Add support for Windows/x86-64 binaries to Project Evil.

Ville-Pertti Keinonen (will at exomi dot comohmygodnospampleasekthx)
deserves a big thanks for submitting initial patches to make it
work. I have mangled his contributions appropriately.

The main gotcha with Windows/x86-64 is that Microsoft uses a different
calling convention than everyone else. The standard ABI requires using
6 registers for argument passing, with other arguments on the stack.
Microsoft uses only 4 registers, and requires the caller to leave room
on the stack for the register arguments incase the callee needs to
spill them. Unlike x86, where Microsoft uses a mix of _cdecl, _stdcall
and _fastcall, all routines on Windows/x86-64 uses the same convention.
This unfortunately means that all the functions we export to the
driver require an intermediate translation wrapper. Similarly, we have
to wrap all calls back into the driver binary itself.

The original patches provided macros to wrap every single routine at
compile time, providing a secondary jump table with a customized
wrapper for each exported routine. I decided to use a different approach:
the call wrapper for each function is created from a template at
runtime, and the routine to jump to is patched into the wrapper as
it is created. The subr_pe module has been modified to patch in the
wrapped function instead of the original. (On x86, the wrapping
routine is a no-op.)

There are some minor API differences that had to be accounted for:

- KeAcquireSpinLock() is a real function on amd64, not a macro wrapper
  around KfAcquireSpinLock()
- NdisFreeBuffer() is actually IoFreeMdl(). I had to change the whole
  NDIS_BUFFER API a bit to accomodate this.

Bugs fixed along the way:
- IoAllocateMdl() always returned NULL
- kern_windrv.c:windrv_unload() wasn't releasing private driver object
  extensions correctly (found thanks to memguard)

This has only been tested with the driver for the Broadcom 802.11g
chipset, which was the only Windows/x86-64 driver I could find.

1 files changed, 19 insertions, 0 deletions

diff --git a/sys/compat/ndis/ntoskrnl_var.h b/sys/compat/ndis/ntoskrnl_var.h
index f1c0766..4c0112a 100644
--- a/sys/compat/ndis/ntoskrnl_var.h
+++ b/sys/compat/ndis/ntoskrnl_var.h
@@ -1068,6 +1068,7 @@ typedef struct driver_object driver_object;
 #define NDIS_KSTACK_PAGES	8
 
 extern image_patch_table ntoskrnl_functbl[];
+typedef void (*funcptr)(void);
 
 __BEGIN_DECLS
 extern int windrv_libinit(void);
@@ -1079,6 +1080,8 @@ extern int windrv_create_pdo(driver_object *, device_t);
 extern void windrv_destroy_pdo(driver_object *, device_t);
 extern device_object *windrv_find_pdo(driver_object *, device_t);
 extern int windrv_bus_attach(driver_object *, char *);
+extern int windrv_wrap(funcptr, funcptr *);
+extern int windrv_unwrap(funcptr);
 
 extern int ntoskrnl_libinit(void);
 extern int ntoskrnl_libfini(void);
@@ -1100,6 +1103,8 @@ __stdcall extern uint32_t KeSetEvent(nt_kevent *, uint32_t, uint8_t);
 __stdcall extern uint32_t KeResetEvent(nt_kevent *);
 __fastcall extern void KefAcquireSpinLockAtDpcLevel(REGARGS1(kspin_lock *));
 __fastcall extern void KefReleaseSpinLockFromDpcLevel(REGARGS1(kspin_lock *));
+__stdcall extern uint8_t KeAcquireSpinLockRaiseToDpc(kspin_lock *);
+__stdcall extern void KeReleaseSpinLock(kspin_lock *, uint8_t);
 __stdcall extern void KeInitializeSpinLock(kspin_lock *);
 __stdcall extern void *ExAllocatePoolWithTag(uint32_t, size_t, uint32_t);
 __stdcall extern void ExFreePool(void *);
@@ -1115,6 +1120,8 @@ __fastcall extern void IofCompleteRequest(REGARGS2(irp *, uint8_t));
 __stdcall extern void IoDetachDevice(device_object *);
 __stdcall extern device_object *IoAttachDeviceToDeviceStack(device_object *,
 	device_object *);
+__stdcall mdl *IoAllocateMdl(void *, uint32_t, uint8_t, uint8_t, irp *);
+__stdcall void IoFreeMdl(mdl *);
 
 #define IoCallDriver(a, b)		FASTCALL2(IofCallDriver, a, b)
 #define IoCompleteRequest(a, b)		FASTCALL2(IofCompleteRequest, a, b)
@@ -1129,6 +1136,18 @@ __stdcall extern device_object *IoAttachDeviceToDeviceStack(device_object *,
 #define KeRaiseIrql(a)		FASTCALL1(KfRaiseIrql, a)
 #define KeLowerIrql(a)		FASTCALL1(KfLowerIrql, a)
 #endif /* __i386__ */
+
+#ifdef __amd64__
+#define KeAcquireSpinLock(a, b)	*(b) = KeAcquireSpinLockRaiseToDpc(a)
+
+/*
+ * These may need to be redefined later;
+ * not sure where they live on amd64 yet.
+ */
+#define KeRaiseIrql(a)		KfRaiseIrql(a)
+#define KeLowerIrql(a)		KfLowerIrql(a)
+#endif /* __amd64__ */
+
 __END_DECLS
 
 #endif /* _NTOSKRNL_VAR_H_ */