From d1ff2f1e7cae4b11d6a250ca433c2515fc6ce792 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Feb 2024 12:47:58 -0800 Subject: [PATCH 01/56] draft --- scripts/config_test_vm.psm1 | 28 ++--- scripts/install_ebpf.psm1 | 201 +++++++----------------------------- 2 files changed, 53 insertions(+), 176 deletions(-) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 1fc7950ce6..69ac8d82b0 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -174,9 +174,9 @@ function Export-BuildArtifactsToVMs param([Parameter(Mandatory=$True)] $VMList) $tempFileName = [System.IO.Path]::GetTempFileName() + ".tgz" - Write-Log "Creating $tempFileName containing files in $pwd" - &tar @("cfz", "$tempFileName", "*") - Write-Log "Created $tempFileName containing files in $pwd" + # Write-Log "Creating $tempFileName containing files in $pwd" + # &tar @("cfz", "$tempFileName", "*") + # Write-Log "Created $tempFileName containing files in $pwd" foreach($VM in $VMList) { $VMName = $VM.Name @@ -193,16 +193,18 @@ function Export-BuildArtifactsToVMs } $VMSystemDrive = Invoke-Command -Session $VMSession -ScriptBlock {return $Env:SystemDrive} } - Write-Log "Copying $tempFileName to $VMSystemDrive\eBPF on $VMName" - Copy-Item -ToSession $VMSession -Path $tempFileName -Destination "$VMSystemDrive\eBPF\ebpf.tgz" -Force 2>&1 -ErrorAction Stop | Write-Log - Write-Log "Copied $tempFileName to $VMSystemDrive\eBPF on $VMName" - - Write-Log "Unpacking $tempFileName to $VMSystemDrive\eBPF on $VMName" - Invoke-Command -VMName $VMName -Credential $TestCredential -ScriptBlock { - cd $Env:SystemDrive\eBPF - &tar @("xf", "ebpf.tgz") - } - Write-Log "Unpacked $tempFileName to $VMSystemDrive\eBPF on $VMName" + # Write-Log "Copying $tempFileName to $VMSystemDrive\eBPF on $VMName" + # Copy-Item -ToSession $VMSession -Path $tempFileName -Destination "$VMSystemDrive\eBPF\ebpf.tgz" -Force 2>&1 -ErrorAction Stop | Write-Log + # Write-Log "Copied $tempFileName to $VMSystemDrive\eBPF on $VMName" + Write-Log "Copying ebpf-for-windows.MSI to $VMSystemDrive\eBPF on $VMName" + Copy-Item -ToSession $VMSession -Path ebpf-for-windows.msi -Destination "$VMSystemDrive\eBPF" -Force 2>&1 -ErrorAction Stop | Write-Log + + # Write-Log "Unpacking $tempFileName to $VMSystemDrive\eBPF on $VMName" + # Invoke-Command -VMName $VMName -Credential $TestCredential -ScriptBlock { + # cd $Env:SystemDrive\eBPF + # &tar @("xf", "ebpf.tgz") + # } + # Write-Log "Unpacked $tempFileName to $VMSystemDrive\eBPF on $VMName" Write-Log "Export completed." -ForegroundColor Green } diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 70eb93733b..bfcb479442 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -5,9 +5,6 @@ param ([Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) Push-Location $WorkingDirectory - -$BinaryPath = "$Env:systemroot\system32"; - Import-Module $PSScriptRoot\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue # eBPF Drivers. @@ -18,109 +15,6 @@ $EbpfDrivers = "SampleEbpfExt" = "sample_ebpf_ext.sys" } -# -# Uninstall eBPF components. -# -function Unregister-eBPFComponents -{ - # Uninstall drivers. - $EbpfDrivers.GetEnumerator() | ForEach-Object { - # New-Service does not support installing drivers. - sc.exe delete $_.Name 2>&1 | Write-Log - } - - # Uninstall user mode service. - sc.exe delete eBPFSvc 2>&1 | Write-Log - - # Delete the eBPF netsh helper. - netsh delete helper ebpfnetsh.dll 2>&1 | Write-Log - - # Execute "export_program_info.exe --clear" - if (Test-Path -Path "export_program_info.exe") { - .\export_program_info.exe --clear - if ($LASTEXITCODE -ne 0) { - throw ("Failed to run 'export_program_info.exe --clear'."); - } else { - Write-Log "'export_program_info.exe --clear' succeeded." -ForegroundColor Green - } - } - - # Execute "export_program_info_sample.exe --clear" - if (Test-Path -Path "export_program_info_sample.exe") { - .\export_program_info_sample.exe --clear - if ($LASTEXITCODE -ne 0) { - throw ("Failed to run 'export_program_info_sample.exe --clear'."); - } else { - Write-Log "'export_program_info_sample.exe --clear' succeeded." -ForegroundColor Green - } - } -} - -# -# Install eBPF components. -# - -function Register-eBPFComponents -{ - # Uninstall previous installations (if any). - Unregister-eBPFComponents - - # Export program info. - if (Test-Path -Path "export_program_info.exe") { - .\export_program_info.exe - if ($LASTEXITCODE -ne 0) { - throw ("Failed to run 'export_program_info.exe'."); - } else { - Write-Log "'export_program_info.exe' succeeded." -ForegroundColor Green - } - } - if (Test-Path -Path "export_program_info_sample.exe") { - .\export_program_info_sample.exe - if ($LASTEXITCODE -ne 0) { - throw ("Failed to run 'export_program_info_sample.exe'."); - } else { - Write-Log "'export_program_info_sample.exe' succeeded." -ForegroundColor Green - } - } - - # Install drivers. - $EbpfDrivers.GetEnumerator() | ForEach-Object { - if (Test-Path -Path ("$BinaryPath\{0}" -f $_.Value)) { - Write-Log ("Installing {0}..." -f $_.Name) -ForegroundColor Green - # New-Service does not support installing drivers. - sc.exe create $_.Name type=kernel start=demand binpath=("$BinaryPath\{0}" -f $_.Value) 2>&1 | Write-Log - if ($LASTEXITCODE -ne 0) { - throw ("Failed to create $_.Name driver.") - } else { - Write-Log ("{0} driver created." -f $_.Name) -ForegroundColor Green - } - } - if (Test-Path -Path ("$BinaryPath\drivers\{0}" -f $_.Value)) { - Write-Log ("Installing {0}..." -f $_.Name) -ForegroundColor Green - # New-Service does not support installing drivers. - sc.exe create $_.Name type=kernel start=demand binpath=("$BinaryPath\drivers\{0}" -f $_.Value) 2>&1 | Write-Log - if ($LASTEXITCODE -ne 0) { - throw ("Failed to create $_.Name driver.") - } else { - Write-Log ("{0} driver created." -f $_.Name) -ForegroundColor Green - } - } - } - - # Install user mode service. - if (Test-Path -Path "ebpfsvc.exe") { - .\eBPFSvc.exe install 2>&1 | Write-Log - if ($LASTEXITCODE -ne 0) { - throw ("Failed to create eBPF user mode service.") - } else { - Write-Log "eBPF user mode service created." -ForegroundColor Green - } - } - - # Add the eBPF netsh helper. - netsh add helper ebpfnetsh.dll 2>&1 | Write-Log -} - function Enable-KMDFVerifier { # Install drivers. @@ -188,79 +82,60 @@ function Start-WPRTrace } } -# -# Start service and drivers. -# -function Start-eBPFComponents -{ - param([parameter(Mandatory=$true)] [bool] $KmTracing, - [parameter(Mandatory=$true)] [string] $KmTraceType) - - Start-WPRTrace -KmTracing $KmTracing -KmTraceType $KmTraceType - - # Start drivers. - $EbpfDrivers.GetEnumerator() | ForEach-Object { - if (Test-Path -Path ("$BinaryPath\drivers\{0}" -f $_.Value)) { - Start-Service $_.Name -ErrorAction Stop | Write-Log - Write-Host ("{0} Driver started." -f $_.Name) - } - } - - if (Test-Path -Path "ebpfsvc.exe") { - # Start user mode service. - Start-Service "eBPFSvc" -ErrorAction Stop | Write-Log - Write-Host "eBPFSvc service started." - } -} - function Install-eBPFComponents { param([parameter(Mandatory=$true)] [bool] $KmTracing, [parameter(Mandatory=$true)] [string] $KmTraceType, [parameter(Mandatory=$false)] [bool] $KMDFVerifier = $false) - # Stop eBPF Components - Stop-eBPFComponents - - # Copy all binaries to system32. - Copy-Item *.sys -Destination "$Env:systemroot\system32\drivers" -Force -ErrorAction Stop 2>&1 | Write-Log - if (Test-Path -Path "drivers") { - Copy-Item drivers\*.sys -Destination "$Env:systemroot\system32\drivers" -Force -ErrorAction Stop 2>&1 | Write-Log - } - if (Test-Path -Path "testing\testing") { - Copy-Item testing\testing\*.sys -Destination "$Env:systemroot\system32\drivers" -Force -ErrorAction Stop 2>&1 | Write-Log + # Install the MSI package. + $arguments = "/i $MsiPath /qn /norestart /log msi-install.log ADDLOCAL=ALL" + Write-Host "Installing MSI package with arguments: '$arguments'..." + $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru + + if ($process.ExitCode -eq 0) { + Write-Host "Installation successful!" + } else { + $exceptionMessage = "Installation FAILED. Exit code: $($process.ExitCode)" + Write-Host $exceptionMessage + $logContents = Get-Content -Path "msi-install.log" -ErrorAction SilentlyContinue + if ($logContents) { + Write-Host "Contents of msi-install.log:" + Write-Host $logContents + } else { + Write-Host "msi-install.log not found or empty." + } } - Copy-Item *.dll -Destination "$Env:systemroot\system32" -Force -ErrorAction Stop 2>&1 | Write-Log - Copy-Item *.exe -Destination "$Env:systemroot\system32" -Force -ErrorAction Stop 2>&1 | Write-Log - - # Register all components. - Register-eBPFComponents + # Optionally enable KMDF verifier and tag tracking. if ($KMDFVerifier) { - # Enable KMDF verifier and tag tracking. Enable-KMDFVerifier } - # Start all components. - Start-eBPFComponents -KmTracing $KmTracing -KmTraceType $KmTraceType + # Start KM tracing. + Start-WPRTrace -KmTracing $KmTracing -KmTraceType $KmTraceType } -function Stop-eBPFComponents -{ - # Stop user mode service. - Stop-Service "eBPFSvc" -ErrorAction Ignore 2>&1 | Write-Log - - # Stop the drivers. - $EbpfDrivers.GetEnumerator() | ForEach-Object { - Stop-Service $_.Name -ErrorAction Ignore 2>&1 | Write-Log - } -} function Uninstall-eBPFComponents { - Stop-eBPFComponents - Unregister-eBPFComponents - Remove-Item "$Env:systemroot\system32\drivers\*bpf*" -Force -ErrorAction Stop 2>&1 | Write-Log - Remove-Item "$Env:systemroot\system32\*bpf*" -Force -ErrorAction Stop 2>&1 | Write-Log + # Uninstall the MSI package. + Write-Host "Uninstalling eBPF MSI package..." + $process = Start-Process -FilePath msiexec.exe -ArgumentList "/x $MsiPath /qn /norestart /log msi-uninstall.log" -Wait -PassThru + if ($process.ExitCode -eq 0) { + Write-Host "Uninstallation successful!" + } else { + $exceptionMessage = "Uninstallation FAILED. Exit code: $($process.ExitCode)" + Write-Host $exceptionMessage + $logContents = Get-Content -Path "msi-uninstall.log" -ErrorAction SilentlyContinue + if ($logContents) { + Write-Host "Contents of msi-uninstall.log:" + Write-Host $logContents + } else { + Write-Host "msi-uninstall.log not found or empty." + } + } + + # Stop KM tracing. wpr.exe -cancel } From 0e845bbcae39cdd2c2610c173034e00012241c3c Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Feb 2024 14:21:41 -0800 Subject: [PATCH 02/56] wip --- scripts/config_test_vm.psm1 | 20 ++------------------ scripts/install_ebpf.psm1 | 7 ++++--- 2 files changed, 6 insertions(+), 21 deletions(-) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 69ac8d82b0..902dda29ad 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -173,11 +173,7 @@ function Export-BuildArtifactsToVMs { param([Parameter(Mandatory=$True)] $VMList) - $tempFileName = [System.IO.Path]::GetTempFileName() + ".tgz" - # Write-Log "Creating $tempFileName containing files in $pwd" - # &tar @("cfz", "$tempFileName", "*") - # Write-Log "Created $tempFileName containing files in $pwd" - + # Copy the MSI to the given VM list. foreach($VM in $VMList) { $VMName = $VM.Name $TestCredential = New-Credential -Username $Admin -AdminPassword $AdminPassword @@ -193,22 +189,10 @@ function Export-BuildArtifactsToVMs } $VMSystemDrive = Invoke-Command -Session $VMSession -ScriptBlock {return $Env:SystemDrive} } - # Write-Log "Copying $tempFileName to $VMSystemDrive\eBPF on $VMName" - # Copy-Item -ToSession $VMSession -Path $tempFileName -Destination "$VMSystemDrive\eBPF\ebpf.tgz" -Force 2>&1 -ErrorAction Stop | Write-Log - # Write-Log "Copied $tempFileName to $VMSystemDrive\eBPF on $VMName" Write-Log "Copying ebpf-for-windows.MSI to $VMSystemDrive\eBPF on $VMName" Copy-Item -ToSession $VMSession -Path ebpf-for-windows.msi -Destination "$VMSystemDrive\eBPF" -Force 2>&1 -ErrorAction Stop | Write-Log - - # Write-Log "Unpacking $tempFileName to $VMSystemDrive\eBPF on $VMName" - # Invoke-Command -VMName $VMName -Credential $TestCredential -ScriptBlock { - # cd $Env:SystemDrive\eBPF - # &tar @("xf", "ebpf.tgz") - # } - # Write-Log "Unpacked $tempFileName to $VMSystemDrive\eBPF on $VMName" - Write-Log "Export completed." -ForegroundColor Green + Write-Log "Copy completed." -ForegroundColor Green } - - Remove-Item -Force $tempFileName } # diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index bfcb479442..bd7fc6990a 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -7,6 +7,8 @@ param ([Parameter(Mandatory=$True)] [string] $WorkingDirectory, Push-Location $WorkingDirectory Import-Module $PSScriptRoot\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue +$MsiPath = Join-Path $WorkingDirectory "ebpf-for-windows.msi" + # eBPF Drivers. $EbpfDrivers = @{ @@ -90,9 +92,8 @@ function Install-eBPFComponents # Install the MSI package. $arguments = "/i $MsiPath /qn /norestart /log msi-install.log ADDLOCAL=ALL" - Write-Host "Installing MSI package with arguments: '$arguments'..." + Write-Host "Installing MSI package at '$MsiPath' with arguments: '$arguments'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru - if ($process.ExitCode -eq 0) { Write-Host "Installation successful!" } else { @@ -120,7 +121,7 @@ function Install-eBPFComponents function Uninstall-eBPFComponents { # Uninstall the MSI package. - Write-Host "Uninstalling eBPF MSI package..." + Write-Host "Uninstalling eBPF MSI at '$MsiPath' package..." $process = Start-Process -FilePath msiexec.exe -ArgumentList "/x $MsiPath /qn /norestart /log msi-uninstall.log" -Wait -PassThru if ($process.ExitCode -eq 0) { Write-Host "Uninstallation successful!" From 1374da1ef6609a872410e57d098965ed91c1eb07 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Feb 2024 14:27:22 -0800 Subject: [PATCH 03/56] wip --- scripts/config_test_vm.psm1 | 53 ++++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 25 deletions(-) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 902dda29ad..51ab6f3573 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -189,12 +189,39 @@ function Export-BuildArtifactsToVMs } $VMSystemDrive = Invoke-Command -Session $VMSession -ScriptBlock {return $Env:SystemDrive} } - Write-Log "Copying ebpf-for-windows.MSI to $VMSystemDrive\eBPF on $VMName" + Write-Log "Copying 'ebpf-for-windows.msi' to '$VMSystemDrive\eBPF' to VM '$VMName'..." Copy-Item -ToSession $VMSession -Path ebpf-for-windows.msi -Destination "$VMSystemDrive\eBPF" -Force 2>&1 -ErrorAction Stop | Write-Log Write-Log "Copy completed." -ForegroundColor Green } } +# +# Install eBPF components on VM. +# + +function Install-eBPFComponentsOnVM +{ + param([parameter(Mandatory=$true)][string] $VMName, + [parameter(Mandatory=$true)][bool] $KmTracing, + [parameter(Mandatory=$true)][string] $KmTraceType) + + Write-Log "Installing eBPF components on $VMName" + $TestCredential = New-Credential -Username $Admin -AdminPassword $AdminPassword + + Invoke-Command -VMName $VMName -Credential $TestCredential -ScriptBlock { + param([Parameter(Mandatory=$True)] [string] $WorkingDirectory, + [Parameter(Mandatory=$True)] [string] $LogFileName, + [Parameter(Mandatory=$true)] [bool] $KmTracing, + [Parameter(Mandatory=$true)] [string] $KmTraceType) + $WorkingDirectory = "$env:SystemDrive\$WorkingDirectory" + Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue + Import-Module $WorkingDirectory\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue + + Install-eBPFComponents -KmTracing $KmTracing -KmTraceType $KmTraceType -KMDFVerifier $true + } -ArgumentList ("eBPF", $LogFileName, $KmTracing, $KmTraceType) -ErrorAction Stop + Write-Log "eBPF components installed on $VMName" -ForegroundColor Green +} + # # Import test logs from VM. # @@ -312,30 +339,6 @@ function Import-ResultsFromVM Move-Item "$env:TEMP\$LogFileName" -Destination ".\TestLogs" -Force -ErrorAction Ignore 2>&1 | Write-Log } -function Install-eBPFComponentsOnVM -{ - param([parameter(Mandatory=$true)][string] $VMName, - [parameter(Mandatory=$true)][bool] $KmTracing, - [parameter(Mandatory=$true)][string] $KmTraceType) - - Write-Log "Installing eBPF components on $VMName" - $TestCredential = New-Credential -Username $Admin -AdminPassword $AdminPassword - - Invoke-Command -VMName $VMName -Credential $TestCredential -ScriptBlock { - param([Parameter(Mandatory=$True)] [string] $WorkingDirectory, - [Parameter(Mandatory=$True)] [string] $LogFileName, - [Parameter(Mandatory=$true)] [bool] $KmTracing, - [Parameter(Mandatory=$true)] [string] $KmTraceType) - $WorkingDirectory = "$env:SystemDrive\$WorkingDirectory" - Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue - Import-Module $WorkingDirectory\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue - - Install-eBPFComponents -KmTracing $KmTracing -KmTraceType $KmTraceType -KMDFVerifier $true - Enable-KMDFVerifier - } -ArgumentList ("eBPF", $LogFileName, $KmTracing, $KmTraceType) -ErrorAction Stop - Write-Log "eBPF components installed on $VMName" -ForegroundColor Green -} - function Initialize-NetworkInterfacesOnVMs { param([parameter(Mandatory=$true)] $VMMap) From 3dbe126261c83dab048a126a5021cfcc95b72024 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Feb 2024 15:37:07 -0800 Subject: [PATCH 04/56] wip --- scripts/config_test_vm.psm1 | 23 ++++++++++++++++++++--- scripts/install_ebpf.psm1 | 10 ++++++++++ 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 51ab6f3573..fa69ac96fb 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -189,9 +189,23 @@ function Export-BuildArtifactsToVMs } $VMSystemDrive = Invoke-Command -Session $VMSession -ScriptBlock {return $Env:SystemDrive} } - Write-Log "Copying 'ebpf-for-windows.msi' to '$VMSystemDrive\eBPF' to VM '$VMName'..." - Copy-Item -ToSession $VMSession -Path ebpf-for-windows.msi -Destination "$VMSystemDrive\eBPF" -Force 2>&1 -ErrorAction Stop | Write-Log - Write-Log "Copy completed." -ForegroundColor Green + Write-Log "Copying $tempFileName to $VMSystemDrive\eBPF on $VMName" + Copy-Item -ToSession $VMSession -Path $tempFileName -Destination "$VMSystemDrive\eBPF\ebpf.tgz" -Force 2>&1 -ErrorAction Stop | Write-Log + Write-Log "Copied $tempFileName to $VMSystemDrive\eBPF on $VMName" + + Write-Log "Unpacking $tempFileName to $VMSystemDrive\eBPF on $VMName" + Invoke-Command -VMName $VMName -Credential $TestCredential -ScriptBlock { + cd $Env:SystemDrive\eBPF + &tar @("xf", "ebpf.tgz") + } + Write-Log "Unpacked $tempFileName to $VMSystemDrive\eBPF on $VMName" + Write-Log "Export completed." -ForegroundColor Green + + # Write-Log "Copying 'ebpf-for-windows.msi' to '$VMSystemDrive\eBPF' on VM '$VMName'..." + # Copy-Item -ToSession $VMSession -Path ebpf-for-windows.msi -Destination "$VMSystemDrive\eBPF" -Force 2>&1 -ErrorAction Stop | Write-Log + # Write-Log "Copying utilities..." -ForegroundColor Green + # Copy-Item -ToSession $VMSession -Path "$pwd\corenet-ci" -Destination "$VMSystemDrive\eBPF" -Force 2>&1 -ErrorAction Stop | Write-Log + # Write-Log "Copy completed." -ForegroundColor Green } } @@ -339,6 +353,9 @@ function Import-ResultsFromVM Move-Item "$env:TEMP\$LogFileName" -Destination ".