WDK Mini Filter Example
Data Structures | Macros | Typedefs | Enumerations | Functions
avscan/filter/context.h File Reference

Go to the source code of this file.

Data Structures

struct  _AV_TRANSACTION_CONTEXT
 
struct  _AV_STREAMHANDLE_CONTEXT
 
struct  _AV_STREAM_CONTEXT
 
struct  _AV_SECTION_CONTEXT
 
struct  _AV_INSTANCE_CONTEXT
 

Macros

#define AV_STREAMHANDLE_CONTEXT_TAG   'hSvA'
 
#define AV_STREAM_CONTEXT_TAG   'cSvA'
 
#define AV_TRANSACTION_CONTEXT_TAG   'cTvA'
 
#define AV_SECTION_CONTEXT_TAG   'eSvA'
 
#define AV_INSTANCE_CONTEXT_TAG   'cIvA'
 
#define AV_INSTANCES_ARRAY_TAG   'aIvA'
 
#define AV_CONNECTION_CTX_TAG   'cCvA'
 
#define AV_SCAN_CTX_TAG   'cMvA'
 
#define AV_TXCTX_ENLISTED   0x01
 
#define AV_TXCTX_LISTDRAINED   0x02
 
#define AV_TRANSACTION_CONTEXT_SIZE   sizeof( AV_TRANSACTION_CONTEXT )
 
#define IS_FILE_MODIFIED(_sCtx)   ( (_sCtx)->State == AvFileModified )
 
#define IS_FILE_INFECTED(_sCtx)   ( (_sCtx)->State == AvFileInfected )
 
#define IS_FILE_NOT_INFECTED(_sCtx)   ( (_sCtx)->State == AvFileNotInfected )
 
#define IS_FILE_TX_MODIFIED(_sCtx)   ( (_sCtx)->TxState == AvFileModified )
 
#define IS_FILE_TX_INFECTED(_sCtx)   ( (_sCtx)->TxState == AvFileInfected )
 
#define IS_FILE_TX_NOT_INFECTED(_sCtx)   ( (_sCtx)->TxState == AvFileNotInfected )
 
#define IS_FILE_NEED_SCAN(_sCtx)
 
#define SET_FILE_UNKNOWN(_sCtx)   InterlockedExchange(&(_sCtx)->State, AvFileUnknown)
 
#define SET_FILE_MODIFIED(_sCtx)   InterlockedExchange(&(_sCtx)->State, AvFileModified)
 
#define SET_FILE_INFECTED(_sCtx)   InterlockedExchange(&(_sCtx)->State, AvFileInfected)
 
#define SET_FILE_NOT_INFECTED(_sCtx)   InterlockedExchange(&(_sCtx)->State, AvFileNotInfected)
 
#define SET_FILE_SCANNING(_sCtx)   InterlockedExchange(&(_sCtx)->State, AvFileScanning)
 
#define SET_FILE_TX_UNKNOWN(_sCtx)   InterlockedExchange(&(_sCtx)->TxState, AvFileUnknown)
 
#define SET_FILE_TX_MODIFIED(_sCtx)   InterlockedExchange(&(_sCtx)->TxState, AvFileModified)
 
#define SET_FILE_TX_INFECTED(_sCtx)   InterlockedExchange(&(_sCtx)->TxState, AvFileInfected)
 
#define SET_FILE_TX_NOT_INFECTED(_sCtx)   InterlockedExchange(&(_sCtx)->TxState, AvFileNotInfected)
 
#define SET_FILE_TX_SCANNING(_sCtx)   InterlockedExchange(&(_sCtx)->TxState, AvFileScanning)
 
#define SET_FILE_UNKNOWN_EX(_flag, _sCtx)
 
#define SET_FILE_MODIFIED_EX(_flag, _sCtx)
 
#define SET_FILE_INFECTED_EX(_flag, _sCtx)
 
#define SET_FILE_NOT_INFECTED_EX(_flag, _sCtx)
 
#define SET_FILE_SCANNING_EX(_flag, _sCtx)
 
#define AV_FLAG_PREFETCH   0x00000001
 
#define AV_STREAMHANDLE_CONTEXT_SIZE   sizeof( AV_STREAMHANDLE_CONTEXT )
 
