Simplify KeQuerySystemTimePrecise usage based on NTDDI_VERSION

ape-manque · Aug 12, 2022 · 4d5c499 · 4d5c499
1 parent 5280628
commit 4d5c499
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 61 deletions.
diff --git a/packetWin7/npf/npf/Packet.c b/packetWin7/npf/npf/Packet.c
@@ -127,21 +127,6 @@ PNPCAP_DRIVER_EXTENSION g_pDriverExtension = NULL;
 UNICODE_STRING deviceSymLink = RTL_CONSTANT_STRING(L"\\DosDevices\\" NPF_DRIVER_NAME_WIDECHAR);
 
 
-#ifdef KeQuerySystemTime
-// On Win x64, KeQuerySystemTime is defined as a macro,
-// this function wraps the macro execution.
-void
-KeQuerySystemTimeWrapper(
-	_Out_ PLARGE_INTEGER CurrentTime
-)
-{
-	KeQuerySystemTime(CurrentTime);
-}
-PQUERYSYSTEMTIME g_ptrQuerySystemTime = &KeQuerySystemTimeWrapper;
-#else
-PQUERYSYSTEMTIME g_ptrQuerySystemTime = &KeQuerySystemTime;
-#endif
-
 #ifdef NPCAP_READ_ONLY
 // For read-only Npcap, we want an explicit denial function for the Write call.
 // The IOCTLs will be rejected as "invalid request"
@@ -348,21 +333,6 @@ DriverEntry(
 	}
 	if (parametersPath.Buffer) ExFreePool(parametersPath.Buffer);
 
-	//
-	// Initialize system-time function pointer.
-	//
-	NDIS_STRING strKeQuerySystemTimePrecise = RTL_CONSTANT_STRING(L"KeQuerySystemTimePrecise");
-	g_ptrQuerySystemTime = (PQUERYSYSTEMTIME) MmGetSystemRoutineAddress(&strKeQuerySystemTimePrecise);
-	// If KeQuerySystemTimePrecise is not available,
-	// use KeQuerySystemTime function (Win32) or a wrapper to the KeQuerySystemTime macro (x64).
-	if (g_ptrQuerySystemTime == NULL) {
-#ifdef KeQuerySystemTime
-		g_ptrQuerySystemTime = &KeQuerySystemTimeWrapper;
-#else
-		g_ptrQuerySystemTime = &KeQuerySystemTime;
-#endif
-	}
-
 	//
 	// Register as a service with NDIS
 	//
@@ -1869,29 +1839,17 @@ static NTSTATUS funcBIOCGTIMESTAMPMODES(_In_ POPEN_INSTANCE pOpen,
 		0, // count of modes, 0 means not initialized yet
 		TIMESTAMPMODE_SINGLE_SYNCHRONIZATION,
 		TIMESTAMPMODE_QUERYSYSTEMTIME,
+#if (NTDDI_VERSION >= NTDDI_WIN8)
 		// This is last and is not reported if not different than QST
 		TIMESTAMPMODE_QUERYSYSTEMTIME_PRECISE
+#endif
 	};
 
 	// Initialize the count if not already done.
 	if (SupportedModes[0] == 0)
 	{
-		// If all modes are supported, Count is length minus 1 for the count element.
+		// Count is length minus 1 for the count element.
 		SupportedModes[0] = sizeof(SupportedModes) / sizeof(ULONG) - 1;
-
-		// If KeQuerySystemTimePrecise is available, g_ptrQuerySystemTime will point to it.
-		// If it points to KeQuerySystemTime instead, it's not available.
-		if (g_ptrQuerySystemTime ==
-#ifdef KeQuerySystemTime
-				&KeQuerySystemTimeWrapper
-#else
-				&KeQuerySystemTime
-#endif
-		   )
-		{
-			// Precise not supported. Count is as before, but minus 1 for QST Precise.
-			SupportedModes[0] -= 1;
-		}
 	}
 
 	*Info = 0;

diff --git a/packetWin7/npf/npf/Packet.h b/packetWin7/npf/npf/Packet.h
@@ -119,7 +119,6 @@
 
 #include "win_bpf.h"
 #include <wdm.h>
-#include "Loopback.h"
 