\TestLogs" -Force -ErrorAction Ignore 2>&1 | Write-Log } +# +# Configure network adapters on VMs. +# function Initialize-NetworkInterfacesOnVMs { param([parameter(Mandatory=$true)] $VMMap) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index bd7fc6990a..e276246c9d 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -117,6 +117,16 @@ function Install-eBPFComponents Start-WPRTrace -KmTracing $KmTracing -KmTraceType $KmTraceType } +function Stop-eBPFComponents +{ + # Stop user mode service. + Stop-Service "eBPFSvc" -ErrorAction Ignore 2>&1 | Write-Log + + # Stop the drivers. + $EbpfDrivers.GetEnumerator() | ForEach-Object { + Stop-Service $_.Name -ErrorAction Ignore 2>&1 | Write-Log + } +} function Uninstall-eBPFComponents { From 84ae920e77be467cadae0a9eea1bf40732e67675 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Feb 2024 15:39:09 -0800 Subject: [PATCH 05/56] wip --- scripts/config_test_vm.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index fa69ac96fb..9e0f676c95 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -207,6 +207,7 @@ function Export-BuildArtifactsToVMs # Copy-Item -ToSession $VMSession -Path "$pwd\corenet-ci" -Destination "$VMSystemDrive\eBPF" -Force 2>&1 -ErrorAction Stop | Write-Log # Write-Log "Copy completed." -ForegroundColor Green } + Remove-Item -Force $tempFileName } # From 578d704fead00766f1f936237cecfe340797fe6f Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Feb 2024 15:41:47 -0800 Subject: [PATCH 06/56] wip --- scripts/config_test_vm.psm1 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 9e0f676c95..b3dd9a3d67 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -173,6 +173,11 @@ function Export-BuildArtifactsToVMs { param([Parameter(Mandatory=$True)] $VMList) + $tempFileName = [System.IO.Path]::GetTempFileName() + ".tgz" + Write-Log "Creating $tempFileName containing files in $pwd" + &tar @("cfz", "$tempFileName", "*") + Write-Log "Created $tempFileName containing files in $pwd" + # Copy the MSI to the given VM list. foreach($VM in $VMList) { $VMName = $VM.Name From 02b6eff1da5f86aa474e3183963a51ba91f01be9 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Feb 2024 18:55:43 -0800 Subject: [PATCH 07/56] wip --- scripts/config_test_vm.psm1 | 19 ++++++++++++------- scripts/install_ebpf.psm1 | 8 ++++++++ scripts/setup_ebpf_cicd_tests.ps1 | 1 + 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index b3dd9a3d67..150e3f47ef 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -178,7 +178,7 @@ function Export-BuildArtifactsToVMs &tar @("cfz", "$tempFileName", "*") Write-Log "Created $tempFileName containing files in $pwd" - # Copy the MSI to the given VM list. + # Copy artifacts to the given VM list. foreach($VM in $VMList) { $VMName = $VM.Name $TestCredential = New-Credential -Username $Admin -AdminPassword $AdminPassword @@ -205,12 +205,6 @@ function Export-BuildArtifactsToVMs } Write-Log "Unpacked $tempFileName to $VMSystemDrive\eBPF on $VMName" Write-Log "Export completed." -ForegroundColor Green - - # Write-Log "Copying 'ebpf-for-windows.msi' to '$VMSystemDrive\eBPF' on VM '$VMName'..." - # Copy-Item -ToSession $VMSession -Path ebpf-for-windows.msi -Destination "$VMSystemDrive\eBPF" -Force 2>&1 -ErrorAction Stop | Write-Log - # Write-Log "Copying utilities..." -ForegroundColor Green - # Copy-Item -ToSession $VMSession -Path "$pwd\corenet-ci" -Destination "$VMSystemDrive\eBPF" -Force 2>&1 -ErrorAction Stop | Write-Log - # Write-Log "Copy completed." -ForegroundColor Green } Remove-Item -Force $tempFileName } @@ -425,3 +419,14 @@ function Get-Duonic { Move-Item -Path "$DownloadPath\corenet-ci-main\vm-setup\duonic\*" -Destination $pwd -Force Remove-Item -Path $DownloadPath -Force -Recurse } + +# Download the Visual C++ Redistributable. +function Get-VCRedistributable { + $url = "https://aka.ms/vs/16/release/vc_redist.x64.exe" + $DownloadPath = "$pwd\vc-redist" + mkdir $DownloadPath + Write-Host "Downloading Visual C++ Redistributable from $url to $DownloadPath" + Invoke-WebRequest -Uri $url -OutFile $DownloadPath + Move-Item -Path "$DownloadPath\vc-redist\vc_redist.x64.exe" -Destination $pwd -Force + Remove-Item -Path $DownloadPath -Force -Recurse +} \ No newline at end of file diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index e276246c9d..8d9fefbb09 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -7,6 +7,7 @@ param ([Parameter(Mandatory=$True)] [string] $WorkingDirectory, Push-Location $WorkingDirectory Import-Module $PSScriptRoot\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue +$VcRedist = Join-Path $WorkingDirectory "vc_redist.x64.exe" $MsiPath = Join-Path $WorkingDirectory "ebpf-for-windows.msi" # eBPF Drivers. @@ -90,6 +91,13 @@ function Install-eBPFComponents [parameter(Mandatory=$true)] [string] $KmTraceType, [parameter(Mandatory=$false)] [bool] $KMDFVerifier = $false) + # Install the Visual C++ Redistributable. + Write-Verbose "Installing Visual C++ Redistributable" + Start-Process -FilePath $VcRedist -ArgumentList "/quiet", "/norestart" -Wait + Write-Verbose "Cleaning up" + Remove-Item $VcRedist -Force + Write-Verbose "Visual C++ Redistributable installation completed." + # Install the MSI package. $arguments = "/i $MsiPath /qn /norestart /log msi-install.log ADDLOCAL=ALL" Write-Host "Installing MSI package at '$MsiPath' with arguments: '$arguments'..." diff --git a/scripts/setup_ebpf_cicd_tests.ps1 b/scripts/setup_ebpf_cicd_tests.ps1 index 5b8d1d863f..91593d84af 100644 --- a/scripts/setup_ebpf_cicd_tests.ps1 +++ b/scripts/setup_ebpf_cicd_tests.ps1 @@ -40,6 +40,7 @@ if ($TestMode -eq "CI/CD") { } Get-Duonic +Get-VCRedistributable # Export build artifacts to the test VMs. Export-BuildArtifactsToVMs -VMList $VMList -ErrorAction Stop From b82292a21f6adaf5d3b2ada55e493c7f63ac870a Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Feb 2024 19:27:30 -0800 Subject: [PATCH 08/56] wip --- scripts/config_test_vm.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 150e3f47ef..6693ed52b5 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -423,10 +423,10 @@ function Get-Duonic { # Download the Visual C++ Redistributable. function Get-VCRedistributable { $url = "https://aka.ms/vs/16/release/vc_redist.x64.exe" - $DownloadPath = "$pwd\vc-redist" + $DownloadPath = "$env:TEMP\vc-redist" mkdir $DownloadPath Write-Host "Downloading Visual C++ Redistributable from $url to $DownloadPath" Invoke-WebRequest -Uri $url -OutFile $DownloadPath - Move-Item -Path "$DownloadPath\vc-redist\vc_redist.x64.exe" -Destination $pwd -Force + Move-Item -Path "$DownloadPath\vc_redist.x64.exe" -Destination $pwd -Force Remove-Item -Path $DownloadPath -Force -Recurse } \ No newline at end of file From 126576a92b79e7f3f549d8094a66a321fb549092 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Feb 2024 19:49:48 -0800 Subject: [PATCH 09/56] wip --- scripts/config_test_vm.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 6693ed52b5..82d6ee5967 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -426,7 +426,7 @@ function Get-VCRedistributable { $DownloadPath = "$env:TEMP\vc-redist" mkdir $DownloadPath Write-Host "Downloading Visual C++ Redistributable from $url to $DownloadPath" - Invoke-WebRequest -Uri $url -OutFile $DownloadPath + Invoke-WebRequest -Uri $url -OutFile "$DownloadPath\vc_redist.x64.exe" Move-Item -Path "$DownloadPath\vc_redist.x64.exe" -Destination $pwd -Force Remove-Item -Path $DownloadPath -Force -Recurse } \ No newline at end of file From 66524a5e40c471c093b09101fb4e168a3abd59df Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Feb 2024 19:50:59 -0800 Subject: [PATCH 10/56] wip --- scripts/config_test_vm.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 82d6ee5967..83819a61dc 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -423,7 +423,7 @@ function Get-Duonic { # Download the Visual C++ Redistributable. function Get-VCRedistributable { $url = "https://aka.ms/vs/16/release/vc_redist.x64.exe" - $DownloadPath = "$env:TEMP\vc-redist" + $DownloadPath = "$pwd\vc-redist" mkdir $DownloadPath Write-Host "Downloading Visual C++ Redistributable from $url to $DownloadPath" Invoke-WebRequest -Uri $url -OutFile "$DownloadPath\vc_redist.x64.exe" From 69c5de372997fe14a32e2844d1522539da927ec8 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Feb 2024 22:32:12 -0800 Subject: [PATCH 11/56] wip --- scripts/vm_run_tests.psm1 | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/scripts/vm_run_tests.psm1 b/scripts/vm_run_tests.psm1 index 571d5b417d..4f588c8090 100644 --- a/scripts/vm_run_tests.psm1 +++ b/scripts/vm_run_tests.psm1 @@ -35,8 +35,9 @@ function Invoke-CICDTestsOnVM [parameter(Mandatory=$True)][string[]] $Options) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" + $TestDirectory = "$Env:SystemDrive\$env:ProgramFiles\ebpf-for-windows\tests" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue - Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue + Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDirectory, $LogFileName) -Force -WarningAction SilentlyContinue $TestMode = $TestMode.ToLower() switch ($TestMode) @@ -80,8 +81,9 @@ function Add-eBPFProgramOnVM [Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" + $TestDirectory = "$Env:SystemDrive\$env:ProgramFiles\ebpf-for-windows\tests" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue - Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue + Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDirectory, $LogFileName) -Force -WarningAction SilentlyContinue if ([System.String]::IsNullOrEmpty($Interface)){ Write-Log "Loading $Program on $VM." @@ -114,8 +116,9 @@ function Set-eBPFProgramOnVM [Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" + $TestDirectory = "$Env:SystemDrive\$env:ProgramFiles\ebpf-for-windows\tests" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue - Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue + Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDirectory, $LogFileName) -Force -WarningAction SilentlyContinue Write-Log "Setting program $ProgId at interface $Interface on $VM." Invoke-NetshEbpfCommand -Arguments "set program $ProgId xdp_test interface=""$Interface""" @@ -136,6 +139,7 @@ function Remove-eBPFProgramFromVM [Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" + $TestDirectory = "$Env:SystemDrive\$env:ProgramFiles\ebpf-for-windows\tests" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue From df3e417b2cb862e19edbd8f3838c0fda8f487f7a Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Feb 2024 23:02:05 -0800 Subject: [PATCH 12/56] wip --- scripts/run_driver_tests.psm1 | 2 +- scripts/vm_run_tests.psm1 | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/run_driver_tests.psm1 b/scripts/run_driver_tests.psm1 index 5ee1ed857c..b7ecbc115b 100644 --- a/scripts/run_driver_tests.psm1 +++ b/scripts/run_driver_tests.psm1 @@ -9,7 +9,7 @@ Push-Location $WorkingDirectory Import-Module .\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue Import-Module .\install_ebpf.psm1 -Force -ArgumentList ($WorkingDirectory, $LogFileName) -WarningAction SilentlyContinue -$CodeCoverage = 'C:\Program Files\OpenCppCoverage\OpenCppCoverage.exe' +$CodeCoverage = "$env:ProgramFiles\OpenCppCoverage\OpenCppCoverage.exe" # # Execute tests on VM. diff --git a/scripts/vm_run_tests.psm1 b/scripts/vm_run_tests.psm1 index 4f588c8090..844dfbda7a 100644 --- a/scripts/vm_run_tests.psm1 +++ b/scripts/vm_run_tests.psm1 @@ -35,7 +35,7 @@ function Invoke-CICDTestsOnVM [parameter(Mandatory=$True)][string[]] $Options) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" - $TestDirectory = "$Env:SystemDrive\$env:ProgramFiles\ebpf-for-windows\tests" + $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\tests" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDirectory, $LogFileName) -Force -WarningAction SilentlyContinue @@ -81,7 +81,7 @@ function Add-eBPFProgramOnVM [Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" - $TestDirectory = "$Env:SystemDrive\$env:ProgramFiles\ebpf-for-windows\tests" + $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\tests" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDirectory, $LogFileName) -Force -WarningAction SilentlyContinue @@ -116,7 +116,7 @@ function Set-eBPFProgramOnVM [Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" - $TestDirectory = "$Env:SystemDrive\$env:ProgramFiles\ebpf-for-windows\tests" + $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\tests" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDirectory, $LogFileName) -Force -WarningAction SilentlyContinue @@ -139,7 +139,7 @@ function Remove-eBPFProgramFromVM [Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" - $TestDirectory = "$Env:SystemDrive\$env:ProgramFiles\ebpf-for-windows\tests" + $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\tests" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue From 208e718b1fd5b3a34df1d56cc506022044ee0383 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 20 Feb 2024 23:37:01 -0800 Subject: [PATCH 13/56] wip --- scripts/install_ebpf.psm1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 8d9fefbb09..7a6c7d6830 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -9,6 +9,7 @@ Import-Module $PSScriptRoot\common.psm1 -Force -ArgumentList ($LogFileName) -War $VcRedist = Join-Path $WorkingDirectory "vc_redist.x64.exe" $MsiPath = Join-Path $WorkingDirectory "ebpf-for-windows.msi" +$MsiInstallPath = Join-Path $env:ProgramFiles "ebpf-for-windows" # eBPF Drivers. $EbpfDrivers = @@ -99,7 +100,7 @@ function Install-eBPFComponents Write-Verbose "Visual C++ Redistributable installation completed." # Install the MSI package. - $arguments = "/i $MsiPath /qn /norestart /log msi-install.log ADDLOCAL=ALL" + $arguments = "/i $MsiPath INSTALLFOLDER=$MsiInstallPath /qn /norestart /log msi-install.log ADDLOCAL=ALL" Write-Host "Installing MSI package at '$MsiPath' with arguments: '$arguments'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -eq 0) { @@ -139,7 +140,7 @@ function Stop-eBPFComponents function Uninstall-eBPFComponents { # Uninstall the MSI package. - Write-Host "Uninstalling eBPF MSI at '$MsiPath' package..." + Write-Host "Uninstalling eBPF MSI package at '$MsiPath'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList "/x $MsiPath /qn /norestart /log msi-uninstall.log" -Wait -PassThru if ($process.ExitCode -eq 0) { Write-Host "Uninstallation successful!" From 325778484947cbe995cc321146ac3e5ee3cc3028 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 21 Feb 2024 00:10:41 -0800 Subject: [PATCH 14/56] wip --- scripts/install_ebpf.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 7a6c7d6830..63d07baf93 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -100,7 +100,7 @@ function Install-eBPFComponents Write-Verbose "Visual C++ Redistributable installation completed." # Install the MSI package. - $arguments = "/i $MsiPath INSTALLFOLDER=$MsiInstallPath /qn /norestart /log msi-install.log ADDLOCAL=ALL" + $arguments = "/i `"$MsiPath`" INSTALLFOLDER=`"$MsiInstallPath`" /qn /norestart /log msi-install.log ADDLOCAL=ALL" Write-Host "Installing MSI package at '$MsiPath' with arguments: '$arguments'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -eq 0) { From 19d5f6274f313b107aaed5c8222d32f20db4f058 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 21 Feb 2024 00:35:56 -0800 Subject: [PATCH 15/56] wip --- scripts/vm_run_tests.psm1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/vm_run_tests.psm1 b/scripts/vm_run_tests.psm1 index 844dfbda7a..b9f555073d 100644 --- a/scripts/vm_run_tests.psm1 +++ b/scripts/vm_run_tests.psm1 @@ -35,7 +35,7 @@ function Invoke-CICDTestsOnVM [parameter(Mandatory=$True)][string[]] $Options) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" - $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\tests" + $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\testing" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDirectory, $LogFileName) -Force -WarningAction SilentlyContinue @@ -81,7 +81,7 @@ function Add-eBPFProgramOnVM [Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" - $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\tests" + $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\testing" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDirectory, $LogFileName) -Force -WarningAction SilentlyContinue @@ -116,7 +116,7 @@ function Set-eBPFProgramOnVM [Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" - $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\tests" + $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\testing" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDirectory, $LogFileName) -Force -WarningAction SilentlyContinue @@ -139,7 +139,7 @@ function Remove-eBPFProgramFromVM [Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" - $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\tests" + $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\testing" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue From f44d4ba4195e5a28bf3f19e1e36d625c0b3d539d Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 21 Feb 2024 01:22:01 -0800 Subject: [PATCH 16/56] wip --- scripts/cleanup_ebpf_cicd_tests.ps1 | 7 +++++++ scripts/config_test_vm.psm1 | 21 ++++++++++++++++++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/scripts/cleanup_ebpf_cicd_tests.ps1 b/scripts/cleanup_ebpf_cicd_tests.ps1 index 60d416d2af..1a1ede97d3 100644 --- a/scripts/cleanup_ebpf_cicd_tests.ps1 +++ b/scripts/cleanup_ebpf_cicd_tests.ps1 @@ -15,6 +15,7 @@ $TestVMCredential = Get-StoredCredential -Target $Target -ErrorAction Stop # Load other utility modules. Import-Module .\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue Import-Module .\config_test_vm.psm1 -Force -ArgumentList ($TestVMCredential.UserName, $TestVMCredential.Password, $WorkingDirectory, $LogFileName) -WarningAction SilentlyContinue +Import-Module .\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue # Read the test execution json. $TestExecutionConfig = Get-Content ("{0}\{1}" -f $PSScriptRoot, $TestExecutionJsonFileName) | ConvertFrom-Json @@ -23,6 +24,12 @@ $VMList = $TestExecutionConfig.VMMap.