#define AV_STREAM_CONTEXT_SIZE   sizeof( AV_STREAM_CONTEXT )
 
#define AV_SECTION_CONTEXT_SIZE   sizeof( AV_SECTION_CONTEXT )
 
#define AV_INSTANCE_CONTEXT_SIZE   sizeof( AV_INSTANCE_CONTEXT )
 

Typedefs

typedef enum _AV_FILE_INFECTED_STATE AV_FILE_INFECTED_STATE
 
typedef struct _AV_TRANSACTION_CONTEXT AV_TRANSACTION_CONTEXT
 
typedef struct _AV_TRANSACTION_CONTEXTPAV_TRANSACTION_CONTEXT
 
typedef struct _AV_STREAMHANDLE_CONTEXT AV_STREAMHANDLE_CONTEXT
 
typedef struct _AV_STREAMHANDLE_CONTEXTPAV_STREAMHANDLE_CONTEXT
 
typedef struct _AV_STREAM_CONTEXT AV_STREAM_CONTEXT
 
typedef struct _AV_STREAM_CONTEXTPAV_STREAM_CONTEXT
 
typedef struct _AV_SECTION_CONTEXT AV_SECTION_CONTEXT
 
typedef struct _AV_SECTION_CONTEXTPAV_SECTION_CONTEXT
 
typedef struct _AV_INSTANCE_CONTEXT AV_INSTANCE_CONTEXT
 
typedef struct _AV_INSTANCE_CONTEXTPAV_INSTANCE_CONTEXT
 

Enumerations

enum  _AV_FILE_INFECTED_STATE {
  AvFileUnknown, AvFileInfected, AvFileNotInfected, AvFileModified,
  AvFileScanning
}
 

Functions

NTSTATUS AvFindOrCreateTransactionContext (_In_ PCFLT_RELATED_OBJECTS FltObjects, _Outptr_ PAV_TRANSACTION_CONTEXT *TransactionContext)
 
NTSTATUS AvCreateSectionContext (_In_ PFLT_INSTANCE Instance, _In_ PFILE_OBJECT FileObject, _Outptr_ PAV_SECTION_CONTEXT *SectionContext)
 
NTSTATUS AvCreateStreamHandleContext (_In_ PFLT_FILTER Filter, _Outptr_ PAV_STREAMHANDLE_CONTEXT *StreamHandleContext)
 
NTSTATUS AvCreateStreamContext (_In_ PFLT_FILTER Filter, _Outptr_ PAV_STREAM_CONTEXT *StreamContext)
 
NTSTATUS AvEnumerateInstances (_Outptr_result_buffer_(*NumberInstances) PFLT_INSTANCE **InstanceArray, _Out_ PULONG NumberInstances)
 
VOID AvFreeInstances (_In_reads_(InstanceCount) PFLT_INSTANCE *InstanceArray, _In_ ULONG InstanceCount)
 

Macro Definition Documentation

◆ AV_CONNECTION_CTX_TAG

#define AV_CONNECTION_CTX_TAG   'cCvA'

Definition at line 44 of file avscan/filter/context.h.

◆ AV_FLAG_PREFETCH

#define AV_FLAG_PREFETCH   0x00000001

Definition at line 150 of file avscan/filter/context.h.

◆ AV_INSTANCE_CONTEXT_SIZE

#define AV_INSTANCE_CONTEXT_SIZE   sizeof( AV_INSTANCE_CONTEXT )

Definition at line 317 of file avscan/filter/context.h.

◆ AV_INSTANCE_CONTEXT_TAG

#define AV_INSTANCE_CONTEXT_TAG   'cIvA'

Definition at line 42 of file avscan/filter/context.h.

◆ AV_INSTANCES_ARRAY_TAG

#define AV_INSTANCES_ARRAY_TAG   'aIvA'

Definition at line 43 of file avscan/filter/context.h.

◆ AV_SCAN_CTX_TAG

#define AV_SCAN_CTX_TAG   'cMvA'

Definition at line 45 of file avscan/filter/context.h.

◆ AV_SECTION_CONTEXT_SIZE

#define AV_SECTION_CONTEXT_SIZE   sizeof( AV_SECTION_CONTEXT )

Definition at line 270 of file avscan/filter/context.h.

