WDK Mini Filter Example
avscan/filter/utility.h
Go to the documentation of this file.
1 /*++
2 
3 Copyright (c) 2011 Microsoft Corporation
4 
5 Module Name:
6 
7  utility.h
8 
9 Abstract:
10 
11  Header file which contains the structures, type definitions,
12  constants, global variables and function prototypes that are
13  only visible within the kernel. The functions include
14  generic table routines.
15 
16 Environment:
17 
18  Kernel mode
19 
20 --*/
21 #ifndef __UTILITY_H__
22 #define __UTILITY_H__
23 
24 #define AV_STRING_TAG 'tSvA'
25 #define AV_RESOURCE_TAG 'cRvA'
26 #define AV_KEVENT_TAG 'eKvA'
27 #define AV_TABLE_ENTRY_TAG 'eTvA'
28 
30 // ReFS Compatibility Helpers //
32 
33 //
34 // This helps us deal with ReFS 128-bit file IDs and NTFS 64-bit file IDs.
35 //
36 
37 #define AV_INVALID_FILE_REFERENCE( _fileid_ ) \
38  (((_fileid_).FileId64.UpperZeroes == 0ll) && \
39  ((_fileid_).FileId64.Value == (ULONGLONG)FILE_INVALID_FILE_ID))
40 
41 #define AV_SET_INVALID_FILE_REFERENCE( _fileid_ ) \
42  (_fileid_).FileId64.UpperZeroes = 0ll;\
43  (_fileid_).FileId64.Value = (ULONGLONG)FILE_INVALID_FILE_ID;
44 
45 typedef union _AV_FILE_REFERENCE {
46 
47  struct {
48  ULONGLONG Value;
49  ULONGLONG UpperZeroes;
50  } FileId64;
51 
52  FILE_ID_128 FileId128;
53 
55 
56 
57 //
58 // The generic table entry data structure.
59 //
60 
61 typedef struct _AV_GENERIC_TABLE_ENTRY {
62 
65 
66  //
67  // Revision numbers for files on CSVFS
68  //
69  LONGLONG VolumeRevision;
70  LONGLONG CacheRevision;
71  LONGLONG FileRevision;
72 
74 
75 #define AV_GENERIC_TABLE_ENTRY_SIZE sizeof( AV_GENERIC_TABLE_ENTRY )
76 
77 /*
78 _IRQL_requires_same_
79 _Function_class_(RTL_GENERIC_COMPARE_ROUTINE)
80 RTL_GENERIC_COMPARE_RESULTS
81 AvCompareEntry (
82  _In_ PRTL_GENERIC_TABLE Table,
83  _In_ PVOID FirstStruct,
84  _In_ PVOID SecondStruct
85  );
86 
87 _IRQL_requires_same_
88 __drv_allocatesMem(Mem)
89 _Function_class_(RTL_GENERIC_ALLOCATE_ROUTINE)
90 PVOID
91 NTAPI
92 AvAllocateGenericTableEntry (
93  _In_ PRTL_GENERIC_TABLE Table,
94  _In_ CLONG ByteSize
95  );
96 
97 _IRQL_requires_same_
98 _Function_class_(RTL_GENERIC_FREE_ROUTINE)
99 VOID
100 NTAPI
101 AvFreeGenericTableEntry (
102  _In_ PRTL_GENERIC_TABLE Table,
103  _In_ __drv_freesMem(Mem) _Post_invalid_ PVOID Entry
104  );
105 */
106 
107 RTL_GENERIC_COMPARE_ROUTINE AvCompareEntry;
108 
109 RTL_GENERIC_ALLOCATE_ROUTINE AvAllocateGenericTableEntry;
110 
111 RTL_GENERIC_FREE_ROUTINE AvFreeGenericTableEntry;
112 
113 //
114 // NTFS supports a file state cache. Since CSVFS is built on top of
115 // NTFS, it can also support the cache.