$SelfHostedRunnerName # Import logs from VMs. Import-ResultsFromVM -VMList $VMList -KmTracing $KmTracing +# Uninstall eBPF Components on the test VM. +foreach($VM in $VMList) { + $VMName = $VM.Name + Uninstall-eBPFComponentsOnVM -VMName $VMname -ErrorAction Stop +} + # Stop the VMs. Stop-AllVMs -VMList $VMList Restore-AllVMs -VMList $VMList diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 83819a61dc..3e1863f3ac 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -231,11 +231,30 @@ function Install-eBPFComponentsOnVM Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue - Install-eBPFComponents -KmTracing $KmTracing -KmTraceType $KmTraceType -KMDFVerifier $true + Install-eBPFComponents -KmTracing $KmTracing -KmTraceType $KmTraceType -KMDFVerifier $true -ErrorAction Stop } -ArgumentList ("eBPF", $LogFileName, $KmTracing, $KmTraceType) -ErrorAction Stop Write-Log "eBPF components installed on $VMName" -ForegroundColor Green } +function Uninstall-eBPFComponentsOnVM +{ + param([parameter(Mandatory=$true)][string] $VMName) + + Write-Log "Unnstalling eBPF components on $VMName" + $TestCredential = New-Credential -Username $Admin -AdminPassword $AdminPassword + + Invoke-Command -VMName $VMName -Credential $TestCredential -ScriptBlock { + param([Parameter(Mandatory=$True)] [string] $WorkingDirectory, + [Parameter(Mandatory=$True)] [string] $LogFileName) + $WorkingDirectory = "$env:SystemDrive\$WorkingDirectory" + Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue + Import-Module $WorkingDirectory\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue + + Uninstall-eBPFComponents + } -ArgumentList ("eBPF", $LogFileName) -ErrorAction Stop + Write-Log "eBPF components uninstalled on $VMName" -ForegroundColor Green +} + # # Import test logs from VM. # From 30ffe7bc7917b764b9b7e5ca4605690c134bd652 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 21 Feb 2024 11:05:45 -0800 Subject: [PATCH 17/56] wip --- scripts/cleanup_ebpf_cicd_tests.ps1 | 3 ++- scripts/execute_ebpf_cicd_tests.ps1 | 4 ++-- scripts/run_driver_tests.psm1 | 19 ++++++++++--------- scripts/vm_run_tests.psm1 | 10 +++------- 4 files changed, 17 insertions(+), 19 deletions(-) diff --git a/scripts/cleanup_ebpf_cicd_tests.ps1 b/scripts/cleanup_ebpf_cicd_tests.ps1 index 1a1ede97d3..b15443821d 100644 --- a/scripts/cleanup_ebpf_cicd_tests.ps1 +++ b/scripts/cleanup_ebpf_cicd_tests.ps1 @@ -27,7 +27,8 @@ Import-ResultsFromVM -VMList $VMList -KmTracing $KmTracing # Uninstall eBPF Components on the test VM. foreach($VM in $VMList) { $VMName = $VM.Name - Uninstall-eBPFComponentsOnVM -VMName $VMname -ErrorAction Stop + Write-Host "Uninstalling eBPF components on VM $VMName..." + Uninstall-eBPFComponentsOnVM -VMName $VMname -WorkingDirectory $WorkingDirectory -ErrorAction Stop } # Stop the VMs. diff --git a/scripts/execute_ebpf_cicd_tests.ps1 b/scripts/execute_ebpf_cicd_tests.ps1 index cf18496966..44be43fd2f 100644 --- a/scripts/execute_ebpf_cicd_tests.ps1 +++ b/scripts/execute_ebpf_cicd_tests.ps1 @@ -17,8 +17,8 @@ $AdminTestVMCredential = Get-StoredCredential -Target $AdminTarget -ErrorAction $StandardUserTestVMCredential = Get-StoredCredential -Target $StandardUserTarget -ErrorAction Stop # Load other utility modules. -Import-Module .\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue -Import-Module .\vm_run_tests.psm1 -Force -ArgumentList ($AdminTestVMCredential.UserName, $AdminTestVMCredential.Password, $StandardUserTestVMCredential.UserName, $StandardUserTestVMCredential.Password, $WorkingDirectory, $LogFileName) -WarningAction SilentlyContinue +Import-Module $PSScriptRoot\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue +Import-Module $PSScriptRoot\vm_run_tests.psm1 -Force -ArgumentList ($AdminTestVMCredential.UserName, $AdminTestVMCredential.Password, $StandardUserTestVMCredential.UserName, $StandardUserTestVMCredential.Password, $WorkingDirectory, $LogFileName) -WarningAction SilentlyContinue # Read the test execution json. $Config = Get-Content ("{0}\{1}" -f $PSScriptRoot, $TestExecutionJsonFileName) | ConvertFrom-Json diff --git a/scripts/run_driver_tests.psm1 b/scripts/run_driver_tests.psm1 index b7ecbc115b..bf6744d306 100644 --- a/scripts/run_driver_tests.psm1 +++ b/scripts/run_driver_tests.psm1 @@ -9,6 +9,7 @@ Push-Location $WorkingDirectory Import-Module .\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue Import-Module .\install_ebpf.psm1 -Force -ArgumentList ($WorkingDirectory, $LogFileName) -WarningAction SilentlyContinue +$TestDirectory = "$env:ProgramFiles\ebpf-for-windows\testing" $CodeCoverage = "$env:ProgramFiles\OpenCppCoverage\OpenCppCoverage.exe" # @@ -102,7 +103,7 @@ function Invoke-CICDTests param([parameter(Mandatory = $true)][bool] $VerboseLogs, [parameter(Mandatory = $false)][bool] $Coverage = $false) - pushd $WorkingDirectory + Push-Location $WorkingDirectory $env:EBPF_ENABLE_WER_REPORT = "yes" try { @@ -113,7 +114,7 @@ function Invoke-CICDTests "socket_tests.exe") foreach ($Test in $TestList) { - Invoke-Test -TestName $Test -VerboseLogs $VerboseLogs -Coverage $Coverage + Invoke-Test -TestName "$TestDirectory\$Test" -VerboseLogs $VerboseLogs -Coverage $Coverage } if ($Coverage) { @@ -136,7 +137,7 @@ function Invoke-CICDTests throw } - popd + Pop-Location } function Invoke-XDPTest @@ -146,7 +147,7 @@ function Invoke-XDPTest [parameter(Mandatory=$true)][string] $XDPTestName, [parameter(Mandatory=$true)][string] $WorkingDirectory) - pushd $WorkingDirectory + Push-Location $WorkingDirectory Write-Log "Executing $XDPTestName with remote address: $RemoteIPV4Address." $LASTEXITCODE = 0 @@ -164,7 +165,7 @@ function Invoke-XDPTest Write-Log "$XDPTestName Test Passed" -ForegroundColor Green - popd + Pop-Location } function Invoke-ConnectRedirectTest @@ -182,7 +183,7 @@ function Invoke-ConnectRedirectTest [parameter(Mandatory=$true)][string] $UserType, [parameter(Mandatory=$true)][string] $WorkingDirectory) - pushd $WorkingDirectory + Push-Location $WorkingDirectory ## First run the test with both v4 and v6 programs attached. $Parameters = "--virtual-ip-v4 $VirtualIPv4Address --virtual-ip-v6 $VirtualIPv6Address --local-ip-v4 $LocalIPv4Address --local-ip-v6 $LocalIPv6Address --remote-ip-v4 $RemoteIPv4Address --remote-ip-v6 $RemoteIPv6Address --destination-port $DestinationPort --proxy-port $ProxyPort --user-type $UserType" @@ -242,7 +243,7 @@ function Invoke-ConnectRedirectTest Write-Log "Connect-Redirect Test Passed" -ForegroundColor Green - popd + Pop-Location } function Invoke-CICDStressTests @@ -251,7 +252,7 @@ function Invoke-CICDStressTests [parameter(Mandatory = $false)][bool] $Coverage = $false, [parameter(Mandatory = $false)][bool] $RestartExtension = $false) - pushd $WorkingDirectory + Push-Location $WorkingDirectory $env:EBPF_ENABLE_WER_REPORT = "yes" Write-Log "Executing eBPF kernel mode multi-threaded stress tests (restart extension:$RestartExtension)." @@ -271,7 +272,7 @@ function Invoke-CICDStressTests throw "*** ERROR *** eBPF kernel mode multi-threaded stress tests FAILED (restart extension:$RestartExtension)" } - popd + Pop-Location } function Invoke-CICDPerformanceTests diff --git a/scripts/vm_run_tests.psm1 b/scripts/vm_run_tests.psm1 index b9f555073d..999c5720be 100644 --- a/scripts/vm_run_tests.psm1 +++ b/scripts/vm_run_tests.psm1 @@ -35,9 +35,8 @@ function Invoke-CICDTestsOnVM [parameter(Mandatory=$True)][string[]] $Options) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" - $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\testing" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue - Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDirectory, $LogFileName) -Force -WarningAction SilentlyContinue + Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue $TestMode = $TestMode.ToLower() switch ($TestMode) @@ -81,9 +80,8 @@ function Add-eBPFProgramOnVM [Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" - $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\testing" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue - Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDirectory, $LogFileName) -Force -WarningAction SilentlyContinue + Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue if ([System.String]::IsNullOrEmpty($Interface)){ Write-Log "Loading $Program on $VM." @@ -116,9 +114,8 @@ function Set-eBPFProgramOnVM [Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" - $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\testing" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue - Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDirectory, $LogFileName) -Force -WarningAction SilentlyContinue + Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDWorkingDirectoryirectory, $LogFileName) -Force -WarningAction SilentlyContinue Write-Log "Setting program $ProgId at interface $Interface on $VM." Invoke-NetshEbpfCommand -Arguments "set program $ProgId xdp_test interface=""$Interface""" @@ -139,7 +136,6 @@ function Remove-eBPFProgramFromVM [Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" - $TestDirectory = "$env:ProgramFiles\ebpf-for-windows\testing" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue From dc9947b20c5b3f3f9bc5a2f8e5df4a08753e7988 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 21 Feb 2024 12:36:28 -0800 Subject: [PATCH 18/56] wip --- scripts/cleanup_ebpf_cicd_tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/cleanup_ebpf_cicd_tests.ps1 b/scripts/cleanup_ebpf_cicd_tests.ps1 index b15443821d..0bc0447e49 100644 --- a/scripts/cleanup_ebpf_cicd_tests.ps1 +++ b/scripts/cleanup_ebpf_cicd_tests.ps1 @@ -28,7 +28,7 @@ Import-ResultsFromVM -VMList $VMList -KmTracing $KmTracing foreach($VM in $VMList) { $VMName = $VM.Name Write-Host "Uninstalling eBPF components on VM $VMName..." - Uninstall-eBPFComponentsOnVM -VMName $VMname -WorkingDirectory $WorkingDirectory -ErrorAction Stop + Uninstall-eBPFComponentsOnVM -VMName $VMname -ErrorAction Stop } # Stop the VMs. From 5fcc30ffb10aa9d61c5d159297b23cb7306e60f7 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 11 Mar 2024 17:04:12 -0700 Subject: [PATCH 19/56] wip --- scripts/run_driver_tests.psm1 | 3 +-- scripts/vm_run_tests.psm1 | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/scripts/run_driver_tests.psm1 b/scripts/run_driver_tests.psm1 index bf6744d306..aac5a19b7a 100644 --- a/scripts/run_driver_tests.psm1 +++ b/scripts/run_driver_tests.psm1 @@ -9,7 +9,6 @@ Push-Location $WorkingDirectory Import-Module .\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue Import-Module .\install_ebpf.psm1 -Force -ArgumentList ($WorkingDirectory, $LogFileName) -WarningAction SilentlyContinue -$TestDirectory = "$env:ProgramFiles\ebpf-for-windows\testing" $CodeCoverage = "$env:ProgramFiles\OpenCppCoverage\OpenCppCoverage.exe" # @@ -114,7 +113,7 @@ function Invoke-CICDTests "socket_tests.exe") foreach ($Test in $TestList) { - Invoke-Test -TestName "$TestDirectory\$Test" -VerboseLogs $VerboseLogs -Coverage $Coverage + Invoke-Test -TestName "$Test" -VerboseLogs $VerboseLogs -Coverage $Coverage } if ($Coverage) { diff --git a/scripts/vm_run_tests.psm1 b/scripts/vm_run_tests.psm1 index 999c5720be..571d5b417d 100644 --- a/scripts/vm_run_tests.psm1 +++ b/scripts/vm_run_tests.psm1 @@ -115,7 +115,7 @@ function Set-eBPFProgramOnVM [Parameter(Mandatory=$True)] [string] $LogFileName) $WorkingDirectory = "$Env:SystemDrive\$WorkingDirectory" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue - Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($TestDWorkingDirectoryirectory, $LogFileName) -Force -WarningAction SilentlyContinue + Import-Module $WorkingDirectory\run_driver_tests.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue Write-Log "Setting program $ProgId at interface $Interface on $VM." Invoke-NetshEbpfCommand -Arguments "set program $ProgId xdp_test interface=""$Interface""" From ab1e486f2fe4aec3a0774207d1dba02b74ca9547 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 11 Mar 2024 18:02:08 -0700 Subject: [PATCH 20/56] wip --- scripts/config_test_vm.psm1 | 1 + scripts/install_ebpf.psm1 | 18 +++++++++++------- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 337099b853..891ae50ca5 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -207,6 +207,7 @@ function Export-BuildArtifactsToVMs Write-Log "Unpacked $tempFileName to $VMSystemDrive\eBPF on $VMName" Write-Log "Export completed." -ForegroundColor Green } + Remove-Item -Force $tempFileName } diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 63d07baf93..84541b5540 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -93,21 +93,24 @@ function Install-eBPFComponents [parameter(Mandatory=$false)] [bool] $KMDFVerifier = $false) # Install the Visual C++ Redistributable. - Write-Verbose "Installing Visual C++ Redistributable" - Start-Process -FilePath $VcRedist -ArgumentList "/quiet", "/norestart" -Wait - Write-Verbose "Cleaning up" + Write-Host "Installing Visual C++ Redistributable" + $process = Start-Process -FilePath $VcRedist -ArgumentList "/quiet", "/norestart" -Wait + if ($process.ExitCode -ne 0) { + Write-Host "Visual C++ Redistributable installation failed. Exit code: $($process.ExitCode)" + exit 1; + } + Write-Host "Cleaning up..." Remove-Item $VcRedist -Force - Write-Verbose "Visual C++ Redistributable installation completed." + Write-Host "Visual C++ Redistributable installation completed." # Install the MSI package. - $arguments = "/i `"$MsiPath`" INSTALLFOLDER=`"$MsiInstallPath`" /qn /norestart /log msi-install.log ADDLOCAL=ALL" + $arguments = "/i `"$MsiPath`" INSTALLFOLDER=`"$MsiInstallPath`" ADDLOCAL=ALL /qn /norestart /l*vx /log msi-install.log" Write-Host "Installing MSI package at '$MsiPath' with arguments: '$arguments'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -eq 0) { Write-Host "Installation successful!" } else { - $exceptionMessage = "Installation FAILED. Exit code: $($process.ExitCode)" - Write-Host $exceptionMessage + Write-Host "Installation FAILED. Exit code: $($process.ExitCode)" $logContents = Get-Content -Path "msi-install.log" -ErrorAction SilentlyContinue if ($logContents) { Write-Host "Contents of msi-install.log:" @@ -115,6 +118,7 @@ function Install-eBPFComponents } else { Write-Host "msi-install.log not found or empty." } + exit 1; } # Optionally enable KMDF verifier and tag tracking. From d1ecbeb779f3e191e2cffe7cf3f55259c250709b Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 11 Mar 2024 18:44:21 -0700 Subject: [PATCH 21/56] wip --- scripts/install_ebpf.psm1 | 47 ++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 84541b5540..46d155c84a 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -7,7 +7,7 @@ param ([Parameter(Mandatory=$True)] [string] $WorkingDirectory, Push-Location $WorkingDirectory Import-Module $PSScriptRoot\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue -$VcRedist = Join-Path $WorkingDirectory "vc_redist.x64.exe" +$VcRedistPath = Join-Path $WorkingDirectory "vc_redist.x64.exe" $MsiPath = Join-Path $WorkingDirectory "ebpf-for-windows.msi" $MsiInstallPath = Join-Path $env:ProgramFiles "ebpf-for-windows" @@ -93,31 +93,42 @@ function Install-eBPFComponents [parameter(Mandatory=$false)] [bool] $KMDFVerifier = $false) # Install the Visual C++ Redistributable. - Write-Host "Installing Visual C++ Redistributable" - $process = Start-Process -FilePath $VcRedist -ArgumentList "/quiet", "/norestart" -Wait - if ($process.ExitCode -ne 0) { - Write-Host "Visual C++ Redistributable installation failed. Exit code: $($process.ExitCode)" + try { + Write-Host "Installing Visual C++ Redistributable from '$VcRedistPath'..." + $process = Start-Process -FilePath $VcRedistPath -ArgumentList "/quiet", "/norestart" -Wait + Write-Host "Exit Code: $LASTEXITCODE" + if ($process.ExitCode -ne 0) { + Write-Host "Visual C++ Redistributable installation failed. Exit code: $($process.ExitCode)" + exit 1; + } + } catch { + Write-Host "An error occurred while installing Visual C++ Redistributable: $_" exit 1; } Write-Host "Cleaning up..." - Remove-Item $VcRedist -Force + Remove-Item $VcRedistPath -Force Write-Host "Visual C++ Redistributable installation completed." # Install the MSI package. - $arguments = "/i `"$MsiPath`" INSTALLFOLDER=`"$MsiInstallPath`" ADDLOCAL=ALL /qn /norestart /l*vx /log msi-install.log" - Write-Host "Installing MSI package at '$MsiPath' with arguments: '$arguments'..." - $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru - if ($process.ExitCode -eq 0) { - Write-Host "Installation successful!" - } else { - Write-Host "Installation FAILED. Exit code: $($process.ExitCode)" - $logContents = Get-Content -Path "msi-install.log" -ErrorAction SilentlyContinue - if ($logContents) { - Write-Host "Contents of msi-install.log:" - Write-Host $logContents + try { + $arguments = "/i `"$MsiPath`" INSTALLFOLDER=`"$MsiInstallPath`" ADDLOCAL=ALL /qn /norestart /l*vx /log msi-install.log" + Write-Host "Installing MSI package: '$MsiPath $arguments'..." + $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru + if ($process.ExitCode -eq 0) { + Write-Host "Installation successful!" } else { - Write-Host "msi-install.log not found or empty." + Write-Host "MSI installation FAILED. Exit code: $($process.ExitCode)" + $logContents = Get-Content -Path "msi-install.log" -ErrorAction SilentlyContinue + if ($logContents) { + Write-Host "Contents of msi-install.log:" + Write-Host $logContents + } else { + Write-Host "msi-install.log not found or empty." + } + exit 1; } + } catch { + Write-Host "An error occurred while installing the MSI package: $_" exit 1; } From 218e948aba97b409efb74875c6474f1b36c155a3 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Mon, 11 Mar 2024 20:01:11 -0700 Subject: [PATCH 22/56] test --- scripts/install_ebpf.psm1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 46d155c84a..322fb6d81b 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -95,8 +95,11 @@ function Install-eBPFComponents # Install the Visual C++ Redistributable. try { Write-Host "Installing Visual C++ Redistributable from '$VcRedistPath'..." + if (-not (Test-Path $VcRedistPath)) { + Write-Host "Visual C++ Redistributable not found at '$VcRedistPath'." + exit 1; + } $process = Start-Process -FilePath $VcRedistPath -ArgumentList "/quiet", "/norestart" -Wait - Write-Host "Exit Code: $LASTEXITCODE" if ($process.ExitCode -ne 0) { Write-Host "Visual C++ Redistributable installation failed. Exit code: $($process.ExitCode)" exit 1; From 