Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unclean user exit causes kernel service errors #92

Merged
merged 1 commit into from
Aug 18, 2017
Merged

Unclean user exit causes kernel service errors #92

merged 1 commit into from
Aug 18, 2017

Conversation

FullyArticulate
Copy link

If the user's app exits (or crashes) before calling CloseHandle() on the WinDivert handle, the driver's cleanup function cannot make FWPM calls. The cleanup function detects this FWPM error and returns without ever calling the Fwps cleanup functions (which are independent of fwpm).

As a result, the driver will not unregister the callouts, which leaves the Windows kernel confused. You can reproduce the problem by having a user app close uncleanly, then "sc stop windivert1.2", then try to re-run the app. You'll get "file not found" when StartService() is called.

Bugfix: If the user's app exits (or crashes) before calling CloseHand…
5041320 
…le()

on the WinDivert handle, the driver's cleanup function cannot make FWPM
calls. The cleanup function detects this FWPM error and returns
without ever calling the Fwps cleanup functions (which are independent
of fwpm).

As a result, the driver will not unregister the callouts, which leaves
the Windows kernel confused. You can reproduce the problem by having
a user app close uncleanly, then "sc stop windivert1.2", then try to
re-run the app. You'll get "file not found" when StartService() is called.
@TechnikEmpire
Copy link

This sounds a lot like what I was referring to in #90 @basil00. I've long known that manually unloading the driver via sc will cause future attempts to call WinDivertOpen to fail and a reboot is required to fix this. My experience I referred to was having multiple failures to cleanup followed by WinDivertOpen, over and over, and eventually windows would deadlock and BSOD. It was my dumbness that this happened, but yeah, still happens.

@basil00
Copy link
Owner

basil00 commented Aug 16, 2017

Thanks for finding this @FullyArticulate. There are a few issues:

  • Under what circumstances will the FwpmTransaction/FwpmCalloutDeleteByKey fail, and can these be avoided somehow?
  • What is the correct response to the failure?

It seems that the WFPsampler drivers do not wrap multiple calls to FwpmCalloutDeleteByKey in a transaction, and ultimately ignore the error if FwpmCalloutDeleteByKey fails (aside from logging the failure). This is consistent with @FullyArticulate's patch, and perhaps what WinDivert should do too.

@FullyArticulate
Copy link
Author

All FWPM calls fail once the process exits uncleanly. As best I can determine, the handle that the process uses to do RPC with FWPM is closed before Divert's cleanup code is called (cleanup is called within the context of the user process). It doesn't matter whether the FWPM cleanup was done within a transaction wrapper or not--the engine handle is gone.

Because everything put into FWPM within the context of the user process is within a DYNAMIC session, there's no penalty for not cleanly deleting everything from FWPM--it happens automatically when the RPC connection was closed. The exception is the Fwps stuff, which stands alone from the FWPM session.

I believe my patch is correct for both clean and unclean closing modes.

I've not looked closely at the WFPsampler code, but it doesn't look like there's any way for FWPM calls to occur after an unclean cleanup occurs.

@basil00
Copy link
Owner

basil00 commented Aug 16, 2017

Thanks @FullyArticulate that sounds like a reasonable analysis. I will accept your patch but need to set up some form of CLA arrangement first since I license WinDivert commercially.

@FullyArticulate
Copy link
Author

I have no idea what's entailed in that. If it makes it easier, feel free to treat the patch as public domain, or "reverse engineer" my patch to get the bug fixed.

@TechnikEmpire
Copy link

TechnikEmpire commented Aug 16, 2017 via email

@basil00
Copy link
Owner

basil00 commented Aug 17, 2017

I have no idea what's entailed in that. If it makes it easier, feel free to treat the patch as public domain, or "reverse engineer" my patch to get the bug fixed.

Very sorry for the inconvenience. This is something I've been meaning to set up for some time but never bothered since this project very rarely gets PRs. It should be set up now.

The CLA is just the standard SAP version with WinDivert/basil00 replacing "SAP". If you don't want to, or can't be bothered to sign, that is fine and I'll "reverse engineer" the fix. However, I'd prefer to merge the pull request as is to properly credit @FullyArticulate for finding the fix.

This matter is not urgent since I cannot release new WinDivert binaries anyway, thanks to #53.

@FullyArticulate
Copy link
Author

Oh, I just had to click something? I had imagined finding legal docs, signing, scanning, faxing, etc. :-) It should be done now.

@basil00 basil00 merged commit f540e7c into basil00:master Aug 18, 2017
@basil00
Copy link
Owner

basil00 commented Aug 18, 2017

No is just a click.

Funny the automated cla-assistant check was still failing...but I can manually check that @FullyArticulate has signed so it does not matter. I suspect the automated check is failing because the system thinks @Azerton also needs to sign.

@basil00 basil00 mentioned this pull request Aug 24, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@FullyArticulate @TechnikEmpire @basil00