WDK Mini Filter Example
avlib.h
Go to the documentation of this file.
1 /*++
2 
3 Copyright (c) 2011 Microsoft Corporation
4 
5 Module Name:
6 
7  avlib.h
8 
9 Abstract:
10 
11  This header file defines the common data structure used by kernel and user.
12 
13 Environment:
14 
15  User mode
16  Kernel mode
17 
18 --*/
19 
20 #ifndef __AVLIB_H__
21 #define __AVLIB_H__
22 
23 #if defined(_MSC_VER)
24 #if (_MSC_VER >= 1200)
25 #pragma warning(push)
26 #pragma warning(disable:4201) // nonstandard extension used : nameless struct/union
27 #endif
28 #endif
29 
30 //
31 // Name of AV filter server ports
32 //
33 
34 #define AV_SCAN_PORT_NAME L"\\MicrosoftAvSampleFilterScanPort"
35 #define AV_ABORT_PORT_NAME L"\\MicrosoftAvSampleFilterAbortPort"
36 #define AV_QUERY_PORT_NAME L"\\MicrosoftAvSampleFilterQueryPort"
37 
38 
39 //
40 // Definition of invalide section handle for data scan
41 //
42 
43 #define AV_INVALID_SECTION_HANDLE ((HANDLE)((LONG_PTR)(-1)))
44 
45 
46 //
47 // Command type enumeration, please see COMMAND_MESSAGE below
48 //
49 
50 typedef enum _AVSCAN_COMMAND {
51 
55 
57 
58 //
59 // Message type enumeration, please see AV_SCANNER_NOTIFICATION below
60 //
61 
62 typedef enum _AVSCAN_MESSAGE {
63 
67 
69 
70 typedef enum _AVSCAN_REASON {
73 
75 
76 typedef enum _AVSCAN_RESULT {
77 
81 
83 
84 //
85 // Defines the commands between the user program and the filter
86 // Command: User -> Kernel
87 //
88 
89 typedef struct _COMMAND_MESSAGE {
90 
91  //
92  // Command type
93  //
94 
96 
97  //
98  // Scan identifier.
99  // This argument will be checked in message notificaiton callback.
100  //
101 
102  LONGLONG ScanId;
103 
104  //
105  // Scan thread id. This id will be used in cancel message passing.
106  // So that we will know which scan thread to cancel.
107  //
108 
110 
111  union {
112 
113  //
114  // When user program is connecting for query (AvConnectForQuery)
115  // it has to pass the file handle to query the status of the file.
116  // Valid when Command == AvIsFileModified
117  //
118 
119  HANDLE FileHandle;
120 
121  //
122  // The result result.
123  // Valid when Command == AvCmdCloseSectionForDataScan
124  //
126  };
127 
129 
130 //
131 // Message: Kernel -> User Message
132 //
133 
134 typedef struct _SCANNER_NOTIFICATION {
135 
136  //
137  // Message type
138  //
139 
141 
142  //
143  // Reason
144  //
145 
147 
148  //
149  // Scan identifier.
150  // This argument will be checked in message notificaiton callback.
151  //
152 
153  LONGLONG ScanId;
154 
155  //
156  // Scan thread id. This id will be used in cancel message passing.
157  // So that we will know which scan thread to cancel.
158  //
159 
161 
163 
164 //
165 // Connection type enumeration. It would be mainly used in connection context.
166 //
167 
169 
173 
175 
176 //
177 // Connection context. It will be passed through FilterConnectCommunicationPort(...)
178 //
179 
180 typedef struct _AV_CONNECTION_CONTEXT {
181 
183 
185 
186 //
187 // The following string is actully "message to be found"
188 //
189 
190 #define AV_DEFAULT_SEARCH_PATTERN "7?));=?z.5z8?z<5/4>"
191 #define AV_DEFAULT_SEARCH_PATTERN_SIZE sizeof(AV_DEFAULT_SEARCH_PATTERN)
192 #define AV_DEFAULT_PATTERN_XOR_KEY 90
193 
194 #if defined(_MSC_VER)
195 #if (_MSC_VER >= 1200)
196 #pragma warning(pop)
197 #endif
198 #endif
199 
200 #endif
201 
struct _COMMAND_MESSAGE * PCOMMAND_MESSAGE
enum _AVSCAN_MESSAGE AVSCAN_MESSAGE
struct _SCANNER_NOTIFICATION AV_SCANNER_NOTIFICATION
AVSCAN_COMMAND Command
Definition: avlib.h:95
enum _AVSCAN_REASON AVSCAN_REASON
struct _COMMAND_MESSAGE COMMAND_MESSAGE
_AVSCAN_COMMAND
Definition: avlib.h:50
_AVSCAN_CONNECTION_TYPE
Definition: avlib.h:168
ULONG ScanThreadId
Definition: avlib.h:109
LONGLONG ScanId
Definition: avlib.h:102
HANDLE FileHandle
Definition: avlib.h:119
struct _AV_CONNECTION_CONTEXT AV_CONNECTION_CONTEXT
AVSCAN_REASON Reason
Definition: avlib.h:146
enum _AVSCAN_COMMAND AVSCAN_COMMAND
struct _SCANNER_NOTIFICATION * PAV_SCANNER_NOTIFICATION
_AVSCAN_REASON
Definition: avlib.h:70
_AVSCAN_RESULT
Definition: avlib.h:76
AVSCAN_MESSAGE Message
Definition: avlib.h:140
struct _AV_CONNECTION_CONTEXT * PAV_CONNECTION_CONTEXT
enum _AVSCAN_RESULT AVSCAN_RESULT
_AVSCAN_MESSAGE
Definition: avlib.h:62
AVSCAN_RESULT ScanResult
Definition: avlib.h:125
enum _AVSCAN_CONNECTION_TYPE * PAVSCAN_CONNECTION_TYPE
enum _AVSCAN_CONNECTION_TYPE AVSCAN_CONNECTION_TYPE
AVSCAN_CONNECTION_TYPE Type
Definition: avlib.h:182
LONGLONG ScanId
Definition: avlib.h:153

Social Network


Services Overview

Architect, implement and test file system filter drivers for a wide range of functionality. We can offer several levels of assistance to meet your specific.

Contact Us

You are welcome to contact us for salse or partnership.

Sales: sales@easefilter.com
Support: support@easefilter.com
Info: info@easefilter.com