2d6acd8263fd9a2dcb7661ea8289636d216fadda Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 12 Mar 2024 00:49:40 -0700 Subject: [PATCH 23/56] wip --- scripts/config_test_vm.psm1 | 1 + scripts/install_ebpf.psm1 | 17 +++++++---------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 891ae50ca5..b48460a976 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -230,6 +230,7 @@ function Install-eBPFComponentsOnVM [Parameter(Mandatory=$true)] [bool] $KmTracing, [Parameter(Mandatory=$true)] [string] $KmTraceType) $WorkingDirectory = "$env:SystemDrive\$WorkingDirectory" + Write-Host "Working Directory: $WorkingDirectory" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 322fb6d81b..648a1adddd 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -95,18 +95,15 @@ function Install-eBPFComponents # Install the Visual C++ Redistributable. try { Write-Host "Installing Visual C++ Redistributable from '$VcRedistPath'..." - if (-not (Test-Path $VcRedistPath)) { - Write-Host "Visual C++ Redistributable not found at '$VcRedistPath'." - exit 1; - } - $process = Start-Process -FilePath $VcRedistPath -ArgumentList "/quiet", "/norestart" -Wait - if ($process.ExitCode -ne 0) { - Write-Host "Visual C++ Redistributable installation failed. Exit code: $($process.ExitCode)" - exit 1; + & "Path\To\VcRedist.exe" /quiet /norestart + $exitCode = $LASTEXITCODE + if ($exitCode -eq 0) { + Write-Host "Visual C++ Redistributable installation completed successfully." + } else { + Write-Host "Visual C++ Redistributable installation failed. Exit code: $exitCode" } } catch { - Write-Host "An error occurred while installing Visual C++ Redistributable: $_" - exit 1; + Write-Host "An exception occurred while installing Visual C++ Redistributable: $_" } Write-Host "Cleaning up..." Remove-Item $VcRedistPath -Force From d815a81d23e90c6e71e9c906e3727b7a2a579877 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 12 Mar 2024 09:36:56 -0700 Subject: [PATCH 24/56] wip --- scripts/install_ebpf.psm1 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 648a1adddd..8e7552e008 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -113,11 +113,12 @@ function Install-eBPFComponents try { $arguments = "/i `"$MsiPath`" INSTALLFOLDER=`"$MsiInstallPath`" ADDLOCAL=ALL /qn /norestart /l*vx /log msi-install.log" Write-Host "Installing MSI package: '$MsiPath $arguments'..." - $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru - if ($process.ExitCode -eq 0) { + & "msiexec.exe" $arguments + $exitCode = $LASTEXITCODE + if ($exitCode -eq 0) { Write-Host "Installation successful!" } else { - Write-Host "MSI installation FAILED. Exit code: $($process.ExitCode)" + Write-Host "MSI installation FAILED. Exit code: $exitCode" $logContents = Get-Content -Path "msi-install.log" -ErrorAction SilentlyContinue if ($logContents) { Write-Host "Contents of msi-install.log:" From f1cc5f86c7b92933e93890b8139794976f9c300d Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 12 Mar 2024 10:21:07 -0700 Subject: [PATCH 25/56] test --- scripts/config_test_vm.psm1 | 1 + scripts/install_ebpf.psm1 | 15 ++++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index b48460a976..b95223c954 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -234,6 +234,7 @@ function Install-eBPFComponentsOnVM Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue + Write-Host "Invoke-Command - Modules imported" Install-eBPFComponents -KmTracing $KmTracing -KmTraceType $KmTraceType -KMDFVerifier $true -ErrorAction Stop } -ArgumentList ("eBPF", $LogFileName, $KmTracing, $KmTraceType) -ErrorAction Stop Write-Log "eBPF components installed on $VMName" -ForegroundColor Green diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 8e7552e008..f673c4ccef 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -5,12 +5,15 @@ param ([Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) Push-Location $WorkingDirectory +Write-Host "install_ebpf - Working Directory: $WorkingDirectory" Import-Module $PSScriptRoot\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue $VcRedistPath = Join-Path $WorkingDirectory "vc_redist.x64.exe" $MsiPath = Join-Path $WorkingDirectory "ebpf-for-windows.msi" $MsiInstallPath = Join-Path $env:ProgramFiles "ebpf-for-windows" +Write-Host "install_ebpf - Modules imported" + # eBPF Drivers. $EbpfDrivers = @{ @@ -92,6 +95,10 @@ function Install-eBPFComponents [parameter(Mandatory=$true)] [string] $KmTraceType, [parameter(Mandatory=$false)] [bool] $KMDFVerifier = $false) + $CurrentDirectory = $PWD + Write-Host "Current directory: $CurrentDirectory" + Get-ChildItem -Path $CurrentDirectory -File + # Install the Visual C++ Redistributable. try { Write-Host "Installing Visual C++ Redistributable from '$VcRedistPath'..." @@ -101,13 +108,15 @@ function Install-eBPFComponents Write-Host "Visual C++ Redistributable installation completed successfully." } else { Write-Host "Visual C++ Redistributable installation failed. Exit code: $exitCode" + exit 1 } + Write-Host "Cleaning up..." + Remove-Item $VcRedistPath -Force + Write-Host "Visual C++ Redistributable installation completed." } catch { Write-Host "An exception occurred while installing Visual C++ Redistributable: $_" + exit 1 } - Write-Host "Cleaning up..." - Remove-Item $VcRedistPath -Force - Write-Host "Visual C++ Redistributable installation completed." # Install the MSI package. try { From 4a3df2d11b0fd03cd9ba66fcf4a4ced3b612652c Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 12 Mar 2024 11:07:19 -0700 Subject: [PATCH 26/56] test --- scripts/install_ebpf.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index f673c4ccef..75439f93fb 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -102,7 +102,7 @@ function Install-eBPFComponents # Install the Visual C++ Redistributable. try { Write-Host "Installing Visual C++ Redistributable from '$VcRedistPath'..." - & "Path\To\VcRedist.exe" /quiet /norestart + & $VcRedistPath /quiet /norestart $exitCode = $LASTEXITCODE if ($exitCode -eq 0) { Write-Host "Visual C++ Redistributable installation completed successfully." From ed7963103828773f700644d051a416a2131887a4 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 12 Mar 2024 11:46:59 -0700 Subject: [PATCH 27/56] wip --- scripts/install_ebpf.psm1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 75439f93fb..48e110809e 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -97,12 +97,12 @@ function Install-eBPFComponents $CurrentDirectory = $PWD Write-Host "Current directory: $CurrentDirectory" - Get-ChildItem -Path $CurrentDirectory -File + Get-ChildItem -Path $PWD -File -Include *.msi, *.exe # Install the Visual C++ Redistributable. try { Write-Host "Installing Visual C++ Redistributable from '$VcRedistPath'..." - & $VcRedistPath /quiet /norestart + Start-Process -FilePath $VcRedistPath -ArgumentList "/quiet", "/norestart" -Wait $exitCode = $LASTEXITCODE if ($exitCode -eq 0) { Write-Host "Visual C++ Redistributable installation completed successfully." @@ -121,7 +121,7 @@ function Install-eBPFComponents # Install the MSI package. try { $arguments = "/i `"$MsiPath`" INSTALLFOLDER=`"$MsiInstallPath`" ADDLOCAL=ALL /qn /norestart /l*vx /log msi-install.log" - Write-Host "Installing MSI package: '$MsiPath $arguments'..." + Write-Host "Installing MSI package: 'msiexec.exe $arguments'..." & "msiexec.exe" $arguments $exitCode = $LASTEXITCODE if ($exitCode -eq 0) { From b4edf2a3c4ab74b2dabaf5381a7ef0811d25865f Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 12 Mar 2024 12:18:13 -0700 Subject: [PATCH 28/56] test --- scripts/install_ebpf.psm1 | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 48e110809e..ad613e4323 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -97,17 +97,16 @@ function Install-eBPFComponents $CurrentDirectory = $PWD Write-Host "Current directory: $CurrentDirectory" - Get-ChildItem -Path $PWD -File -Include *.msi, *.exe + Get-ChildItem -Path $PWD -File # Install the Visual C++ Redistributable. try { Write-Host "Installing Visual C++ Redistributable from '$VcRedistPath'..." - Start-Process -FilePath $VcRedistPath -ArgumentList "/quiet", "/norestart" -Wait - $exitCode = $LASTEXITCODE - if ($exitCode -eq 0) { + $process = Start-Process -FilePath $VcRedistPath -ArgumentList "/quiet", "/norestart" -Wait -PassThru + if ($process.ExitCode -eq 0) { Write-Host "Visual C++ Redistributable installation completed successfully." } else { - Write-Host "Visual C++ Redistributable installation failed. Exit code: $exitCode" + Write-Host "Visual C++ Redistributable installation failed. Exit code: $($process.ExitCode)" exit 1 } Write-Host "Cleaning up..." @@ -121,13 +120,12 @@ function Install-eBPFComponents # Install the MSI package. try { $arguments = "/i `"$MsiPath`" INSTALLFOLDER=`"$MsiInstallPath`" ADDLOCAL=ALL /qn /norestart /l*vx /log msi-install.log" - Write-Host "Installing MSI package: 'msiexec.exe $arguments'..." - & "msiexec.exe" $arguments - $exitCode = $LASTEXITCODE - if ($exitCode -eq 0) { + Write-Host "Installing MSI package with arguments: '$arguments'..." + $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru + if ($process.ExitCode -eq 0) { Write-Host "Installation successful!" } else { - Write-Host "MSI installation FAILED. Exit code: $exitCode" + Write-Host "MSI installation FAILED. Exit code: $($process.ExitCode)" $logContents = Get-Content -Path "msi-install.log" -ErrorAction SilentlyContinue if ($logContents) { Write-Host "Contents of msi-install.log:" From f950fde3f4f930f5b22b1185258883b3305ef421 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 12 Mar 2024 13:43:09 -0700 Subject: [PATCH 29/56] wip --- scripts/check_msi_installation.ps1 | 3 +-- scripts/config_test_vm.psm1 | 1 - scripts/install_ebpf.psm1 | 22 +++++++--------------- 3 files changed, 8 insertions(+), 18 deletions(-) diff --git a/scripts/check_msi_installation.ps1 b/scripts/check_msi_installation.ps1 index d8ce3a5a40..162aa9a383 100644 --- a/scripts/check_msi_installation.ps1 +++ b/scripts/check_msi_installation.ps1 @@ -75,10 +75,9 @@ function Install-MsiPackage { $res = $true - $arguments = "/i $MsiPath /qn /norestart /log msi-install.log $MsiAdditionalArguments" + $arguments = "/i $MsiPath /qn /norestart /l*vx /log msi-install.log $MsiAdditionalArguments" Write-Host "Installing MSI package with arguments: '$arguments'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru - if ($process.ExitCode -eq 0) { Write-Host "Installation successful!" } else { diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index b95223c954..262adc2ac6 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -230,7 +230,6 @@ function Install-eBPFComponentsOnVM [Parameter(Mandatory=$true)] [bool] $KmTracing, [Parameter(Mandatory=$true)] [string] $KmTraceType) $WorkingDirectory = "$env:SystemDrive\$WorkingDirectory" - Write-Host "Working Directory: $WorkingDirectory" Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index ad613e4323..827b51bd11 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -5,7 +5,6 @@ param ([Parameter(Mandatory=$True)] [string] $WorkingDirectory, [Parameter(Mandatory=$True)] [string] $LogFileName) Push-Location $WorkingDirectory -Write-Host "install_ebpf - Working Directory: $WorkingDirectory" Import-Module $PSScriptRoot\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue $VcRedistPath = Join-Path $WorkingDirectory "vc_redist.x64.exe" @@ -95,23 +94,17 @@ function Install-eBPFComponents [parameter(Mandatory=$true)] [string] $KmTraceType, [parameter(Mandatory=$false)] [bool] $KMDFVerifier = $false) - $CurrentDirectory = $PWD - Write-Host "Current directory: $CurrentDirectory" - Get-ChildItem -Path $PWD -File - # Install the Visual C++ Redistributable. try { Write-Host "Installing Visual C++ Redistributable from '$VcRedistPath'..." $process = Start-Process -FilePath $VcRedistPath -ArgumentList "/quiet", "/norestart" -Wait -PassThru - if ($process.ExitCode -eq 0) { - Write-Host "Visual C++ Redistributable installation completed successfully." - } else { - Write-Host "Visual C++ Redistributable installation failed. Exit code: $($process.ExitCode)" + if ($process.ExitCode -ne 0) { + Write-Host "Visual C++ Redistributable installation FAILED. Exit code: $($process.ExitCode)" exit 1 } Write-Host "Cleaning up..." Remove-Item $VcRedistPath -Force - Write-Host "Visual C++ Redistributable installation completed." + Write-Host "Visual C++ Redistributable installation completed successfully!" } catch { Write-Host "An exception occurred while installing Visual C++ Redistributable: $_" exit 1 @@ -119,12 +112,10 @@ function Install-eBPFComponents # Install the MSI package. try { - $arguments = "/i `"$MsiPath`" INSTALLFOLDER=`"$MsiInstallPath`" ADDLOCAL=ALL /qn /norestart /l*vx /log msi-install.log" - Write-Host "Installing MSI package with arguments: '$arguments'..." + $arguments = "/i $MsiPath /qn /norestart /l*vx /log msi-install.log ADDLOCAL=ADDLOCAL=eBPF_Runtime_Components,eBPF_Runtime_Components_JIT" + Write-Host "Installing the eBPF MSI package with arguments: '$arguments'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru - if ($process.ExitCode -eq 0) { - Write-Host "Installation successful!" - } else { + if ($process.ExitCode -ne 0) { Write-Host "MSI installation FAILED. Exit code: $($process.ExitCode)" $logContents = Get-Content -Path "msi-install.log" -ErrorAction SilentlyContinue if ($logContents) { @@ -135,6 +126,7 @@ function Install-eBPFComponents } exit 1; } + Write-Host "eBPF MSI installation completed successfully!" } catch { Write-Host "An error occurred while installing the MSI package: $_" exit 1; From d41558444fcc56369efd411e2252347e3e85c681 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 12 Mar 2024 14:00:55 -0700 Subject: [PATCH 30/56] wip --- scripts/check_msi_installation.ps1 | 2 +- scripts/install_ebpf.psm1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/check_msi_installation.ps1 b/scripts/check_msi_installation.ps1 index 162aa9a383..d87931676e 100644 --- a/scripts/check_msi_installation.ps1 +++ b/scripts/check_msi_installation.ps1 @@ -75,7 +75,7 @@ function Install-MsiPackage { $res = $true - $arguments = "/i $MsiPath /qn /norestart /l*vx /log msi-install.log $MsiAdditionalArguments" + $arguments = "/i $MsiPath /qn /norestart /l*v msi-install.log $MsiAdditionalArguments" Write-Host "Installing MSI package with arguments: '$arguments'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -eq 0) { diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 827b51bd11..c27354967b 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -112,7 +112,7 @@ function Install-eBPFComponents # Install the MSI package. try { - $arguments = "/i $MsiPath /qn /norestart /l*vx /log msi-install.log ADDLOCAL=ADDLOCAL=eBPF_Runtime_Components,eBPF_Runtime_Components_JIT" + $arguments = "/i $MsiPath /qn /norestart /l*v msi-install.log ADDLOCAL=ADDLOCAL=eBPF_Runtime_Components,eBPF_Runtime_Components_JIT" Write-Host "Installing the eBPF MSI package with arguments: '$arguments'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -ne 0) { From 666c25f9bcd58aa81037a61c613a1ba0298ad5e9 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 12 Mar 2024 14:37:51 -0700 Subject: [PATCH 31/56] wip --- scripts/install_ebpf.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index c27354967b..b823f1b02e 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -112,7 +112,7 @@ function Install-eBPFComponents # Install the MSI package. try { - $arguments = "/i $MsiPath /qn /norestart /l*v msi-install.log ADDLOCAL=ADDLOCAL=eBPF_Runtime_Components,eBPF_Runtime_Components_JIT" + $arguments = "/i $MsiPath /qn /norestart /l*v msi-install.log ADDLOCAL=eBPF_Runtime_Components,eBPF_Runtime_Components_JIT" Write-Host "Installing the eBPF MSI package with arguments: '$arguments'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -ne 0) { @@ -156,7 +156,7 @@ function Uninstall-eBPFComponents { # Uninstall the MSI package. Write-Host "Uninstalling eBPF MSI package at '$MsiPath'..." - $process = Start-Process -FilePath msiexec.exe -ArgumentList "/x $MsiPath /qn /norestart /log msi-uninstall.log" -Wait -PassThru + $process = Start-Process -FilePath msiexec.exe -ArgumentList "/x $MsiPath /qn /norestart /l*v msi-uninstall.log" -Wait -PassThru if ($process.ExitCode -eq 0) { Write-Host "Uninstallation successful!" } else { From 2a969e9723cbf6ae6c26c082e3e4e2b4983f7098 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 12 Mar 2024 15:22:32 -0700 Subject: [PATCH 32/56] test --- scripts/install_ebpf.psm1 | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index b823f1b02e..d050401135 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -88,6 +88,17 @@ function Start-WPRTrace } } +function Stop-eBPFComponents +{ + # Stop user mode service. + Stop-Service "eBPFSvc" -ErrorAction Ignore 2>&1 | Write-Log + + # Stop the drivers. + $EbpfDrivers.GetEnumerator() | ForEach-Object { + Stop-Service $_.Name -ErrorAction Ignore 2>&1 | Write-Log + } +} + function Install-eBPFComponents { param([parameter(Mandatory=$true)] [bool] $KmTracing, @@ -112,7 +123,7 @@ function Install-eBPFComponents # Install the MSI package. try { - $arguments = "/i $MsiPath /qn /norestart /l*v msi-install.log ADDLOCAL=eBPF_Runtime_Components,eBPF_Runtime_Components_JIT" + $arguments = "/i $MsiPath ADDLOCAL=ALL /qn /norestart /l*v msi-install.log" Write-Host "Installing the eBPF MSI package with arguments: '$arguments'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -ne 0) { @@ -132,6 +143,11 @@ function Install-eBPFComponents exit 1; } + # Debugging information. + sc.exe queryx ebpfcore | Write-Host + sc.exe queryx netebpfext | Write-Host + sc.exe queryx ebpfsvc | Write-Host + # Optionally enable KMDF verifier and tag tracking. if ($KMDFVerifier) { Enable-KMDFVerifier @@ -141,16 +157,6 @@ function Install-eBPFComponents Start-WPRTrace -KmTracing $KmTracing -KmTraceType $KmTraceType } -function Stop-eBPFComponents -{ - # Stop user mode service. - Stop-Service "eBPFSvc" -ErrorAction Ignore 2>&1 | Write-Log - - # Stop the drivers. - $EbpfDrivers.GetEnumerator() | ForEach-Object { - Stop-Service $_.Name -ErrorAction Ignore 2>&1 | Write-Log - } -} function Uninstall-eBPFComponents { From 77163e082efe098cfbc594e4cc6257aec698809e Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 12 Mar 2024 15:57:35 -0700 Subject: [PATCH 33/56] wip --- scripts/check_msi_installation.ps1 | 2 +- scripts/config_test_vm.psm1 | 1 - scripts/install_ebpf.psm1 | 5 +---- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/scripts/check_msi_installation.ps1 