New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial Kernel Shim Engine groundwork #2872
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't suppose there's a simple shim we could add right away that would serve as an example? Would love to see how this code actually gets used.
#define KseHookCallbackDriverInit 1 | ||
#define KseHookCallbackDriverStartIo 2 | ||
#define KseHookCallbackDriverUnload 3 | ||
#define KseHookCallbackAddDevice 4 | ||
#define KseHookCallbackMajorFunction 100 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any reason not to use enums for these?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mostly following existing style
return it.Tagid; | ||
} | ||
} | ||
assert(false); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are "it really should be impossible to get here" asserts, not "invalid user input" asserts, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this one was mainly used while writing this, but it could mean invalid user input now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll add some nice error messages in this tool on the next PR
They are coming soon(tm). |
d04685d
to
1ae5aec
Compare
Co-authored-by: Mark Jansen <mark.jansen@reactos.org>
@@ -71,6 +71,13 @@ extern POBJECT_TYPE NTSYSAPI ExTimerType; | |||
// | |||
extern ULONG NTSYSAPI NtBuildNumber; | |||
|
|||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// | ||
extern ULONG NTSYSAPI InitSafeBootMode; | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* PROJECT: ReactOS Kernel | ||
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later) | ||
* PURPOSE: KSE 'VersionLie' shim implementation | ||
* COPYRIGHT: Copyright 2020 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
?
} | ||
|
||
static NTSTATUS NTAPI | ||
KseShimDatabaseBootInitialize() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
KseShimDatabaseBootInitialize() | |
KseShimDatabaseBootInitialize(VOID) |
} | ||
|
||
static NTSTATUS NTAPI | ||
KsepMatchInitMachineInfo() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
KsepMatchInitMachineInfo() | |
KsepMatchInitMachineInfo(VOID) |
What do we need this for? I mean we don't even have a properly working kernel and you want to shim that? Sounds like hacks all the way down. |
He wanted it mostly for logging what drivers are doing. |
Wouldn't driver verifier be better for that? |
This PR is stale because it received no updates in the last 4 months. Without removing the stale label, or commenting on this ticket it will be closed in 2 weeks. |
This is the work from @hpoussin and me
Based on
http://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/kshim/index.htm?tx=96
and
https://docplayer.net/63071118-Abusing-the-kernel-shim-engine.html