);
return status;
}

4
netebpfext/net_ebpf_ext_xdp.c
Просмотреть файл

@ -230,13 +230,13 @@ _net_ebpf_xdp_update_store_entries()
// Update section information.
uint32_t section_info_count = sizeof(_ebpf_xdp_section_info) / sizeof(ebpf_program_section_info_t);
status = _ebpf_store_update_section_information(&_ebpf_xdp_section_info[0], section_info_count);
status = ebpf_store_update_section_information(&_ebpf_xdp_section_info[0], section_info_count);
if (!NT_SUCCESS(status)) {
return status;
}
// Update program information.
status = _ebpf_store_update_program_information(&_ebpf_xdp_program_info, 1);
status = ebpf_store_update_program_information(&_ebpf_xdp_program_info, 1);
return status;
}

3
netebpfext/sys/CMakeLists.txt
Просмотреть файл

@ -44,6 +44,8 @@ target_include_directories("NetEbpfExt" PRIVATE
"${CMAKE_SOURCE_DIR}/include/kernel"
"${CMAKE_SOURCE_DIR}/libs/platform"
"${CMAKE_SOURCE_DIR}/libs/platform/kernel"
"${CMAKE_SOURCE_DIR}/libs/store_helper"
"${CMAKE_SOURCE_DIR}/libs/store_helper/kernel"
"${CMAKE_SOURCE_DIR}/netebpfext/sys"
"${CMAKE_SOURCE_DIR}/netebpfext"
"${CMAKE_SOURCE_DIR}/resource"
@ -55,6 +57,7 @@ target_link_directories("NetEbpfExt" PRIVATE
target_link_libraries("NetEbpfExt"
"ebpf_for_windows_common_settings"
"ebpf_store_helper_km"
"external::ebpfverifier_headers"
"Ndis.lib"
"Netio.lib"

17
netebpfext/sys/netebpfext.vcxproj
Просмотреть файл

@ -100,15 +100,19 @@
<PropertyGroup />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyDebug|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyRelease|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ResourceCompile>
@ -127,7 +131,7 @@
</Midl>
<Link>
<AdditionalDependencies>%(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OutDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalLibraryDirectories>$(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
<DriverSign>
<FileDigestAlgorithm>SHA256</FileDigestAlgorithm>
@ -149,7 +153,7 @@
</Midl>
<Link>
<AdditionalDependencies>%(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OutDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalLibraryDirectories>$(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
<DriverSign>
<FileDigestAlgorithm>SHA256</FileDigestAlgorithm>
@ -170,7 +174,7 @@
</Midl>
<Link>
<AdditionalDependencies>%(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OutDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalLibraryDirectories>$(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
<DriverSign>
<FileDigestAlgorithm>SHA256</FileDigestAlgorithm>
@ -191,7 +195,7 @@
</Midl>
<Link>
<AdditionalDependencies>%(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OutDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalLibraryDirectories>$(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
<DriverSign>
<FileDigestAlgorithm>SHA256</FileDigestAlgorithm>
@ -231,6 +235,11 @@
<ClInclude Include="netebpfext_platform.h" />
<ClInclude Include="resource.h" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\libs\store_helper\kernel\ebpf_store_helper_km.vcxproj">
<Project>{3569e946-c8b4-49ee-a89d-edd09dc9f36e}</Project>
</ProjectReference>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>

17
netebpfext/user/netebpfext_user.vcxproj
Просмотреть файл

@ -62,12 +62,15 @@
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='FuzzerDebug|x64'">
<LinkIncremental>true</LinkIncremental>
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
@ -83,6 +86,9 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>mincore.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
<Lib>
<AdditionalLibraryDirectories>$(SolutionDir)$(Platform)\$(ConfigurationName)\</AdditionalLibraryDirectories>
</Lib>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='FuzzerDebug|x64'">
<ClCompile>
@ -100,12 +106,13 @@
</Link>
<Lib>
<LinkTimeCodeGeneration>false</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(SolutionDir)$(Platform)\$(ConfigurationName)\</AdditionalLibraryDirectories>
</Lib>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;USER_MODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)external\usersim\inc;$(SolutionDir)external\usersim\src;$(OutputPath);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)include\user;$(SolutionDir)netebpfext;$(SolutionDir)netebpfext\user;$(SolutionDir)libs\thunk;$(SolutionDir)tests\libs\util;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<CompileAs>CompileAsCpp</CompileAs>
<AdditionalOptions>/Zc:strictStrings- %(AdditionalOptions)</AdditionalOptions>
@ -117,6 +124,9 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>mincore.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
<Lib>
<AdditionalLibraryDirectories>$(SolutionDir)$(Platform)\$(ConfigurationName)\</AdditionalLibraryDirectories>
</Lib>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\guid.c">
@ -145,6 +155,11 @@
<ClInclude Include="..\net_ebpf_ext_xdp.h" />
<ClInclude Include="netebpfext_platform.h" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\libs\store_helper\user\ebpf_store_helper_um.vcxproj">
<Project>{aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a}</Project>
</ProjectReference>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>

