C++ in kernel mode
Download as PPTX, PDF•4 likes•1,593 views
This document discusses the use of C++ in kernel mode, addressing key concepts such as restore point and restore time objectives, driver development, and the differences between user mode and kernel mode. It emphasizes the benefits of C++, including strong typing and RAII, while outlining the challenges of dynamic memory allocation and exception handling in kernel-mode programming. Furthermore, it highlights upcoming projects related to kernel-mode frameworks and coding guidelines.
![Dynamic memory allocation: solution
Overload new/delete
• globally
• for specific types
• do not forget new[] and
delete[]
// Kernel-mode allocation routines
PVOID ExAllocatePoolWithTag(
_In_ POOL_TYPE PoolType,
_In_ SIZE_T NumberOfBytes,
_In_ ULONG Tag
);
VOID ExFreePoolWithTag(
_In_ PVOID P,
_In_ ULONG Tag
);](https://image.slidesharecdn.com/cinkernelmode-171022112915/85/C-in-kernel-mode-14-320.jpg)
![Static variables initialization: problem
• Magic statics work
• Need to store global state
• Driver is callback-driven
• No CRT available
typedef void (*_PVFV)(void);
typedef int (*_PIFV)(void);
// C initializers
__declspec(allocate(".CRT$XIA")) _PIFV __xi_a[] = { 0 };
__declspec(allocate(".CRT$XIZ")) _PIFV __xi_z[] = { 0 };
// C++ initializers
__declspec(allocate(".CRT$XCA")) _PVFV __xc_a[] = { 0 };
__declspec(allocate(".CRT$XCZ")) _PVFV __xc_z[] = { 0 };
// C pre-terminators
__declspec(allocate(".CRT$XPA")) _PVFV __xp_a[] = { 0 };
__declspec(allocate(".CRT$XPZ")) _PVFV __xp_z[] = { 0 };
// C terminators
__declspec(allocate(".CRT$XTA")) _PVFV __xt_a[] = { 0 };
__declspec(allocate(".CRT$XTZ")) _PVFV __xt_z[] = { 0 };](https://image.slidesharecdn.com/cinkernelmode-171022112915/85/C-in-kernel-mode-17-320.jpg)
C++ in kernel mode
- 1. C++ in kernel mode Roman Beleshev
- 2. About the author • Solution architect at SolarWinds (former IASO) • Online backup and recovery • 17 years in production C++
- 3. About the project • Backup is NOT just copying of files • Customers don’t need a backup • Minimize RPO (restore point objective) • Minimize RTO (restore time objective) • Driver development required • RPO - being released • RTO - secret project
- 4. User mode vs Kernel mode
- 5. User mode vs kernel mode: background • Idea: reliability through restrictions • no direct hardware access • no direct memory access • CPU enforced (protection rings) • Similar for most OSes and CPUs “If builders built buildings the way programmers write programs, then the first woodpecker that came along would destroy civilization” - Weinberg's Second Law
- 6. User mode vs kernel mode: relevant differences • Code is mostly API calls • API is different • less functional, more verbose • most of libraries are unavailable (including CRT) • Drivers are callback-driven • Performance critical • Restrictions • BSOD if something goes wrong • IRQL • spinlock 25 ms example
- 7. From C to C++
- 8. Why C++? • Zero-overhead principle • What you don’t use, you don’t pay for • What you do use, you couldn’t hand code any better • Strong typing • Clearer, smaller and better structured code • Less error-prone code (e.g. RAII) • Motivates developers
- 9. Why C++? HANDLE res1 = ::AllocateResource(); if (res1 == INVALID_HANDLE) { return FALSE; } HANDLE res2 = ::AllocateResource(); if (res2 == INVALID_HANDLE) { ::FreeResource(res1); return FALSE; } HANDLE res3 = ::AllocateResource(); if (res3 == INVALID_HANDLE) { ::FreeResource(res2); ::FreeResource(res1); return FALSE; } ... ::FreeResource(res3); ::FreeResource(res2); ::FreeResource(res1); return TRUE; Handle res1(::AllocateResource()); Handle res2(::AllocateResource()); Handle res3(::AllocateResource()); ... BOOL result = TRUE; HANDLE res1 = ::AllocateResource(); if (res1 == INVALID_HANDLE) { result = FALSE; goto end; } HANDLE res2 = ::AllocateResource(); if (res2 == INVALID_HANDLE) { result = FALSE; goto free_res1; } HANDLE res3 = ::AllocateResource(); if (res2 == INVALID_HANDLE) { result = FALSE; goto free_res2; } ... free_res3: ::FreeResource(res3); free_res2: ::FreeResource(res2); free_res1: ::FreeResource(res1); end: return result;
- 10. Compile driver in C++? Easy! • Generate Filter Driver project • Rename *.c file to *.cpp • Make some corrections :) • disable warnings 4510;4512;4610 • #undef ALLOC_PRAGMA • extern “C” DriverEntry
