NTSTATUS
PtUnload (
__in FLT_FILTER_UNLOAD_FLAGS Flags
)
/*++
Routine Description:
This is the unload routine for this miniFilter driver. This is called
when the minifilter is about to be unloaded. We can fail this unload
request if this is not a mandatory unloaded indicated by the Flags
parameter.
Arguments:
Flags - Indicating if this is a mandatory unload.
Return Value:
Returns the final status of this operation.
--*/
{
UNREFERENCED_PARAMETER( Flags );
PAGED_CODE();
PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
("PassThrough!PtUnload: Entered\n") );
FltUnregisterFilter( gFilterHandle );
return STATUS_SUCCESS;
}
NTSTATUS
NullUnload (
_In_ FLT_FILTER_UNLOAD_FLAGS Flags
)
/*++
Routine Description:
This is the unload routine for this miniFilter driver. This is called
when the minifilter is about to be unloaded. We can fail this unload
request if this is not a mandatory unloaded indicated by the Flags
parameter.
Arguments:
Flags - Indicating if this is a mandatory unload.
Return Value:
Returns the final status of this operation.
--*/
{
UNREFERENCED_PARAMETER( Flags );
PAGED_CODE();
FltUnregisterFilter( NullFilterData.FilterHandle );
return STATUS_SUCCESS;
}
//---------------------------------------------------------------
NTSTATUS FltFilterUnload(FLT_FILTER_UNLOAD_FLAGS vFlags)
{
Debug("Enter FltFilterUnload");
FltUnregisterFilter(g_FltFilterHandle);
Debug("Leave FltFilterUnload");
return STATUS_SUCCESS;
}
void OnUnload( IN PDRIVER_OBJECT DriverObject )
{
/* IRQL == PASSIVE_LEVEL */
UNREFERENCED_PARAMETER( DriverObject );
DbgPrint( "file system driver unloading..." );
KIRQL oldIrql;
KeAcquireSpinLock( &(GetDeviceExt()->FileListAccessSpinLock), &oldIrql );
K_ReleaseList( &(GetDeviceExt()->FileListHead) );
KeReleaseSpinLock( &(GetDeviceExt()->FileListAccessSpinLock), oldIrql );
/* unregister filter */
FltUnregisterFilter( GetDeviceExt()->FltFilter );
/* delete registered symbolic link */
IoDeleteSymbolicLink( &SymbolicLinkName );
/* delete registered device */
IoDeleteDevice( GetDeviceExt()->DeviceObject );
}
NTSTATUS FilterUnload ( IN FLT_FILTER_UNLOAD_FLAGS Flags )
{
PLIST_ENTRY pListHead;
PFILE_EVENT_PACKET pFileEventPacket;
FltCloseCommunicationPort( fileManager.pServerPort );
if(fileManager.bReady == TRUE)
{
FltUnregisterFilter( fileManager.pFilter );
KeCancelTimer(&fileManager.connectionCheckerTimer);
}
// Free the log directory
if(fileManager.logDirectory.Buffer != NULL)
{
ExFreePoolWithTag(fileManager.logDirectory.Buffer, FILE_POOL_TAG);
fileManager.logDirectory.Buffer = NULL;
}
fileManager.bCollectDeletedFiles = FALSE;
// Free the linked list containing all the left over file events
FreeQueuedEvents();
return STATUS_SUCCESS;
}
/*************************************************************************
MiniFilter initialization and unload routines.