b/scripts/check_msi_installation.ps1 index d87931676e..9181703dc0 100644 --- a/scripts/check_msi_installation.ps1 +++ b/scripts/check_msi_installation.ps1 @@ -75,7 +75,7 @@ function Install-MsiPackage { $res = $true - $arguments = "/i $MsiPath /qn /norestart /l*v msi-install.log $MsiAdditionalArguments" + $arguments = "/i $MsiPath /qn /norestart /l*vx msi-install.log $MsiAdditionalArguments" Write-Host "Installing MSI package with arguments: '$arguments'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -eq 0) { diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 262adc2ac6..891ae50ca5 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -233,7 +233,6 @@ function Install-eBPFComponentsOnVM Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue Import-Module $WorkingDirectory\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue - Write-Host "Invoke-Command - Modules imported" Install-eBPFComponents -KmTracing $KmTracing -KmTraceType $KmTraceType -KMDFVerifier $true -ErrorAction Stop } -ArgumentList ("eBPF", $LogFileName, $KmTracing, $KmTraceType) -ErrorAction Stop Write-Log "eBPF components installed on $VMName" -ForegroundColor Green diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index d050401135..ffb4efed47 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -9,9 +9,6 @@ Import-Module $PSScriptRoot\common.psm1 -Force -ArgumentList ($LogFileName) -War $VcRedistPath = Join-Path $WorkingDirectory "vc_redist.x64.exe" $MsiPath = Join-Path $WorkingDirectory "ebpf-for-windows.msi" -$MsiInstallPath = Join-Path $env:ProgramFiles "ebpf-for-windows" - -Write-Host "install_ebpf - Modules imported" # eBPF Drivers. $EbpfDrivers = @@ -123,7 +120,7 @@ function Install-eBPFComponents # Install the MSI package. try { - $arguments = "/i $MsiPath ADDLOCAL=ALL /qn /norestart /l*v msi-install.log" + $arguments = "/i $MsiPath ADDLOCAL=ALL /qn /norestart /l*vx msi-install.log" Write-Host "Installing the eBPF MSI package with arguments: '$arguments'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -ne 0) { From 6b725ebabe34e693595f5169c6ec1d7c3b6efac9 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 12 Mar 2024 16:24:43 -0700 Subject: [PATCH 34/56] wip --- scripts/install_ebpf.psm1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index ffb4efed47..a0211b25ec 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -141,9 +141,9 @@ function Install-eBPFComponents } # Debugging information. - sc.exe queryx ebpfcore | Write-Host - sc.exe queryx netebpfext | Write-Host - sc.exe queryx ebpfsvc | Write-Host + sc.exe query ebpfcore | Write-Host + sc.exe query netebpfext | Write-Host + sc.exe query ebpfsvc | Write-Host # Optionally enable KMDF verifier and tag tracking. if ($KMDFVerifier) { From a404924fbda0baa66cd3757ab91ba8ff7d322e82 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 13 Mar 2024 21:49:25 -0700 Subject: [PATCH 35/56] fix debug installation --- scripts/config_test_vm.psm1 | 6 +++ scripts/install_ebpf.psm1 | 79 ++++++++++++++++++++++++++----------- 2 files changed, 62 insertions(+), 23 deletions(-) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 891ae50ca5..fb550429c2 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -234,6 +234,9 @@ function Install-eBPFComponentsOnVM Import-Module $WorkingDirectory\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue Install-eBPFComponents -KmTracing $KmTracing -KmTraceType $KmTraceType -KMDFVerifier $true -ErrorAction Stop + if ($LASTEXITCODE -ne 0) { + throw "Install-eBPFComponents failed with exit code $LASTEXITCODE" + } } -ArgumentList ("eBPF", $LogFileName, $KmTracing, $KmTraceType) -ErrorAction Stop Write-Log "eBPF components installed on $VMName" -ForegroundColor Green } @@ -253,6 +256,9 @@ function Uninstall-eBPFComponentsOnVM Import-Module $WorkingDirectory\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue Uninstall-eBPFComponents + if ($LASTEXITCODE -ne 0) { + throw "Uninstall-eBPFComponents failed with exit code $LASTEXITCODE" + } } -ArgumentList ("eBPF", $LogFileName) -ErrorAction Stop Write-Log "eBPF components uninstalled on $VMName" -ForegroundColor Green } diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index a0211b25ec..b5d5408258 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -18,6 +18,21 @@ $EbpfDrivers = "SampleEbpfExt" = "sample_ebpf_ext.sys" } +# eBPF Debug Runtime DLLs. +$VCDebugRuntime = @( + "concrt140d.dll", + "msvcp140d.dll", + "msvcp140d_atomic_wait.dll", + "msvcp140d_codecvt_ids.dll", + "msvcp140_1d.dll", + "msvcp140_2d.dll", + "vccorlib140d.dll", + "vcruntime140d.dll", + "vcruntime140_1d.dll", + "vcruntime140_threadsd.dll", + "ucrtbased.dll" +) + function Enable-KMDFVerifier { # Install drivers. @@ -102,48 +117,67 @@ function Install-eBPFComponents [parameter(Mandatory=$true)] [string] $KmTraceType, [parameter(Mandatory=$false)] [bool] $KMDFVerifier = $false) - # Install the Visual C++ Redistributable. + # Install the Visual C++ Redistributable (Release version, which is required for the MSI installation). try { - Write-Host "Installing Visual C++ Redistributable from '$VcRedistPath'..." + Write-Log("Installing Visual C++ Redistributable from '$VcRedistPath'...") $process = Start-Process -FilePath $VcRedistPath -ArgumentList "/quiet", "/norestart" -Wait -PassThru if ($process.ExitCode -ne 0) { - Write-Host "Visual C++ Redistributable installation FAILED. Exit code: $($process.ExitCode)" + Write-Log("Visual C++ Redistributable installation FAILED. Exit code: $($process.ExitCode)") -ForegroundColor Red exit 1 } - Write-Host "Cleaning up..." + Write-Log("Cleaning up...") Remove-Item $VcRedistPath -Force - Write-Host "Visual C++ Redistributable installation completed successfully!" + Write-Log("Visual C++ Redistributable installation completed successfully!") -ForegroundColor Green } catch { - Write-Host "An exception occurred while installing Visual C++ Redistributable: $_" + Write-Log("An exception occurred while installing Visual C++ Redistributable: $_") -ForegroundColor Red + exit 1 + } + + # Copy the VC debug runtime DLLs to the system32 directory, + # so that debug versions of the MSI can be installed (i.e. export_program_info.exe will not fail). + try { + $system32Path = Join-Path $env:SystemRoot "System32" + Write-Log("Copying VC debug runtime DLLs to the $system32Path directory...") + $VCDebugRuntime | ForEach-Object { + $sourcePath = Join-Path $WorkingDirectory $_ + $destinationPath = Join-Path $system32Path $_ + Write-Log("Copying '$sourcePath' to '$destinationPath'...") + Copy-Item -Path $sourcePath -Destination $destinationPath -Force + } + Write-Log("VC debug runtime DLLs copied successfully!") -ForegroundColor Green + } + catch { + Write-Log("An exception occurred while copying VC debug runtime DLLs: $_") -ForegroundColor Red exit 1 } # Install the MSI package. try { $arguments = "/i $MsiPath ADDLOCAL=ALL /qn /norestart /l*vx msi-install.log" - Write-Host "Installing the eBPF MSI package with arguments: '$arguments'..." + Write-Log("Installing the eBPF MSI package: 'msiexec.exe $arguments'...") $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -ne 0) { - Write-Host "MSI installation FAILED. Exit code: $($process.ExitCode)" + Write-Log("MSI installation FAILED. Exit code: $($process.ExitCode)") -ForegroundColor Red $logContents = Get-Content -Path "msi-install.log" -ErrorAction SilentlyContinue if ($logContents) { - Write-Host "Contents of msi-install.log:" - Write-Host $logContents + Write-Log("Contents of msi-install.log:") + Write-Log($logContents) } else { - Write-Host "msi-install.log not found or empty." + Write-Log("msi-install.log not found or empty.") -ForegroundColor Red } exit 1; } - Write-Host "eBPF MSI installation completed successfully!" + Write-Log("eBPF MSI installation completed successfully!") -ForegroundColor Green } catch { - Write-Host "An error occurred while installing the MSI package: $_" + Write-Log("An error occurred while installing the MSI package: $_") -ForegroundColor Red exit 1; } # Debugging information. - sc.exe query ebpfcore | Write-Host - sc.exe query netebpfext | Write-Host - sc.exe query ebpfsvc | Write-Host + Write-Log("Querying the status of eBPF services...") + sc.exe query ebpfcore | Write-Log + sc.exe query netebpfext | Write-Log + sc.exe query ebpfsvc | Write-Log # Optionally enable KMDF verifier and tag tracking. if ($KMDFVerifier) { @@ -154,23 +188,22 @@ function Install-eBPFComponents Start-WPRTrace -KmTracing $KmTracing -KmTraceType $KmTraceType } - function Uninstall-eBPFComponents { # Uninstall the MSI package. - Write-Host "Uninstalling eBPF MSI package at '$MsiPath'..." + Write-Log("Uninstalling eBPF MSI package at '$MsiPath'...") $process = Start-Process -FilePath msiexec.exe -ArgumentList "/x $MsiPath /qn /norestart /l*v msi-uninstall.log" -Wait -PassThru if ($process.ExitCode -eq 0) { - Write-Host "Uninstallation successful!" + Write-Log("Uninstallation successful!") -ForegroundColor Green } else { $exceptionMessage = "Uninstallation FAILED. Exit code: $($process.ExitCode)" - Write-Host $exceptionMessage + Write-Log($exceptionMessage) -ForegroundColor Red $logContents = Get-Content -Path "msi-uninstall.log" -ErrorAction SilentlyContinue if ($logContents) { - Write-Host "Contents of msi-uninstall.log:" - Write-Host $logContents + Write-Log("Contents of msi-uninstall.log:") + Write-Log($logContents) } else { - Write-Host "msi-uninstall.log not found or empty." + Write-Log("msi-uninstall.log not found or empty.") -ForegroundColor Red } } From bb8f710fc650c983c54000e900b37dffd39aafb5 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 13 Mar 2024 22:16:26 -0700 Subject: [PATCH 36/56] update VM install doc --- docs/InstallEbpf.md | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/docs/InstallEbpf.md b/docs/InstallEbpf.md index 48c53dc770..f827976c15 100644 --- a/docs/InstallEbpf.md +++ b/docs/InstallEbpf.md @@ -112,11 +112,11 @@ has already built the binaries for `x64/Debug` or `x64/Release`. ### Method 3 (Install files you built yourself, with a VM checkpoint) -This method uses a machine that -has already built the binaries for `x64/Debug` or `x64/Release`. +This method uses a machine that has already built the binaries for + the desired build configuration, i.e. `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease]`. -Copy the build output in `\x64\[Debug|Release]` to the host of the test VM and run the following in a Powershell -command prompt: +Copy the build output in `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease]` to the host of the test VM and run the following in a Powershell + command prompt: 1. Create a snapshot of the test VM named **baseline**, by running: @@ -134,20 +134,25 @@ command prompt: New-StoredCredential -Target TEST_VM -Username -Password -Persist LocalMachine ``` - > Note that "`TEST_VM`" is literal and is used in step 5 below; it need not be the name of any actual test VM. -1. Enter the `\x64\[Debug|Release]` directory (`cd`) where the build artifacts are stored. -1. Modify `.\vm_list.json` to specify the name of the test VM under `VMList`, eg: + > Note that "`TEST_VM`" is literal and is later used to lookup the actual VM name; it need not be the name of any actual test VM. +1. Enter the desired directory (`cd`) where the build artifacts are stored (i.e. `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease]`). +1. Modify `.\test_execution.json` to specify the name of the test VM under the `VMMap` attribute, e.g.: ```json { ... - "VMList": - [ - { - "Name": "" - } - ] + "VMMap": + { + "TEST_VM": + [ + { + "Name": "" + } + ], + ... + } + ... } ``` From 85f192e5190423373c80dfd5b13a22a5ff515e04 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 13 Mar 2024 22:54:28 -0700 Subject: [PATCH 37/56] wip --- scripts/install_ebpf.psm1 | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index b5d5408258..964d02abed 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -136,15 +136,21 @@ function Install-eBPFComponents # Copy the VC debug runtime DLLs to the system32 directory, # so that debug versions of the MSI can be installed (i.e. export_program_info.exe will not fail). try { - $system32Path = Join-Path $env:SystemRoot "System32" Write-Log("Copying VC debug runtime DLLs to the $system32Path directory...") - $VCDebugRuntime | ForEach-Object { - $sourcePath = Join-Path $WorkingDirectory $_ - $destinationPath = Join-Path $system32Path $_ - Write-Log("Copying '$sourcePath' to '$destinationPath'...") - Copy-Item -Path $sourcePath -Destination $destinationPath -Force + # Test is the VC debuf runtime DLLs are present in the working directory (indicating a debug build). + $VCDebugRuntime = $VCDebugRuntime | Where-Object { Test-Path (Join-Path $WorkingDirectory $_) } + if (-not $VCDebugRuntime) { + Write-Log("VC debug runtime DLLs not found in the working directory (i.e. release build). Skipping this step.") -ForegroundColor Yellow + } else { + $system32Path = Join-Path $env:SystemRoot "System32" + $VCDebugRuntime | ForEach-Object { + $sourcePath = Join-Path $WorkingDirectory $_ + $destinationPath = Join-Path $system32Path $_ + Write-Log("Copying '$sourcePath' to '$destinationPath'...") + Copy-Item -Path $sourcePath -Destination $destinationPath -Force + } + Write-Log("VC debug runtime DLLs copied successfully!") -ForegroundColor Green } - Write-Log("VC debug runtime DLLs copied successfully!") -ForegroundColor Green } catch { Write-Log("An exception occurred while copying VC debug runtime DLLs: $_") -ForegroundColor Red From dbdc7d06b2e3e34d74f593ff63cf51911d678828 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 14 Mar 2024 15:21:56 -0700 Subject: [PATCH 38/56] wip --- scripts/install_ebpf.psm1 | 106 ++++++++++++++++++++++++++++++-------- 1 file changed, 84 insertions(+), 22 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 964d02abed..1b663c8468 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -11,11 +11,27 @@ $VcRedistPath = Join-Path $WorkingDirectory "vc_redist.x64.exe" $MsiPath = Join-Path $WorkingDirectory "ebpf-for-windows.msi" # eBPF Drivers. -$EbpfDrivers = -@{ - "EbpfCore" = "ebpfcore.sys"; - "NetEbpfExt" = "netebpfext.sys"; - "SampleEbpfExt" = "sample_ebpf_ext.sys" +$EbpfDrivers = @{ + "EbpfCore" = [PSCustomObject]@{ + "Name" = "ebpfcore.sys" + "IsDriver" = $true + "InstalledByMsi" = $true + } + "NetEbpfExt" = [PSCustomObject]@{ + "Name" = "netebpfext.sys" + "IsDriver" = $true + "InstalledByMsi" = $true + } + "SampleEbpfExt" = [PSCustomObject]@{ + "Name" = "sample_ebpf_ext.sys" + "IsDriver" = $true + "InstalledByMsi" = $false + } + "EbpfSvc" = [PSCustomObject]@{ + "Name" = "ebpfsvc.exe" + "IsDriver" = $false + "InstalledByMsi" = $true + } } # eBPF Debug Runtime DLLs. @@ -35,11 +51,14 @@ $VCDebugRuntime = @( function Enable-KMDFVerifier { - # Install drivers. + # Enable KMDF verifier for the eBPF drivers. $EbpfDrivers.GetEnumerator() | ForEach-Object { - New-Item -Path ("HKLM:\System\CurrentControlSet\Services\{0}\Parameters\Wdf" -f $_.Name) -Force -ErrorAction Stop - New-ItemProperty -Path ("HKLM:\System\CurrentControlSet\Services\{0}\Parameters\Wdf" -f $_.Name) -Name "VerifierOn" -Value 1 -PropertyType DWord -Force -ErrorAction Stop - New-ItemProperty -Path ("HKLM:\System\CurrentControlSet\Services\{0}\Parameters\Wdf" -f $_.Name) -Name "TrackHandles" -Value "*" -PropertyType MultiString -Force -ErrorAction Stop + if ($_.Value.IsDriver) { + Write-Log ("Enabling KMDF verifier for $($_.Key)...") + New-Item -Path ("HKLM:\System\CurrentControlSet\Services\{0}\Parameters\Wdf" -f $_.Name) -Force -ErrorAction Stop + New-ItemProperty -Path ("HKLM:\System\CurrentControlSet\Services\{0}\Parameters\Wdf" -f $_.Name) -Name "VerifierOn" -Value 1 -PropertyType DWord -Force -ErrorAction Stop + New-ItemProperty -Path ("HKLM:\System\CurrentControlSet\Services\{0}\Parameters\Wdf" -f $_.Name) -Name "TrackHandles" -Value "*" -PropertyType MultiString -Force -ErrorAction Stop + } } } @@ -102,10 +121,7 @@ function Start-WPRTrace function Stop-eBPFComponents { - # Stop user mode service. - Stop-Service "eBPFSvc" -ErrorAction Ignore 2>&1 | Write-Log - - # Stop the drivers. + # Stop the drivers and services. $EbpfDrivers.GetEnumerator() | ForEach-Object { Stop-Service $_.Name -ErrorAction Ignore 2>&1 | Write-Log } @@ -123,14 +139,14 @@ function Install-eBPFComponents $process = Start-Process -FilePath $VcRedistPath -ArgumentList "/quiet", "/norestart" -Wait -PassThru if ($process.ExitCode -ne 0) { Write-Log("Visual C++ Redistributable installation FAILED. Exit code: $($process.ExitCode)") -ForegroundColor Red - exit 1 + throw ("Visual C++ Redistributable installation FAILED. Exit code: $($process.ExitCode)") } Write-Log("Cleaning up...") Remove-Item $VcRedistPath -Force Write-Log("Visual C++ Redistributable installation completed successfully!") -ForegroundColor Green } catch { Write-Log("An exception occurred while installing Visual C++ Redistributable: $_") -ForegroundColor Red - exit 1 + throw ("An exception occurred while installing Visual C++ Redistributable: $_") } # Copy the VC debug runtime DLLs to the system32 directory, @@ -154,7 +170,7 @@ function Install-eBPFComponents } catch { Write-Log("An exception occurred while copying VC debug runtime DLLs: $_") -ForegroundColor Red - exit 1 + throw ("An exception occurred while copying VC debug runtime DLLs: $_") } # Install the MSI package. @@ -171,19 +187,65 @@ function Install-eBPFComponents } else { Write-Log("msi-install.log not found or empty.") -ForegroundColor Red } - exit 1; + throw ("MSI installation FAILED. Exit code: $($process.ExitCode)") } Write-Log("eBPF MSI installation completed successfully!") -ForegroundColor Green } catch { Write-Log("An error occurred while installing the MSI package: $_") -ForegroundColor Red - exit 1; + throw ("An error occurred while installing the MSI package: $_") } + # Install the extra drivers that are not installed by the MSI package. + $EbpfDrivers.GetEnumerator() | ForEach-Object { + if (-not $_.Value.InstalledByMsi) { + $driverPath = if (Test-Path -Path ("$pwd\{0}" -f $_.Value.Name)) { + "$pwd\{0}" -f $_.Value.Name + } elseif (Test-Path -Path ("$pwd\drivers\{0}" -f $_.Value.Name)) { + "$pwd\drivers\{0}" -f $_.Value.Name + } else { + throw ("Driver file not found for $($_.Key).") + } + + Write-Log ("Installing $($_.Key)...") -ForegroundColor Green + $createServiceOutput = sc.exe create $_.Key type=kernel start=demand binpath=$driverPath 2>&1 + Write-Log $createServiceOutput + + if ($LASTEXITCODE -ne 0) { + throw ("Failed to create $($_.Key) driver.") + } else { + Write-Log ("$($_.Key) driver created.") -ForegroundColor Green + + # Start the service + Write-Log ("Starting $($_.Key) service...") -ForegroundColor Green + $startServiceOutput = sc.exe start $_.Key 2>&1 + Write-Log $startServiceOutput + + if ($LASTEXITCODE -ne 0) { + throw ("Failed to start $($_.Key) service.") + } else { + Write-Log ("$($_.Key) service started.") -ForegroundColor Green + } + } + } + } + + # Export program info for the sample driver. + Write-Log("Running 'export_program_info_sample.exe'...") + if (Test-Path -Path "export_program_info_sample.exe") { + .