Include dependency graph for Filter.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
| #define | SERVICES_KEY L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\" |
| #define | MAX_KEY_LENGTH 0x200 |
Functions | |
| NTSTATUS | FltpStartingToDrainObject (_Inout_ PFLT_OBJECT Object) |
| VOID | FltpMiniFilterDriverUnload () |
| NTSTATUS | FltpAttachFrame (_In_ PUNICODE_STRING Altitude, _Inout_ PFLTP_FRAME *Frame) |
| static NTSTATUS | GetFilterAltitude (_In_ PFLT_FILTER Filter, _Inout_ PUNICODE_STRING AltitudeString) |
| static NTSTATUS | GetFilterFrame (_In_ PFLT_FILTER Filter, _In_ PUNICODE_STRING Altitude, _Out_ PFLTP_FRAME *Frame) |
| NTSTATUS NTAPI | FltLoadFilter (_In_ PCUNICODE_STRING FilterName) |
| NTSTATUS NTAPI | FltUnloadFilter (_In_ PCUNICODE_STRING FilterName) |
| NTSTATUS NTAPI | FltRegisterFilter (_In_ PDRIVER_OBJECT DriverObject, _In_ const FLT_REGISTRATION *Registration, _Out_ PFLT_FILTER *RetFilter) |
| VOID FLTAPI | FltUnregisterFilter (_In_ PFLT_FILTER Filter) |
| NTSTATUS NTAPI | FltStartFiltering (_In_ PFLT_FILTER Filter) |
| NTSTATUS NTAPI | FltGetFilterFromName (_In_ PCUNICODE_STRING FilterName, _Out_ PFLT_FILTER *RetFilter) |
Variables | |
| LIST_ENTRY | FilterList |
| ERESOURCE | FilterListLock |
Macro Definition Documentation
◆ MAX_KEY_LENGTH
◆ NDEBUG
◆ SERVICES_KEY
| #define SERVICES_KEY L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\" |
Function Documentation
◆ FltGetFilterFromName()
| NTSTATUS NTAPI FltGetFilterFromName | ( | _In_ PCUNICODE_STRING | FilterName, |
| _Out_ PFLT_FILTER * | RetFilter | ||
| ) |
Definition at line 403 of file Filter.c.
405{
406 UNIMPLEMENTED;
407 UNREFERENCED_PARAMETER(FilterName);
410}
_Must_inspect_result_ _In_ CONST FLT_REGISTRATION _Outptr_ PFLT_FILTER * RetFilter
Definition: fltkernel.h:992
◆ FltLoadFilter()
| NTSTATUS NTAPI FltLoadFilter | ( | _In_ PCUNICODE_STRING | FilterName | ) |
Definition at line 62 of file Filter.c.
63{
64 UNICODE_STRING DriverServiceName;
65 UNICODE_STRING ServicesKey;
67
68 /* Setup the base services key */
70
71 /* Initialize the string data */
72 DriverServiceName.Length = 0;
75
76 /* Create the full service key for this filter */
77 RtlCopyUnicodeString(&DriverServiceName, &ServicesKey);
78 RtlAppendUnicodeStringToString(&DriverServiceName, FilterName);
79
80 /* Ask the kernel to load it for us */
81 return ZwLoadDriver(&DriverServiceName);
82}
Definition: bufpool.h:45
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString(PUNICODE_STRING Destination, PUNICODE_STRING Source)
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
Definition: env_spec_w32.h:368
Referenced by HandleLoadUnloadIoctl().
◆ FltpAttachFrame()
| NTSTATUS FltpAttachFrame | ( | _In_ PUNICODE_STRING | Altitude, |
| _Inout_ PFLTP_FRAME * | Frame | ||
| ) |
Definition at line 439 of file Filter.c.
442{
443 UNIMPLEMENTED;
445 *Frame = NULL;
447}
_Must_inspect_result_ _Inout_ PFLT_VOLUME _In_ PCUNICODE_STRING Altitude
Definition: fltkernel.h:1173
Referenced by FltRegisterFilter().
◆ FltpMiniFilterDriverUnload()
| VOID FltpMiniFilterDriverUnload | ( | ) |
Definition at line 432 of file Filter.c.
Referenced by FltRegisterFilter().
◆ FltpStartingToDrainObject()
| NTSTATUS FltpStartingToDrainObject | ( | _Inout_ PFLT_OBJECT | Object | ) |
Definition at line 416 of file Filter.c.
417{
418 /*
419 * Set the draining flag for the filter. This let's us force
420 * a post op callback for minifilters currently awaiting one.
421 */
423 {
424 /* We've been called once, we're already being deleted */
426 }
427
429}
Referenced by FltUnregisterFilter().
