Merge pull request #69 from daladim/upgraded_deps

Upgraded dependencies
n4r1b · Nov 14, 2022 · b4e5347 · b4e5347
2 parents 11d4292 + 144f9b3
commit b4e5347
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 30 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -14,7 +14,7 @@ repository = "https://github.com/n4r1b/ferrisetw"
 time_rs = ["time"]
 
 [dependencies]
-windows = { version = "0.39", features = [
+windows = { version = "0.43", features = [
     "Win32_Foundation",
     "Win32_Security_Authorization",
     "Win32_System_Diagnostics_Etw",
@@ -25,7 +25,7 @@ windows = { version = "0.39", features = [
     "Win32_System_Time",
 ]}
 com = "0.6.0"
-memoffset = "0.6"
+memoffset = "0.7"
 rand = "~0.8.0"
 once_cell = "1.14"
 num = "0.4"

diff --git a/src/native/evntrace.rs b/src/native/evntrace.rs
@@ -11,7 +11,6 @@ use std::ffi::c_void;
 use once_cell::sync::Lazy;
 
 use widestring::{U16CString, U16CStr};
-use windows::Win32::Foundation::WIN32_ERROR;
 use windows::Win32::System::Diagnostics::Etw::EVENT_CONTROL_CODE_ENABLE_PROVIDER;
 use windows::core::GUID;
 use windows::core::PCWSTR;
@@ -30,8 +29,8 @@ use crate::provider::Provider;
 use crate::provider::event_filter::EventFilterDescriptor;
 use crate::trace::{CallbackData, TraceProperties, TraceTrait};
 
-pub type TraceHandle = u64;
-pub type ControlHandle = u64;
+pub type TraceHandle = Etw::PROCESSTRACE_HANDLE;
+pub type ControlHandle = Etw::CONTROLTRACE_HANDLE;
 
 /// Evntrace native module errors
 #[derive(Debug)]
@@ -133,7 +132,7 @@ fn filter_invalid_trace_handles(h: TraceHandle) -> Option<TraceHandle> {
     // See https://learn.microsoft.com/en-us/windows/win32/api/evntrace/nf-evntrace-opentracew#return-value
     // We're conservative and we always filter out u32::MAX, although it could be valid on 64-bit setups.
     // But it turns out runtime detection of the current OS bitness is not that easy. Plus, it is not clear whether this depends on how the architecture the binary is compiled for, or the actual OS architecture.
-    if h == u64::MAX || h == u32::MAX as u64 {
+    if h.0 == u64::MAX || h.0 == u32::MAX as u64 {
         None
     } else {
         Some(h)
@@ -143,7 +142,7 @@ fn filter_invalid_trace_handles(h: TraceHandle) -> Option<TraceHandle> {
 fn filter_invalid_control_handle(h: ControlHandle) -> Option<ControlHandle> {
     // The control handle is 0 if the handle is not valid.
     // (https://learn.microsoft.com/en-us/windows/win32/api/evntrace/nf-evntrace-starttracew)
-    if h == 0 {
+    if h.0 == 0 {
         None
     } else {
         Some(h)
@@ -173,11 +172,11 @@ where
         )
     };
 
-    if status == ERROR_ALREADY_EXISTS.0 {
+    if status == ERROR_ALREADY_EXISTS {
         return Err(EvntraceNativeError::AlreadyExist);
-    } else if status != 0 {
+    } else if status != ERROR_SUCCESS {
         return Err(EvntraceNativeError::IoError(
-            std::io::Error::from_raw_os_error(status as i32),
+            std::io::Error::from_raw_os_error(status.0 as i32),
         ));
     }
 
@@ -238,16 +237,16 @@ pub fn enable_provider(control_handle: ControlHandle, provider: &Provider) -> Ev
                     provider.any(),
                     provider.all(),
                     0,
-                    parameters.as_ptr(),
+                    Some(parameters.as_ptr()),
                 )
             };
 
