WDK Mini Filter Example
filter/avscan.c File Reference
#include <initguid.h>
#include "avscan.h"

Go to the source code of this file.

Functions

NTSTATUS DriverEntry (_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath)
 
NTSTATUS AvSetConfiguration (_In_ PUNICODE_STRING RegistryPath)
 
NTSTATUS AvInstanceSetup (_In_ PCFLT_RELATED_OBJECTS FltObjects, _In_ FLT_INSTANCE_SETUP_FLAGS Flags, _In_ DEVICE_TYPE VolumeDeviceType, _In_ FLT_FILESYSTEM_TYPE VolumeFilesystemType)
 
VOID AvInstanceTeardownStart (_In_ PCFLT_RELATED_OBJECTS FltObjects, _Unreferenced_parameter_ FLT_INSTANCE_TEARDOWN_FLAGS Flags)
 
VOID AvInstanceTeardownComplete (_In_ PCFLT_RELATED_OBJECTS FltObjects, _In_ FLT_INSTANCE_TEARDOWN_FLAGS Flags)
 
NTSTATUS AvUnload (_Unreferenced_parameter_ FLT_FILTER_UNLOAD_FLAGS Flags)
 
NTSTATUS AvInstanceQueryTeardown (_In_ PCFLT_RELATED_OBJECTS FltObjects, _In_ FLT_INSTANCE_QUERY_TEARDOWN_FLAGS Flags)
 
FLT_PREOP_CALLBACK_STATUS AvPreOperationCallback (_Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _Flt_CompletionContext_Outptr_ PVOID *CompletionContext)
 
FLT_PREOP_CALLBACK_STATUS AvPreCreate (_Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _Flt_CompletionContext_Outptr_ PVOID *CompletionContext)
 
FLT_POSTOP_CALLBACK_STATUS AvPostCreate (_Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _In_opt_ PVOID CompletionContext, _In_ FLT_POST_OPERATION_FLAGS Flags)
 
FLT_PREOP_CALLBACK_STATUS AvPreCleanup (_Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _Flt_CompletionContext_Outptr_ PVOID *CompletionContext)
 
FLT_PREOP_CALLBACK_STATUS AvPreFsControl (_Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _Flt_CompletionContext_Outptr_ PVOID *CompletionContext)
 
NTSTATUS AvKtmNotificationCallback (_Unreferenced_parameter_ PCFLT_RELATED_OBJECTS FltObjects, _In_ PFLT_CONTEXT TransactionContext, _In_ ULONG TransactionNotification)
 
NTSTATUS AvScanAbortCallbackAsync (_Unreferenced_parameter_ PFLT_INSTANCE Instance, _In_ PFLT_CONTEXT Context, _Unreferenced_parameter_ PFLT_CALLBACK_DATA Data)
 
BOOLEAN AvOperationsModifyingFile (_In_ PFLT_CALLBACK_DATA Data)
 
NTSTATUS AvQueryTransactionOutcome (_In_ PKTRANSACTION Transaction, _Out_ PULONG TxOutcome)
 
NTSTATUS AvProcessPreviousTransaction (_In_ PCFLT_RELATED_OBJECTS FltObjects, _Inout_ PAV_STREAM_CONTEXT StreamContext)
 
NTSTATUS AvProcessTransactionOutcome (_Inout_ PAV_TRANSACTION_CONTEXT TransactionContext, _In_ ULONG TransactionOutcome)
 
NTSTATUS AvLoadFileStateFromCache (_In_ PFLT_INSTANCE Instance, _In_ PAV_FILE_REFERENCE FileId, _Out_ LONG volatile *State, _Out_ PLONGLONG VolumeRevision, _Out_ PLONGLONG CacheRevision, _Out_ PLONGLONG FileRevision)
 
NTSTATUS AvSyncCache (_In_ PFLT_INSTANCE Instance, _In_ PAV_STREAM_CONTEXT StreamContext)
 
BOOLEAN AvIsPrefetchEcpPresent (_In_ PFLT_FILTER Filter, _In_ PFLT_CALLBACK_DATA Data)
 
BOOLEAN AvIsStreamAlternate (_Inout_ PFLT_CALLBACK_DATA Data)
 
NTSTATUS AvScan (_Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _In_ AV_SCAN_MODE ScanMode, _In_ UCHAR IOMajorFunctionAtScan, _In_ BOOLEAN IsInTxWriter, _Inout_ PAV_STREAM_CONTEXT StreamContext)
 
