Skip to content

Commit

Permalink
Initialize Client
Browse files Browse the repository at this point in the history
  • Loading branch information
GIL committed Sep 16, 2018
1 parent 9ac0357 commit 21fc72b
Show file tree
Hide file tree
Showing 6 changed files with 421 additions and 7 deletions.
18 changes: 18 additions & 0 deletions GilRan.sln
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ VisualStudioVersion = 15.0.28010.2026
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "GilRan", "GilRan\GilRan.vcxproj", "{3CAC765B-866C-4353-89AD-F4CD80D1BCA5}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "GilRanClient", "GilRanClient\GilRanClient.vcxproj", "{AC5C0863-C3F8-4628-94E2-4F009FB92427}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|ARM = Debug|ARM
Expand Down Expand Up @@ -41,6 +43,22 @@ Global
{3CAC765B-866C-4353-89AD-F4CD80D1BCA5}.Release|x86.ActiveCfg = Release|Win32
{3CAC765B-866C-4353-89AD-F4CD80D1BCA5}.Release|x86.Build.0 = Release|Win32
{3CAC765B-866C-4353-89AD-F4CD80D1BCA5}.Release|x86.Deploy.0 = Release|Win32
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Debug|ARM.ActiveCfg = Debug|ARM
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Debug|ARM.Build.0 = Debug|ARM
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Debug|ARM64.ActiveCfg = Debug|ARM64
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Debug|ARM64.Build.0 = Debug|ARM64
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Debug|x64.ActiveCfg = Debug|x64
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Debug|x64.Build.0 = Debug|x64
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Debug|x86.ActiveCfg = Debug|Win32
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Debug|x86.Build.0 = Debug|Win32
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Release|ARM.ActiveCfg = Release|ARM
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Release|ARM.Build.0 = Release|ARM
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Release|ARM64.ActiveCfg = Release|ARM64
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Release|ARM64.Build.0 = Release|ARM64
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Release|x64.ActiveCfg = Release|x64
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Release|x64.Build.0 = Release|x64
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Release|x86.ActiveCfg = Release|Win32
{AC5C0863-C3F8-4628-94E2-4F009FB92427}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
Expand Down
4 changes: 2 additions & 2 deletions GilRan/GilRan.inf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@ Description = %ServiceDescription%
ServiceBinary = %12%\%DriverName%.sys ;%windir%\system32\drivers\
Dependencies = "FltMgr"
ServiceType = 2 ;SERVICE_FILE_SYSTEM_DRIVER
StartType = 3
;StartType = 2 ;SERVICE_AUTO_START
;StartType = 3
StartType = 2 ;SERVICE_AUTO_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
LoadOrderGroup = "FSFilter Anti-Virus"
AddReg = MiniFilter.AddRegistry
Expand Down
11 changes: 6 additions & 5 deletions GilRan/Port.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,21 +48,22 @@ PortSendMessage(
)
{
ULONG szResponse = sizeof(FILTER_REPLY_HEADER) + sizeof(PORT_RESPONSE);
PPORT_RESPONSE PortResponse = ExAllocatePoolWithTag(NonPagedPool, szResponse, 'vLIG');
//PPORT_RESPONSE pPortResponse = ExAllocatePoolWithTag(NonPagedPool, szResponse, 'vLIG');

if (PortResponse == NULL) return STATUS_UNSUCCESSFUL;
//if (pPortResponse == NULL) return STATUS_UNSUCCESSFUL;

NTSTATUS status = FltSendMessage(
PortInformation.Filter,
&PortInformation.ClientPort,
pPortRequest,
sizeof(PORT_REQUEST),
&PortResponse,
pPortRequest,
&szResponse,
NULL
);
*Access = PortResponse->Access;
*Access = ((PORT_RESPONSE *)pPortRequest)->Access;
//*Access = pPortResponse->Access;

ExFreePoolWithTag(PortResponse, 'vLIG');
//ExFreePoolWithTag(pPortResponse, 'vLIG');
return status;
}
173 changes: 173 additions & 0 deletions GilRanClient/GilRanClient.cpp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
#include <windows.h>
#include <fltuser.h>
#include <dontuse.h>
#include <suppress.h>
#include <iostream>
#include <string>

#include "../Common/Common.h"

#define CLIENT_DEFAULT_REQUEST_COUNT 4
#define CLIENT_DEFAULT_THREAD_COUNT 4
#define CLIENT_MAX_THREAD_COUNT 64

typedef struct _THREAD_CONTEXT {
HANDLE hCommunicationPort;
HANDLE hIoCompletionPort;
} THREAD_CONTEXT, *PTHREAD_CONTEXT;

typedef struct _FILTER_MESSAGE {
FILTER_MESSAGE_HEADER Header;
PORT_REQUEST Request;
OVERLAPPED Overlapped;
} FILTER_MESSAGE, *PFILTER_MESSAGE;

typedef struct _CLIENT_MESSAGE {
FILTER_REPLY_HEADER Header;
PORT_RESPONSE Response;
} CLIENT_MESSAGE, *PCLIENT_MESSAGE;