6
tests/libfuzzer/netebpfext_fuzzer/netebpfext_fuzzer.vcxproj
Просмотреть файл

@ -71,7 +71,7 @@
<Link>
<SubSystem>Console</SubSystem>
<AdditionalDependencies>$(FuzzerLibs);mincore.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(VCToolsInstallDir)lib\$(Platform)</AdditionalLibraryDirectories>
<AdditionalLibraryDirectories>$(VCToolsInstallDir)lib\$(Platform);$(SolutionDir)$(Platform)\$(ConfigurationName)\</AdditionalLibraryDirectories>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='FuzzerDebug|x64'">
@ -82,7 +82,7 @@
<Link>
<SubSystem>Console</SubSystem>
<AdditionalDependencies>$(FuzzerLibs);mincore.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(VCToolsInstallDir)lib\$(Platform)</AdditionalLibraryDirectories>
<AdditionalLibraryDirectories>$(VCToolsInstallDir)lib\$(Platform);$(SolutionDir)$(Platform)\$(ConfigurationName)\</AdditionalLibraryDirectories>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@ -94,7 +94,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>$(FuzzerLibs);mincore.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(VCToolsInstallDir)lib\$(Platform)</AdditionalLibraryDirectories>
<AdditionalLibraryDirectories>$(VCToolsInstallDir)lib\$(Platform);$(SolutionDir)$(Platform)\$(ConfigurationName)\</AdditionalLibraryDirectories>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

3
tests/netebpfext_unit/netebpf_ext_helper.cpp
Просмотреть файл

@ -1,11 +1,10 @@
// Copyright (c) Microsoft Corporation
// SPDX-License-Identifier: MIT
#include "ebpf_store_helper.h"
#include "net_ebpf_ext_sock_addr.h"
#include "netebpf_ext_helper.h"
// TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE
ebpf_registry_key_t ebpf_root_registry_key = HKEY_CURRENT_USER;
DEVICE_OBJECT* _net_ebpf_ext_driver_device_object;
constexpr uint32_t _test_destination_ipv4_address = 0x01020304;

2
tests/netebpfext_unit/netebpf_ext_helper.h
Просмотреть файл

@ -14,7 +14,7 @@
#endif
#include "ebpf_extension_uuids.h"
#include "ebpf_registry_helper.h"
#include "ebpf_store_helper.h"
#include "net_ebpf_ext.h"
#include "net_ebpf_ext_tracelog.h"
#include "usersim\fwp_test.h"

3
tests/netebpfext_unit/netebpfext_unit.vcxproj
Просмотреть файл

@ -80,6 +80,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>mincore.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(VC_LibraryPath_VC_x64_Desktop);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(Link.AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='FuzzerDebug|x64'">
@ -94,6 +95,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>mincore.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(VC_LibraryPath_VC_x64_Desktop);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(Link.AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@ -112,6 +114,7 @@
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>mincore.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(VC_LibraryPath_VC_x64_Desktop);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(Link.AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

1
tests/sample/ext/drv/CMakeLists.txt
Просмотреть файл

@ -28,6 +28,7 @@ target_link_directories("sample_ebpf_ext" PRIVATE
target_link_libraries("sample_ebpf_ext"
"ebpf_for_windows_common_settings"
"ebpf_store_helper_km"
"external::ebpfverifier_headers"
"platform_kernel"
"netio.lib"