VOID AvDoCancelScanAndRelease (_In_ PAV_SCAN_CONTEXT ScanContext, _In_ PAV_SECTION_CONTEXT SectionContext)
 
NTSTATUS AvSendUnloadingToUser (VOID)
 
FORCEINLINE VOID AvPropagateFileState (_Inout_ PAV_STREAM_CONTEXT StreamContext, _In_ ULONG TransactionOutcome)
 
NTSTATUS AvSendAbortToUser (_In_ ULONG ScanThreadId, _In_ LONGLONG ScanId)
 

Variables

DRIVER_INITIALIZE DriverEntry
 
CONST FLT_OPERATION_REGISTRATION Callbacks []
 
const FLT_CONTEXT_REGISTRATION ContextRegistration []
 
CONST FLT_REGISTRATION FilterRegistration
 

Function Documentation

◆ AvDoCancelScanAndRelease()

VOID AvDoCancelScanAndRelease ( _In_ PAV_SCAN_CONTEXT  ScanContext,
_In_ PAV_SECTION_CONTEXT  SectionContext 
)

Definition at line 1602 of file filter/avscan.c.

◆ AvInstanceQueryTeardown()

NTSTATUS AvInstanceQueryTeardown ( _In_ PCFLT_RELATED_OBJECTS  FltObjects,
_In_ FLT_INSTANCE_QUERY_TEARDOWN_FLAGS  Flags 
)

Definition at line 458 of file filter/avscan.c.

◆ AvInstanceSetup()

NTSTATUS AvInstanceSetup ( _In_ PCFLT_RELATED_OBJECTS  FltObjects,
_In_ FLT_INSTANCE_SETUP_FLAGS  Flags,
_In_ DEVICE_TYPE  VolumeDeviceType,
_In_ FLT_FILESYSTEM_TYPE  VolumeFilesystemType 
)

Definition at line 300 of file filter/avscan.c.

◆ AvInstanceTeardownComplete()

VOID AvInstanceTeardownComplete ( _In_ PCFLT_RELATED_OBJECTS  FltObjects,
_In_ FLT_INSTANCE_TEARDOWN_FLAGS  Flags 
)

Definition at line 610 of file filter/avscan.c.

◆ AvInstanceTeardownStart()

VOID AvInstanceTeardownStart ( _In_ PCFLT_RELATED_OBJECTS  FltObjects,
_Unreferenced_parameter_ FLT_INSTANCE_TEARDOWN_FLAGS  Flags 
)

Definition at line 499 of file filter/avscan.c.

◆ AvIsPrefetchEcpPresent()

BOOLEAN AvIsPrefetchEcpPresent ( _In_ PFLT_FILTER  Filter,
_In_ PFLT_CALLBACK_DATA  Data 
)

Definition at line 1334 of file filter/avscan.c.

◆ AvIsStreamAlternate()

BOOLEAN AvIsStreamAlternate ( _Inout_ PFLT_CALLBACK_DATA  Data)

Definition at line 1385 of file filter/avscan.c.

◆ AvKtmNotificationCallback()

NTSTATUS AvKtmNotificationCallback ( _Unreferenced_parameter_ PCFLT_RELATED_OBJECTS  FltObjects,
_In_ PFLT_CONTEXT  TransactionContext,
_In_ ULONG  TransactionNotification 
)

Definition at line 2889 of file filter/avscan.c.

◆ AvLoadFileStateFromCache()

NTSTATUS AvLoadFileStateFromCache ( _In_ PFLT_INSTANCE  Instance,
_In_ PAV_FILE_REFERENCE  FileId,
_Out_ LONG volatile *  State,
_Out_ PLONGLONG  VolumeRevision,
_Out_ PLONGLONG  CacheRevision,
_Out_ PLONGLONG  FileRevision 
)

Definition at line 1142 of file filter/avscan.c.

◆ AvOperationsModifyingFile()

BOOLEAN AvOperationsModifyingFile ( _In_ PFLT_CALLBACK_DATA  Data)

Definition at line 887 of file filter/avscan.c.

◆ AvPostCreate()

FLT_POSTOP_CALLBACK_STATUS AvPostCreate ( _Inout_ PFLT_CALLBACK_DATA  Data,
_In_ PCFLT_RELATED_OBJECTS  FltObjects,
_In_opt_ PVOID  CompletionContext,
_In_ FLT_POST_OPERATION_FLAGS  Flags 
)

Definition at line 2298 of file filter/avscan.c.