-            if res == ERROR_SUCCESS.0 {
+            if res == ERROR_SUCCESS {
                 Ok(())
             } else {
                 Err(
                     EvntraceNativeError::IoError(
-                        std::io::Error::from_raw_os_error(res as i32)
+                        std::io::Error::from_raw_os_error(res.0 as i32)
                     )
                 )
             }
@@ -265,13 +264,13 @@ pub fn process_trace(trace_handle: TraceHandle) -> EvntraceNativeResult<()> {
         let mut now = FILETIME::default();
         let result = unsafe {
             GetSystemTimeAsFileTime(&mut now);
-            Etw::ProcessTrace(&[trace_handle], &mut now, std::ptr::null_mut())
+            Etw::ProcessTrace(&[trace_handle], Some(&mut now), None)
         };
 
-        if result == ERROR_SUCCESS.0 {
+        if result == ERROR_SUCCESS {
             Ok(())
         } else {
-            Err(EvntraceNativeError::IoError(std::io::Error::from_raw_os_error(result as i32)))
+            Err(EvntraceNativeError::IoError(std::io::Error::from_raw_os_error(result.0 as i32)))
         }
     }
 }
@@ -303,9 +302,9 @@ pub fn control_trace(
                 )
             };
 
-            if status != 0 && status != ERROR_WMI_INSTANCE_NOT_FOUND.0 {
+            if status != ERROR_SUCCESS && status != ERROR_WMI_INSTANCE_NOT_FOUND {
                 return Err(EvntraceNativeError::IoError(
-                    std::io::Error::from_raw_os_error(status as i32),
+                    std::io::Error::from_raw_os_error(status.0 as i32),
                 ));
             }
 
@@ -332,7 +331,7 @@ pub fn close_trace(trace_handle: TraceHandle, callback_data: &Box<Arc<CallbackDa
                 Etw::CloseTrace(handle)
             };
 
-            match WIN32_ERROR(status) {
+            match status {
                 ERROR_SUCCESS => Ok(false),
                 ERROR_CTX_CLOSE_PENDING => Ok(true),
                 status @ _ => Err(EvntraceNativeError::IoError(
@@ -347,16 +346,16 @@ pub fn close_trace(trace_handle: TraceHandle, callback_data: &Box<Arc<CallbackDa
 pub(crate) fn query_info(class: TraceInformation, buf: &mut [u8]) -> EvntraceNativeResult<()> {
     match unsafe {
         Etw::TraceQueryInformation(
-            0,
+            Etw::CONTROLTRACE_HANDLE(0),
             TRACE_QUERY_INFO_CLASS(class as i32),
             buf.as_mut_ptr() as *mut c_void,
             buf.len() as u32,
-            std::ptr::null_mut(),
+            None,
         )
     } {
-        0 => Ok(()),
+        ERROR_SUCCESS => Ok(()),
         e => Err(EvntraceNativeError::IoError(
-            std::io::Error::from_raw_os_error(e as i32),
+            std::io::Error::from_raw_os_error(e.0 as i32),
         )),
     }
 }
diff --git a/src/native/pla.rs b/src/native/pla.rs
@@ -6,8 +6,7 @@
 //! This module shouldn't be accessed directly. Modules from the the crate level provide a safe API to interact
 //! with the crate
 use std::mem::MaybeUninit;
-use windows::core::GUID;
-use windows::Win32::Foundation::BSTR;
+use windows::core::{GUID, BSTR};
 
 /// Pla native module errors
 #[derive(Debug, PartialEq)]

diff --git a/src/native/tdh.rs b/src/native/tdh.rs
@@ -81,8 +81,8 @@ impl TraceEventInfo {
             //  * the `EVENT_RECORD` was passed by Microsoft and has not been modified: it is thus valid and correctly aligned
             Etw::TdhGetEventInformation(
                 event.as_raw_ptr(),
-                &[],
-                std::ptr::null_mut(),
+                None,
+                None,
                 &mut buffer_size,
             )
         };
@@ -110,8 +110,8 @@ impl TraceEventInfo {
             //  * `data` has been successfully allocated, with the required size and the correct alignment
             Etw::TdhGetEventInformation(
                 event.as_raw_ptr(),
-                &[],
-                data.cast::<TRACE_EVENT_INFO>(),
+                None,
+                Some(data.cast::<TRACE_EVENT_INFO>()),
                 &mut buffer_size,
             )
         };
@@ -256,7 +256,7 @@ pub(crate) fn property_size(event: &EventRecord, name: &str) -> TdhNativeResult<
     unsafe {
         let status = Etw::TdhGetPropertySize(
             event.as_raw_ptr(),
-            &[],
+            None,
             &[desc],
             &mut property_size,
         );