aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* api: cleanup phantom devices added by windows updatesHEADmasterJason A. Donenfeld8 days4-44/+109
| | | | | | | | | | | | When Windows does major updates, it walks the driver store and manually installs drivers into the ROOT namespace. This is a problem since we use the SWD namespace. Since these nodes are never accounted for, they live on and prevent the driver from ever being unloaded or upgraded. Fix this by walking through the ROOT namespace and removing these phantom drivers. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bump1.1Jason A. Donenfeld2026-05-071-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: nsi: forward IRPs instead of failingJason A. Donenfeld2026-05-071-8/+15
| | | | | | | | We always have a file reference to get the proper nsi device object, so rather than failing, in most cases, we can properly service these requests. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: nsi: compare FilterDevice pointers under rundown protectionJason A. Donenfeld2026-05-071-2/+9
| | | | | | | | And also gate the PriorDispatch on the presence of an extension, which NDIS always has. Reported-by: Brian Diff <bdiff7311@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: nsi: re-initialize rundown protection atomicallyJason A. Donenfeld2026-05-071-3/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: noise: remove unused StaticPrivate variableJason A. Donenfeld2026-04-291-2/+0
| | | | | | | The stack version of this is never used, because it's long-lived, and so we always read it out of the peer struct. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: remove unused prefast suppressionsJason A. Donenfeld2026-04-212-3/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: remove fixed codeql suppressionsJason A. Donenfeld2026-04-214-16/+0
| | | | | | | I fixed the CodeQL rules. Link: https://github.com/microsoft/Windows-Driver-Developer-Supplemental-Tools/pull/217 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bump1.0Jason A. Donenfeld2026-04-161-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* example: use WSAStartup return value instead of GetLastErrorJason A. Donenfeld2026-04-161-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* example: continue trying next candidate on connect failureJason A. Donenfeld2026-04-161-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: rundll32: fix inverted _Return_type_success_ on ProcessStdoutJason A. Donenfeld2026-04-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: check CommandLineToArgvW return for NULLJason A. Donenfeld2026-04-162-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: logger: fix format string argument order ilon OOMJason A. Donenfeld2026-04-161-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: socket: note that stack Endpoint is safe in SocketSendBufferAsReplyToNblJason A. Donenfeld2026-04-161-1/+1
| | | | | | | | | | WSK's WskSendTo copies addresses and control messages synchronously before returning STATUS_PENDING. Confirmed by reverse engineering afd.sys!WskProIRPSendTo and tcpip.sys!UdpSendMessages, which consume address and cmsg data in the transport dispatch call and store only the completion callback and IRP in the NBL context. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: allowedips: return STATUS_SUCCESS instead of 0Jason A. Donenfeld2026-04-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: use /DECLSPEC_ALIGN(n) instead of __declspec(align(n))Jason A. Donenfeld2026-04-156-15/+15
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: enable /std:clatest and use typeofJason A. Donenfeld2026-04-1417-74/+71
| | | | | | | | | | | | | | Use C23 typeof to eliminate redundant type parameters from the RCU macros. Also, drop mention of hoping to use alignas in TODO.md. It only goes on members of structs, not the struct type itself, which I find syntactically annoying, and it doesn't really confer any additional real benefits. Moving to C23 means that we must use __VA_OPT__. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: nsi: filter \Device\Nsi instead of polling in threadJason A. Donenfeld2026-04-147-156/+433
| | | | | | | | | | | | | | | | | This restores 217922a ("driver: device: hack around broken IP notifier by hijacking \Device\Nsi"), but does it right, hopefully. Since we're attaching to \Device\Nsi as a filter, we increment the refcount of the driver, which means Unload doesn't get called until we detach filtering. So we attach and detach on first and last device creation and destruction. A limitation of the old commit is that it missed notifications from netsh, because netsh sets the subinterface mtu, not the interface mtu. I've now updated the code to catch both updates. For WireGuard, they are effectively the same. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: containers: tiny SAL nitJason A. Donenfeld2026-04-141-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: crypto: zero state on MDL failureJason A. Donenfeld2026-04-141-5/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: socket: allow retrying WskInit if it fails for the first userJason A. Donenfeld2026-04-141-1/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: timers: set pending false before executing callbackJason A. Donenfeld2026-04-141-1/+1
| | | | | | This makes the re-arm logic work better. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: memory: fix bad parens in NT_SUCCESSJason A. Donenfeld2026-04-141-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: device: check ndis version firstJason A. Donenfeld2026-04-141-6/+6
| | | | | | This avoids having to cleanup if the version is wrong. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: receive: don't increment both discards and errorsJason A. Donenfeld2026-04-142-9/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: receive: require exact header lengthsJason A. Donenfeld2026-04-141-6/+7