◆ AvPreCleanup()

FLT_PREOP_CALLBACK_STATUS AvPreCleanup ( _Inout_ PFLT_CALLBACK_DATA  Data,
_In_ PCFLT_RELATED_OBJECTS  FltObjects,
_Flt_CompletionContext_Outptr_ PVOID *  CompletionContext 
)

Definition at line 2687 of file filter/avscan.c.

◆ AvPreCreate()

FLT_PREOP_CALLBACK_STATUS AvPreCreate ( _Inout_ PFLT_CALLBACK_DATA  Data,
_In_ PCFLT_RELATED_OBJECTS  FltObjects,
_Flt_CompletionContext_Outptr_ PVOID *  CompletionContext 
)

Definition at line 1953 of file filter/avscan.c.

◆ AvPreFsControl()

FLT_PREOP_CALLBACK_STATUS AvPreFsControl ( _Inout_ PFLT_CALLBACK_DATA  Data,
_In_ PCFLT_RELATED_OBJECTS  FltObjects,
_Flt_CompletionContext_Outptr_ PVOID *  CompletionContext 
)

Definition at line 1905 of file filter/avscan.c.

◆ AvPreOperationCallback()

FLT_PREOP_CALLBACK_STATUS AvPreOperationCallback ( _Inout_ PFLT_CALLBACK_DATA  Data,
_In_ PCFLT_RELATED_OBJECTS  FltObjects,
_Flt_CompletionContext_Outptr_ PVOID *  CompletionContext 
)

Definition at line 1779 of file filter/avscan.c.

◆ AvProcessPreviousTransaction()

NTSTATUS AvProcessPreviousTransaction ( _In_ PCFLT_RELATED_OBJECTS  FltObjects,
_Inout_ PAV_STREAM_CONTEXT  StreamContext 
)

Definition at line 2088 of file filter/avscan.c.

◆ AvProcessTransactionOutcome()

NTSTATUS AvProcessTransactionOutcome ( _Inout_ PAV_TRANSACTION_CONTEXT  TransactionContext,
_In_ ULONG  TransactionOutcome 
)

Definition at line 1071 of file filter/avscan.c.

◆ AvPropagateFileState()

FORCEINLINE VOID AvPropagateFileState ( _Inout_ PAV_STREAM_CONTEXT  StreamContext,
_In_ ULONG  TransactionOutcome 
)

Definition at line 1006 of file filter/avscan.c.

◆ AvQueryTransactionOutcome()

NTSTATUS AvQueryTransactionOutcome ( _In_ PKTRANSACTION  Transaction,
_Out_ PULONG  TxOutcome 
)

Definition at line 941 of file filter/avscan.c.

◆ AvScan()

NTSTATUS AvScan ( _Inout_ PFLT_CALLBACK_DATA  Data,
_In_ PCFLT_RELATED_OBJECTS  FltObjects,
_In_ AV_SCAN_MODE  ScanMode,
_In_ UCHAR  IOMajorFunctionAtScan,
_In_ BOOLEAN  IsInTxWriter,
_Inout_ PAV_STREAM_CONTEXT  StreamContext 
)

Definition at line 1448 of file filter/avscan.c.

◆ AvScanAbortCallbackAsync()

NTSTATUS AvScanAbortCallbackAsync ( _Unreferenced_parameter_ PFLT_INSTANCE  Instance,
_In_ PFLT_CONTEXT  Context,
_Unreferenced_parameter_ PFLT_CALLBACK_DATA  Data 
)

Definition at line 2952 of file filter/avscan.c.

◆ AvSendAbortToUser()

NTSTATUS AvSendAbortToUser ( _In_ ULONG  ScanThreadId,
_In_ LONGLONG  ScanId 
)

Definition at line 1650 of file filter/avscan.c.

◆ AvSendUnloadingToUser()

NTSTATUS AvSendUnloadingToUser ( VOID  )

Definition at line 1717 of file filter/avscan.c.

◆ AvSetConfiguration()

NTSTATUS AvSetConfiguration ( _In_ PUNICODE_STRING  RegistryPath)

Definition at line 3033 of file filter/avscan.c.

◆ AvSyncCache()

NTSTATUS AvSyncCache ( _In_ PFLT_INSTANCE  Instance,
_In_ PAV_STREAM_CONTEXT  StreamContext 
)

Definition at line 1223 of file filter/avscan.c.

◆ AvUnload()

NTSTATUS AvUnload ( _Unreferenced_parameter_ FLT_FILTER_UNLOAD_FLAGS  Flags)

Definition at line 823 of file filter/avscan.c.