- 11. What do we get for free Pure language features and idioms • automatic construction/destruction • RAII • templates • three pillars of OOP • strong typing • lambdas • constexpr • many more (ask audience)
- 12. What is left • Dynamic memory allocation • Static variables initialization • Exceptions • Libraries • CRT • STL
- 14. Dynamic memory allocation: solution Overload new/delete • globally • for specific types • do not forget new[] and delete[] // Kernel-mode allocation routines PVOID ExAllocatePoolWithTag( _In_ POOL_TYPE PoolType, _In_ SIZE_T NumberOfBytes, _In_ ULONG Tag ); VOID ExFreePoolWithTag( _In_ PVOID P, _In_ ULONG Tag );
- 15. Dynamic memory allocation: nuances • Different pool types may be required • Performance may be a concern • Be careful with allocation block size • Handle no memory case
- 17. Static variables initialization: problem • Magic statics work • Need to store global state • Driver is callback-driven • No CRT available typedef void (*_PVFV)(void); typedef int (*_PIFV)(void); // C initializers __declspec(allocate(".CRT$XIA")) _PIFV __xi_a[] = { 0 }; __declspec(allocate(".CRT$XIZ")) _PIFV __xi_z[] = { 0 }; // C++ initializers __declspec(allocate(".CRT$XCA")) _PVFV __xc_a[] = { 0 }; __declspec(allocate(".CRT$XCZ")) _PVFV __xc_z[] = { 0 }; // C pre-terminators __declspec(allocate(".CRT$XPA")) _PVFV __xp_a[] = { 0 }; __declspec(allocate(".CRT$XPZ")) _PVFV __xp_z[] = { 0 }; // C terminators __declspec(allocate(".CRT$XTA")) _PVFV __xt_a[] = { 0 }; __declspec(allocate(".CRT$XTZ")) _PVFV __xt_z[] = { 0 };
- 18. Static variables initialization: solutions • Singleton(s) based on magic statics • how to uninitialize? • Implement part of CRT • looks elegant and native • works if there are no initialization parameters • Manually construct global state object(s) • dynamically allocated • in-place constructed
- 19. Exceptions
- 20. Exceptions: SEH • Native Windows mechanism • Compiler + API • Performs stack unwinding void WINAPI RaiseException( _In_ DWORD dwExceptionCode, _In_ DWORD dwExceptionFlags, _In_ DWORD nNumberOfArguments, _In_ const ULONG_PTR *lpArguments ); // Whole picture __try { ::RaiseException(ERROR_CODE, 0, 0, NULL); } __except(EXCEPTION_EXECUTE_HANDLER) { PEXCEPTION_POINTERS e = ::GetExceptionInformation(); HandleException(e->ExceptionRecord->ExceptionCode); }
- 21. Exceptions: C++ • C++ exceptions are based on SEH • Throw: • allocates memory and constructs exception object • wraps C++ exception into SEH exception • calls RaiseException • Exception handler • calls destructors • filters exception through catch blocks • decides if to pass exception
- 22. Exceptions: solution (limited) • SEH is unavoidable • Calling destructors on stack unwind is sufficient • Turn on SEH compiler option • Implement __CxxFrameHandler3 • Throw using function call • Catch using SEH syntax in driver callbacks • Possibly, use <system_error>
- 23. Libraries
- 24. CRT • Partially available • all headers are in place • unsafe functions issue linker errors • floating point • malloc/free, I/O • Use kernel API (RtlXxx) • Reimplement or borrow
- 25. STL • Some parts depend on CRT (I/O) • Prognosis: good (for the rest) • Brute-force attempt failed • Alternative STL implementation
- 26. What’s next? • Secret project is in progress • Kernel-mode framework • Kernel-mode coding guidelines • Possibly open-source
- 27. Useful links User-kernel modes https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/user-mode-and-kernel-mode https://en.wikibooks.org/wiki/Windows_Programming/User_Mode_vs_Kernel_Mode https://blog.codinghorror.com/understanding-user-and-kernel-mode/ Global objects initialization https://msdn.microsoft.com/en-us/library/bb918180.aspx https://gist.github.com/mmozeiko/ae38aeb10add7cb66be4c00f24f8e688 Exceptions https://www.codeproject.com/Articles/22801/Drivers-Exceptions-and-C
- 29. The SolarWinds and SolarWinds MSP trademarks are the exclusive property of SolarWinds MSP UK Ltd. or its affiliates and may be registered or pending registration with the U.S. Patent and Trademark Office and in other countries. All other SolarWinds MSP UK and SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks (and may be registered trademarks) of their respective companies.