DWORD ClientWorker(
_In_ PTHREAD_CONTEXT pThreadContext
) {
HRESULT hResult;

DWORD NumberOfBytesTransferred;
ULONG_PTR CompletionKey;
LPOVERLAPPED lpOverlapped;

PFILTER_MESSAGE pFilterMessage;

while (TRUE) {
hResult = GetQueuedCompletionStatus(
pThreadContext->hIoCompletionPort,
&NumberOfBytesTransferred,
&CompletionKey,
&lpOverlapped,
INFINITE
);

pFilterMessage = CONTAINING_RECORD(lpOverlapped, FILTER_MESSAGE, Overlapped);

if (!hResult) {
hResult = HRESULT_FROM_WIN32(GetLastError());
break;
}

printf("\n\n------------------------------ \nPID: %p\nVolumeName: %ws\nFileName: %ws\n", pFilterMessage->Request.ProcessID, pFilterMessage->Request.VolumeName, pFilterMessage->Request.FilePath);

CLIENT_MESSAGE ClientMessage;
ClientMessage.Header.Status = 0;
ClientMessage.Header.MessageId = pFilterMessage->Header.MessageId;
ClientMessage.Response.Access = TRUE;

hResult = FilterReplyMessage(
pThreadContext->hCommunicationPort,
(PFILTER_REPLY_HEADER)&ClientMessage.Header,
sizeof(FILTER_REPLY_HEADER) + sizeof(PORT_RESPONSE)
);

if (!SUCCEEDED(hResult)) break;

RtlZeroMemory(&pFilterMessage->Overlapped, sizeof(OVERLAPPED));

hResult = FilterGetMessage(
pThreadContext->hCommunicationPort,
&pFilterMessage->Header,
FIELD_OFFSET(FILTER_MESSAGE, Overlapped),
&pFilterMessage->Overlapped
);

if (hResult != HRESULT_FROM_WIN32(ERROR_IO_PENDING)) break;
}
free(pFilterMessage);
return hResult;
}

int _cdecl main(
_In_ int argc,
_In_reads_(argc) char *argv[]
)
{
UNREFERENCED_PARAMETER(argc);
UNREFERENCED_PARAMETER(argv);

HANDLE hCommunicationPort;
HRESULT hResult = FilterConnectCommunicationPort(
PORT_NAME,
0,
NULL,
0,
NULL,
&hCommunicationPort
);

if (IS_ERROR(hResult)) return 2;

HANDLE hIoCompletionPort = CreateIoCompletionPort(
hCommunicationPort,
NULL,
0,
CLIENT_DEFAULT_THREAD_COUNT
);

THREAD_CONTEXT ThreadContext;
ThreadContext.hCommunicationPort = hCommunicationPort;
ThreadContext.hIoCompletionPort = hIoCompletionPort;

HANDLE hThread[CLIENT_MAX_THREAD_COUNT];
DWORD ThreadID;

int loop;
for (loop = 0; loop < CLIENT_DEFAULT_THREAD_COUNT; loop++) {
hThread[loop] = CreateThread(
NULL,
0,
(LPTHREAD_START_ROUTINE)ClientWorker,
&ThreadContext,
0,
&ThreadID
);

if (hThread[loop] == NULL) {
CloseHandle(hCommunicationPort);
CloseHandle(hIoCompletionPort);

return GetLastError();
}

for (int joop = 0; joop < CLIENT_DEFAULT_REQUEST_COUNT; joop++) {
PFILTER_MESSAGE pFilterMessage = (PFILTER_MESSAGE)malloc(sizeof(FILTER_MESSAGE));

if (pFilterMessage == NULL) {
CloseHandle(hCommunicationPort);
CloseHandle(hIoCompletionPort);

return ERROR_NOT_ENOUGH_MEMORY;
}

RtlZeroMemory(&pFilterMessage->Overlapped, sizeof(OVERLAPPED));

hResult = FilterGetMessage(
hCommunicationPort,
&pFilterMessage->Header,
FIELD_OFFSET(FILTER_MESSAGE, Overlapped),
&pFilterMessage->Overlapped
);

if (hResult != HRESULT_FROM_WIN32(ERROR_IO_PENDING)) {
free(pFilterMessage);
CloseHandle(hCommunicationPort);
CloseHandle(hIoCompletionPort);

return hResult;
}
}
}
WaitForMultipleObjectsEx(loop, hThread, TRUE, INFINITE, FALSE);

CloseHandle(hCommunicationPort);
CloseHandle(hIoCompletionPort);

return S_OK;
}
Loading

0 comments on commit 21fc72b

Please sign in to comment.