mirror of https://github.com/safing/portmaster synced 2025-04-03 10:39:13 +00:00

History

Alexandr Stelnykovych 857df4086f [kext] Fix dev build documentation (releasing procedure)		2025-01-28 14:26:44 +02:00
..
c_helper	Add rust kext to the mono repo	2024-04-29 17:04:08 +03:00
driver	Feature/kext default action drop (#1747 )	2024-11-25 14:03:35 +02:00
kextinterface	Merge branch 'develop'	2024-11-27 16:40:03 +01:00
protocol	[windows_kext] Improve documentation (#1719 )	2024-10-28 08:35:02 +02:00
release	[kext] Fix dev build documentation (releasing procedure)	2025-01-28 14:26:44 +02:00
wdk	Feature/kext default action drop (#1747 )	2024-11-25 14:03:35 +02:00
.gitignore	Add rust kext to the mono repo	2024-04-29 17:04:08 +03:00
Cargo.lock	Add rust kext to the mono repo	2024-04-29 17:04:08 +03:00
link-dev.ps1	[kext] Fix dev build documentation	2025-01-28 11:49:23 +02:00
PacketFlow.md	[windows_kext] Update docs and few minor fixes	2024-06-05 15:22:45 +03:00
PortmasterKext64.inf	Add rust kext to the mono repo	2024-04-29 17:04:08 +03:00
README.md	[kext] Fix dev build documentation (releasing procedure)	2025-01-28 14:26:44 +02:00
test_protocol.sh	[windows_kext] keep generated test data	2024-05-16 17:29:24 +03:00

README.md

Portmaster Windows kext

Implementation of Safing's Portmaster Windows kernel extension in Rust.

Documentation

Driver -> entry point.
WDK -> Windows Driver Kit interface.
Packet Path -> Detailed documentation of what happens to a packet when it enters the kernel extension.
Release -> Guide how to do a release build.
Windows Filtering Platform - MS -> The driver is build on top of WFP.

Building (For release)

Please refer to release/README.md for details about the release procedure.

Building (For testing and development)

The Windows Portmaster Kernel Extension is currently only developed and tested for the amd64 (64-bit) architecture.

Prerequirements:

Visual Studio 2022
- Install C++ and Windows 11 SDK (22H2) components
- Add link.exe and signtool in the PATH
Windows Driver Kit
- https://learn.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk
Rust (Can be separate machine)
- https://www.rust-lang.org/tools/install

Setup Test Signing:

Not recommended for a work machine. Usually done on virtual machine dedicated for testing.

In order to test the driver on your machine, you will have to sign it (starting with Windows 10).

Create a new certificate for test signing:

    # Open a *x64 Free Build Environment* console as Administrator.

    # Run the MakeCert.exe tool to create a test certificate:
    MakeCert -r -pe -ss PrivateCertStore -n "CN=DriverCertificate" DriverCertificate.cer

    # Install the test certificate with CertMgr.exe:
    CertMgr /add DriverCertificate.cer /s /r localMachine root

Enable Test Signing on the dev machine:

    # Before you can load test-signed drivers, you must enable Windows test mode. To do this, run this command:
    Bcdedit.exe -set TESTSIGNING ON
    # Then, restart Windows. For more information, see The TESTSIGNING Boot Configuration Option.

Build driver:

    cd driver
    cargo build --release

Build also works on linux

Link and sign: On a windows machine copy driver.lib from the project target directory (driver/target/x86_64-pc-windows-msvc/release/driver.lib) in the same folder as link-dev.ps1. Run link-dev.ps1.

driver.sys should appear in the folder.

Sign the driver with the test certificate:

  SignTool sign /v /s TestCertStoreName /n TestCertName driver.sys

Load and use the driver.