revert back win7 support

packages.config

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="Microsoft.Windows.CppWinRT" version="2.0.240405.15" targetFramework="native" />
+  <package id="Microsoft.Windows.CppWinRT" version="2.0.230706.1" targetFramework="native" />
 </packages>

simplewall.vcxproj

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="packages\Microsoft.Windows.CppWinRT.2.0.240405.15\build\native\Microsoft.Windows.CppWinRT.props" Condition="Exists('packages\Microsoft.Windows.CppWinRT.2.0.240405.15\build\native\Microsoft.Windows.CppWinRT.props')" />
+  <Import Project="packages\Microsoft.Windows.CppWinRT.2.0.230706.1\build\native\Microsoft.Windows.CppWinRT.props" Condition="Exists('packages\Microsoft.Windows.CppWinRT.2.0.230706.1\build\native\Microsoft.Windows.CppWinRT.props')" />
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|ARM64">
       <Configuration>Debug</Configuration>
@@ -170,7 +170,7 @@
       <SubSystem>Windows</SubSystem>
       <AdditionalOptions>/DEPENDENTLOADFLAG:0x800 /BREPRO %(AdditionalOptions)</AdditionalOptions>
       <DelayLoadDLLs>%(DelayLoadDLLs)</DelayLoadDLLs>
-      <MinimumRequiredVersion>6.3</MinimumRequiredVersion>
+      <MinimumRequiredVersion>6.1</MinimumRequiredVersion>
       <LargeAddressAware>true</LargeAddressAware>
     </Link>
     <ResourceCompile>
@@ -201,7 +201,7 @@
       <OptimizeReferences>true</OptimizeReferences>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <SubSystem>Windows</SubSystem>
-      <MinimumRequiredVersion>6.3</MinimumRequiredVersion>
+      <MinimumRequiredVersion>6.1</MinimumRequiredVersion>
       <AdditionalOptions>/DEPENDENTLOADFLAG:0x800 /BREPRO %(AdditionalOptions)</AdditionalOptions>
       <CETCompat>true</CETCompat>
       <DelayLoadDLLs>%(DelayLoadDLLs)</DelayLoadDLLs>
@@ -236,7 +236,7 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <SubSystem>Windows</SubSystem>
       <AdditionalOptions>/DEPENDENTLOADFLAG:0x800 /BREPRO %(AdditionalOptions)</AdditionalOptions>
-      <MinimumRequiredVersion>6.3</MinimumRequiredVersion>
+      <MinimumRequiredVersion>6.1</MinimumRequiredVersion>
       <CETCompat>true</CETCompat>
       <DelayLoadDLLs>%(DelayLoadDLLs)</DelayLoadDLLs>
       <LargeAddressAware>true</LargeAddressAware>
@@ -274,7 +274,7 @@
       <AdditionalOptions>/DEPENDENTLOADFLAG:0x800 /BREPRO %(AdditionalOptions)</AdditionalOptions>
       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
       <DelayLoadDLLs>%(DelayLoadDLLs)</DelayLoadDLLs>
-      <MinimumRequiredVersion>6.3</MinimumRequiredVersion>
+      <MinimumRequiredVersion>6.1</MinimumRequiredVersion>
       <LargeAddressAware>true</LargeAddressAware>
     </Link>
     <ResourceCompile>
@@ -309,7 +309,7 @@
       <OptimizeReferences>true</OptimizeReferences>