◆ AV_SECTION_CONTEXT_TAG

#define AV_SECTION_CONTEXT_TAG   'eSvA'

Definition at line 41 of file avscan/filter/context.h.

◆ AV_STREAM_CONTEXT_SIZE

#define AV_STREAM_CONTEXT_SIZE   sizeof( AV_STREAM_CONTEXT )

Definition at line 221 of file avscan/filter/context.h.

◆ AV_STREAM_CONTEXT_TAG

#define AV_STREAM_CONTEXT_TAG   'cSvA'

Definition at line 39 of file avscan/filter/context.h.

◆ AV_STREAMHANDLE_CONTEXT_SIZE

#define AV_STREAMHANDLE_CONTEXT_SIZE   sizeof( AV_STREAMHANDLE_CONTEXT )

Definition at line 162 of file avscan/filter/context.h.

◆ AV_STREAMHANDLE_CONTEXT_TAG

#define AV_STREAMHANDLE_CONTEXT_TAG   'hSvA'

Definition at line 38 of file avscan/filter/context.h.

◆ AV_TRANSACTION_CONTEXT_SIZE

#define AV_TRANSACTION_CONTEXT_SIZE   sizeof( AV_TRANSACTION_CONTEXT )

Definition at line 83 of file avscan/filter/context.h.

◆ AV_TRANSACTION_CONTEXT_TAG

#define AV_TRANSACTION_CONTEXT_TAG   'cTvA'

Definition at line 40 of file avscan/filter/context.h.

◆ AV_TXCTX_ENLISTED

#define AV_TXCTX_ENLISTED   0x01

Definition at line 50 of file avscan/filter/context.h.

◆ AV_TXCTX_LISTDRAINED

#define AV_TXCTX_LISTDRAINED   0x02

Definition at line 51 of file avscan/filter/context.h.

◆ IS_FILE_INFECTED

#define IS_FILE_INFECTED (   _sCtx)    ( (_sCtx)->State == AvFileInfected )

Definition at line 87 of file avscan/filter/context.h.

◆ IS_FILE_MODIFIED

#define IS_FILE_MODIFIED (   _sCtx)    ( (_sCtx)->State == AvFileModified )

Definition at line 86 of file avscan/filter/context.h.

◆ IS_FILE_NEED_SCAN

#define IS_FILE_NEED_SCAN (   _sCtx)
Value:
((((_sCtx)->TxContext == NULL) && IS_FILE_MODIFIED( _sCtx )) || \
(((_sCtx)->TxContext != NULL) && IS_FILE_TX_MODIFIED( _sCtx )))
IS_FILE_MODIFIED
#define IS_FILE_MODIFIED(_sCtx)
Definition: avscan/filter/context.h:86
NULL
NcLoadRegistryStringRetry NULL
Definition: ncinit.c:53
IS_FILE_TX_MODIFIED
#define IS_FILE_TX_MODIFIED(_sCtx)
Definition: avscan/filter/context.h:90

Definition at line 94 of file avscan/filter/context.h.

◆ IS_FILE_NOT_INFECTED

#define IS_FILE_NOT_INFECTED (   _sCtx)    ( (_sCtx)->State == AvFileNotInfected )

Definition at line 88 of file avscan/filter/context.h.

◆ IS_FILE_TX_INFECTED

#define IS_FILE_TX_INFECTED (   _sCtx)    ( (_sCtx)->TxState == AvFileInfected )

Definition at line 91 of file avscan/filter/context.h.

◆ IS_FILE_TX_MODIFIED

#define IS_FILE_TX_MODIFIED (   _sCtx)    ( (_sCtx)->TxState == AvFileModified )

Definition at line 90 of file avscan/filter/context.h.

◆ IS_FILE_TX_NOT_INFECTED

#define IS_FILE_TX_NOT_INFECTED (   _sCtx)    ( (_sCtx)->TxState == AvFileNotInfected )

Definition at line 92 of file avscan/filter/context.h.

◆ SET_FILE_INFECTED

#define SET_FILE_INFECTED (   _sCtx)    InterlockedExchange(&(_sCtx)->State, AvFileInfected)

Definition at line 100 of file avscan/filter/context.h.

