95a08e99c3
Frame ring (pf-vdisplay) and both gamepad SHM channels move off named Global\ objects (openable by any sibling LocalService) to UNNAMED sections/events whose handles the host DuplicateHandles into the driver's verified WUDFHost with least access — frame delivery over the SYSTEM+admins-only IOCTL_SET_FRAME_CHANNEL, pads over a 32-byte named bootstrap mailbox (pid + handle value only, DoS-bounded; HID minidrivers have no control device). Driver-validated pad_index kills cross-pad redirects; v1↔v2 mixes fail closed with diagnosis logs on both sides. Sibling-LocalService denial proven empirically (design/idd-push-security.md, design/gamepad-channel-sealing.md). Driver-side raw ops now live behind pf-umdf-util (checked shm accessors, the forbid(unsafe_code) ChannelClient state machine, WDF request tokens) — the pad drivers' logic is 100% safe Rust; whole drivers workspace clippy-gated in CI. driver install --gamepad now sweeps SWD\punktfunk phantom devnodes: a re-created SwDevice REVIVES the old devnode with its previously-bound driver (never re-ranks), so an upgrade otherwise leaves the old driver serving — or, across the v1→v2 fence, a dead pad (found live on the RTX box). On-glass validated on the RTX 4090 box: frame path 7007 frames p50 2.06 ms cross-machine; DualSense + XUSB "sealed pad channel mapped"/proto=2 attach via both the test harness and a real streaming session; phantom-sweep repro. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
87 lines
2.7 KiB
Plaintext
87 lines
2.7 KiB
Plaintext
;/*++
|
|
; pf-vdisplay - punktfunk virtual display, UMDF2 IddCx driver INF (template; stampinf -> .inf).
|
|
;
|
|
; For the all-Rust wdk-sys / windows-drivers-rs driver in THIS tree
|
|
; (packaging/windows/drivers/pf-vdisplay/). The driver registers the OWNED pf_driver_proto
|
|
; control-interface GUID in CODE (WdfDeviceCreateDeviceInterface), so this INF is GUID-agnostic and
|
|
; is byte-identical to the superseded oracle's (packaging/windows/vdisplay-driver/.../pf_vdisplay.inx,
|
|
; itself adapted from MolotovCherry/virtual-display-rs (MIT) + SudoVDA's control-device security DACL).
|
|
; HWID Root\pf_vdisplay + IddCx0102 + the DACL match the host backend (crates/punktfunk-host/src/
|
|
; vdisplay/pf_vdisplay.rs) and install-pf-vdisplay.ps1's Test-PfVdisplayPresent / nefconc node-create.
|
|
;--*/
|
|
[Version]
|
|
PnpLockdown=1
|
|
Signature="$Windows NT$"
|
|
ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}
|
|
Class=Display
|
|
ClassVer=2.0
|
|
Provider=%ManufacturerName%
|
|
CatalogFile=pf_vdisplay.cat
|
|
DriverVer=
|
|
|
|
[Manufacturer]
|
|
%ManufacturerName%=Standard,NT$ARCH$
|
|
|
|
[Standard.NT$ARCH$]
|
|
%DeviceName%=pf_vdisplay_Install, Root\pf_vdisplay
|
|
|
|
[SourceDisksFiles]
|
|
pf_vdisplay.dll=1
|
|
|
|
[SourceDisksNames]
|
|
1=%DiskName%
|
|
|
|
; =================== UMDF IddCx device ====================
|
|
|
|
[pf_vdisplay_Install.NT]
|
|
CopyFiles=UMDriverCopy
|
|
|
|
[pf_vdisplay_Install.NT.hw]
|
|
AddReg=pf_vdisplay_HardwareDeviceSettings
|
|
|
|
[pf_vdisplay_HardwareDeviceSettings]
|
|
HKR, , "UpperFilters", %REG_MULTI_SZ%, "IndirectKmd"
|
|
HKR, "WUDF", "DeviceGroupId", %REG_SZ%, "pfVDisplayGroup"
|
|
; Only the host (LocalSystem service) + admins may open the control device. Deliberately NO Everyone
|
|
; ACE (SudoVDA ships one for its user-mode host): the control plane creates/removes monitors and
|
|
; bootstraps the sealed frame channel (IOCTL_SET_FRAME_CHANNEL), so it is not for unprivileged callers.
|
|
HKR, , "Security", , "D:P(A;;GA;;;SY)(A;;GA;;;BA)"
|
|
|
|
[pf_vdisplay_Install.NT.Services]
|
|
AddService=WUDFRd,0x000001fa,WUDFRD_ServiceInstall
|
|
|
|
[pf_vdisplay_Install.NT.Wdf]
|
|
UmdfService=pf_vdisplay, pf_vdisplay_Install
|
|
UmdfServiceOrder=pf_vdisplay
|
|
UmdfKernelModeClientPolicy=AllowKernelModeClients
|
|
UmdfHostProcessSharing=ProcessSharingDisabled
|
|
|
|
[pf_vdisplay_Install]
|
|
UmdfLibraryVersion=$UMDFVERSION$
|
|
ServiceBinary=%12%\UMDF\pf_vdisplay.dll
|
|
UmdfExtensions=IddCx0102
|
|
|
|
[WUDFRD_ServiceInstall]
|
|
DisplayName=%WudfRdDisplayName%
|
|
ServiceType=1
|
|
StartType=3
|
|
ErrorControl=1
|
|
ServiceBinary=%12%\WUDFRd.sys
|
|
|
|
[DestinationDirs]
|
|
UMDriverCopy=12,UMDF
|
|
|
|
[UMDriverCopy]
|
|
pf_vdisplay.dll
|
|
|
|
[Strings]
|
|
ManufacturerName="punktfunk"
|
|
DiskName="punktfunk Virtual Display Installation Disk"
|
|
WudfRdDisplayName="Windows Driver Foundation - User-mode Driver Framework Reflector"
|
|
DeviceName="punktfunk Virtual Display"
|
|
|
|
REG_MULTI_SZ=0x00010000
|
|
REG_SZ=0x00000000
|
|
REG_EXPAND_SZ=0x00020000
|
|
REG_DWORD=0x00010001
|