Beispiel #1
0
NTSTATUS
DriverEntry (
    __in PDRIVER_OBJECT DriverObject,
    __in PUNICODE_STRING RegistryPath
    )
/*++

Routine Description:

    This is the initialization routine for this filter driver. It registers
    itself with the filter manager and initializes all its global data structures.

Arguments:

    DriverObject - Pointer to driver object created by the system to
        represent this driver.

    RegistryPath - Unicode string identifying where the parameters for this
        driver are located in the registry.

Return Value:

    Returns STATUS_SUCCESS.

--*/
{
    NTSTATUS status;

    //
    //  Filters callback routines
    //

    FLT_OPERATION_REGISTRATION callbacks[] = {

        { IRP_MJ_CREATE,
          FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
          CtxPreCreate,
          CtxPostCreate },

        { IRP_MJ_CLEANUP,
          FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
          CtxPreCleanup,
          NULL },

        { IRP_MJ_CLOSE,
          FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
          CtxPreClose,
          NULL },

        { IRP_MJ_SET_INFORMATION,
          FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
          CtxPreSetInfo,
          CtxPostSetInfo },

        { IRP_MJ_OPERATION_END }
    };

    const FLT_CONTEXT_REGISTRATION contextRegistration[] = {

        { FLT_INSTANCE_CONTEXT,
          0,
          CtxContextCleanup,
          CTX_INSTANCE_CONTEXT_SIZE,
          CTX_INSTANCE_CONTEXT_TAG },

        { FLT_FILE_CONTEXT,
          0,
          CtxContextCleanup,
          CTX_FILE_CONTEXT_SIZE,
          CTX_FILE_CONTEXT_TAG },

        { FLT_STREAM_CONTEXT,
          0,
          CtxContextCleanup,
          CTX_STREAM_CONTEXT_SIZE,
          CTX_STREAM_CONTEXT_TAG },

        { FLT_STREAMHANDLE_CONTEXT,
          0,
          CtxContextCleanup,
          CTX_STREAMHANDLE_CONTEXT_SIZE,
          CTX_STREAMHANDLE_CONTEXT_TAG },

        { FLT_CONTEXT_END }
    };

    //
    // Filters registration data structure
    //

    FLT_REGISTRATION filterRegistration = {

        sizeof( FLT_REGISTRATION ),                     //  Size
        FLT_REGISTRATION_VERSION,                       //  Version
        0,                                              //  Flags
        contextRegistration,                            //  Context
        callbacks,                                      //  Operation callbacks
        CtxUnload,                                      //  Filters unload routine
        CtxInstanceSetup,                               //  InstanceSetup routine
        CtxInstanceQueryTeardown,                       //  InstanceQueryTeardown routine
        CtxInstanceTeardownStart,                       //  InstanceTeardownStart routine
        CtxInstanceTeardownComplete,                    //  InstanceTeardownComplete routine
        NULL, NULL, NULL                                //  Unused naming support callbacks
    };


    RtlZeroMemory( &Globals, sizeof( Globals ) );

#if DBG

    //
    //  Initialize global debug level
    //

    CtxInitializeDebugLevel( RegistryPath );

#else

    UNREFERENCED_PARAMETER( RegistryPath );

#endif

    DebugTrace( DEBUG_TRACE_LOAD_UNLOAD,
                ("[Ctx]: Driver being loaded\n") );



    //
    //  Register with the filter manager
    //

    status = FltRegisterFilter( DriverObject,
                                &filterRegistration,
                                &Globals.Filter );

    if (!NT_SUCCESS( status )) {

        return status;
    }

    //
    //  Start filtering I/O
    //

    status = FltStartFiltering( Globals.Filter );

    if (!NT_SUCCESS( status )) {

        FltUnregisterFilter( Globals.Filter );
    }

    DebugTrace( DEBUG_TRACE_LOAD_UNLOAD,
                ("[Ctx]: Driver loaded complete (Status = 0x%08X)\n",
                status) );

    return status;
}
Beispiel #2
0
NTSTATUS
CtxDriverEntry (
    IN PDRIVER_OBJECT DriverObject,
    IN PUNICODE_STRING RegistryPath
    )

#endif

/*++

Routine Description:

    This is the initialization routine for this filter driver. It registers
    itself with the filter manager and initializes all its global data structures.