4
tests/sample/ext/drv/sample_ext.c
Просмотреть файл

@ -319,7 +319,7 @@ _sample_ebpf_extension_update_store_entries()
(GUID*)&EBPF_ATTACH_TYPE_SAMPLE,
BPF_PROG_TYPE_SAMPLE,
BPF_ATTACH_TYPE_SAMPLE};
status = _ebpf_store_update_section_information(&section_info, 1);
status = ebpf_store_update_section_information(&section_info, 1);
if (!NT_SUCCESS(status)) {
return status;
}
@ -331,7 +331,7 @@ _sample_ebpf_extension_update_store_entries()
.ProviderRegistrationInstance.NpiSpecificCharacteristics;
program_data = (ebpf_program_data_t*)extension_data->data;
status = _ebpf_store_update_program_information(program_data->program_info, 1);
status = ebpf_store_update_program_information(program_data->program_info, 1);
return status;
}

15
tests/sample/ext/drv/sample_ext.vcxproj
Просмотреть файл

@ -98,15 +98,19 @@
<PropertyGroup />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyDebug|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyRelease|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<IncludePath>$(IncludePath);$(KMDF_INC_PATH)$(KMDF_VER_PATH);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ResourceCompile>
@ -123,7 +127,7 @@
<AdditionalDependencies>%(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib</AdditionalDependencies>
<AdditionalOptions>
</AdditionalOptions>
<AdditionalLibraryDirectories>$(OutDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalLibraryDirectories>$(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
<DriverSign>
<FileDigestAlgorithm>SHA256</FileDigestAlgorithm>
@ -144,7 +148,7 @@
<AdditionalDependencies>%(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib</AdditionalDependencies>
<AdditionalOptions>
</AdditionalOptions>
<AdditionalLibraryDirectories>$(OutDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalLibraryDirectories>$(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
<DriverSign>
<FileDigestAlgorithm>SHA256</FileDigestAlgorithm>
@ -163,7 +167,7 @@
</ClCompile>
<Link>
<AdditionalDependencies>%(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OutDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalLibraryDirectories>$(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalOptions>
</AdditionalOptions>
</Link>
@ -184,7 +188,7 @@
</ClCompile>
<Link>
<AdditionalDependencies>%(AdditionalDependencies);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib;$(DDK_LIB_PATH)\netio.lib</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OutDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalLibraryDirectories>$(OutDir);$(SolutionDir)$(Platform)\$(ConfigurationName)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalOptions>
</AdditionalOptions>
</Link>
@ -210,6 +214,9 @@
<ProjectReference Include="$(SolutionDir)libs\platform\kernel\platform_kernel.vcxproj">
<Project>{fc3f9998-4085-4767-8386-5453f07c3aad}</Project>
</ProjectReference>
<ProjectReference Include="..\..\..\..\libs\store_helper\kernel\ebpf_store_helper_km.vcxproj">
<Project>{3569e946-c8b4-49ee-a89d-edd09dc9f36e}</Project>
</ProjectReference>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">