◆ SET_FILE_INFECTED_EX

#define SET_FILE_INFECTED_EX (   _flag,
  _sCtx 
)
Value:
{\
if (_flag) { \
SET_FILE_TX_INFECTED( _sCtx ); \
} else { \
SET_FILE_INFECTED( _sCtx ); \
} \
}

Definition at line 124 of file avscan/filter/context.h.

◆ SET_FILE_MODIFIED

#define SET_FILE_MODIFIED (   _sCtx)    InterlockedExchange(&(_sCtx)->State, AvFileModified)

Definition at line 99 of file avscan/filter/context.h.

◆ SET_FILE_MODIFIED_EX

#define SET_FILE_MODIFIED_EX (   _flag,
  _sCtx 
)
Value:
{\
if (_flag) { \
SET_FILE_TX_MODIFIED( _sCtx ); \
} else { \
SET_FILE_MODIFIED( _sCtx ); \
} \
}

Definition at line 117 of file avscan/filter/context.h.

◆ SET_FILE_NOT_INFECTED

#define SET_FILE_NOT_INFECTED (   _sCtx)    InterlockedExchange(&(_sCtx)->State, AvFileNotInfected)

Definition at line 101 of file avscan/filter/context.h.

◆ SET_FILE_NOT_INFECTED_EX

#define SET_FILE_NOT_INFECTED_EX (   _flag,
  _sCtx 
)
Value:
{\
if (_flag) { \
SET_FILE_TX_NOT_INFECTED( _sCtx ); \
} else { \
SET_FILE_NOT_INFECTED( _sCtx ); \
} \
}

Definition at line 131 of file avscan/filter/context.h.

◆ SET_FILE_SCANNING

#define SET_FILE_SCANNING (   _sCtx)    InterlockedExchange(&(_sCtx)->State, AvFileScanning)

Definition at line 102 of file avscan/filter/context.h.

◆ SET_FILE_SCANNING_EX

#define SET_FILE_SCANNING_EX (   _flag,
  _sCtx 
)
Value:
{\
if (_flag) { \
SET_FILE_TX_SCANNING( _sCtx ); \
} else { \
SET_FILE_SCANNING( _sCtx ); \
} \
}

Definition at line 138 of file avscan/filter/context.h.

◆ SET_FILE_TX_INFECTED

#define SET_FILE_TX_INFECTED (   _sCtx)    InterlockedExchange(&(_sCtx)->TxState, AvFileInfected)

Definition at line 106 of file avscan/filter/context.h.

◆ SET_FILE_TX_MODIFIED

#define SET_FILE_TX_MODIFIED (   _sCtx)    InterlockedExchange(&(_sCtx)->TxState, AvFileModified)

Definition at line 105 of file avscan/filter/context.h.

◆ SET_FILE_TX_NOT_INFECTED

#define SET_FILE_TX_NOT_INFECTED (   _sCtx)    InterlockedExchange(&(_sCtx)->TxState, AvFileNotInfected)

Definition at line 107 of file avscan/filter/context.h.

◆ SET_FILE_TX_SCANNING

#define SET_FILE_TX_SCANNING (   _sCtx)    InterlockedExchange(&(_sCtx)->TxState, AvFileScanning)

Definition at line 108 of file avscan/filter/context.h.

◆ SET_FILE_TX_UNKNOWN

#define SET_FILE_TX_UNKNOWN (   _sCtx)    InterlockedExchange(&(_sCtx)->TxState, AvFileUnknown)

Definition at line 104 of file avscan/filter/context.h.

◆ SET_FILE_UNKNOWN

#define SET_FILE_UNKNOWN (   _sCtx)    InterlockedExchange(&(_sCtx)->State, AvFileUnknown)

Definition at line 98 of file avscan/filter/context.h.

◆ SET_FILE_UNKNOWN_EX

#define SET_FILE_UNKNOWN_EX (   _flag,
  _sCtx 
)
Value:
{\
if (_flag) { \
SET_FILE_TX_UNKNOWN( _sCtx ); \
} else { \
SET_FILE_UNKNOWN( _sCtx ); \
} \
}

Definition at line 110 of file avscan/filter/context.h.