       <SetChecksum>true</SetChecksum>
       <SubSystem>Windows</SubSystem>
-      <MinimumRequiredVersion>6.3</MinimumRequiredVersion>
+      <MinimumRequiredVersion>6.1</MinimumRequiredVersion>
       <AdditionalOptions>/DEPENDENTLOADFLAG:0x800 /BREPRO %(AdditionalOptions)</AdditionalOptions>
       <CETCompat>true</CETCompat>
       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
@@ -349,7 +349,7 @@
       <SetChecksum>true</SetChecksum>
       <SubSystem>Windows</SubSystem>
       <AdditionalOptions>/DEPENDENTLOADFLAG:0x800 /BREPRO %(AdditionalOptions)</AdditionalOptions>
-      <MinimumRequiredVersion>6.3</MinimumRequiredVersion>
+      <MinimumRequiredVersion>6.1</MinimumRequiredVersion>
       <CETCompat>true</CETCompat>
       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
       <DelayLoadDLLs>%(DelayLoadDLLs)</DelayLoadDLLs>
@@ -418,13 +418,13 @@
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
-    <Import Project="packages\Microsoft.Windows.CppWinRT.2.0.240405.15\build\native\Microsoft.Windows.CppWinRT.targets" Condition="Exists('packages\Microsoft.Windows.CppWinRT.2.0.240405.15\build\native\Microsoft.Windows.CppWinRT.targets')" />
+    <Import Project="packages\Microsoft.Windows.CppWinRT.2.0.230706.1\build\native\Microsoft.Windows.CppWinRT.targets" Condition="Exists('packages\Microsoft.Windows.CppWinRT.2.0.230706.1\build\native\Microsoft.Windows.CppWinRT.targets')" />
   </ImportGroup>
   <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
     <PropertyGroup>
       <ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
     </PropertyGroup>
-    <Error Condition="!Exists('packages\Microsoft.Windows.CppWinRT.2.0.240405.15\build\native\Microsoft.Windows.CppWinRT.props')" Text="$([System.String]::Format('$(ErrorText)', 'packages\Microsoft.Windows.CppWinRT.2.0.240405.15\build\native\Microsoft.Windows.CppWinRT.props'))" />
-    <Error Condition="!Exists('packages\Microsoft.Windows.CppWinRT.2.0.240405.15\build\native\Microsoft.Windows.CppWinRT.targets')" Text="$([System.String]::Format('$(ErrorText)', 'packages\Microsoft.Windows.CppWinRT.2.0.240405.15\build\native\Microsoft.Windows.CppWinRT.targets'))" />
+    <Error Condition="!Exists('packages\Microsoft.Windows.CppWinRT.2.0.230706.1\build\native\Microsoft.Windows.CppWinRT.props')" Text="$([System.String]::Format('$(ErrorText)', 'packages\Microsoft.Windows.CppWinRT.2.0.240405.15\build\native\Microsoft.Windows.CppWinRT.props'))" />
+    <Error Condition="!Exists('packages\Microsoft.Windows.CppWinRT.2.0.230706.1\build\native\Microsoft.Windows.CppWinRT.targets')" Text="$([System.String]::Format('$(ErrorText)', 'packages\Microsoft.Windows.2.0.230706.1\build\native\Microsoft.Windows.CppWinRT.targets'))" />
   </Target>
 </Project>