| | | | | | | | | This matches the behavior on Linux and other operating systems. Before, you could append a bunch of cruft, which would then not get copied to the header, while the MAC checker would still look at the end of the NBL, hashing garbage. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: socket: use FIELD_SIZE instead of RTL_FIELD_SIZEJason A. Donenfeld2026-04-141-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: socket: reset event object before reuseJason A. Donenfeld2026-04-141-0/+2
| | | | | | | | | | | | | Bad flow: - new event, Done - first op finishes sync, so STATUS_SUCCESS, which isn't pending, Done isn't consumed. - next op finishes async, so STATUS_PENDING, so we wait on it, but it's already consumed from before, so it doesn't wait. Fix this the easy way by always resetting the event always. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: socket: free table if mem allocation failsJason A. Donenfeld2026-04-141-1/+3
| | | | | | Otherwise we leak table. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: socket: reset v4 port when retrying on conflictJason A. Donenfeld2026-04-141-0/+1
| | | | | | | | If port 0 is passed, for a random port, it gets assigned on v4 allocation, and then can fail on v6 allocation it's already in use. In that case, set the port back to 0 so that it can try a new random port. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: ioctl: do not leak socket owner processJason A. Donenfeld2026-04-141-0/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: ioctl: set allowedips flags to 0Jason A. Donenfeld2026-04-141-0/+1
| | | | | | This is better than returning garbage, in case we extend this later. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: ioctl: mark the unsafe allowedip pointer as volatileJason A. Donenfeld2026-04-141-2/+2
| | | | | | That's what we do for the others, so why not this one? Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: ioctl: try using NdisWdfGetAdapterContextFromAdapterHandle againJason A. Donenfeld2026-04-144-25/+20
| | | | | | | | | | | | The issue faced by 4309390 ("driver: ioctl: restore usage of FunctionalDeviceObject->Reserved") wasn't that Windows 10 RTM didn't have NdisWdfGetAdapterContextFromAdapterHandle(), but rather that DispatchPnp was being called very early with a different device object. We can fix this by simply testing to see if we have the right type of device. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: ioctl: settle on using DeviceObject->ReservedJason A. Donenfeld2026-04-143-16/+2
| | | | | | | | | | Further experiments with NdisWdfGetAdapterContextFromAdapterHandle indicate it's probably less reliable than using ->Reserved, because it means dereferencing DeviceExension. Also get rid of the awkward IoctlHalt. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: ioctl: fix whitespace errorJason A. Donenfeld2026-04-141-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: adapter: don't set DriverRequired on stub deviceJason A. Donenfeld2026-04-141-2/+1
| | | | | | | | | The stub device only exists momentarily to create the software registry key for SuggestedInstanceId. Setting SWDeviceCapabilitiesDriverRequired with empty hardware IDs violates the SwDeviceCreate API contract and causes PnP to needlessly search for a driver for this transient device. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: adapter: capture LastError from failed allocationJason A. Donenfeld2026-04-141-0/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: adapter: take into account QueueUserWorkItem failingJason A. Donenfeld2026-04-141-1/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: driver: skip restore when snapshot failedJason A. Donenfeld2026-04-141-8/+11
| | | | | | | | If SnapshotConfigurationAndState fails, Configuration is left NULL, but RestoreConfigurationAndState was called unconditionally, passing the NULL pointer to DeviceIoControl. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: driver: don't log potentially uninitialized temp dirJason A. Donenfeld2026-04-141-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: logger: retry waiting for logger to stopJason A. Donenfeld2026-04-141-2/+3
| | | | | | | The return code before was wrong, because WaitForSingleObject returns WAIT_OBJECT_0 on success, not TRUE. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* api: rundll32: do not close invalid handle valueJason A. Donenfeld2026-04-141-4/+8
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bump0.11Jason A. Donenfeld2026-04-111-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: call signtool manuallyJason A. Donenfeld2026-04-113-0/+9
| | | | | | | | This eliminates the need for a cross signing certificate, which is no longer needed in the kernel and was never useful in userspace. And it does the timestamp server correctly. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: ioctl: restore usage of FunctionalDeviceObject->ReservedJason A. Donenfeld2026-04-095-12/+39
| | | | | | | | | | | | | | | | | | | | | | | | Otherwise, on Windows 10 RTM, nt!KeBugCheckEx nt!KiBugCheckDispatch+0x69 nt!KiPageFault+0x248 nt!KiTryUnwaitThread+0x35 nt!KeSetEvent+0x188 wireguard!DispatchPnp+0x50 [driver\ioctl.c @ 677] nt!PnpAsynchronousCall+0xe5 nt!PiIrpQueryRemoveDevice+0x8c nt!PnpQueryRemoveLockedDeviceNode+0x69 nt!PnpDeleteLockedDeviceNode+0x84 nt!PnpDeleteLockedDeviceNodes+0xb1 nt!PnpProcessQueryRemoveAndEject+0x3d1 nt!PnpProcessTargetDeviceEvent+0xd9 nt!PnpDeviceEventWorker+0x33c nt!ExpWorkerThread+0xe9 nt!PspSystemThreadStartup+0x58 nt!KiStartSystemThread+0x16 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: remove code analysisJason A. Donenfeld2026-03-2714-58/+0
| | | | | | Microsoft is getting rid of it! Yikes. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: suppress invalid codeql warningsJason A. Donenfeld2026-03-274-1/+15
| | | | | | These are kind of bogus and use a variation of styles. Bah! Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: socket: suppress memory leak warningJason A. Donenfeld2026-03-271-0/+1
| | | | | | | We're allocating the IRP on the stack, so this shouldn't be a real issue. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Copyright © 1996 – 2026 Jason A. Donenfeld. All Rights Reverse Engineered.