From 89efcdb8cd95ea798187fe4062a73fa5d2fca456 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Tue, 4 Jul 2017 02:05:11 +0200
Subject: Windows Driver: correctly save and restore extended processor state
 when performing AVX operations on Windows 7 and later. Enhance readability of
 code handling save/restore of floating point state.

---
 src/Driver/Ntdriver.c | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

(limited to 'src/Driver/Ntdriver.c')

diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index ab555904..8f6f151f 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -73,6 +73,11 @@
 #pragma alloc_text(INIT,DriverEntry)
 #pragma alloc_text(INIT,TCCreateRootDeviceObject)
 
+/* We need to silence 'type cast' warning in order to use MmGetSystemRoutineAddress.
+ * MmGetSystemRoutineAddress() should have been declare FARPROC instead of PVOID.
+ */
+#pragma warning(disable:4055)
+
 PDRIVER_OBJECT TCDriverObject;
 PDEVICE_OBJECT RootDeviceObject = NULL;
 static KMUTEX RootDeviceControlMutex;
@@ -91,6 +96,8 @@ static size_t EncryptionThreadPoolFreeCpuCountLimit = 0;
 static BOOL SystemFavoriteVolumeDirty = FALSE;
 static BOOL PagingFileCreationPrevented = FALSE;
 static BOOL EnableExtendedIoctlSupport = FALSE;
+static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL;
+static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL;
 
 POOL_TYPE ExDefaultNonPagedPoolType = NonPagedPool;
 ULONG ExDefaultMdlProtection = 0;
@@ -119,6 +126,15 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
 		ExDefaultMdlProtection = MdlMappingNoExecute;
 	}
 
+	// KeSaveExtendedProcessorState/KeRestoreExtendedProcessorState are available starting from Windows 7
+	if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1))
+	{
+		UNICODE_STRING funcName;
+		RtlInitUnicodeString(&funcName, L"KeSaveExtendedProcessorState");
+		KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&funcName);
+		KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&funcName);
+	}
+
 	// Load dump filter if the main driver is already loaded
 	if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version))))
 		return DumpFilterEntry ((PFILTER_EXTENSION) DriverObject, (PFILTER_INITIALIZATION_DATA) RegistryPath);
@@ -3960,3 +3976,28 @@ BOOL IsOSAtLeast (OSVersionEnum reqMinOS)
 	return ((OsMajorVersion << 16 | OsMinorVersion << 8)
 		>= (major << 16 | minor << 8));
 }
+
+NTSTATUS NTAPI KeSaveExtendedProcessorState (
+    __in ULONG64 Mask,
+    PXSTATE_SAVE XStateSave
+    )
+{
+	if (KeSaveExtendedProcessorStatePtr)
+	{
+		return (KeSaveExtendedProcessorStatePtr) (Mask, XStateSave);
+	}
+	else
+	{
+		return STATUS_SUCCESS;
+	}
+}
+
+VOID NTAPI KeRestoreExtendedProcessorState (
+	PXSTATE_SAVE XStateSave
+	)
+{
+	if (KeRestoreExtendedProcessorStatePtr)
+	{
+		(KeRestoreExtendedProcessorStatePtr) (XStateSave);
+	}
+}
\ No newline at end of file
-- 
cgit v1.2.3