Arguments:

    DriverObject - Pointer to driver object created by the system to
        represent this driver.

    RegistryPath - Unicode string identifying where the parameters for this
        driver are located in the registry.

Return Value:

    Returns STATUS_SUCCESS.

--*/
{
    NTSTATUS status;

    //
    //  Filters callback routines
    //

    FLT_OPERATION_REGISTRATION callbacks[] = {

        { IRP_MJ_CREATE,
          FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
          CtxPreCreate,
          CtxPostCreate },

        { IRP_MJ_CLEANUP,
          FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
          CtxPreCleanup,
          NULL },

        { IRP_MJ_CLOSE,
          FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
          CtxPreClose,
          NULL },

        { IRP_MJ_SET_INFORMATION,
          FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
          CtxPreSetInfo,
          CtxPostSetInfo },

        { IRP_MJ_OPERATION_END }
    };

    const FLT_CONTEXT_REGISTRATION contextRegistration[] = {

        { FLT_INSTANCE_CONTEXT,
          0,
          CtxContextCleanup,
          CTX_INSTANCE_CONTEXT_SIZE,
          CTX_INSTANCE_CONTEXT_TAG },

        { FLT_FILE_CONTEXT,
          0,
          CtxContextCleanup,
          CTX_FILE_CONTEXT_SIZE,
          CTX_FILE_CONTEXT_TAG },

        { FLT_STREAM_CONTEXT,
          0,
          CtxContextCleanup,
          CTX_STREAM_CONTEXT_SIZE,
          CTX_STREAM_CONTEXT_TAG },

        { FLT_STREAMHANDLE_CONTEXT,
          0,
          CtxContextCleanup,
          CTX_STREAMHANDLE_CONTEXT_SIZE,
          CTX_STREAMHANDLE_CONTEXT_TAG },

        { FLT_CONTEXT_END }
    };

    //
    // Filters registration data structure
    //

#if !__NDAS_FS_MINI__ 
    FLT_REGISTRATION filterRegistration = {
#else
    FLT_REGISTRATION CtxFilterRegistration = {
#endif

        sizeof( FLT_REGISTRATION ),                     //  Size
        FLT_REGISTRATION_VERSION,                       //  Version
        0,                                              //  Flags
        contextRegistration,                            //  Context
        callbacks,                                      //  Operation callbacks
        CtxUnload,                                      //  Filters unload routine
        CtxInstanceSetup,                               //  InstanceSetup routine
        CtxInstanceQueryTeardown,                       //  InstanceQueryTeardown routine
        CtxInstanceTeardownStart,                       //  InstanceTeardownStart routine
        CtxInstanceTeardownComplete,                    //  InstanceTeardownComplete routine
        NULL, NULL, NULL                                //  Unused naming support callbacks
    };


    RtlZeroMemory( &Globals, sizeof( Globals ) );

#if DBG

    //
    //  Initialize global debug level
    //

    CtxInitializeDebugLevel( RegistryPath );

#else

    UNREFERENCED_PARAMETER( RegistryPath );

#endif

    DebugTrace( DEBUG_TRACE_LOAD_UNLOAD,
                ("[Ctx]: Driver being loaded\n") );

#if __NDAS_FS_MINI__ 

	UNREFERENCED_PARAMETER( DriverObject );
	UNREFERENCED_PARAMETER( RegistryPath );
	
	status = STATUS_SUCCESS;

#else

    //
    //  Register with the filter manager
    //

    status = FltRegisterFilter( DriverObject,
                                &filterRegistration,
                                &Globals.Filter );

    if (!NT_SUCCESS( status )) {

        return status;
    }

    //
    //  Start filtering I/O
    //

    status = FltStartFiltering( Globals.Filter );

    if (!NT_SUCCESS( status )) {

        FltUnregisterFilter( Globals.Filter );
    }

    DebugTrace( DEBUG_TRACE_LOAD_UNLOAD,
                ("[Ctx]: Driver loaded complete (Status = 0x%08X)\n",
                status) );

#endif

    return status;
}

#if DBG

VOID
CtxInitializeDebugLevel (
    __in PUNICODE_STRING RegistryPath
    )
/*++

Routine Description:

    This routine tries to read the filter DebugLevel parameter from
    the registry.  This value will be found in the registry location
    indicated by the RegistryPath passed in.