src/helper.c

@@ -672,28 +672,75 @@ BOOLEAN _app_calculatefilehash (
 	_Out_ HCATADMIN_PTR hcat_admin_ptr
 )
 {
+	static R_INITONCE init_once = PR_INITONCE_INIT;
+	static CCAHFFH2 _CryptCATAdminCalcHashFromFileHandle2 = NULL;
+	static CCAAC2 _CryptCATAdminAcquireContext2 = NULL;
+
 	const GUID DriverActionVerify = DRIVER_ACTION_VERIFY;
 
 	HCATADMIN hcat_admin;
+	PVOID hwintrust;
 	PBYTE file_hash;
 	ULONG file_hash_length;
+	NTSTATUS status;
 
-	if (!CryptCATAdminAcquireContext2 (&hcat_admin, &DriverActionVerify, algorithm_id, NULL, 0))
-		return FALSE;
+	if (_r_initonce_begin (&init_once))
+	{
+		status = _r_sys_loadlibrary (L"wintrust.dll", 0, &hwintrust);
+
+		if (hwintrust)
+		{
+			_r_sys_getprocaddress (hwintrust, "CryptCATAdminAcquireContext2", 0, (PVOID_PTR)&_CryptCATAdminAcquireContext2);
+			_r_sys_getprocaddress (hwintrust, "CryptCATAdminCalcHashFromFileHandle2", 0, (PVOID_PTR)&_CryptCATAdminCalcHashFromFileHandle2);
+
+			// _r_sys_freelibrary (hwintrust, FALSE);
+		}
+
+		_r_initonce_end (&init_once);
+	}
+
+	if (_CryptCATAdminAcquireContext2)
+	{
+		if (!_CryptCATAdminAcquireContext2 (&hcat_admin, &DriverActionVerify, algorithm_id, NULL, 0))
+			return FALSE;
+	}
+	else
+	{
+		if (!CryptCATAdminAcquireContext (&hcat_admin, &DriverActionVerify, 0))
+			return FALSE;
+	}
 
 	file_hash_length = 32;
 	file_hash = _r_mem_allocate (file_hash_length);
 
-	if (!CryptCATAdminCalcHashFromFileHandle2 (hcat_admin, hfile, &file_hash_length, file_hash, 0))
+	if (_CryptCATAdminCalcHashFromFileHandle2)
 	{
-		file_hash = _r_mem_reallocate (file_hash, file_hash_length);
+		if (!_CryptCATAdminCalcHashFromFileHandle2 (hcat_admin, hfile, &file_hash_length, file_hash, 0))
+		{
+			file_hash = _r_mem_reallocate (file_hash, file_hash_length);
+
+			if (!_CryptCATAdminCalcHashFromFileHandle2 (hcat_admin, hfile, &file_hash_length, file_hash, 0))
+			{
+				CryptCATAdminReleaseContext (hcat_admin, 0);
+				_r_mem_free (file_hash);
 
-		if (!CryptCATAdminCalcHashFromFileHandle2 (hcat_admin, hfile, &file_hash_length, file_hash, 0))
+				return FALSE;
+			}
+		}
+	}
+	else
+	{
+		if (!CryptCATAdminCalcHashFromFileHandle (hfile, &file_hash_length, file_hash, 0))
 		{
-			CryptCATAdminReleaseContext (hcat_admin, 0);
-			_r_mem_free (file_hash);
+			file_hash = _r_mem_reallocate (file_hash, file_hash_length);
 
-			return FALSE;
+			if (!CryptCATAdminCalcHashFromFileHandle (hfile, &file_hash_length, file_hash, 0))
+			{
+				CryptCATAdminReleaseContext (hcat_admin, 0);
+				_r_mem_free (file_hash);
+
+				return FALSE;
+			}
 		}
 	}
 

src/helper.h

@@ -14,6 +14,24 @@ typedef struct _ICON_INFORMATION
 	LONG uwp_icon_id;
 } ICON_INFORMATION, *PICON_INFORMATION;
 
+// CryptCATAdminAcquireContext2 (win8+)
+typedef BOOL (WINAPI *CCAAC2)(
+	_Out_ PHANDLE hcat_admin,
+	_In_opt_ LPCGUID pgSubsystem,
+	_In_opt_ PCWSTR pwszHashAlgorithm,
+	_In_opt_ PCCERT_STRONG_SIGN_PARA pStrongHashPolicy,
+	_Reserved_ DWORD dwFlags
+	);
+
+// CryptCATAdminCalcHashFromFileHandle2 (win8+)
+typedef BOOL (WINAPI *CCAHFFH2)(
+	_In_ HCATADMIN hCatAdmin,
+	_In_ HANDLE hFile,
+	_Inout_ DWORD *pcbHash,
+	_Out_writes_bytes_to_opt_ (*pcbHash, *pcbHash) BYTE *pbHash,
+	_Reserved_ DWORD dwFlags
+	);
+
 #define FMTADDR_AS_RULE 0x0001
 #define FMTADDR_USE_PROTOCOL 0x0002
 

src/icons.c

@@ -35,15 +35,18 @@ PICON_INFORMATION _app_icons_getdefault ()
 		_r_obj_dereference (path);
 