15
tests/unit/test.vcxproj
Просмотреть файл

@ -88,22 +88,27 @@
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>false</LinkIncremental>
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyDebug|x64'">
<LinkIncremental>false</LinkIncremental>
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='FuzzerDebug|x64'">
<LinkIncremental>false</LinkIncremental>
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyRelease|x64'">
<LinkIncremental>false</LinkIncremental>
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>$(SolutionDir)libs\api_common;$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\ebpfnetsh;$(SolutionDir)tests\libs\util;$(SolutionDir)tests\libs\common;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)libs\service;$(SolutionDir)rpc_interface;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)external\usersim\inc;$(SolutionDir)libs\execution_context;$(SolutionDir)tests\end_to_end;$(SolutionDir)tests\sample;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)\tests\xdp;$(SolutionDir)tools\export_program_info;$(SolutionDir)libs\thunk;$(SolutionDir)libs\thunk\mock;$(SolutionDir)\netebpfext;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;$(SolutionDir)external\bpftool;$(SolutionDir)include\user;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
@ -116,7 +121,7 @@
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyDebug|x64'">
<ClCompile>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>$(SolutionDir)libs\api_common;$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\ebpfnetsh;$(SolutionDir)tests\libs\util;$(SolutionDir)tests\libs\common;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)libs\service;$(SolutionDir)rpc_interface;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)external\usersim\inc;$(SolutionDir)libs\execution_context;$(SolutionDir)tests\end_to_end;$(SolutionDir)tests\sample;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)\tests\xdp;$(SolutionDir)tools\export_program_info;$(SolutionDir)libs\thunk;$(SolutionDir)libs\thunk\mock;$(SolutionDir)\netebpfext;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;$(SolutionDir)external\bpftool;$(SolutionDir)include\user;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
@ -129,7 +134,7 @@
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='FuzzerDebug|x64'">
<ClCompile>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>$(SolutionDir)libs\api_common;$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\ebpfnetsh;$(SolutionDir)tests\libs\util;$(SolutionDir)tests\libs\common;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)libs\service;$(SolutionDir)rpc_interface;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)external\usersim\inc;$(SolutionDir)libs\execution_context;$(SolutionDir)tests\end_to_end;$(SolutionDir)tests\sample;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)\tests\xdp;$(SolutionDir)tools\export_program_info;$(SolutionDir)libs\thunk;$(SolutionDir)libs\thunk\mock;$(SolutionDir)\netebpfext;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;$(SolutionDir)external\bpftool;$(SolutionDir)include\user;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
@ -142,7 +147,7 @@
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>$(SolutionDir)libs\api_common;$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\ebpfnetsh;$(SolutionDir)tests\libs\util;$(SolutionDir)tests\libs\common;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)libs\service;$(SolutionDir)rpc_interface;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)external\usersim\inc;$(SolutionDir)libs\execution_context;$(SolutionDir)tests\end_to_end;$(SolutionDir)tests\sample;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)\tests\xdp;$(SolutionDir)tools\export_program_info;$(SolutionDir)libs\thunk;$(SolutionDir)libs\thunk\mock;$(SolutionDir)\netebpfext;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;$(SolutionDir)external\bpftool;$(SolutionDir)include\user;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
@ -157,7 +162,7 @@
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyRelease|x64'">
<ClCompile>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>$(SolutionDir)libs\api_common;$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\ebpfnetsh;$(SolutionDir)tests\libs\util;$(SolutionDir)tests\libs\common;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)libs\service;$(SolutionDir)rpc_interface;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)external\usersim\inc;$(SolutionDir)libs\execution_context;$(SolutionDir)tests\end_to_end;$(SolutionDir)tests\sample;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)\tests\xdp;$(SolutionDir)tools\export_program_info;$(SolutionDir)libs\thunk;$(SolutionDir)libs\thunk\mock;$(SolutionDir)\netebpfext;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;$(SolutionDir)external\bpftool;$(SolutionDir)include\user;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>

11
tools/export_program_info/CMakeLists.txt
Просмотреть файл

@ -4,26 +4,26 @@
add_executable("export_program_info"
export_program_info.cpp
main.cpp
${CMAKE_SOURCE_DIR}/libs/api_common/registry_helper.cpp
${CMAKE_SOURCE_DIR}/libs/api_common/store_helper_internal.cpp
${CMAKE_SOURCE_DIR}/libs/api_common/utilities.cpp
)
target_include_directories("export_program_info" PRIVATE
"${CMAKE_SOURCE_DIR}/external/usersim/inc"
"${CMAKE_SOURCE_DIR}/include"
"${CMAKE_SOURCE_DIR}/include/user"
"${CMAKE_SOURCE_DIR}/libs/platform"
"${CMAKE_SOURCE_DIR}/libs/platform/user"
"${CMAKE_SOURCE_DIR}/libs/api"
"${CMAKE_SOURCE_DIR}/libs/execution_context"
"${CMAKE_SOURCE_DIR}/libs/platform"
"${CMAKE_SOURCE_DIR}/libs/platform/user"
"${CMAKE_SOURCE_DIR}/libs/thunk"
"${CMAKE_SOURCE_DIR}/netebpfext"
"${CMAKE_SOURCE_DIR}/tests/sample/ext/inc"
"${CMAKE_SOURCE_DIR}/libs/thunk"
"${CMAKE_SOURCE_DIR}/external/usersim/inc"
)
target_link_libraries("export_program_info" PRIVATE
"ebpf_for_windows_cpp_settings"
"ebpf_store_helper_um"
"execution_context_user"
"platform_user"
"api_common_headers"
@ -36,6 +36,7 @@ target_link_libraries("export_program_info" PRIVATE
target_compile_definitions("export_program_info" PRIVATE
_CONSOLE
USER_MODE
)
# Use export_program_info to populate the ebpf store.