Typedef Documentation

◆ AV_FILE_INFECTED_STATE

typedef enum _AV_FILE_INFECTED_STATE AV_FILE_INFECTED_STATE

◆ AV_INSTANCE_CONTEXT

typedef struct _AV_INSTANCE_CONTEXT AV_INSTANCE_CONTEXT

◆ AV_SECTION_CONTEXT

typedef struct _AV_SECTION_CONTEXT AV_SECTION_CONTEXT

◆ AV_STREAM_CONTEXT

typedef struct _AV_STREAM_CONTEXT AV_STREAM_CONTEXT

◆ AV_STREAMHANDLE_CONTEXT

typedef struct _AV_STREAMHANDLE_CONTEXT AV_STREAMHANDLE_CONTEXT

◆ AV_TRANSACTION_CONTEXT

typedef struct _AV_TRANSACTION_CONTEXT AV_TRANSACTION_CONTEXT

◆ PAV_INSTANCE_CONTEXT

typedef struct _AV_INSTANCE_CONTEXT * PAV_INSTANCE_CONTEXT

◆ PAV_SECTION_CONTEXT

typedef struct _AV_SECTION_CONTEXT * PAV_SECTION_CONTEXT

◆ PAV_STREAM_CONTEXT

typedef struct _AV_STREAM_CONTEXT * PAV_STREAM_CONTEXT

◆ PAV_STREAMHANDLE_CONTEXT

typedef struct _AV_STREAMHANDLE_CONTEXT * PAV_STREAMHANDLE_CONTEXT

◆ PAV_TRANSACTION_CONTEXT

typedef struct _AV_TRANSACTION_CONTEXT * PAV_TRANSACTION_CONTEXT

Enumeration Type Documentation

◆ _AV_FILE_INFECTED_STATE

enum _AV_FILE_INFECTED_STATE
Enumerator
AvFileUnknown 
AvFileInfected 
AvFileNotInfected 
AvFileModified 
AvFileScanning 

Definition at line 28 of file avscan/filter/context.h.

Function Documentation

◆ AvCreateSectionContext()

NTSTATUS AvCreateSectionContext ( _In_ PFLT_INSTANCE  Instance,
_In_ PFILE_OBJECT  FileObject,
_Outptr_ PAV_SECTION_CONTEXT SectionContext 
)

Definition at line 532 of file avscan/filter/context.c.

◆ AvCreateStreamContext()

NTSTATUS AvCreateStreamContext ( _In_ PFLT_FILTER  Filter,
_Outptr_ PAV_STREAM_CONTEXT StreamContext 
)

Definition at line 325 of file avscan/filter/context.c.

◆ AvCreateStreamHandleContext()

NTSTATUS AvCreateStreamHandleContext ( _In_ PFLT_FILTER  Filter,
_Outptr_ PAV_STREAMHANDLE_CONTEXT StreamHandleContext 
)

Definition at line 271 of file avscan/filter/context.c.

◆ AvEnumerateInstances()

NTSTATUS AvEnumerateInstances ( _Outptr_result_buffer_ *NumberInstances PFLT_INSTANCE **  InstanceArray,
_Out_ PULONG  NumberInstances 
)

Definition at line 600 of file avscan/filter/context.c.

◆ AvFindOrCreateTransactionContext()

NTSTATUS AvFindOrCreateTransactionContext ( _In_ PCFLT_RELATED_OBJECTS  FltObjects,
_Outptr_ PAV_TRANSACTION_CONTEXT TransactionContext 
)

Definition at line 396 of file avscan/filter/context.c.

◆ AvFreeInstances()

VOID AvFreeInstances ( _In_reads_(InstanceCount) PFLT_INSTANCE *  InstanceArray,
_In_ ULONG  InstanceCount 
)

Definition at line 749 of file avscan/filter/context.c.

Social Network


Services Overview

Architect, implement and test file system filter drivers for a wide range of functionality. We can offer several levels of assistance to meet your specific.

Contact Us

You are welcome to contact us for salse or partnership.

Sales: sales@easefilter.com
Support: support@easefilter.com
Info: info@easefilter.com

© Copyright EaseFilter Inc..