\export_program_info_sample.exe + if ($LASTEXITCODE -ne 0) { + throw ("Failed to run 'export_program_info_sample.exe'."); + } else { + Write-Log "'export_program_info_sample.exe' succeeded." -ForegroundColor Green + } + } + + # Debugging information. - Write-Log("Querying the status of eBPF services...") - sc.exe query ebpfcore | Write-Log - sc.exe query netebpfext | Write-Log - sc.exe query ebpfsvc | Write-Log + Write-Log("Querying the status of eBPF drivers and services...") + $EbpfDrivers.GetEnumerator() | ForEach-Object { + sc.exe query $_.Key | Write-Log + } # Optionally enable KMDF verifier and tag tracking. if ($KMDFVerifier) { From d28c36c55e7a2ff1e3e441c7d927e69b79bcd519 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 14 Mar 2024 15:27:15 -0700 Subject: [PATCH 39/56] wip --- scripts/install_ebpf.psm1 | 43 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 1b663c8468..f503e23ab5 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -240,7 +240,6 @@ function Install-eBPFComponents } } - # Debugging information. Write-Log("Querying the status of eBPF drivers and services...") $EbpfDrivers.GetEnumerator() | ForEach-Object { @@ -275,6 +274,48 @@ function Uninstall-eBPFComponents } } + # Uninstall the extra drivers that are not installed by the MSI package. + $EbpfDrivers.GetEnumerator() | ForEach-Object { + if (-not $_.Value.InstalledByMsi) { + # Stop the service + Write-Log ("Stopping $($_.Key) service...") -ForegroundColor Green + $stopServiceOutput = sc.exe stop $_.Key 2>&1 + Write-Log $stopServiceOutput + + if ($LASTEXITCODE -ne 0) { + Write-Log ("Failed to stop $($_.Key) service.") -ForegroundColor Red + } else { + Write-Log ("$($_.Key) service stopped.") -ForegroundColor Green + + # Delete the service + Write-Log ("Deleting $($_.Key) service...") -ForegroundColor Green + $deleteServiceOutput = sc.exe delete $_.Key 2>&1 + Write-Log $deleteServiceOutput + + if ($LASTEXITCODE -ne 0) { + Write-Log ("Failed to delete $($_.Key) service.") -ForegroundColor Red + } else { + Write-Log ("$($_.Key) service deleted.") -ForegroundColor Green + } + } + + # Check if the driver file exists and delete it + $driverPath = if (Test-Path -Path ("$pwd\{0}" -f $_.Value.Name)) { + "$pwd\{0}" -f $_.Value.Name + } elseif (Test-Path -Path ("$pwd\drivers\{0}" -f $_.Value.Name)) { + "$pwd\drivers\{0}" -f $_.Value.Name + } + + if ($driverPath -ne $null) { + Write-Log ("Deleting driver file: $driverPath") -ForegroundColor Green + Remove-Item -Path $driverPath -Force -ErrorAction SilentlyContinue + } else { + Write-Log ("Driver file not found for $($_.Key).") -ForegroundColor Red + } + } + } + + # Stop KM tracing. wpr.exe -cancel } From 4168b4ce0e97fed26f8d4f3a1b088c264d2c5a25 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 14 Mar 2024 16:33:13 -0700 Subject: [PATCH 40/56] wip --- scripts/config_test_vm.psm1 | 6 ------ scripts/install_ebpf.psm1 | 35 +++++++++++++++++------------------ 2 files changed, 17 insertions(+), 24 deletions(-) diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index fb550429c2..891ae50ca5 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -234,9 +234,6 @@ function Install-eBPFComponentsOnVM Import-Module $WorkingDirectory\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue Install-eBPFComponents -KmTracing $KmTracing -KmTraceType $KmTraceType -KMDFVerifier $true -ErrorAction Stop - if ($LASTEXITCODE -ne 0) { - throw "Install-eBPFComponents failed with exit code $LASTEXITCODE" - } } -ArgumentList ("eBPF", $LogFileName, $KmTracing, $KmTraceType) -ErrorAction Stop Write-Log "eBPF components installed on $VMName" -ForegroundColor Green } @@ -256,9 +253,6 @@ function Uninstall-eBPFComponentsOnVM Import-Module $WorkingDirectory\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue Uninstall-eBPFComponents - if ($LASTEXITCODE -ne 0) { - throw "Uninstall-eBPFComponents failed with exit code $LASTEXITCODE" - } } -ArgumentList ("eBPF", $LogFileName) -ErrorAction Stop Write-Log "eBPF components uninstalled on $VMName" -ForegroundColor Green } diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index f503e23ab5..f186bff1da 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -257,24 +257,7 @@ function Install-eBPFComponents function Uninstall-eBPFComponents { - # Uninstall the MSI package. - Write-Log("Uninstalling eBPF MSI package at '$MsiPath'...") - $process = Start-Process -FilePath msiexec.exe -ArgumentList "/x $MsiPath /qn /norestart /l*v msi-uninstall.log" -Wait -PassThru - if ($process.ExitCode -eq 0) { - Write-Log("Uninstallation successful!") -ForegroundColor Green - } else { - $exceptionMessage = "Uninstallation FAILED. Exit code: $($process.ExitCode)" - Write-Log($exceptionMessage) -ForegroundColor Red - $logContents = Get-Content -Path "msi-uninstall.log" -ErrorAction SilentlyContinue - if ($logContents) { - Write-Log("Contents of msi-uninstall.log:") - Write-Log($logContents) - } else { - Write-Log("msi-uninstall.log not found or empty.") -ForegroundColor Red - } - } - - # Uninstall the extra drivers that are not installed by the MSI package. + # Firstly, uninstall the extra drivers that are not installed by the MSI package. $EbpfDrivers.GetEnumerator() | ForEach-Object { if (-not $_.Value.InstalledByMsi) { # Stop the service @@ -315,6 +298,22 @@ function Uninstall-eBPFComponents } } + # Uninstall the MSI package. + Write-Log("Uninstalling eBPF MSI package at '$MsiPath'...") + $process = Start-Process -FilePath msiexec.exe -ArgumentList "/x $MsiPath /qn /norestart /l*v msi-uninstall.log" -Wait -PassThru + if ($process.ExitCode -eq 0) { + Write-Log("Uninstallation successful!") -ForegroundColor Green + } else { + $exceptionMessage = "Uninstallation FAILED. Exit code: $($process.ExitCode)" + Write-Log($exceptionMessage) -ForegroundColor Red + $logContents = Get-Content -Path "msi-uninstall.log" -ErrorAction SilentlyContinue + if ($logContents) { + Write-Log("Contents of msi-uninstall.log:") + Write-Log($logContents) + } else { + Write-Log("msi-uninstall.log not found or empty.") -ForegroundColor Red + } + } # Stop KM tracing. wpr.exe -cancel From f596a2909e4609b08ed858f91a382ccb11235fd4 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 14 Mar 2024 17:13:51 -0700 Subject: [PATCH 41/56] wip --- scripts/install_ebpf.psm1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index f186bff1da..4a6a553848 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -121,6 +121,9 @@ function Start-WPRTrace function Stop-eBPFComponents { + # First, stop user mode service, so that EbpfCore does not hang on stop. + Stop-Service "eBPFSvc" -ErrorAction Ignore 2>&1 | Write-Log + # Stop the drivers and services. $EbpfDrivers.GetEnumerator() | ForEach-Object { Stop-Service $_.Name -ErrorAction Ignore 2>&1 | Write-Log From 5fcda40a815e7d2f57e6fa1919e7c339a983fd68 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 14 Mar 2024 20:15:09 -0700 Subject: [PATCH 42/56] improve msi log readability --- scripts/install_ebpf.psm1 | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 4a6a553848..36ddff5b91 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -178,17 +178,17 @@ function Install-eBPFComponents # Install the MSI package. try { - $arguments = "/i $MsiPath ADDLOCAL=ALL /qn /norestart /l*vx msi-install.log" + $arguments = "/i $MsiPath ADDLOCAL=ALL /qn /norestart /l*v msi-install.log" Write-Log("Installing the eBPF MSI package: 'msiexec.exe $arguments'...") $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -ne 0) { Write-Log("MSI installation FAILED. Exit code: $($process.ExitCode)") -ForegroundColor Red - $logContents = Get-Content -Path "msi-install.log" -ErrorAction SilentlyContinue - if ($logContents) { - Write-Log("Contents of msi-install.log:") - Write-Log($logContents) - } else { - Write-Log("msi-install.log not found or empty.") -ForegroundColor Red + + # For clear readability within the CICD pipeline and final uploaded log output, + # read each line of the log file and print it (otherwise all the log content is printed as a single line). + Write-Log("Contents of msi-install.log:") + Get-Content -Path "msi-install.log" | ForEach-Object { + Write-Log($_) } throw ("MSI installation FAILED. Exit code: $($process.ExitCode)") } @@ -309,12 +309,12 @@ function Uninstall-eBPFComponents } else { $exceptionMessage = "Uninstallation FAILED. Exit code: $($process.ExitCode)" Write-Log($exceptionMessage) -ForegroundColor Red - $logContents = Get-Content -Path "msi-uninstall.log" -ErrorAction SilentlyContinue - if ($logContents) { - Write-Log("Contents of msi-uninstall.log:") - Write-Log($logContents) - } else { - Write-Log("msi-uninstall.log not found or empty.") -ForegroundColor Red + + # For clear readability within the CICD pipeline and final uploaded log output, + # read each line of the log file and print it (otherwise all the log content is printed as a single line). + Write-Log("Contents of msi-uninstall.log:") + Get-Content -Path "msi-uninstall.log" | ForEach-Object { + Write-Log($_) } } From c54357d5ba3b7de3193720559f2b0e55fafa5f5b Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Fri, 15 Mar 2024 13:45:07 -0700 Subject: [PATCH 43/56] wip --- scripts/cleanup_ebpf_cicd_tests.ps1 | 6 +- scripts/config_test_vm.psm1 | 1 - scripts/install_ebpf.psm1 | 182 +++++++++++++--------------- 3 files changed, 85 insertions(+), 104 deletions(-) diff --git a/scripts/cleanup_ebpf_cicd_tests.ps1 b/scripts/cleanup_ebpf_cicd_tests.ps1 index 0bc0447e49..29d440222b 100644 --- a/scripts/cleanup_ebpf_cicd_tests.ps1 +++ b/scripts/cleanup_ebpf_cicd_tests.ps1 @@ -21,9 +21,6 @@ Import-Module .\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName $TestExecutionConfig = Get-Content ("{0}\{1}" -f $PSScriptRoot, $TestExecutionJsonFileName) | ConvertFrom-Json $VMList = $TestExecutionConfig.VMMap.$SelfHostedRunnerName -# Import logs from VMs. -Import-ResultsFromVM -VMList $VMList -KmTracing $KmTracing - # Uninstall eBPF Components on the test VM. foreach($VM in $VMList) { $VMName = $VM.Name @@ -31,6 +28,9 @@ foreach($VM in $VMList) { Uninstall-eBPFComponentsOnVM -VMName $VMname -ErrorAction Stop } +# Import logs from VMs. +Import-ResultsFromVM -VMList $VMList -KmTracing $KmTracing + # Stop the VMs. Stop-AllVMs -VMList $VMList Restore-AllVMs -VMList $VMList diff --git a/scripts/config_test_vm.psm1 b/scripts/config_test_vm.psm1 index 891ae50ca5..b2313e5b32 100644 --- a/scripts/config_test_vm.psm1 +++ b/scripts/config_test_vm.psm1 @@ -303,7 +303,6 @@ function Import-ResultsFromVM if (!(Test-Path ".\TestLogs\$VMName\Logs")) { New-Item -ItemType Directory -Path ".\TestLogs\$VMName\Logs" } - $VMTemp = Invoke-Command -Session $VMSession -ScriptBlock {return $Env:TEMP} Write-Log ("Copy $LogFileName from $VMTemp on $VMName to $pwd\TestLogs") Copy-Item -FromSession $VMSession "$VMTemp\$LogFileName" -Destination ".\TestLogs\$VMName\Logs" -Recurse -Force -ErrorAction Ignore 2>&1 | Write-Log diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 36ddff5b91..94524f9c96 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -54,7 +54,7 @@ function Enable-KMDFVerifier # Enable KMDF verifier for the eBPF drivers. $EbpfDrivers.GetEnumerator() | ForEach-Object { if ($_.Value.IsDriver) { - Write-Log ("Enabling KMDF verifier for $($_.Key)...") + Write-Log("Enabling KMDF verifier for $($_.Key)...") New-Item -Path ("HKLM:\System\CurrentControlSet\Services\{0}\Parameters\Wdf" -f $_.Name) -Force -ErrorAction Stop New-ItemProperty -Path ("HKLM:\System\CurrentControlSet\Services\{0}\Parameters\Wdf" -f $_.Name) -Name "VerifierOn" -Value 1 -PropertyType DWord -Force -ErrorAction Stop New-ItemProperty -Path ("HKLM:\System\CurrentControlSet\Services\{0}\Parameters\Wdf" -f $_.Name) -Name "TrackHandles" -Value "*" -PropertyType MultiString -Force -ErrorAction Stop @@ -70,7 +70,7 @@ function Start-WPRTrace param([parameter(Mandatory=$true)][bool] $KmTracing, [parameter(Mandatory=$true)][string] $KmTraceType) - Write-Log ("kernel mode ETW tracing: " + $KmTracing) + Write-Log("kernel mode ETW tracing: " + $KmTracing) if ($KmTracing) { if ($KmTraceType -eq "file") { @@ -88,14 +88,14 @@ function Start-WPRTrace } if ($ProcInfo.ExitCode -ne 0) { - Write-log ("wpr.exe start ETL trace failed. Exit code: " + $ProcInfo.ExitCode) + Write-Log("wpr.exe start ETL trace failed. Exit code: " + $ProcInfo.ExitCode) Write-log "wpr.exe (start) error output: " foreach ($line in get-content -Path .\StdErr.txt) { - write-log ( "`t" + $line) + Write-Log( "`t" + $line) } throw "Start ETL trace failed." } - Write-Log ("Start ETL trace success. wpr.exe exit code: " + $ProcInfo.ExitCode + "`n") + Write-Log("Start ETL trace success. wpr.exe exit code: " + $ProcInfo.ExitCode + "`n") Write-Log "Query ETL tracing status after trace start" $ProcInfo = Start-Process -FilePath "wpr.exe" ` @@ -103,19 +103,19 @@ function Start-WPRTrace -NoNewWindow -Wait -PassThru ` -RedirectStandardOut .\StdOut.txt -RedirectStandardError .\StdErr.txt if ($ProcInfo.ExitCode -ne 0) { - Write-log ("wpr.exe query ETL trace status failed. Exit code: " + $ProcInfo.ExitCode) + Write-Log("wpr.exe query ETL trace status failed. Exit code: " + $ProcInfo.ExitCode) Write-log "wpr.exe (query) error output: " foreach ($line in get-content -Path .\StdErr.txt) { - write-log ( "`t" + $line) + Write-Log( "`t" + $line) } throw "Query ETL trace status failed." } else { Write-log "wpr.exe (query) results: " foreach ($line in get-content -Path .\StdOut.txt) { - write-log ( " `t" + $line) + Write-Log( " `t" + $line) } } - Write-Log ("Query ETL trace status success. wpr.exe exit code: " + $ProcInfo.ExitCode + "`n" ) + Write-Log("Query ETL trace status success. wpr.exe exit code: " + $ProcInfo.ExitCode + "`n" ) } } @@ -137,66 +137,50 @@ function Install-eBPFComponents [parameter(Mandatory=$false)] [bool] $KMDFVerifier = $false) # Install the Visual C++ Redistributable (Release version, which is required for the MSI installation). - try { - Write-Log("Installing Visual C++ Redistributable from '$VcRedistPath'...") - $process = Start-Process -FilePath $VcRedistPath -ArgumentList "/quiet", "/norestart" -Wait -PassThru - if ($process.ExitCode -ne 0) { - Write-Log("Visual C++ Redistributable installation FAILED. Exit code: $($process.ExitCode)") -ForegroundColor Red - throw ("Visual C++ Redistributable installation FAILED. Exit code: $($process.ExitCode)") - } - Write-Log("Cleaning up...") - Remove-Item $VcRedistPath -Force - Write-Log("Visual C++ Redistributable installation completed successfully!") -ForegroundColor Green - } catch { - Write-Log("An exception occurred while installing Visual C++ Redistributable: $_") -ForegroundColor Red - throw ("An exception occurred while installing Visual C++ Redistributable: $_") + Write-Log("Installing Visual C++ Redistributable from '$VcRedistPath'...") + $process = Start-Process -FilePath $VcRedistPath -ArgumentList "/quiet", "/norestart" -Wait -PassThru + if ($process.ExitCode -ne 0) { + Write-Log("Visual C++ Redistributable installation FAILED. Exit code: $($process.ExitCode)") -ForegroundColor Red + throw ("Visual C++ Redistributable installation FAILED. Exit code: $($process.ExitCode)") } + Write-Log("Cleaning up...") + Remove-Item $VcRedistPath -Force + Write-Log("Visual C++ Redistributable installation completed successfully!") -ForegroundColor Green # Copy the VC debug runtime DLLs to the system32 directory, # so that debug versions of the MSI can be installed (i.e. export_program_info.exe will not fail). - try { - Write-Log("Copying VC debug runtime DLLs to the $system32Path directory...") - # Test is the VC debuf runtime DLLs are present in the working directory (indicating a debug build). - $VCDebugRuntime = $VCDebugRuntime | Where-Object { Test-Path (Join-Path $WorkingDirectory $_) } - if (-not $VCDebugRuntime) { - Write-Log("VC debug runtime DLLs not found in the working directory (i.e. release build). Skipping this step.") -ForegroundColor Yellow - } else { - $system32Path = Join-Path $env:SystemRoot "System32" - $VCDebugRuntime | ForEach-Object { - $sourcePath = Join-Path $WorkingDirectory $_ - $destinationPath = Join-Path $system32Path $_ - Write-Log("Copying '$sourcePath' to '$destinationPath'...") - Copy-Item -Path $sourcePath -Destination $destinationPath -Force - } - Write-Log("VC debug runtime DLLs copied successfully!") -ForegroundColor Green + Write-Log("Copying VC debug runtime DLLs to the $system32Path directory...") + # Test is the VC debuf runtime DLLs are present in the working directory (indicating a debug build). + $VCDebugRuntime = $VCDebugRuntime | Where-Object { Test-Path (Join-Path $WorkingDirectory $_) } + if (-not $VCDebugRuntime) { + Write-Log("VC debug runtime DLLs not found in the working directory (i.e. release build). Skipping this step.") -ForegroundColor Yellow + } else { + $system32Path = Join-Path $env:SystemRoot "System32" + $VCDebugRuntime | ForEach-Object { + $sourcePath = Join-Path $WorkingDirectory $_ + $destinationPath = Join-Path $system32Path $_ + Write-Log("Copying '$sourcePath' to '$destinationPath'...") + Copy-Item -Path $sourcePath -Destination $destinationPath -Force } - } - catch { - Write-Log("An exception occurred while copying VC debug runtime DLLs: $_") -ForegroundColor Red - throw ("An exception occurred while copying VC debug runtime DLLs: $_") + Write-Log("VC debug runtime DLLs copied successfully!") -ForegroundColor Green } # Install the MSI package. - try { - $arguments = "/i $MsiPath ADDLOCAL=ALL /qn /norestart /l*v msi-install.log" - Write-Log("Installing the eBPF MSI package: 'msiexec.exe $arguments'...") - $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru - if ($process.ExitCode -ne 0) { - Write-Log("MSI installation FAILED. Exit code: $($process.ExitCode)") -ForegroundColor Red + $arguments = "/i $MsiPath ADDLOCAL=ALL /qn /norestart /l*v msi-install.log" + Write-Log("Installing the