◆ FltRegisterFilter()
| NTSTATUS NTAPI FltRegisterFilter | ( | _In_ PDRIVER_OBJECT | DriverObject, |
| _In_ const FLT_REGISTRATION * | Registration, | ||
| _Out_ PFLT_FILTER * | RetFilter | ||
| ) |
Definition at line 112 of file Filter.c.
115{
118 PFLTP_FRAME Frame;
119 ULONG CallbackBufferSize;
120 ULONG FilterBufferSize;
124
126
127 /* Make sure we're targeting the correct major revision */
129 {
131 }
132
133 /* Make sure our namespace callbacks are valid */
134 if ((!Registration->GenerateFileNameCallback && Registration->NormalizeNameComponentCallback) ||
135 (!Registration->NormalizeNameComponentCallback && Registration->NormalizeContextCleanupCallback))
136 {
138 }
139
140 /* Count the number of operations that were requested */
143 {
144 Count++;
145
146 /* Bail when we find the last one */
148 break;
149
150 /* Move to the next item */
151 Callbacks++;
152 }
153
154 /* Calculate the buffer sizes */
157 CallbackBufferSize +
158 DriverObject->DriverExtension->ServiceKeyName.Length;
159
160 /* Allocate a buffer to hold our filter data */
162 FilterBufferSize,
163 FM_TAG_FILTER);
166
167 /* Find the end of the fixed struct */
169
170 /* Store a copy of the driver object of this filter */
172
173 /* Initialize the base object data */
178
179 /* Set the callback addresses */
188
189 /* Initialize the instance list */
193
197
201
202 /* Initialize the usermode port list */
206
207 /* We got this far, assume success from here */
209
210 /* Check if the caller requested any context data */
212 {
213 /* Register the contexts for this filter */
216 {
217 goto Quit;
218 }
219 }
220
221 /* Check if the caller is registering any callbacks */
223 {
224 /* The callback data comes after the fixed struct */
227
228 /* Tag the operation data onto the end of the filter data */
230
231 /* walk through the requested callbacks */
234 Callbacks++)
235 {
236 // http://fsfilters.blogspot.co.uk/2011/03/how-file-system-filters-attach-to_17.html
237 /* Check if this is an attach to a volume */
239 {
242 }
244 {
246 }
247 }
248 }
249
250 /* Add the filter name buffer onto the end of the data and fill in the string */
255
256 /* Lookup the altitude of the mini-filter */
259 {
260 goto Quit;
261 }
262
263 /* Lookup the filter frame */
266 {
267 /* Store the frame this mini-filter's main struct */
269
271 }
272
274 {
275 goto Quit;
276 }
277
278 //
279 // - Slot the filter into the correct altitude location
280 // - More stuff??
281 //
282
283 /* Store any existing driver unload routine before we make any changes */
285
286 /* Check we opted not to have an unload routine, or if we want to stop the driver from being unloaded */
287 if (Registration->FilterUnloadCallback && !FlagOn(Filter->Flags, FLTFL_REGISTRATION_DO_NOT_SUPPORT_SERVICE_STOP))
288 {
290 }
291 else
292 {
294 }
295
296
297Quit:
298
300 {
303 }
304 else
305 {
306 DPRINT1("Failed to load FS mini-filter %wZ : 0x%X\n", &DriverObject->DriverExtension->ServiceKeyName, Status);
307
308 // Add cleanup for context resources
309
312 }
313
315}
NTSTATUS FltpRegisterContexts(_In_ PFLT_FILTER Filter, _In_ const FLT_CONTEXT_REGISTRATION *Context)
Definition: Context.c:43
static NTSTATUS GetFilterAltitude(_In_ PFLT_FILTER Filter, _Inout_ PUNICODE_STRING AltitudeString)
Definition: Filter.c:453
static NTSTATUS GetFilterFrame(_In_ PFLT_FILTER Filter, _In_ PUNICODE_STRING Altitude, _Out_ PFLTP_FRAME *Frame)
Definition: Filter.c:584