*************************************************************************/
NTSTATUS
DriverEntry (
__in PDRIVER_OBJECT DriverObject,
__in PUNICODE_STRING RegistryPath
)
{
NTSTATUS status;
UNREFERENCED_PARAMETER( RegistryPath );
PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
("minifilter0!DriverEntry: Entered\n") );
//
// Register with FltMgr to tell it our callback routines
//
status = FltRegisterFilter( DriverObject,
&FilterRegistration,
&gFilterHandle );
ASSERT( NT_SUCCESS( status ) );
if (NT_SUCCESS( status ))
{
//
// Start filtering i/o
//
status = FltStartFiltering( gFilterHandle );
if (!NT_SUCCESS( status ))
FltUnregisterFilter( gFilterHandle );
}
return status;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
{
DBG_PRINT("SecretStash!DriverEntry: Entered\n");
secretStashConfig.RegDataLoaded = FALSE;
NTSTATUS status = STATUS_SUCCESS;
try
{
LeaveOnFail(FltRegisterFilter(DriverObject, &FilterRegistration, &secretStashConfig.Filter)); // Register with FltMgr to tell it our callback routines
LeaveOnFail(GetRegistryConfigData(RegistryPath));
LeaveOnFail(CreateCommunicationPort());
LeaveOnFail(FltStartFiltering(secretStashConfig.Filter));
}
finally
{
if (!NT_SUCCESS(status))
{
if (secretStashConfig.ComPortConfig.ServerPort != NULL)
FltCloseCommunicationPort(secretStashConfig.ComPortConfig.ServerPort);
if (secretStashConfig.Filter != NULL)
FltUnregisterFilter(secretStashConfig.Filter);
}
}
return status;
}
NTSTATUS
DriverEntry (
__in PDRIVER_OBJECT DriverObject,
__in PUNICODE_STRING RegistryPath
)
/*++
Routine Description:
This is the initialization routine for this miniFilter driver. This
registers with FltMgr and initializes all global data structures.
Arguments:
DriverObject - Pointer to driver object created by the system to
represent this driver.
RegistryPath - Unicode string identifying where the parameters for this
driver are located in the registry.
Return Value:
Returns STATUS_SUCCESS.
--*/
{
NTSTATUS status;
UNREFERENCED_PARAMETER( RegistryPath );
PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
("PassThrough!DriverEntry: Entered\n") );
//
// Register with FltMgr to tell it our callback routines
//
status = FltRegisterFilter( DriverObject,
&FilterRegistration,
&gFilterHandle );
ASSERT( NT_SUCCESS( status ) );
if (NT_SUCCESS( status )) {
//
// Start filtering i/o
//
status = FltStartFiltering( gFilterHandle );
if (!NT_SUCCESS( status )) {
FltUnregisterFilter( gFilterHandle );
}
}
return status;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Description :
// Unregisters the minifilter.
// Parameters :
// Return value :
// Process :
// Closes filter communication port and unregisters the filter.
//////////////////////////////////////////////////////////////////////////////////////////////////////////////
NTSTATUS UnregisterFilter(FLT_FILTER_UNLOAD_FLAGS flags)
{
FltCloseCommunicationPort(serverPort);
if(filter!=NULL)
FltUnregisterFilter(filter);
return STATUS_FLT_DO_NOT_DETACH;
}
NTSTATUS fltunload(FLT_FILTER_UNLOAD_FLAGS flag)
{
UNREFERENCED_PARAMETER(flag);
if (pf != NULL)
{
FltUnregisterFilter(pf);
}
return STATUS_SUCCESS;
}
void
FileMgrUnregister (
)
{
FltUnregisterFilter( gFileMgr.m_FileFilter );
gFileMgr.m_FileFilter = NULL;
gFileMgr.m_FltSystem->Release();
gFileMgr.m_FltSystem = NULL;
}
// flt的御载
NTSTATUS FltUnload (__in FLT_FILTER_UNLOAD_FLAGS Flags)
{
UNREFERENCED_PARAMETER( Flags );
KdPrint(("[ScannerUnload] Enter.\n"));
if(NULL != FltData.Filter)
FltUnregisterFilter(FltData.Filter);
return STATUS_SUCCESS;
}
EXTERN_C static NTSTATUS FLTAPI
ScvnpUnload(_In_ FLT_FILTER_UNLOAD_FLAGS Flags) {
PAGED_CODE();
UNREFERENCED_PARAMETER(Flags);
FltUnregisterFilter(g_ScvnpFilterHandle);
BCryptCloseAlgorithmProvider(g_ScvnpSha1AlgorithmHandle, 0);
LogTermination(nullptr);
return STATUS_SUCCESS;
}
NTSTATUS
DriverEntry (
_In_ PDRIVER_OBJECT DriverObject,
_In_ PUNICODE_STRING RegistryPath
)
/*++
Routine Description:
This is the initialization routine for this miniFilter driver. This
registers the miniFilter with FltMgr and initializes all
its global data structures.