 		// load uwp icons
-		path = _r_obj_concatstrings (
-			2,
-			_r_sys_getsystemdirectory ()->buffer,
-			L"\\wsreset.exe"
-		);
+		if (_r_sys_isosversiongreaterorequal (WINDOWS_8))
+		{
+			path = _r_obj_concatstrings (
+				2,
+				_r_sys_getsystemdirectory ()->buffer,
+				L"\\wsreset.exe"
+			);
 
-		_app_icons_loadfromfile (path, 0, &icon_info.uwp_icon_id, &icon_info.uwp_hicon, FALSE);
+			_app_icons_loadfromfile (path, 0, &icon_info.uwp_icon_id, &icon_info.uwp_hicon, FALSE);
 
-		_r_obj_dereference (path);
+			_r_obj_dereference (path);
+		}
 
 		_r_initonce_end (&init_once);
 	}

src/log.c

@@ -325,6 +325,7 @@ VOID _wfp_logsubscribe (
 	FWPMNES4 _FwpmNetEventSubscribe4 = NULL;
 	FWPMNES3 _FwpmNetEventSubscribe3 = NULL;
 	FWPMNES2 _FwpmNetEventSubscribe2 = NULL;
+	FWPMNES1 _FwpmNetEventSubscribe1 = NULL;
 	HANDLE current_handle;
 	HANDLE new_handle = NULL;
 	PVOID hfwpuclnt;
@@ -372,9 +373,16 @@ VOID _wfp_logsubscribe (
 		if (NT_SUCCESS (status))
 			status = _FwpmNetEventSubscribe2 (engine_handle, &subscription, &_wfp_logcallback2, ULongToPtr (WINDOWS_10_RS1), &new_handle); // win10rs1+
 	}
+	else if (_r_sys_isosversiongreaterorequal (WINDOWS_8))
+	{
+		status = _r_sys_getprocaddress (hfwpuclnt, "FwpmNetEventSubscribe1", 0, (PVOID_PTR)&_FwpmNetEventSubscribe1);
+
+		if (NT_SUCCESS (status))
+			status = _FwpmNetEventSubscribe1 (engine_handle, &subscription, &_wfp_logcallback1, ULongToPtr (WINDOWS_8), &new_handle); // win8+
+	}
 	else
 	{
-		status = FwpmNetEventSubscribe1 (engine_handle, &subscription, &_wfp_logcallback1, ULongToPtr (WINDOWS_8_1), &new_handle); // win8+
+		status = FwpmNetEventSubscribe0 (engine_handle, &subscription, &_wfp_logcallback0, ULongToPtr (WINDOWS_7), &new_handle); // win7+
 	}
 
 	if (status != STATUS_SUCCESS)
@@ -436,6 +444,10 @@ VOID _wfp_logsetoption (
 	UINT32 mask = 0;
 	ULONG status;
 
+	// configure dropped packets logging (win8+)
+	if (!_r_sys_isosversiongreaterorequal (WINDOWS_8))
+		return;
+
 	// add allowed connections monitor
 	if (!_r_config_getboolean (L"IsExcludeClassifyAllow", TRUE))
 		mask |= FWPM_NET_EVENT_KEYWORD_CLASSIFY_ALLOW;
@@ -1033,7 +1045,7 @@ BOOLEAN log_struct_to_f (
 			break;
 		}
 
-		case WINDOWS_8_1:
+		case WINDOWS_8:
 		{
 			const FWPM_NET_EVENT2 *evt = event_data;
 