 /* If DISPATCH_LEVEL can be determined, use that in the FILTER_*_LOCK macros
  * Otherwise, use NPF_IRQL_UNKNOWN so we can find and update them as we add more tracking

diff --git a/packetWin7/npf/npf/time_calls.h b/packetWin7/npf/npf/time_calls.h
@@ -107,7 +107,7 @@
 #ifndef _time_calls
 #define _time_calls
 
-#include <ndis.h>
+#include <wdm.h>
 #define DEFAULT_TIMESTAMPMODE 0
 
 #define TIMESTAMPMODE_SINGLE_SYNCHRONIZATION 0
@@ -117,19 +117,23 @@
 #define TIMESTAMPMODE_QUERYSYSTEMTIME_PRECISE 4
 #define /* DEPRECATED */ TIMESTAMPMODE_SYNCHRONIZATION_ON_CPU_NO_FIXUP 99
 
-__inline BOOLEAN NPF_TimestampModeSupported(_In_ ULONG mode)
+inline BOOLEAN NPF_TimestampModeSupported(_In_ ULONG mode)
 {
 	return mode == TIMESTAMPMODE_SINGLE_SYNCHRONIZATION
 		|| mode == TIMESTAMPMODE_QUERYSYSTEMTIME
 		|| mode == TIMESTAMPMODE_QUERYSYSTEMTIME_PRECISE;
 }
 
-typedef void(*PQUERYSYSTEMTIME)(
+inline void BestQuerySystemTime(
 	PLARGE_INTEGER CurrentTime
-	);
-
-extern ULONG g_TimestampMode;
-extern PQUERYSYSTEMTIME g_ptrQuerySystemTime;
+	)
+{
+#if(NTDDI_VERSION <= NTDDI_WIN7)
+	KeQuerySystemTime(CurrentTime);
+#else
+	KeQuerySystemTimePrecise(CurrentTime);
+#endif
+}
 
 /*!
   \brief A microsecond precise timestamp.
@@ -143,7 +147,7 @@ struct timeval
 };
 
 /* KeQueryPerformanceCounter TimeStamps */
-__inline void TIME_SYNCHRONIZE(
+inline void TIME_SYNCHRONIZE(
 		_Out_ struct timeval* start)
 {
 	//	struct timeval *start = (struct timeval*)Data;
@@ -155,9 +159,8 @@ __inline void TIME_SYNCHRONIZE(
 	LARGE_INTEGER TimeFreq, PTime;
 
 	// get the absolute value of the system boot time.   
-	NT_ASSERT(g_ptrQuerySystemTime != NULL);
 	PTime = KeQueryPerformanceCounter(&TimeFreq);
-	g_ptrQuerySystemTime(&SystemTime);
+	BestQuerySystemTime(&SystemTime);
 
 	start->tv_sec = (LONG)(SystemTime.QuadPart / 10000000 - 11644473600);
 
@@ -174,7 +177,7 @@ __inline void TIME_SYNCHRONIZE(
 	}
 }	
 
-__inline void GetTimeKQPC(
+inline void GetTimeKQPC(
 		_Out_ struct timeval* dst,
 		_In_ struct timeval* start)
 {
@@ -195,7 +198,7 @@ __inline void GetTimeKQPC(
 	}
 }
 
-__inline void GetTimeQST(
+inline void GetTimeQST(
 		_Out_ struct timeval* dst)
 {
 	LARGE_INTEGER SystemTime;
@@ -206,19 +209,19 @@ __inline void GetTimeQST(
 	dst->tv_usec = (LONG)((SystemTime.QuadPart % 10000000) / 10);
 }
 
-__inline void GetTimeQST_precise(
+inline void GetTimeQST_precise(
 		_Out_ struct timeval* dst)
 {
 	LARGE_INTEGER SystemTime;
 
-	g_ptrQuerySystemTime(&SystemTime);
+	BestQuerySystemTime(&SystemTime);
 
 	dst->tv_sec = (LONG)(SystemTime.QuadPart / 10000000 - 11644473600);
 	dst->tv_usec = (LONG)((SystemTime.QuadPart % 10000000) / 10);
 }
 
 
-__inline void GET_TIME(
+inline void GET_TIME(
 		_Out_ struct timeval* dst,
 		_In_ struct timeval* start,
 		_In_ ULONG TimestampMode)