14
tools/export_program_info/export_program_info.cpp
Просмотреть файл

@ -1,7 +1,6 @@
// Copyright (c) Microsoft Corporation
// SPDX-License-Identifier: MIT
#define USER_MODE
#define _SILENCE_CXX17_CODECVT_HEADER_DEPRECATION_WARNING
#include "ebpf_api.h"
@ -18,8 +17,6 @@
#define REG_CREATE_FLAGS (KEY_WRITE | DELETE | KEY_READ)
#define REG_OPEN_FLAGS (DELETE | KEY_READ)
extern ebpf_registry_key_t ebpf_root_registry_key;
typedef struct _ebpf_program_section_info_with_count
{
_Field_size_(section_info_count) const ebpf_program_section_info_t* section_info;
@ -50,7 +47,7 @@ export_all_program_information()
uint32_t status = ERROR_SUCCESS;
size_t array_size = _countof(program_information_array);
for (uint32_t i = 0; i < array_size; i++) {
status = _ebpf_store_update_program_information(program_information_array[i], 1);
status = ebpf_store_update_program_information(program_information_array[i], 1);
if (status != ERROR_SUCCESS) {
break;
}
@ -64,7 +61,7 @@ export_all_section_information()
{
uint32_t status = ERROR_SUCCESS;
for (const auto& section : _section_information) {
status = _ebpf_store_update_section_information(section.section_info, (uint32_t)section.section_info_count);
status = ebpf_store_update_section_information(section.section_info, (uint32_t)section.section_info_count);
if (status != ERROR_SUCCESS) {
break;
}
@ -76,16 +73,15 @@ export_all_section_information()
int
export_global_helper_information()
{
return _ebpf_store_update_global_helper_information(
return ebpf_store_update_global_helper_information(
ebpf_core_helper_function_prototype, ebpf_core_helper_functions_count);
}
uint32_t
clear_all_ebpf_stores()
{
// TODO: Issue #1231 Change to using HKEY_LOCAL_MACHINE
std::cout << "Clearing eBPF store HKEY_CURRENT_USER" << std::endl;
return ebpf_store_clear(ebpf_root_registry_key);
std::cout << "Clearing eBPF store" << std::endl;
return ebpf_store_clear(ebpf_store_root_key);
}
void