NTSTATUS FltpAttachFrame(_In_ PUNICODE_STRING Altitude, _Inout_ PFLTP_FRAME *Frame)
Definition: Filter.c:439
while(CdLookupNextInitialFileDirent(IrpContext, Fcb, FileContext))
_Must_inspect_result_ _In_ CONST FLT_REGISTRATION * Registration
Definition: fltkernel.h:991
struct _FLT_OPERATION_REGISTRATION FLT_OPERATION_REGISTRATION
#define FLTFL_REGISTRATION_DO_NOT_SUPPORT_SERVICE_STOP
Definition: fltkernel.h:725
struct _FLT_OPERATION_REGISTRATION * PFLT_OPERATION_REGISTRATION
NTSTATUS(FLTAPI * PFLT_FILTER_UNLOAD_CALLBACK)(FLT_FILTER_UNLOAD_FLAGS Flags)
Definition: fltkernel.h:654
VOID FltpExInitializeRundownProtection(_Out_ PEX_RUNDOWN_REF RundownRef)
Definition: Object.c:212
struct _FLT_FILTER FLT_FILTER
Definition: fltmgrint.h:70
Definition: fltmgrint.h:97
PFLT_INSTANCE_QUERY_TEARDOWN_CALLBACK InstanceQueryTeardown
Definition: fltmgrint.h:108
PFLT_NORMALIZE_CONTEXT_CLEANUP NormalizeContextCleanup
Definition: fltmgrint.h:117
PFLT_INSTANCE_TEARDOWN_CALLBACK InstanceTeardownComplete
Definition: fltmgrint.h:110
PFLT_INSTANCE_TEARDOWN_CALLBACK InstanceTeardownStart
Definition: fltmgrint.h:109
PFLT_NORMALIZE_NAME_COMPONENT NormalizeNameComponent
Definition: fltmgrint.h:116
Definition: fltkernel.h:609
PFLT_INSTANCE_TEARDOWN_CALLBACK InstanceTeardownStartCallback
Definition: fltkernel.h:737
PFLT_NORMALIZE_NAME_COMPONENT NormalizeNameComponentCallback
Definition: fltkernel.h:740
PFLT_INSTANCE_QUERY_TEARDOWN_CALLBACK InstanceQueryTeardownCallback
Definition: fltkernel.h:736
PFLT_NORMALIZE_CONTEXT_CLEANUP NormalizeContextCleanupCallback
Definition: fltkernel.h:741
PFLT_GENERATE_FILE_NAME GenerateFileNameCallback
Definition: fltkernel.h:739
PFLT_INSTANCE_SETUP_CALLBACK InstanceSetupCallback
Definition: fltkernel.h:735
CONST FLT_CONTEXT_REGISTRATION * ContextRegistration
Definition: fltkernel.h:732
PFLT_INSTANCE_TEARDOWN_CALLBACK InstanceTeardownCompleteCallback
Definition: fltkernel.h:738
PFLT_FILTER_UNLOAD_CALLBACK FilterUnloadCallback
Definition: fltkernel.h:734
CONST FLT_OPERATION_REGISTRATION * OperationRegistration
Definition: fltkernel.h:733
FORCEINLINE VOID ExInitializeFastMutex(_Out_ PFAST_MUTEX FastMutex)
Definition: exfuncs.h:274
#define IRP_MJ_SHUTDOWN
Referenced by DriverEntry(), and TestFltRegisterFilter().
◆ FltStartFiltering()
| NTSTATUS NTAPI FltStartFiltering | ( | _In_ PFLT_FILTER | Filter | ) |
Definition at line 377 of file Filter.c.
378{
380
381 /* Grab a ref to the filter */
384 {
385 /* Make sure we aren't already starting up */
387 {
388 // Startup
389 }
390 else
391 {
393 }
394
396 }
397
399}
Referenced by DriverEntry().
◆ FltUnloadFilter()
| NTSTATUS NTAPI FltUnloadFilter | ( | _In_ PCUNICODE_STRING | FilterName | ) |
Definition at line 86 of file Filter.c.
87{
88 //
89 //FIXME: This is a temp hack, it needs properly implementing
90 //
91
92 UNICODE_STRING DriverServiceName;
93 UNICODE_STRING ServicesKey;
95
96 /* Setup the base services key */
98
99 /* Initialize the string data */
100 DriverServiceName.Length = 0;
103
104 /* Create the full service key for this filter */
105 RtlCopyUnicodeString(&DriverServiceName, &ServicesKey);
106 RtlAppendUnicodeStringToString(&DriverServiceName, FilterName);
108}
NTSYSAPI NTSTATUS NTAPI ZwUnloadDriver(_In_ PUNICODE_STRING DriverServiceName)
Referenced by HandleLoadUnloadIoctl().
◆ FltUnregisterFilter()
| VOID FLTAPI FltUnregisterFilter | ( | _In_ PFLT_FILTER | Filter | ) |
Definition at line 319 of file Filter.c.