Arguments:
DriverObject - Pointer to driver object created by the system to
represent this driver.
RegistryPath - Unicode string identifying where the parameters for this
driver are located in the registry.
Return Value:
Returns STATUS_SUCCESS.
--*/
{
NTSTATUS status;
UNREFERENCED_PARAMETER( RegistryPath );
//
// Register with FltMgr
//
status = FltRegisterFilter( DriverObject,
&FilterRegistration,
&NullFilterData.FilterHandle );
FLT_ASSERT( NT_SUCCESS( status ) );
if (NT_SUCCESS( status )) {
//
// Start filtering i/o
//
status = FltStartFiltering( NullFilterData.FilterHandle );
if (!NT_SUCCESS( status )) {
FltUnregisterFilter( NullFilterData.FilterHandle );
}
}
return status;
}
NTSTATUS PtUnload(_In_ FLT_FILTER_UNLOAD_FLAGS Flags)
{
PAGED_CODE();
UNREFERENCED_PARAMETER(Flags);
KdPrint(("Passthrough!PtUnload: Entered!!!"));
FltUnregisterFilter(gFilterHandle);
return STATUS_SUCCESS;
}
NTSTATUS
NPUnload (
__in FLT_FILTER_UNLOAD_FLAGS Flags
)
{
UNREFERENCED_PARAMETER( Flags );
PAGED_CODE();
PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
("NPminifilter!NPUnload: Entered: Unregister Filter...\n") );
FltUnregisterFilter( gFilterHandle );
return STATUS_SUCCESS;
}
/*
* LockerUnload
*
* This is the unload routine for the Filter driver, which we hooked in when we
* called FltRegisterFilter. See PFLT_FILTER_UNLOAD_CALLBACK:
*
* http://msdn.microsoft.com/en-us/library/windows/hardware/ff551085(v=vs.85).aspx
*
* It unregisters the filter from the filter manager, and frees any allocated
* global data structures. This means we can stop and delete this service without
* rebooting, which is made possible by hooking in underneath the FilterManager
* (by contrast, that manager is a legacy File System Filter Driver...so it cannot
* itself be safely unloaded without rebooting).
*
* Returns the final status of the deallocation routines.
*/
NTSTATUS
LockerUnload(
__in FLT_FILTER_UNLOAD_FLAGS Flags
)
{
UNREFERENCED_PARAMETER(Flags);
// Close the server port.
FltCloseCommunicationPort(Globals.ServerPort);
// Unregister the filter
FltUnregisterFilter(Globals.Filter);
return STATUS_SUCCESS;
}
/*---------------------------------------------------------
函数名称: Antinvader_Unload
函数描述: 卸载驱动程序,关闭通信端口
输入参数:
Flags 卸载标志
输出参数:
返回值:
STATUS_SUCCESS 成功
其他:
更新维护: 2011.3.20 最初版本
---------------------------------------------------------*/
NTSTATUS
Antinvader_Unload (
__in FLT_FILTER_UNLOAD_FLAGS Flags
)
{
UNREFERENCED_PARAMETER( Flags );
PAGED_CODE();
DebugTrace(DEBUG_TRACE_LOAD_UNLOAD,"Unload",
("Entered."));
//
//关闭通信端口
//
if(pfpGlobalServerPort) {
DebugTrace(DEBUG_TRACE_LOAD_UNLOAD,"Unload",
("Closing communication port....0x%X",pfpGlobalServerPort));
FltCloseCommunicationPort( pfpGlobalServerPort );
}
//
//卸载过滤
//
if(pfltGlobalFilterHandle) {
DebugTrace(DEBUG_TRACE_LOAD_UNLOAD,"Unload",
("Unregistering filter....0x%X",pfltGlobalFilterHandle));
FltUnregisterFilter( pfltGlobalFilterHandle );
}
//
//销毁释放所有表格 资源 旁视链表等
//
PctFreeTable();
// ExDeleteNPagedLookasideList(&nliCallbackContextLookasideList);
// ExDeleteNPagedLookasideList(&nliFileStreamContextLookasideList);