19
tools/export_program_info/export_program_info.vcxproj
Просмотреть файл

@ -89,26 +89,31 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>false</LinkIncremental>
<CustomBuildAfterTargets>Link</CustomBuildAfterTargets>
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyDebug|x64'">
<LinkIncremental>false</LinkIncremental>
<CustomBuildAfterTargets>Link</CustomBuildAfterTargets>
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='FuzzerDebug|x64'">
<LinkIncremental>false</LinkIncremental>
<CustomBuildAfterTargets>Link</CustomBuildAfterTargets>
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<CustomBuildAfterTargets>Link</CustomBuildAfterTargets>
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyRelease|x64'">
<LinkIncremental>false</LinkIncremental>
<CustomBuildAfterTargets>Link</CustomBuildAfterTargets>
<IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(SolutionDir)\libs\store_helper</IncludePath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)external\usersim\inc;$(SolutionDir)libs\execution_context;$(SolutionDir)external\ubpf\vm;$(SolutionDir)external\ubpf\vm\inc;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)external\ebpf-verifier\external;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)tests\sample\ext\drv;$(OutDir);$(SolutionDir)libs\thunk;$(SolutionDir)\netebpfext;$(SolutionDir)\libs\api_common;$(SolutionDir)include\user;$(SolutionDir)external\ebpf-verifier\build\packages\boost\lib\native\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
@ -131,7 +136,7 @@ $(OutputPath)export_program_info.exe</Command>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyDebug|x64'">
<ClCompile>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)external\usersim\inc;$(SolutionDir)libs\execution_context;$(SolutionDir)external\ubpf\vm;$(SolutionDir)external\ubpf\vm\inc;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)external\ebpf-verifier\external;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)tests\sample\ext\drv;$(OutDir);$(SolutionDir)libs\thunk;$(SolutionDir)\netebpfext;$(SolutionDir)\libs\api_common;$(SolutionDir)include\user;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
@ -156,7 +161,7 @@ $(OutputPath)export_program_info.exe</Command>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='FuzzerDebug|x64'">
<ClCompile>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)external\usersim\inc;$(SolutionDir)libs\execution_context;$(SolutionDir)external\ubpf\vm;$(SolutionDir)external\ubpf\vm\inc;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)external\ebpf-verifier\external;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)tests\sample\ext\drv;$(OutDir);$(SolutionDir)libs\thunk;$(SolutionDir)\netebpfext;$(SolutionDir)\libs\api_common;$(SolutionDir)include\user;$(SolutionDir)external\ebpf-verifier\build\packages\boost\lib\native\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
@ -181,7 +186,7 @@ $(OutputPath)export_program_info.exe</Command>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)external\usersim\inc;$(SolutionDir)libs\execution_context;$(SolutionDir)external\ubpf\vm;$(SolutionDir)external\ubpf\vm\inc;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)external\ebpf-verifier\external;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)tests\sample\ext\drv;$(OutDir);$(SolutionDir)libs\thunk;$(SolutionDir)\netebpfext;$(SolutionDir)\libs\api_common;$(SolutionDir)include\user;$(SolutionDir)external\ebpf-verifier\build\packages\boost\lib\native\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
@ -206,7 +211,7 @@ $(OutputPath)export_program_info.exe</Command>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='NativeOnlyRelease|x64'">
<ClCompile>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions);USER_MODE</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)external\usersim\inc;$(SolutionDir)libs\execution_context;$(SolutionDir)external\ubpf\vm;$(SolutionDir)external\ubpf\vm\inc;$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)external\ebpf-verifier\external;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)tests\sample\ext\drv;$(OutDir);$(SolutionDir)libs\thunk;$(SolutionDir)\netebpfext;$(SolutionDir)\libs\api_common;$(SolutionDir)include\user;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
@ -232,7 +237,6 @@ $(OutputPath)export_program_info.exe</Command>
</CustomBuildStep>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\..\libs\api_common\registry_helper.cpp" />
<ClCompile Include="..\..\libs\api_common\store_helper_internal.cpp" />
<ClCompile Include="..\..\libs\api_common\utilities.cpp" />
<ClCompile Include="..\..\libs\platform\ebpf_tracelog.c" />
@ -249,6 +253,9 @@ $(OutputPath)export_program_info.exe</Command>
<ProjectReference Include="..\..\libs\platform\user\platform_user.vcxproj">
<Project>{c26cb6a9-158c-4a9e-a243-755ddd98e5fe}</Project>
</ProjectReference>
<ProjectReference Include="..\..\libs\store_helper\user\ebpf_store_helper_um.vcxproj">
<Project>{aa933b9f-b5d8-4aa8-ac18-98fe1a161e8a}</Project>
</ProjectReference>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>

3
tools/export_program_info/export_program_info.vcxproj.filters
Просмотреть файл

@ -28,9 +28,6 @@
<ClCompile Include="..\..\libs\api_common\store_helper_internal.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\libs\api_common\registry_helper.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\libs\api_common\utilities.cpp">
<Filter>Source Files</Filter>
</ClCompile>

1
tools/nuget/ebpf-for-windows.nuspec.in
Просмотреть файл

@ -28,6 +28,7 @@
<file src="ebpfapi.dll" target="build\native\bin"/>
<file src="ebpfapi.pdb" target="build\native\bin"/>
<file src="ebpfapi.lib" target="build\native\lib"/>
<file src="ebpf_store_helper_km.lib" target="build\native\lib"/>
<!-- TODO(#2677): export_program_info.exe temporarily requires usersim.dll. -->
<file src="usersim.dll" target="build\native\bin"/>
<file src="usersim.pdb" target="build\native\bin"/>

6
tools/nuget/nuget.vcxproj
Просмотреть файл

@ -160,6 +160,12 @@ NuGet.exe pack $(OutDir)ebpf-for-windows.nuspec -OutputDirectory $(OutDir)</Comm
<ProjectReference Include="..\..\ebpfapi\ebpfapi.vcxproj">
<Project>{75fe223a-3e45-4b0e-a2e8-04285e52e440}</Project>
</ProjectReference>
<ProjectReference Include="..\..\external\usersim\src\usersim.vcxproj">
<Project>{030a7ac6-14dc-45cf-af34-891057ab1402}</Project>
</ProjectReference>
<ProjectReference Include="..\..\libs\store_helper\kernel\ebpf_store_helper_km.vcxproj">
<Project>{3569e946-c8b4-49ee-a89d-edd09dc9f36e}</Project>
</ProjectReference>
<ProjectReference Include="..\bpf2c\bpf2c.vcxproj">
<Project>{69b97e52-18dc-434e-a6e4-4c0f3e88c44a}</Project>
</ProjectReference>