◆ DriverEntry()

NTSTATUS DriverEntry ( _In_ PDRIVER_OBJECT  DriverObject,
_In_ PUNICODE_STRING  RegistryPath 
)

Definition at line 648 of file filter/avscan.c.

Variable Documentation

◆ Callbacks

CONST FLT_OPERATION_REGISTRATION Callbacks[]
Initial value:
= {
0,
0,
NULL },
0,
NULL },
0,
NULL },
0,
NULL },
{ IRP_MJ_OPERATION_END }
}
FLT_PREOP_CALLBACK_STATUS AvPreFsControl(_Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _Flt_CompletionContext_Outptr_ PVOID *CompletionContext)
FLT_PREOP_CALLBACK_STATUS AvPreOperationCallback(_Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _Flt_CompletionContext_Outptr_ PVOID *CompletionContext)
#define IRP_MJ_WRITE
Definition: mspyLog.h:288
#define IRP_MJ_CLEANUP
Definition: mspyLog.h:302
#define IRP_MJ_SET_INFORMATION
Definition: mspyLog.h:290
NcLoadRegistryStringRetry NULL
Definition: ncinit.c:53
FLT_POSTOP_CALLBACK_STATUS AvPostCreate(_Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _In_opt_ PVOID CompletionContext, _In_ FLT_POST_OPERATION_FLAGS Flags)
#define IRP_MJ_FILE_SYSTEM_CONTROL
Definition: mspyLog.h:297
FLT_PREOP_CALLBACK_STATUS AvPreCleanup(_Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _Flt_CompletionContext_Outptr_ PVOID *CompletionContext)
FLT_PREOP_CALLBACK_STATUS AvPreCreate(_Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _Flt_CompletionContext_Outptr_ PVOID *CompletionContext)
#define IRP_MJ_CREATE
Definition: mspyLog.h:284

Definition at line 234 of file filter/avscan.c.

◆ ContextRegistration

const FLT_CONTEXT_REGISTRATION ContextRegistration[]

Definition at line 68 of file avscan/filter/context.c.

◆ DriverEntry

NTSTATUS DriverEntry

Definition at line 30 of file filter/avscan.c.

◆ FilterRegistration

CONST FLT_REGISTRATION FilterRegistration
Initial value:
= {
sizeof( FLT_REGISTRATION ),
FLT_REGISTRATION_VERSION,
0,
NULL,
NULL,
NULL,
NULL,
}
NTSTATUS AvUnload(_Unreferenced_parameter_ FLT_FILTER_UNLOAD_FLAGS Flags)
NTSTATUS AvScanAbortCallbackAsync(_Unreferenced_parameter_ PFLT_INSTANCE Instance, _In_ PFLT_CONTEXT Context, _Unreferenced_parameter_ PFLT_CALLBACK_DATA Data)
CONST FLT_OPERATION_REGISTRATION Callbacks[]
VOID AvInstanceTeardownComplete(_In_ PCFLT_RELATED_OBJECTS FltObjects, _In_ FLT_INSTANCE_TEARDOWN_FLAGS Flags)
const FLT_CONTEXT_REGISTRATION ContextRegistration[]
NcLoadRegistryStringRetry NULL
Definition: ncinit.c:53
VOID AvInstanceTeardownStart(_In_ PCFLT_RELATED_OBJECTS FltObjects, _Unreferenced_parameter_ FLT_INSTANCE_TEARDOWN_FLAGS Flags)
NTSTATUS AvKtmNotificationCallback(_Unreferenced_parameter_ PCFLT_RELATED_OBJECTS FltObjects, _In_ PFLT_CONTEXT TransactionContext, _In_ ULONG TransactionNotification)
NTSTATUS AvInstanceQueryTeardown(_In_ PCFLT_RELATED_OBJECTS FltObjects, _In_ FLT_INSTANCE_QUERY_TEARDOWN_FLAGS Flags)
NTSTATUS AvInstanceSetup(_In_ PCFLT_RELATED_OBJECTS FltObjects, _In_ FLT_INSTANCE_SETUP_FLAGS Flags, _In_ DEVICE_TYPE VolumeDeviceType, _In_ FLT_FILESYSTEM_TYPE VolumeFilesystemType)

Definition at line 273 of file filter/avscan.c.

Social Network


Services Overview

Architect, implement and test file system filter drivers for a wide range of functionality. We can offer several levels of assistance to meet your specific.

Contact Us

You are welcome to contact us for salse or partnership.

Sales: sales@easefilter.com
Support: support@easefilter.com
Info: info@easefilter.com