ExDeleteNPagedLookasideList(&nliNewFileHeaderLookasideList);
DebugTrace(DEBUG_TRACE_LOAD_UNLOAD,"Unload",
("All succeed.Leave now."));
return STATUS_SUCCESS;
}
NTSTATUS SecretStashUnload(FLT_FILTER_UNLOAD_FLAGS Flags)
{
UNREFERENCED_PARAMETER(Flags);
PAGED_CODE();
DBG_PRINT("SecretStash!SecretStashUnload: Entered\n");
FltCloseCommunicationPort(secretStashConfig.ComPortConfig.ServerPort);
if (secretStashConfig.RegDataLoaded)
DestroyFolderVector(&secretStashConfig.FolderVector);
FltUnregisterFilter(secretStashConfig.Filter);
return STATUS_SUCCESS;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
ntStatus = FltRegisterFilter(DriverObject, &FilterRegistration, &FilterHandle);
ASSERT(NT_SUCCESS(ntStatus));
if (NT_SUCCESS(ntStatus))
{
ntStatus = FltStartFiltering(FilterHandle);
if (!NT_SUCCESS(ntStatus))
{
FltUnregisterFilter(FilterHandle);
}
}
return ntStatus;
}
NTSTATUS FilemonEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
{
NTSTATUS status;
FltData.Filter = NULL;
status = FltRegisterFilter(pDriverObject, &FilterRegistration, &FltData.Filter);
if(!NT_SUCCESS(status))
return status;
status = FltStartFiltering(FltData.Filter);
if(!NT_SUCCESS(status))
{
FltUnregisterFilter(FltData.Filter);
return status;
}
// 初始
KeInitializeSpinLock(&FltData.spinkLock);
InitializeListHead(&FltData.listGuard);
return STATUS_SUCCESS;
}
VOID
FltStopFiltering()
{
FLT_FILE_LIST_ENTRY *file = FltFileList;
DbgPrint("[PUSH] => (FltStopFiltering)");
FltUnregisterFilter(FltFilterData);
FltFileList = NULL;
while (file != 0)
{
ExFreePool(file->Name);
file = file->NextEntry;
}
DbgPrint("[PUSH] <= (FltStopFiltering)");
}
/*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*
*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*/
NTSTATUS
cfsd_Unload( FLT_FILTER_UNLOAD_FLAGS theFlags )
{
UNREFERENCED_PARAMETER( theFlags );
// *** ENABLE THIS IS YOU DO NOT WANT THE DRIVER TO EVER BE UNLOADED and
// SET FLTFL_REGISTRATION_DO_NOT_SUPPORT_SERVICE_STOP in FLT_REGISTRATION ALSO ***
//return STATUS_FLT_DO_NOT_DETACH;
#if ENABLE_USER_INTERFACE
DBG_PRINT( DbgOutput, DBG_USERMODE, (PRINT_TAG_USERMODE "Closing ServerPort 0x%X\n",gUserModeConnection.ServerPort ) );
FltCloseCommunicationPort( gUserModeConnection.ServerPort );
#endif // End #if ENABLE_USER_INTERFACE
// DDK : "...Unregister itself so that the Filter Manager no longer calls it to
// process I/O operations. "
FltUnregisterFilter( gFilterPointer );
// Release our hidden data memory
ExFreePoolWithTag( gFileData, 'parC' );
#if FILTER_IRP_MJ_CREATE
// Release our attach method data memory
ExFreePoolWithTag( gProtectedData, 'parC' );
#endif
// Release our attach method data memory
ExFreePoolWithTag( gAttachRequirements, 'parC' );
return STATUS_SUCCESS;
}
NTSTATUS
claimsmanUnload(
_In_ FLT_FILTER_UNLOAD_FLAGS Flags
)
/*++
Routine Description:
This is the unload routine for this miniFilter driver. This is called
when the minifilter is about to be unloaded. We can fail this unload
request if this is not a mandatory unload indicated by the Flags
parameter.
Arguments:
Flags - Indicating if this is a mandatory unload.
Return Value:
Returns STATUS_SUCCESS.