320{
322 PLIST_ENTRY CurrentEntry;
324
325 /* Set the draining flag */
328 {
329 /* Someone already unregistered us, just remove our ref and bail */
331 return;
332 }
333
334 /* Lock the instance list */
335 KeEnterCriticalRegion();
337
338 /* Set the first entry in the list */
340
341 /* Free all instances referenced by the filter */
343 {
344 /* Get the record pointer */
346
347 // FIXME: implement
349
350 /* Reset the pointer and move to next entry */
352 CurrentEntry = CurrentEntry->Flink;
353 }
354
355 /* We're done with instances now */
357 KeLeaveCriticalRegion();
358
359 /* Remove the reference from the base object */
361
362 /* Wait until we're sure nothing is using the filter */
364
365 /* Delete the instance list lock */
367
368 /* We're finished cleaning up now */
370
371 /* Hand the memory back */
373}
NTSTATUS FltpStartingToDrainObject(_Inout_ PFLT_OBJECT Object)
Definition: Filter.c:416
#define ExAcquireResourceSharedLite(res, wait)
Definition: env_spec_w32.h:621
BOOLEAN FltpExRundownCompleted(_Inout_ PEX_RUNDOWN_REF RundownRef)
Definition: Object.c:231
NTSTATUS NTAPI FltpObjectRundownWait(_Inout_ PEX_RUNDOWN_REF RundownRef)
Definition: Object.c:238
Definition: nsiface.idl:2307
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1822
Definition: fltmgrint.h:138
Definition: typedefs.h:120
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_WMI_INSTANCE_CONFIG _In_opt_ PWDF_OBJECT_ATTRIBUTES _Out_opt_ WDFWMIINSTANCE * Instance
Definition: wdfwmi.h:481
Referenced by DriverEntry(), FilterUnload(), TestFltRegisterFilter(), and TestRegFilterUnload().
◆ GetFilterAltitude()
|
static |
Definition at line 453 of file Filter.c.
455{
460 UNICODE_STRING FilterInstancePath;
461 ULONG BytesRequired;
463 HANDLE RootHandle;
467
468 /* Get a handle to the instances key in the filter's services key */
470 KEY_QUERY_VALUE,
471 &InstancesKey,
472 &RootHandle);
474 {
476 }
477
478 /* Read the size 'default instances' string value */
480 &DefaultInstance,
481 REG_SZ,
482 NULL,
483 0,
484 &BytesRequired);
485
486 /* We should get a buffer too small error */
488 {
489 /* Allocate the buffer we need to hold the string */
492 {
494 goto Quit;
495 }
496
497 /* Now read the string value */
499 &DefaultInstance,
500 REG_SZ,
501 InstBuffer,
502 BytesRequired,
503 &BytesRequired);
504 }
505
507 {
508 goto Quit;
509 }
510
511 /* Convert the string to a unicode_string */
512 RtlInitUnicodeString(&FilterInstancePath, InstBuffer);
513
514 /* Setup the attributes using the root key handle */
516 &FilterInstancePath,
518 RootHandle,
519 NULL);
520
521 /* Now open the key name which was stored in the default instance */
524 {
525 /* Get the size of the buffer that holds the altitude */
527 &Altitude,
528 REG_SZ,
529 NULL,
530 0,
531 &BytesRequired);
533 {
534 /* Allocate the required buffer */
537 {
539 goto Quit;
540 }
541
542 /* And now finally read in the actual altitude string */
544 &Altitude,
545 REG_SZ,
546 AltBuffer,
547 BytesRequired,
548 &BytesRequired);
550 {
551 /* We made it, setup the return buffer */
552 AltitudeString->Length = BytesRequired;
553 AltitudeString->MaximumLength = BytesRequired;
554 AltitudeString->Buffer = AltBuffer;
555 }
556 }
557 }
558
559Quit:
561 {
562 if (AltBuffer)
563 {
565 }
566 }
567
568 if (InstBuffer)
569 {
571 }
572
573 if (InstHandle)
574 {
575 ZwClose(InstHandle);
576 }
577 ZwClose(RootHandle);
578
580}
NTSTATUS FltpOpenFilterServicesKey(_In_ PFLT_FILTER Filter, _In_ ACCESS_MASK DesiredAccess, _In_opt_ PUNICODE_STRING SubKey, _Out_ PHANDLE Handle)
Definition: Registry.c:28
NTSTATUS FltpReadRegistryValue(_In_ HANDLE KeyHandle, _In_ PUNICODE_STRING ValueName, _In_opt_ ULONG Type, _Out_writes_bytes_(BufferSize) PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG BytesRequired)
Definition: Registry.c:67
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
Definition: umtypes.h:184
Referenced by FltRegisterFilter().
◆ GetFilterFrame()
|
static |
Definition at line 584 of file Filter.c.
587{
588 UNIMPLEMENTED;
591
592 //
593 // Try to find a frame from our existing filter list (see FilterList)
594 // If none exists, create a new frame, add it and return it
595 //
596
597 *Frame = NULL;
599}
Referenced by FltRegisterFilter().
Variable Documentation
◆ FilterList
| LIST_ENTRY FilterList |
◆ FilterListLock
| ERESOURCE FilterListLock |
Definition at line 25 of file Filter.c.
Referenced by CODE_SEG().