@@ -1145,6 +1157,97 @@ BOOLEAN log_struct_to_f (
 			break;
 		}
 
+		case WINDOWS_7:
+		{
+			const FWPM_NET_EVENT1 *evt = event_data;
+
+			if (evt->type == FWPM_NET_EVENT_TYPE_CLASSIFY_DROP && evt->classifyDrop)
+			{
+				log->layer_id = evt->classifyDrop->layerId;
+				log->filter_id = evt->classifyDrop->filterId;
+				log->direction = evt->classifyDrop->msFwpDirection;
+				log->is_loopback = !!evt->classifyDrop->isLoopback;
+			}
+			else if (evt->type == FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP && evt->ipsecDrop)
+			{
+				log->layer_id = evt->ipsecDrop->layerId;
+				log->filter_id = evt->ipsecDrop->filterId;
+				log->direction = evt->ipsecDrop->direction;
+			}
+			else
+			{
+				return FALSE;
+			}
+
+			// indicates the direction of the packet transmission and set valid directions
+			switch (log->direction)
+			{
+				case FWP_DIRECTION_IN:
+				case FWP_DIRECTION_INBOUND:
+				{
+					log->direction = FWP_DIRECTION_INBOUND;
+					break;
+				}
+
+				case FWP_DIRECTION_OUT:
+				case FWP_DIRECTION_OUTBOUND:
+				{
+					log->direction = FWP_DIRECTION_OUTBOUND;
+					break;
+				}
+
+				default:
+				{
+					return FALSE;
+				}
+			}
+
+			log->flags = evt->header.flags;
+
+			RtlCopyMemory (&log->timestamp, &evt->header.timeStamp, sizeof (log->timestamp));
+
+			if (evt->header.flags & FWPM_NET_EVENT_FLAG_APP_ID_SET)
+				log->app_id = evt->header.appId.data;
+
+			if (evt->header.flags & FWPM_NET_EVENT_FLAG_USER_ID_SET)
+				log->user_id = evt->header.userId;
+
+			if (evt->header.flags & FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET)
+				log->protocol = evt->header.ipProtocol;
+
+			if (evt->header.flags & FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET)
+				log->local_port = evt->header.localPort;
+
+			if (evt->header.flags & FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET)
+				log->remote_port = evt->header.remotePort;
+
+			if (evt->header.flags & FWPM_NET_EVENT_FLAG_IP_VERSION_SET)
+			{
+				log->version = evt->header.ipVersion;
+
+				if (evt->header.ipVersion == FWP_IP_VERSION_V4)
+				{
+					if (evt->header.flags & FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET)
+						log->local_addr4 = evt->header.localAddrV4;
+
+					if (evt->header.flags & FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET)
+						log->remote_addr4 = evt->header.remoteAddrV4;
+				}
+				else if (evt->header.ipVersion == FWP_IP_VERSION_V6)
+				{
+					if (evt->header.flags & FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET)
+						log->local_addr6 = &evt->header.localAddrV6;
+
+					if (evt->header.flags & FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET)
+						log->remote_addr6 = &evt->header.remoteAddrV6;
+				}
+			}
+			else
+			{
+				log->version = FWP_IP_VERSION_NONE;
+			}
+		}
+
 		default:
 		{
 			return FALSE;
@@ -1154,7 +1257,7 @@ BOOLEAN log_struct_to_f (
 	return TRUE;
 }
 
-// win81+ callback
+// win8+ callback
 VOID CALLBACK _wfp_logcallback1 (
 	_In_ PVOID context,
 	_In_ const FWPM_NET_EVENT2* event_data
@@ -1166,6 +1269,18 @@ VOID CALLBACK _wfp_logcallback1 (
 		_wfp_logcallback (&log);
 }
 
+// win7+ callback
+VOID CALLBACK _wfp_logcallback0 (
+	_In_ PVOID context,
+	_In_ const FWPM_NET_EVENT1* event_data
+)
+{
+	ITEM_LOG_CALLBACK log;
+
+	if (log_struct_to_f (PtrToUlong (context), &log, (LPCVOID)event_data))
+		_wfp_logcallback (&log);
+}
+
 // win10rs1+ callback
 VOID CALLBACK _wfp_logcallback2 (
 	_In_ PVOID context,