VOID
FLTAPI
FltUnregisterFilter(_In_ PFLT_FILTER Filter)
{
PFLT_INSTANCE Instance;
PLIST_ENTRY CurrentEntry;
NTSTATUS Status;
/* Set the draining flag */
Status = FltpStartingToDrainObject(&Filter->Base);
if (!NT_SUCCESS(Status))
{
/* Someone already unregistered us, just remove our ref and bail */
FltObjectDereference(&Filter->Base);
return;
}
/* Lock the instance list */
KeEnterCriticalRegion();
ExAcquireResourceSharedLite(&Filter->InstanceList.rLock, TRUE);
/* Set the first entry in the list */
CurrentEntry = Filter->InstanceList.rList.Flink;
/* Free all instances referenced by the filter */
while (CurrentEntry != &Filter->InstanceList.rList)
{
/* Get the record pointer */
Instance = CONTAINING_RECORD(CurrentEntry, FLT_INSTANCE, FilterLink);
// FIXME: implement
(void)Instance;
/* Reset the pointer and move to next entry */
Instance = NULL;
CurrentEntry = CurrentEntry->Flink;
}
/* We're done with instances now */
ExReleaseResourceLite(&Filter->InstanceList.rLock);
KeLeaveCriticalRegion();
/* Remove the reference from the base object */
FltObjectDereference(&Filter->Base);
/* Wait until we're sure nothing is using the filter */
FltpObjectRundownWait(&Filter->Base.RundownRef);
/* Delete the instance list lock */
ExDeleteResourceLite(&Filter->InstanceList.rLock);
/* We're finished cleaning up now */
FltpExRundownCompleted(&Filter->Base.RundownRef);
/* Hand the memory back */
ExFreePoolWithTag(Filter, FM_TAG_FILTER);
}
NTSTATUS kkll_m_minifilters_list(PKIWI_BUFFER outBuffer)
{
NTSTATUS status = STATUS_SUCCESS;
ULONG NumberFiltersReturned, NumberInstancesReturned, sizeOfBuffer;
PFLT_FILTER *FilterList = NULL;
PFLT_INSTANCE *InstanceList = NULL;
PFLT_VOLUME Volume = NULL;
PFILTER_FULL_INFORMATION myFilterFullInformation = NULL;
PVOID pCallBack, preCallBack, postCallBack;
ULONG i, j, k;
status = FltEnumerateFilters(NULL, 0, &NumberFiltersReturned);
if((status == STATUS_BUFFER_TOO_SMALL) && NumberFiltersReturned)
{
sizeOfBuffer = sizeof(PFLT_FILTER) * NumberFiltersReturned;
if(FilterList = (PFLT_FILTER *) ExAllocatePoolWithTag(NonPagedPool, sizeOfBuffer, POOL_TAG))
{
status = FltEnumerateFilters(FilterList, sizeOfBuffer, &NumberFiltersReturned);
for(i = 0; NT_SUCCESS(status) && (i < NumberFiltersReturned); i++)
{
status = FltGetFilterInformation(FilterList[i], FilterFullInformation, NULL, 0, &sizeOfBuffer);
if((status == STATUS_BUFFER_TOO_SMALL) && sizeOfBuffer)
{
if(myFilterFullInformation = (PFILTER_FULL_INFORMATION) ExAllocatePoolWithTag(NonPagedPool, sizeOfBuffer, POOL_TAG))
{
status = FltGetFilterInformation(FilterList[i], FilterFullInformation, myFilterFullInformation, sizeOfBuffer, &sizeOfBuffer);
if(NT_SUCCESS(status))
{
status = kprintf(outBuffer, L"[%.2u] %.*s\n", i, myFilterFullInformation->FilterNameLength/sizeof(WCHAR), myFilterFullInformation->FilterNameBuffer);
if(NT_SUCCESS(status))
{
status = FltEnumerateInstances(NULL, FilterList[i], NULL, 0, &NumberInstancesReturned);
if((status == STATUS_BUFFER_TOO_SMALL) && NumberInstancesReturned)
{
if(InstanceList = (PFLT_INSTANCE *) ExAllocatePoolWithTag(NonPagedPool, sizeof(PFLT_INSTANCE) * NumberInstancesReturned, POOL_TAG))
{
status = FltEnumerateInstances(NULL, FilterList[i], InstanceList, NumberInstancesReturned, &NumberInstancesReturned);
for(j = 0; NT_SUCCESS(status) && (j < NumberInstancesReturned); j++)
{
if(NT_SUCCESS(FltGetVolumeFromInstance(InstanceList[j], &Volume)))
{
status = kprintf(outBuffer, L" [%.2u] %wZ\n", j, (PUNICODE_STRING) (((ULONG_PTR) Volume) + MF_OffSetTable[KiwiOsIndex][CallbackVolumeNameOffset]));
FltObjectDereference (Volume);
}
else
{
status = kprintf(outBuffer, L" [%.2u] /\n", j);;
}
for(k = 0x16; NT_SUCCESS(status) && (k < 0x32); k++)
{
if(pCallBack = (PVOID) *(PULONG_PTR) (( ((ULONG_PTR) InstanceList[j] )+ MF_OffSetTable[KiwiOsIndex][CallbackOffset]) + sizeof(PVOID)*k))
{
preCallBack = (PVOID) *(PULONG_PTR) (((ULONG_PTR) pCallBack) + MF_OffSetTable[KiwiOsIndex][CallbackPreOffset]);
postCallBack = (PVOID) *(PULONG_PTR) (((ULONG_PTR) pCallBack) + MF_OffSetTable[KiwiOsIndex][CallbackPostOffset]);
if(preCallBack || postCallBack)
{
status = kprintf(outBuffer, L" [0x%2x] %s\n", k, irpToName[k - 0x16]);
if(NT_SUCCESS(status) && preCallBack)
{
status = kprintf(outBuffer, L" PreCallback : ");
if(NT_SUCCESS(status))
status = kkll_m_modules_fromAddr(outBuffer, preCallBack);
}
if(NT_SUCCESS(status) && postCallBack)
{
status = kprintf(outBuffer, L" PostCallback : ");
if(NT_SUCCESS(status))
status = kkll_m_modules_fromAddr(outBuffer, postCallBack);
}
}
}
}
FltObjectDereference (InstanceList[j]);
}
ExFreePoolWithTag(InstanceList, POOL_TAG);
}
}
}
}
ExFreePoolWithTag(myFilterFullInformation, POOL_TAG);
}
}
FltObjectDereference (FilterList[i]);
}
ExFreePoolWithTag(FilterList, POOL_TAG);
}
}
return status;
}