--*/
{
UNREFERENCED_PARAMETER(Flags);
PAGED_CODE();
PT_DBG_PRINT(PTDBG_TRACE_ROUTINES,
("claimsman!claimsmanUnload: Entered\n"));
FltCloseCommunicationPort(ClaimsmanData.ServerPort);
FltUnregisterFilter(ClaimsmanData.Filter);
ClaimsmanFreeExtensions();
ClaimsmanFreeIgnoredUsers();
return STATUS_SUCCESS;
}
//---------------------------------------------------------------
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject,IN PUNICODE_STRING pRegistryPath)
{
NTSTATUS tRetStatus;
PEPROCESS tCurProcess = PsGetCurrentProcess();
if(0 == tCurProcess)
return 0;
for(int i=0; i<3*PAGE_SIZE; i++)
{
if(0 == _strnicmp("System", (char*)tCurProcess + i, strlen("System")))
{
ProcessNameOffset = i;
break;
}
}
if(0 == ProcessNameOffset)
{
return STATUS_UNSUCCESSFUL;
}
tRetStatus = FltRegisterFilter(pDriverObject, &g_FltRegistration, &g_FltFilterHandle);
if(false == NT_SUCCESS(tRetStatus))
{
Debug("FltRegisterFilter failed");
return STATUS_UNSUCCESSFUL;
}
tRetStatus = FltStartFiltering(g_FltFilterHandle);
if(false == NT_SUCCESS(tRetStatus))
{
Debug("FltStartFiltering failed");
FltUnregisterFilter(g_FltFilterHandle);
return STATUS_UNSUCCESSFUL;
}
return STATUS_SUCCESS;
}
NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath)
{
NTSTATUS status;
UNREFERENCED_PARAMETER(RegistryPath);
KdPrint(("Passthrough!DriverEntry: entered\n"));
status = FltRegisterFilter(DriverObject, &FilterRegistration, &gFilterHandle);
FLT_ASSERT(NT_SUCCESS(status));
if (NT_SUCCESS(status))
{
status = FltStartFiltering(gFilterHandle);
if (!NT_SUCCESS(status))
{
FltUnregisterFilter(gFilterHandle);
}
KdPrint(("Passthrough!DriverEntry: start mini filter \n"));
}
return status;
}
/*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*
*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= **
*/
NTSTATUS
cfsd_Unload( FLT_FILTER_UNLOAD_FLAGS theFlags )
{
UNREFERENCED_PARAMETER( theFlags );
#if ENABLE_USER_INTERFACE
KdPrint( (PRINT_TAG "Closing ServerPort 0x%X\n",gUserModeConnection.ServerPort ) );
FltCloseCommunicationPort( gUserModeConnection.ServerPort );
#endif
// DDK : "...Unregister itself so that the Filter Manager no longer calls it to
// process I/O operations. "
FltUnregisterFilter( gFilterPointer );
// Release our hidden data memory
ExFreePoolWithTag( gHiddenData, 'parC' );
// Release our attach method data memory
ExFreePoolWithTag( gAttachRequirements, 'parC' );
return STATUS_SUCCESS;
}
NTSTATUS
CtxUnload (
__in FLT_FILTER_UNLOAD_FLAGS Flags
)
/*++
Routine Description:
This is the unload routine for this filter driver. This is called
when the minifilter is about to be unloaded. We can fail this unload
request if this is not a mandatory unloaded indicated by the Flags
parameter.
Arguments:
Flags - Indicating if this is a mandatory unload.
Return Value:
Returns the final status of this operation.
--*/
{
UNREFERENCED_PARAMETER( Flags );
PAGED_CODE();
DebugTrace( DEBUG_TRACE_LOAD_UNLOAD,
("[Ctx]: Unloading driver\n") );
FltUnregisterFilter( Globals.Filter );
Globals.Filter = NULL;
return STATUS_SUCCESS;
}
NTSTATUS FltUnload(FLT_FILTER_UNLOAD_FLAGS Flags)
{
FltUnregisterFilter(FilterHandle);
return STATUS_SUCCESS;
}
VOID DrvUnload(IN PDRIVER_OBJECT DriverObject)
{
PDEVICE_OBJECT deviceObject = DriverObject->DeviceObject;
FltUnregisterFilter(FilterHandle);
}
