Merge pull request #28 from daladim/fix_pointer

Fix: no longer using a pointer to a movable stack item
n4r1b · Sep 9, 2022 · 754e350 · 754e350
2 parents 1ad2811 + dd955f8
commit 754e350
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 8 deletions.
diff --git a/src/native/etw_types.rs b/src/native/etw_types.rs
@@ -10,6 +10,7 @@ use crate::native::tdh_types::Property;
 use crate::provider::Provider;
 use crate::trace::{TraceData, TraceProperties, TraceTrait};
 use crate::utils;
+use std::ffi::c_void;
 use std::fmt::Formatter;
 use std::sync::RwLock;
 use windows::core::GUID;
@@ -196,7 +197,7 @@ impl EventTraceLogfile {
     /// # Safety
     ///
     /// Note that the returned structure contains pointers to the given `TraceData`, that should thus stay valid (and constant) during its lifetime
-    pub fn create(trace_data: &TraceData, callback: unsafe extern "system" fn(*mut EventRecord)) -> Self {
+    pub fn create(trace_data: &Box<TraceData>, callback: unsafe extern "system" fn(*mut EventRecord)) -> Self {
         let mut log_file = EventTraceLogfile::default();
 
         let not_really_mut_ptr = trace_data.name.as_ptr() as *mut _; // That's kind-of fine because the logger name is _not supposed_ to be changed by Windows APIs
@@ -205,7 +206,9 @@ impl EventTraceLogfile {
             u32::from(ProcessTraceMode::RealTime) | u32::from(ProcessTraceMode::EventRecord);
 
         log_file.0.Anonymous2.EventRecordCallback = Some(callback);
-        log_file.0.Context = unsafe { std::mem::transmute(trace_data as *const _) };
+
+        let not_really_mut_ptr = trace_data.as_ref() as *const TraceData as *const c_void as *mut c_void; // That's kind-of fine because the user context is _not supposed_ to be changed by Windows APIs
+        log_file.0.Context = not_really_mut_ptr;
 
         log_file
     }

diff --git a/src/native/evntrace.rs b/src/native/evntrace.rs
@@ -87,7 +87,7 @@ impl NativeEtw {
 
     pub(crate) fn open(
         &mut self,
-        trace_data: &TraceData,
+        trace_data: &Box<TraceData>,
     ) -> EvntraceNativeResult<EventTraceLogfile> {
         self.open_trace(trace_data)
     }
@@ -149,7 +149,7 @@ impl NativeEtw {
         Ok(())
     }
 
-    fn open_trace(&mut self, trace_data: &TraceData) -> EvntraceNativeResult<EventTraceLogfile> {
+    fn open_trace(&mut self, trace_data: &Box<TraceData>) -> EvntraceNativeResult<EventTraceLogfile> {
         let mut log_file = EventTraceLogfile::create(trace_data, trace_callback_thunk);
 
         unsafe {

diff --git a/src/trace.rs b/src/trace.rs
@@ -251,14 +251,18 @@ macro_rules! impl_base_trace {
 /// User Trace struct
 #[derive(Debug)]
 pub struct UserTrace {
-    data: TraceData,
+    // This is `Box`ed so that it does not move around the stack in case the `UserTrace` is moved
+    // This is important, because we give a pointer to it to Windows, so that it passes it back to us on callbacks
+    data: Box<TraceData>,
     etw: evntrace::NativeEtw,
 }
 
 /// Kernel Trace struct
 #[derive(Debug)]
 pub struct KernelTrace {
-    data: TraceData,
+    // This is `Box`ed so that it does not move around the stack in case the `UserTrace` is moved
+    // This is important, because we give a pointer to it to Windows, so that it passes it back to us on callbacks
+    data: Box<TraceData>,
     etw: evntrace::NativeEtw,
 }
 
@@ -288,7 +292,7 @@ pub trait TraceTrait: TraceBaseTrait {
 impl UserTrace {
     /// Create a UserTrace builder
     pub fn new() -> Self {
-        let data = TraceData::new();
+        let data = Box::new(TraceData::new());
         UserTrace {
             data,
             etw: evntrace::NativeEtw::new(),
@@ -299,7 +303,7 @@ impl UserTrace {
 impl KernelTrace {
     /// Create a KernelTrace builder
     pub fn new() -> Self {
-        let data = TraceData::new();
+        let data = Box::new(TraceData::new());
 
         let mut kt = KernelTrace {
             data,