eBPF MSI package: 'msiexec.exe $arguments'...") + $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru + if ($process.ExitCode -ne 0) { + Write-Log("MSI installation FAILED. Exit code: $($process.ExitCode)") -ForegroundColor Red - # For clear readability within the CICD pipeline and final uploaded log output, - # read each line of the log file and print it (otherwise all the log content is printed as a single line). - Write-Log("Contents of msi-install.log:") - Get-Content -Path "msi-install.log" | ForEach-Object { - Write-Log($_) - } - throw ("MSI installation FAILED. Exit code: $($process.ExitCode)") + # For clear readability within the CICD pipeline and final uploaded log output, + # read each line of the log file and print it (otherwise all the log content is printed as a single line). + Write-Log("Contents of msi-install.log:") + Get-Content -Path "msi-install.log" | ForEach-Object { + Write-Log($_) } - Write-Log("eBPF MSI installation completed successfully!") -ForegroundColor Green - } catch { - Write-Log("An error occurred while installing the MSI package: $_") -ForegroundColor Red - throw ("An error occurred while installing the MSI package: $_") + throw ("MSI installation FAILED. Exit code: $($process.ExitCode)") } + Write-Log("eBPF MSI installation completed successfully!") -ForegroundColor Green # Install the extra drivers that are not installed by the MSI package. $EbpfDrivers.GetEnumerator() | ForEach-Object { @@ -208,25 +192,19 @@ function Install-eBPFComponents } else { throw ("Driver file not found for $($_.Key).") } - - Write-Log ("Installing $($_.Key)...") -ForegroundColor Green - $createServiceOutput = sc.exe create $_.Key type=kernel start=demand binpath=$driverPath 2>&1 - Write-Log $createServiceOutput - + Write-Log("Installing $($_.Key)...") -ForegroundColor Green + sc.exe create $_.Key type=kernel start=demand binpath=$driverPath 2>&1 | Write-Log if ($LASTEXITCODE -ne 0) { throw ("Failed to create $($_.Key) driver.") } else { - Write-Log ("$($_.Key) driver created.") -ForegroundColor Green - + Write-Log("$($_.Key) driver created.") -ForegroundColor Green # Start the service - Write-Log ("Starting $($_.Key) service...") -ForegroundColor Green - $startServiceOutput = sc.exe start $_.Key 2>&1 - Write-Log $startServiceOutput - + Write-Log("Starting $($_.Key) service...") -ForegroundColor Green + sc.exe start $_.Key 2>&1 | Write-Log if ($LASTEXITCODE -ne 0) { throw ("Failed to start $($_.Key) service.") } else { - Write-Log ("$($_.Key) service started.") -ForegroundColor Green + Write-Log("$($_.Key) service started.") -ForegroundColor Green } } } @@ -235,7 +213,7 @@ function Install-eBPFComponents # Export program info for the sample driver. Write-Log("Running 'export_program_info_sample.exe'...") if (Test-Path -Path "export_program_info_sample.exe") { - .\export_program_info_sample.exe + .\export_program_info_sample.exe 2>&1 | Write-Log if ($LASTEXITCODE -ne 0) { throw ("Failed to run 'export_program_info_sample.exe'."); } else { @@ -246,7 +224,7 @@ function Install-eBPFComponents # Debugging information. Write-Log("Querying the status of eBPF drivers and services...") $EbpfDrivers.GetEnumerator() | ForEach-Object { - sc.exe query $_.Key | Write-Log + sc.exe query $_.Key 2>&1 | Write-Log } # Optionally enable KMDF verifier and tag tracking. @@ -263,52 +241,54 @@ function Uninstall-eBPFComponents # Firstly, uninstall the extra drivers that are not installed by the MSI package. $EbpfDrivers.GetEnumerator() | ForEach-Object { if (-not $_.Value.InstalledByMsi) { - # Stop the service - Write-Log ("Stopping $($_.Key) service...") -ForegroundColor Green - $stopServiceOutput = sc.exe stop $_.Key 2>&1 - Write-Log $stopServiceOutput - + Write-Log("Stopping $($_.Key) service...") -ForegroundColor Green + sc.exe stop $_.Key 2>&1 | Write-Log if ($LASTEXITCODE -ne 0) { - Write-Log ("Failed to stop $($_.Key) service.") -ForegroundColor Red + Write-Log("Failed to stop $($_.Key) service.") -ForegroundColor Red } else { - Write-Log ("$($_.Key) service stopped.") -ForegroundColor Green - - # Delete the service - Write-Log ("Deleting $($_.Key) service...") -ForegroundColor Green - $deleteServiceOutput = sc.exe delete $_.Key 2>&1 - Write-Log $deleteServiceOutput - - if ($LASTEXITCODE -ne 0) { - Write-Log ("Failed to delete $($_.Key) service.") -ForegroundColor Red - } else { - Write-Log ("$($_.Key) service deleted.") -ForegroundColor Green - } + Write-Log("$($_.Key) service stopped.") -ForegroundColor Green + } + Write-Log("Deleting $($_.Key) service...") -ForegroundColor Green + sc.exe delete $_.Key 2>&1 | Write-Log + if ($LASTEXITCODE -ne 0) { + Write-Log("Failed to delete $($_.Key) service.") -ForegroundColor Red + } else { + Write-Log("$($_.Key) service deleted.") -ForegroundColor Green } - - # Check if the driver file exists and delete it $driverPath = if (Test-Path -Path ("$pwd\{0}" -f $_.Value.Name)) { "$pwd\{0}" -f $_.Value.Name } elseif (Test-Path -Path ("$pwd\drivers\{0}" -f $_.Value.Name)) { "$pwd\drivers\{0}" -f $_.Value.Name } - - if ($driverPath -ne $null) { - Write-Log ("Deleting driver file: $driverPath") -ForegroundColor Green + if ($null -ne $driverPath) { + Write-Log("Deleting driver file: $driverPath") -ForegroundColor Green Remove-Item -Path $driverPath -Force -ErrorAction SilentlyContinue } else { - Write-Log ("Driver file not found for $($_.Key).") -ForegroundColor Red + Write-Log("Driver file not found for $($_.Key).") -ForegroundColor Red } } } + # Clear export program info for the sample driver. + Write-Log("Running 'export_program_info_sample.exe --clear'...") + if (Test-Path -Path "export_program_info_sample.exe --clear") { + .\export_program_info_sample.exe --clear + if ($LASTEXITCODE -ne 0) { + Write-Log("Failed to run 'export_program_info_sample.exe --clear'.") -ForegroundColor Red + } else { + Write-Log("'export_program_info_sample.exe --clear' succeeded.") -ForegroundColor Green + } + } + Write-Log("Clearing export program info for the sample driver completed successfully!") -ForegroundColor Green + # Uninstall the MSI package. - Write-Log("Uninstalling eBPF MSI package at '$MsiPath'...") - $process = Start-Process -FilePath msiexec.exe -ArgumentList "/x $MsiPath /qn /norestart /l*v msi-uninstall.log" -Wait -PassThru + $arguments = "/x $MsiPath /qn /norestart /l*v msi-uninstall.log" + Write-Log("Uninstalling eBPF MSI package at 'msiexec.exe $arguments'...") + $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -eq 0) { Write-Log("Uninstallation successful!") -ForegroundColor Green } else { - $exceptionMessage = "Uninstallation FAILED. Exit code: $($process.ExitCode)" - Write-Log($exceptionMessage) -ForegroundColor Red + Write-Log("Uninstallation FAILED. Exit code: $($process.ExitCode)") -ForegroundColor Red # For clear readability within the CICD pipeline and final uploaded log output, # read each line of the log file and print it (otherwise all the log content is printed as a single line). @@ -316,7 +296,9 @@ function Uninstall-eBPFComponents Get-Content -Path "msi-uninstall.log" | ForEach-Object { Write-Log($_) } + throw ("MSI uninstallation FAILED. Exit code: $($process.ExitCode)") } + Write-Log("MSI uninstallation completed successfully!") -ForegroundColor Green # Stop KM tracing. wpr.exe -cancel From d6bdc6106b5991ceff0244b875f7fc2e8e5966fb Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Fri, 15 Mar 2024 19:53:55 -0700 Subject: [PATCH 44/56] debug --- scripts/install_ebpf.psm1 | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 94524f9c96..9168699258 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -130,12 +130,25 @@ function Stop-eBPFComponents } } +function Print-eBPFComponentsStatus +{ + # Print the status of the eBPF drivers and services. + Write-Log("Querying the status of eBPF drivers and services...") + $EbpfDrivers.GetEnumerator() | ForEach-Object { + sc.exe query $_.Key 2>&1 | Write-Log + } +} + function Install-eBPFComponents { param([parameter(Mandatory=$true)] [bool] $KmTracing, [parameter(Mandatory=$true)] [string] $KmTraceType, [parameter(Mandatory=$false)] [bool] $KMDFVerifier = $false) + # Print the status of the eBPF drivers and services before installation. + # This is useful for detecting issues with the runner baselines!! + Print-eBPFComponentsStatus + # Install the Visual C++ Redistributable (Release version, which is required for the MSI installation). Write-Log("Installing Visual C++ Redistributable from '$VcRedistPath'...") $process = Start-Process -FilePath $VcRedistPath -ArgumentList "/quiet", "/norestart" -Wait -PassThru @@ -221,11 +234,8 @@ function Install-eBPFComponents } } - # Debugging information. - Write-Log("Querying the status of eBPF drivers and services...") - $EbpfDrivers.GetEnumerator() | ForEach-Object { - sc.exe query $_.Key 2>&1 | Write-Log - } + # Print the status of the eBPF drivers and services after installation. + Print-eBPFComponentsStatus # Optionally enable KMDF verifier and tag tracking. if ($KMDFVerifier) { From 765a464cecba5bd6d078ce13c6f1bfbfada8f67d Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Tue, 19 Mar 2024 00:25:11 -0700 Subject: [PATCH 45/56] nits --- scripts/check_msi_installation.ps1 | 4 ++-- scripts/install_ebpf.psm1 | 11 ++++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/scripts/check_msi_installation.ps1 b/scripts/check_msi_installation.ps1 index b362cd7e9d..85d41d6023 100644 --- a/scripts/check_msi_installation.ps1 +++ b/scripts/check_msi_installation.ps1 @@ -75,7 +75,7 @@ function Install-MsiPackage { $res = $true - $arguments = "/i $MsiPath /qn /norestart /l*vx msi-install.log $MsiAdditionalArguments" + $arguments = "/i $MsiPath /qn /norestart /l*v msi-install.log $MsiAdditionalArguments" Write-Host "Installing MSI package with arguments: '$arguments'..." $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -eq 0) { @@ -104,7 +104,7 @@ function Uninstall-MsiPackage { Write-Host "Uninstalling MSI package..." $res = $true - $process = Start-Process -FilePath msiexec.exe -ArgumentList "/x $MsiPath /qn /norestart /log msi-uninstall.log" -Wait -PassThru + $process = Start-Process -FilePath msiexec.exe -ArgumentList "/x $MsiPath /qn /norestart /l*v msi-uninstall.log" -Wait -PassThru if ($process.ExitCode -eq 0) { Write-Host "Uninstallation successful!" } else { diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 9168699258..072ad9d1c7 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -130,11 +130,12 @@ function Stop-eBPFComponents } } -function Print-eBPFComponentsStatus +function Print-eBPFComponentsStatus([string] $message = "") { # Print the status of the eBPF drivers and services. - Write-Log("Querying the status of eBPF drivers and services...") + Write-Log($message) $EbpfDrivers.GetEnumerator() | ForEach-Object { + Write-Log "Querying the status of $($_.Key)..." sc.exe query $_.Key 2>&1 | Write-Log } } @@ -147,7 +148,7 @@ function Install-eBPFComponents # Print the status of the eBPF drivers and services before installation. # This is useful for detecting issues with the runner baselines!! - Print-eBPFComponentsStatus + Print-eBPFComponentsStatus "Querying the status of eBPF drivers and services before the installation (all should not be present)..." | Out-Null # Install the Visual C++ Redistributable (Release version, which is required for the MSI installation). Write-Log("Installing Visual C++ Redistributable from '$VcRedistPath'...") @@ -163,7 +164,7 @@ function Install-eBPFComponents # Copy the VC debug runtime DLLs to the system32 directory, # so that debug versions of the MSI can be installed (i.e. export_program_info.exe will not fail). Write-Log("Copying VC debug runtime DLLs to the $system32Path directory...") - # Test is the VC debuf runtime DLLs are present in the working directory (indicating a debug build). + # Test is the VC debug runtime DLLs are present in the working directory (indicating a debug build). $VCDebugRuntime = $VCDebugRuntime | Where-Object { Test-Path (Join-Path $WorkingDirectory $_) } if (-not $VCDebugRuntime) { Write-Log("VC debug runtime DLLs not found in the working directory (i.e. release build). Skipping this step.") -ForegroundColor Yellow @@ -235,7 +236,7 @@ function Install-eBPFComponents } # Print the status of the eBPF drivers and services after installation. - Print-eBPFComponentsStatus + Print-eBPFComponentsStatus "Verifing the status of eBPF drivers and services after the installation..." | Out-Null # Optionally enable KMDF verifier and tag tracking. if ($KMDFVerifier) { From 551db72e133e02607b3dd1470f34faac5b133aa1 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 20 Mar 2024 11:16:29 -0700 Subject: [PATCH 46/56] feedback --- scripts/execute_ebpf_cicd_tests.ps1 | 13 ++++++++++++- scripts/install_ebpf.psm1 | 4 ++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/scripts/execute_ebpf_cicd_tests.ps1 b/scripts/execute_ebpf_cicd_tests.ps1 index ed303f86ec..fccb356b0d 100644 --- a/scripts/execute_ebpf_cicd_tests.ps1 +++ b/scripts/execute_ebpf_cicd_tests.ps1 @@ -21,7 +21,18 @@ $StandardUserTestVMCredential = Get-StoredCredential -Target $StandardUserTarget # Load other utility modules. Import-Module $PSScriptRoot\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue -Import-Module $PSScriptRoot\vm_run_tests.psm1 -Force -ArgumentList ($AdminTestVMCredential.UserName, $AdminTestVMCredential.Password, $StandardUserTestVMCredential.UserName, $StandardUserTestVMCredential.Password, $WorkingDirectory, $LogFileName) -WarningAction SilentlyContinue +Import-Module $PSScriptRoot\vm_run_tests.psm1 + -Force ` + -ArgumentList ( + $AdminTestVMCredential.UserName, + $AdminTestVMCredential.Password, + $StandardUserTestVMCredential.UserName, + $StandardUserTestVMCredential.Password, + $WorkingDirectory, + $LogFileName, + $TestHangTimeout, + $UserModeDumpFolder) ` + -WarningAction SilentlyContinue # Read the test execution json. $Config = Get-Content ("{0}\{1}" -f $PSScriptRoot, $TestExecutionJsonFileName) | ConvertFrom-Json diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 072ad9d1c7..3611f22c31 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -255,7 +255,7 @@ function Uninstall-eBPFComponents Write-Log("Stopping $($_.Key) service...") -ForegroundColor Green sc.exe stop $_.Key 2>&1 | Write-Log if ($LASTEXITCODE -ne 0) { - Write-Log("Failed to stop $($_.Key) service.") -ForegroundColor Red + throw ("Failed to stop $($_.Key) service.") } else { Write-Log("$($_.Key) service stopped.") -ForegroundColor Green } @@ -285,7 +285,7 @@ function Uninstall-eBPFComponents if (Test-Path -Path "export_program_info_sample.exe --clear") { .\export_program_info_sample.exe --clear if ($LASTEXITCODE -ne 0) { - Write-Log("Failed to run 'export_program_info_sample.exe --clear'.") -ForegroundColor Red + throw ("Failed to run 'export_program_info_sample.exe --clear'.") } else { Write-Log("'export_program_info_sample.exe --clear' succeeded.") -ForegroundColor Green } From 9244e7b90f3303db429311ab1d94df1dbd4b82fd Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 20 Mar 2024 11:18:20 -0700 Subject: [PATCH 47/56] nl --- scripts/execute_ebpf_cicd_tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/execute_ebpf_cicd_tests.ps1 b/scripts/execute_ebpf_cicd_tests.ps1 index fccb356b0d..64a4efdb66 100644 --- a/scripts/execute_ebpf_cicd_tests.ps1 +++ b/scripts/execute_ebpf_cicd_tests.ps1 @@ -21,7 +21,7 @@ $StandardUserTestVMCredential = Get-StoredCredential -Target $StandardUserTarget # Load other utility modules. Import-Module $PSScriptRoot\common.psm1 -Force -ArgumentList ($LogFileName) -WarningAction SilentlyContinue -Import-Module $PSScriptRoot\vm_run_tests.psm1 +Import-Module $PSScriptRoot\vm_run_tests.psm1 ` -Force ` -ArgumentList ( $AdminTestVMCredential.UserName, From 37eb2c5183ab4d0416aaba24a84bad1cb2f8b6a7 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 20 Mar 2024 13:39:38 -0700 Subject: [PATCH 48/56] updates --- docs/InstallEbpf.md | 6 +++--- scripts/install_ebpf.psm1 | 18 +++++++++--------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/InstallEbpf.md b/docs/InstallEbpf.md index f9baa8468a..e359b51dd8 100644 --- a/docs/InstallEbpf.md +++ b/docs/InstallEbpf.md @@ -113,7 +113,7 @@ has already built the binaries for `x64/Debug` or `x64/Release`. ### Method 3 (Install files you built yourself, with a VM checkpoint) This method uses a machine that has already built the binaries for - the desired build configuration, i.e. `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease]`. + the desired build configuration, i.e., `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease]`. Copy the build output in `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease]` to the host of the test VM and run the following in a Powershell command prompt: @@ -134,8 +134,8 @@ Copy the build output in `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease] New-StoredCredential -Target TEST_VM -Username -Password -Persist LocalMachine ``` - > Note that "`TEST_VM`" is literal and is later used to lookup the actual VM name; it need not be the name of any actual test VM. -1. Enter the desired directory (`cd`) where the build artifacts are stored (i.e. `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease]`). + > Note that "`TEST_VM`" is literal and is later used to look up the actual VM name; it need not be the name of any actual test VM. +1. Enter the desired directory (`cd`) where the build artifacts are stored (i.e., `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease]`). 1. Modify `.