Arguments:

    RegistryPath - The path key passed to the driver during DriverEntry.

Return Value:

    None.

--*/
{
    OBJECT_ATTRIBUTES attributes;
    HANDLE driverRegKey;
    NTSTATUS status;
    ULONG resultLength;
    UNICODE_STRING valueName;
    UCHAR buffer[sizeof( KEY_VALUE_PARTIAL_INFORMATION ) + sizeof( LONG )];

    Globals.DebugLevel = DEBUG_TRACE_ERROR;
#if __NDAS_FS_MINI__ 
	Globals.DebugLevel |= DEBUG_TRACE_INSTANCES;
	Globals.DebugLevel |= DEBUG_TRACE_INSTANCE_CONTEXT_OPERATIONS;
	Globals.DebugLevel |= DEBUG_INFO_CREATE;
	//Globals.DebugLevel |= 0xFFFFFFFF;
#endif

    //
    //  Open the desired registry key
    //

    InitializeObjectAttributes( &attributes,
                                RegistryPath,
                                OBJ_CASE_INSENSITIVE,
                                NULL,
                                NULL );

    status = ZwOpenKey( &driverRegKey,
                        KEY_READ,
                        &attributes );

    if (NT_SUCCESS( status )) {

        //
        // Read the DebugFlags value from the registry.
        //

        RtlInitUnicodeString( &valueName, L"DebugLevel" );

        status = ZwQueryValueKey( driverRegKey,
                                  &valueName,
                                  KeyValuePartialInformation,
                                  buffer,
                                  sizeof(buffer),
                                  &resultLength );

        if (NT_SUCCESS( status )) {

            Globals.DebugLevel = *((PULONG) &(((PKEY_VALUE_PARTIAL_INFORMATION) buffer)->Data));
        }
    }

    //
    //  Close the registry entry
    //

    ZwClose( driverRegKey );
}
NTSTATUS
DriverEntry (
    _In_ PDRIVER_OBJECT DriverObject,
    _In_ PUNICODE_STRING RegistryPath
    )
/*++

Routine Description:

    This is the initialization routine for this filter driver. It registers
    itself with the filter manager and initializes all its global data structures.

Arguments:

    DriverObject - Pointer to driver object created by the system to
        represent this driver.

    RegistryPath - Unicode string identifying where the parameters for this
        driver are located in the registry.

Return Value:

    Returns STATUS_SUCCESS.

--*/
{
    NTSTATUS status;

    //
    //  Default to NonPagedPoolNx for non paged pool allocations where supported.
    //
    
    ExInitializeDriverRuntime( DrvRtPoolNxOptIn );

    RtlZeroMemory( &Globals, sizeof( Globals ) );

#if DBG

    //
    //  Initialize global debug level
    //

    CtxInitializeDebugLevel( RegistryPath );

#else

    UNREFERENCED_PARAMETER( RegistryPath );

#endif

    DebugTrace( DEBUG_TRACE_LOAD_UNLOAD,
                ("[Ctx]: Driver being loaded\n") );



    //
    //  Register with the filter manager
    //

    status = FltRegisterFilter( DriverObject,
                                &FilterRegistration,
                                &Globals.Filter );

    if (!NT_SUCCESS( status )) {

        return status;
    }

    //
    //  Start filtering I/O
    //

    status = FltStartFiltering( Globals.Filter );

    if (!NT_SUCCESS( status )) {

        FltUnregisterFilter( Globals.Filter );
    }

    DebugTrace( DEBUG_TRACE_LOAD_UNLOAD,
                ("[Ctx]: Driver loaded complete (Status = 0x%08X)\n",
                status) );

    return status;
}