\test_execution.json` to specify the name of the test VM under the `VMMap` attribute, e.g.: ```json diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 3611f22c31..f52f8193f1 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -10,7 +10,7 @@ Import-Module $PSScriptRoot\common.psm1 -Force -ArgumentList ($LogFileName) -War $VcRedistPath = Join-Path $WorkingDirectory "vc_redist.x64.exe" $MsiPath = Join-Path $WorkingDirectory "ebpf-for-windows.msi" -# eBPF Drivers. +# eBPF drivers and services. $EbpfDrivers = @{ "EbpfCore" = [PSCustomObject]@{ "Name" = "ebpfcore.sys" @@ -147,8 +147,8 @@ function Install-eBPFComponents [parameter(Mandatory=$false)] [bool] $KMDFVerifier = $false) # Print the status of the eBPF drivers and services before installation. - # This is useful for detecting issues with the runner baselines!! - Print-eBPFComponentsStatus "Querying the status of eBPF drivers and services before the installation (all should not be present)..." | Out-Null + # This is useful for detecting issues with the runner baselines. + Print-eBPFComponentsStatus "Querying the status of eBPF drivers and services before the installation (none should be present)..." | Out-Null # Install the Visual C++ Redistributable (Release version, which is required for the MSI installation). Write-Log("Installing Visual C++ Redistributable from '$VcRedistPath'...") @@ -162,12 +162,12 @@ function Install-eBPFComponents Write-Log("Visual C++ Redistributable installation completed successfully!") -ForegroundColor Green # Copy the VC debug runtime DLLs to the system32 directory, - # so that debug versions of the MSI can be installed (i.e. export_program_info.exe will not fail). + # so that debug versions of the MSI can be installed (i.e., export_program_info.exe will not fail). Write-Log("Copying VC debug runtime DLLs to the $system32Path directory...") - # Test is the VC debug runtime DLLs are present in the working directory (indicating a debug build). + # Test if the VC debug runtime DLLs are present in the working directory (indicating a debug build). $VCDebugRuntime = $VCDebugRuntime | Where-Object { Test-Path (Join-Path $WorkingDirectory $_) } if (-not $VCDebugRuntime) { - Write-Log("VC debug runtime DLLs not found in the working directory (i.e. release build). Skipping this step.") -ForegroundColor Yellow + Write-Log("VC debug runtime DLLs not found in the working directory (i.e., release build). Skipping this step.") -ForegroundColor Yellow } else { $system32Path = Join-Path $env:SystemRoot "System32" $VCDebugRuntime | ForEach-Object { @@ -212,7 +212,7 @@ function Install-eBPFComponents throw ("Failed to create $($_.Key) driver.") } else { Write-Log("$($_.Key) driver created.") -ForegroundColor Green - # Start the service + # Start the service. Write-Log("Starting $($_.Key) service...") -ForegroundColor Green sc.exe start $_.Key 2>&1 | Write-Log if ($LASTEXITCODE -ne 0) { @@ -236,7 +236,7 @@ function Install-eBPFComponents } # Print the status of the eBPF drivers and services after installation. - Print-eBPFComponentsStatus "Verifing the status of eBPF drivers and services after the installation..." | Out-Null + Print-eBPFComponentsStatus "Verifying the status of eBPF drivers and services after the installation..." | Out-Null # Optionally enable KMDF verifier and tag tracking. if ($KMDFVerifier) { @@ -255,7 +255,7 @@ function Uninstall-eBPFComponents Write-Log("Stopping $($_.Key) service...") -ForegroundColor Green sc.exe stop $_.Key 2>&1 | Write-Log if ($LASTEXITCODE -ne 0) { - throw ("Failed to stop $($_.Key) service.") + Write-Log("Failed to stop $($_.Key) service.") -ForegroundColor Red } else { Write-Log("$($_.Key) service stopped.") -ForegroundColor Green } From b9dcbe2b5647eb997db2ec9983bff99c3e983f23 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 20 Mar 2024 14:56:01 -0700 Subject: [PATCH 49/56] add extra stop-check --- scripts/install_ebpf.psm1 | 56 ++++++++++++++++++++++----------------- 1 file changed, 32 insertions(+), 24 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index f52f8193f1..fb79efabd9 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -119,14 +119,25 @@ function Start-WPRTrace } } -function Stop-eBPFComponents -{ +# This function specifically tests that all eBPF components can be stopped. +function Stop-eBPFComponents { # First, stop user mode service, so that EbpfCore does not hang on stop. - Stop-Service "eBPFSvc" -ErrorAction Ignore 2>&1 | Write-Log + try { + Stop-Service "eBPFSvc" -ErrorAction Stop 2>&1 | Write-Log + Write-Log "eBPFSvc service stopped." -ForegroundColor Green + } catch { + throw "Failed to stop 'eBPFSvc' service: $_" + } - # Stop the drivers and services. + # Stop the drivers and services. $EbpfDrivers.GetEnumerator() | ForEach-Object { - Stop-Service $_.Name -ErrorAction Ignore 2>&1 | Write-Log + try { + Write-Log "Stopping $($_.Key) service..." -ForegroundColor Green + Stop-Service $_.Name -ErrorAction Stop 2>&1 | Write-Log + Write-Log "$($_.Key) service stopped." -ForegroundColor Green + } catch { + throw "Failed to stop $($_.Key) service: $_" + } } } @@ -249,34 +260,31 @@ function Install-eBPFComponents function Uninstall-eBPFComponents { + # This section double-checks that all drivers and services are stopped before proceeding with uninstallation. + # It iterates through each driver and service, retrieving its status, and if any service is found to be running, it throws an error. + $allStopped = $true + $EbpfDrivers.GetEnumerator() | ForEach-Object { + $serviceName = $_.Name + $serviceStatus = (Get-Service $serviceName).Status + if ($serviceStatus -ne "Stopped") { + Write-Log "$serviceName service is not stopped." -ForegroundColor Red + $allStopped = $false + } + } + if (-not $allStopped) { + throw "One or more services are not stopped." + } + # Firstly, uninstall the extra drivers that are not installed by the MSI package. $EbpfDrivers.GetEnumerator() | ForEach-Object { if (-not $_.Value.InstalledByMsi) { - Write-Log("Stopping $($_.Key) service...") -ForegroundColor Green - sc.exe stop $_.Key 2>&1 | Write-Log - if ($LASTEXITCODE -ne 0) { - Write-Log("Failed to stop $($_.Key) service.") -ForegroundColor Red - } else { - Write-Log("$($_.Key) service stopped.") -ForegroundColor Green - } Write-Log("Deleting $($_.Key) service...") -ForegroundColor Green sc.exe delete $_.Key 2>&1 | Write-Log if ($LASTEXITCODE -ne 0) { - Write-Log("Failed to delete $($_.Key) service.") -ForegroundColor Red + throw ("Failed to delete $($_.Key) service.") } else { Write-Log("$($_.Key) service deleted.") -ForegroundColor Green } - $driverPath = if (Test-Path -Path ("$pwd\{0}" -f $_.Value.Name)) { - "$pwd\{0}" -f $_.Value.Name - } elseif (Test-Path -Path ("$pwd\drivers\{0}" -f $_.Value.Name)) { - "$pwd\drivers\{0}" -f $_.Value.Name - } - if ($null -ne $driverPath) { - Write-Log("Deleting driver file: $driverPath") -ForegroundColor Green - Remove-Item -Path $driverPath -Force -ErrorAction SilentlyContinue - } else { - Write-Log("Driver file not found for $($_.Key).") -ForegroundColor Red - } } } From e9af4a28357e88b2ce39316cb0b7fe353d33d213 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 20 Mar 2024 16:00:16 -0700 Subject: [PATCH 50/56] wip --- scripts/install_ebpf.psm1 | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index fb79efabd9..2568c3b210 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -122,13 +122,16 @@ function Start-WPRTrace # This function specifically tests that all eBPF components can be stopped. function Stop-eBPFComponents { # First, stop user mode service, so that EbpfCore does not hang on stop. - try { - Stop-Service "eBPFSvc" -ErrorAction Stop 2>&1 | Write-Log - Write-Log "eBPFSvc service stopped." -ForegroundColor Green - } catch { - throw "Failed to stop 'eBPFSvc' service: $_" + if (Get-Service "eBPFSvc" -ErrorAction SilentlyContinue) { + try { + Stop-Service "eBPFSvc" -ErrorAction Stop 2>&1 | Write-Log + Write-Log "eBPFSvc service stopped." -ForegroundColor Green + } catch { + throw "Failed to stop 'eBPFSvc' service: $_" + } + } else { + Write-Log "'eBPFSvc' service is not present (i.e., release build), skipping stopping." -ForegroundColor Green } - # Stop the drivers and services. $EbpfDrivers.GetEnumerator() | ForEach-Object { try { From 1a0d2606b1d83df9a337cff5bba85f0cdc64df3d Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 20 Mar 2024 18:27:12 -0700 Subject: [PATCH 51/56] wip --- scripts/install_ebpf.psm1 | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index 2568c3b210..aa16a00001 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -119,7 +119,7 @@ function Start-WPRTrace } } -# This function specifically tests that all eBPF components can be stopped. +# This function specifically tests that all eBPF drivers and services can be stopped. function Stop-eBPFComponents { # First, stop user mode service, so that EbpfCore does not hang on stop. if (Get-Service "eBPFSvc" -ErrorAction SilentlyContinue) { @@ -135,9 +135,11 @@ function Stop-eBPFComponents { # Stop the drivers and services. $EbpfDrivers.GetEnumerator() | ForEach-Object { try { - Write-Log "Stopping $($_.Key) service..." -ForegroundColor Green - Stop-Service $_.Name -ErrorAction Stop 2>&1 | Write-Log - Write-Log "$($_.Key) service stopped." -ForegroundColor Green + if ($_.Value.IsDriver) { + Write-Log "Stopping $($_.Key) service..." -ForegroundColor Green + Stop-Service $_.Name -ErrorAction Stop 2>&1 | Write-Log + Write-Log "$($_.Key) service stopped." -ForegroundColor Green + } } catch { throw "Failed to stop $($_.Key) service: $_" } From 358ca0bac9bf8500331179654f049a2616f891c7 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 20 Mar 2024 18:29:34 -0700 Subject: [PATCH 52/56] nit --- scripts/install_ebpf.psm1 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index aa16a00001..c062ad5ad0 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -136,12 +136,11 @@ function Stop-eBPFComponents { $EbpfDrivers.GetEnumerator() | ForEach-Object { try { if ($_.Value.IsDriver) { - Write-Log "Stopping $($_.Key) service..." -ForegroundColor Green Stop-Service $_.Name -ErrorAction Stop 2>&1 | Write-Log - Write-Log "$($_.Key) service stopped." -ForegroundColor Green + Write-Log "$($_.Key) driver stopped." -ForegroundColor Green } } catch { - throw "Failed to stop $($_.Key) service: $_" + throw "Failed to stop $($_.Key) driver: $_" } } } From 636c06e8ef250cdc2fbdac42e8b9887305026745 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Wed, 20 Mar 2024 19:40:05 -0700 Subject: [PATCH 53/56] fix --- scripts/install_ebpf.psm1 | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/scripts/install_ebpf.psm1 b/scripts/install_ebpf.psm1 index c062ad5ad0..213c927619 100644 --- a/scripts/install_ebpf.psm1 +++ b/scripts/install_ebpf.psm1 @@ -127,7 +127,7 @@ function Stop-eBPFComponents { Stop-Service "eBPFSvc" -ErrorAction Stop 2>&1 | Write-Log Write-Log "eBPFSvc service stopped." -ForegroundColor Green } catch { - throw "Failed to stop 'eBPFSvc' service: $_" + throw "Failed to stop 'eBPFSvc' service: $_." } } else { Write-Log "'eBPFSvc' service is not present (i.e., release build), skipping stopping." -ForegroundColor Green @@ -140,7 +140,7 @@ function Stop-eBPFComponents { Write-Log "$($_.Key) driver stopped." -ForegroundColor Green } } catch { - throw "Failed to stop $($_.Key) driver: $_" + throw "Failed to stop $($_.Key) driver: $_." } } } @@ -169,8 +169,8 @@ function Install-eBPFComponents Write-Log("Installing Visual C++ Redistributable from '$VcRedistPath'...") $process = Start-Process -FilePath $VcRedistPath -ArgumentList "/quiet", "/norestart" -Wait -PassThru if ($process.ExitCode -ne 0) { - Write-Log("Visual C++ Redistributable installation FAILED. Exit code: $($process.ExitCode)") -ForegroundColor Red - throw ("Visual C++ Redistributable installation FAILED. Exit code: $($process.ExitCode)") + Write-Log("Visual C++ Redistributable installation FAILED. Exit code: $($process.ExitCode).") -ForegroundColor Red + throw ("Visual C++ Redistributable installation FAILED. Exit code: $($process.ExitCode).") } Write-Log("Cleaning up...") Remove-Item $VcRedistPath -Force @@ -199,7 +199,7 @@ function Install-eBPFComponents Write-Log("Installing the eBPF MSI package: 'msiexec.exe $arguments'...") $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru if ($process.ExitCode -ne 0) { - Write-Log("MSI installation FAILED. Exit code: $($process.ExitCode)") -ForegroundColor Red + Write-Log("MSI installation FAILED. Exit code: $($process.ExitCode).") -ForegroundColor Red # For clear readability within the CICD pipeline and final uploaded log output, # read each line of the log file and print it (otherwise all the log content is printed as a single line). @@ -207,7 +207,7 @@ function Install-eBPFComponents Get-Content -Path "msi-install.log" | ForEach-Object { Write-Log($_) } - throw ("MSI installation FAILED. Exit code: $($process.ExitCode)") + throw ("MSI installation FAILED. Exit code: $($process.ExitCode).") } Write-Log("eBPF MSI installation completed successfully!") -ForegroundColor Green @@ -267,13 +267,24 @@ function Uninstall-eBPFComponents # This section double-checks that all drivers and services are stopped before proceeding with uninstallation. # It iterates through each driver and service, retrieving its status, and if any service is found to be running, it throws an error. $allStopped = $true - $EbpfDrivers.GetEnumerator() | ForEach-Object { - $serviceName = $_.Name - $serviceStatus = (Get-Service $serviceName).Status + if (Get-Service "eBPFSvc" -ErrorAction SilentlyContinue) { + $serviceStatus = (Get-Service "eBPFSvc").Status if ($serviceStatus -ne "Stopped") { - Write-Log "$serviceName service is not stopped." -ForegroundColor Red + Write-Log "eBPFSvc service is not stopped." -ForegroundColor Red $allStopped = $false } + Write-Log "eBPFSvc service stopped." -ForegroundColor Green + } else { + Write-Log "'eBPFSvc' service is not present (i.e., release build), skipping stopping." -ForegroundColor Green + } + $EbpfDrivers.GetEnumerator() | ForEach-Object { + if ($_.Value.IsDriver) { + $driverStatus = (Get-Service $_.Key).Status + if ($driverStatus -ne "Stopped") { + Write-Log "$($_.Key) driver is not stopped." -ForegroundColor Red + $allStopped = $false + } + } } if (-not $allStopped) { throw "One or more services are not stopped." @@ -319,7 +330,7 @@ function Uninstall-eBPFComponents Get-Content -Path "msi-uninstall.log" | ForEach-Object { Write-Log($_) } - throw ("MSI uninstallation FAILED. Exit code: $($process.ExitCode)") + throw ("MSI uninstallation FAILED. Exit code: $($process.ExitCode).") } Write-Log("MSI uninstallation completed successfully!") -ForegroundColor Green From 5c521f1711300c82ce663336033feec8f5d5d098 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 21 Mar 2024 00:12:37 -0700 Subject: [PATCH 54/56] doc --- docs/InstallEbpf.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/InstallEbpf.md b/docs/InstallEbpf.md index e359b51dd8..6a665d2ded 100644 --- a/docs/InstallEbpf.md +++ b/docs/InstallEbpf.md @@ -136,7 +136,7 @@ Copy the build output in `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease] > Note that "`TEST_VM`" is literal and is later used to look up the actual VM name; it need not be the name of any actual test VM. 1. Enter the desired directory (`cd`) where the build artifacts are stored (i.e., `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease]`). -1. Modify `.\test_execution.json` to specify the name of the test VM under the `VMMap` attribute, e.g.: +1. Modify `test_execution.json` to specify the name of the test VM under the `VMMap` attribute, e.g.: ```json { @@ -144,7 +144,7 @@ Copy the build output in `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease] "VMMap": { - "TEST_VM": + "MY_VM_RUNNERS": [ { "Name": "" @@ -157,14 +157,14 @@ Copy the build output in `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease] ``` 1. Run the following commands to setup to use the credentials saved with `TEST_VM` in step 2, - for logging into each of the VMs named in `vm_list.json`: + for logging into each of the VMs named in `test_execution.json`: ```ps Set-ExecutionPolicy unrestricted -Force ``` ```ps - .\setup_ebpf_cicd_tests.ps1 + .\setup_ebpf_cicd_tests.ps1 -SelfHostedRunnerName MY_VM_RUNNERS ``` ## Installing eBPF with host-process container From 17f3ebc4423bb03bee64b00cc57d7ada860225e3 Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 21 Mar 2024 11:29:27 -0700 Subject: [PATCH 55/56] exclude doc --- docs/InstallEbpf.md | 35 +++++++++++++++-------------------- 1 file changed, 15 insertions(+), 20 deletions(-) diff --git a/docs/InstallEbpf.md b/docs/InstallEbpf.md index 6a665d2ded..56b3e78add 100644 --- a/docs/InstallEbpf.md +++ b/docs/InstallEbpf.md @@ -112,11 +112,11 @@ has already built the binaries for `x64/Debug` or `x64/Release`. ### Method 3 (Install files you built yourself, with a VM checkpoint) -This method uses a machine that has already built the binaries for - the desired build configuration, i.e., `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease]`. +This method uses a machine that +has already built the binaries for `x64/Debug` or `x64/Release`. -Copy the build output in `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease]` to the host of the test VM and run the following in a Powershell - command prompt: +Copy the build output in `\x64\[Debug|Release]` to the host of the test VM and run the following in a Powershell +command prompt: 1. Create a snapshot of the test VM named **baseline**, by running: @@ -134,37 +134,32 @@ Copy the build output in `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease] New-StoredCredential -Target TEST_VM -Username -Password -Persist LocalMachine ``` - > Note that "`TEST_VM`" is literal and is later used to look up the actual VM name; it need not be the name of any actual test VM. -1. Enter the desired directory (`cd`) where the build artifacts are stored (i.e., `\x64\[Debug|Release|NativeOnlyDebug|NativeOnlyRelease]`). -1. Modify `test_execution.json` to specify the name of the test VM under the `VMMap` attribute, e.g.: + > Note that "`TEST_VM`" is literal and is used in step 5 below; it need not be the name of any actual test VM. +1. Enter the `\x64\[Debug|Release]` directory (`cd`) where the build artifacts are stored. +1. Modify `.\vm_list.json` to specify the name of the test VM under `VMList`, eg: ```json { ... - "VMMap": - { - "MY_VM_RUNNERS": - [ - { - "Name": "" - } - ], - ... - } - ... + "VMList": + [ + { + "Name": "" + } + ] } ``` 1. Run the following commands to setup to use the credentials saved with `TEST_VM` in step 2, - for logging into each of the VMs named in `test_execution.json`: + for logging into each of the VMs named in `vm_list.json`: ```ps Set-ExecutionPolicy unrestricted -Force ``` ```ps - .\setup_ebpf_cicd_tests.ps1 -SelfHostedRunnerName MY_VM_RUNNERS + .\setup_ebpf_cicd_tests.ps1 ``` ## Installing eBPF with host-process container From f482fdecb89779041ceb48ff09384b3976bb1f5e Mon Sep 17 00:00:00 2001 From: Gianni Trevisiol Date: Thu, 21 Mar 2024 12:33:08 -0700 Subject: [PATCH 56/56] sync --- external/usersim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/external/usersim b/external/usersim index e01d44ed72..a7b1c281da 160000 --- a/external/usersim +++ b/external/usersim @@ -1 +1 @@ -Subproject commit e01d44ed72222734852a3b9e22d974c17ce71b50 +Subproject commit a7b1c281da61712a80f914182e46f8b2e5217665