116 //
117 #define FS_SUPPORTS_FILE_STATE_CACHE(VolumeFilesystemType) \
118  ( ((VolumeFilesystemType) == FLT_FSTYPE_NTFS) || \
119  ((VolumeFilesystemType) == FLT_FSTYPE_CSVFS) || \
120  ((VolumeFilesystemType) == FLT_FSTYPE_REFS) )
121 
122 
123 FORCEINLINE
124 PERESOURCE
126  VOID
127  )
128 {
129  //
130  // eResource by its rule has to be in the non-paged pool
131  // NonPagedPoolNx: non-executable non-paged pool
132  //
133 
134  return ExAllocatePoolWithTag( NonPagedPoolNx,
135  sizeof( ERESOURCE ),
136  AV_RESOURCE_TAG );
137 }
138 
139 FORCEINLINE
140 VOID
142  _In_ PERESOURCE Resource
143  )
144 {
145 
146  ExFreePoolWithTag( Resource,
147  AV_RESOURCE_TAG );
148 }
149 
150 FORCEINLINE
151 PKEVENT
153  VOID
154  )
155 {
156  //
157  // KEVENT has to be in the non-paged pool
158  //
159 
160  return ExAllocatePoolWithTag( NonPagedPoolNx,
161  sizeof( KEVENT ),
162  AV_KEVENT_TAG );
163 }
164 
165 FORCEINLINE
166 VOID
168  _In_ PKEVENT Event
169  )
170 {
171 
172  ExFreePoolWithTag( Event,
173  AV_KEVENT_TAG );
174 }
175 
176 NTSTATUS
177 AvGetFileId (
178  _In_ PFLT_INSTANCE Instance,
179  _In_ PFILE_OBJECT FileObject,
180  _Out_ PAV_FILE_REFERENCE FileId
181  );
182 
183 NTSTATUS
185  _In_ PFLT_INSTANCE Instance,
186  _In_ PFILE_OBJECT FileObject,
187  _Out_ PLONGLONG Size
188  );
189 
190 NTSTATUS
192  _In_ PFLT_INSTANCE Instance,
193  _In_ PFILE_OBJECT FileObject,
194  _Out_ PBOOLEAN Encrypted
195  );
196 
197 LONG
199  _In_ PEXCEPTION_POINTERS ExceptionPointer,
200  _In_ BOOLEAN AccessingUserBuffer
201  );
202 
203 FORCEINLINE
204 VOID
205 _Acquires_lock_(_Global_critical_region_)
206 AvAcquireResourceExclusive (
207  _Inout_ _Acquires_exclusive_lock_(*Resource) PERESOURCE Resource
208  )
209 {
210  FLT_ASSERT(KeGetCurrentIrql() <= APC_LEVEL);
211  FLT_ASSERT(ExIsResourceAcquiredExclusiveLite(Resource) ||
212  !ExIsResourceAcquiredSharedLite(Resource));
213 
214  KeEnterCriticalRegion();
215  (VOID)ExAcquireResourceExclusiveLite( Resource, TRUE );
216 }
217 
218 FORCEINLINE
219 VOID
220 _Acquires_lock_(_Global_critical_region_)
221 AvAcquireResourceShared (
222  _Inout_ _Acquires_shared_lock_(*Resource) PERESOURCE Resource
223  )
224 {
225  FLT_ASSERT(KeGetCurrentIrql() <= APC_LEVEL);
226 
227  KeEnterCriticalRegion();
228  (VOID)ExAcquireResourceSharedLite( Resource, TRUE );
229 }
230 
231 FORCEINLINE
232 VOID
233 _Releases_lock_(_Global_critical_region_)
234 _Requires_lock_held_(_Global_critical_region_)
235 AvReleaseResource (
236  _Inout_ _Requires_lock_held_(*Resource) _Releases_lock_(*Resource) PERESOURCE Resource
237  )
238 {
239  FLT_ASSERT(KeGetCurrentIrql() <= APC_LEVEL);
240  FLT_ASSERT(ExIsResourceAcquiredExclusiveLite(Resource) ||
241  ExIsResourceAcquiredSharedLite(Resource));
242 
243  ExReleaseResourceLite(Resource);
244  KeLeaveCriticalRegion();
245 }
246 
247 #define LIST_FOR_EACH_SAFE(curr, n, head) \
248  for (curr = (head)->Flink , n = curr->Flink ; curr != (head); \
249  curr = n, n = curr->Flink )
250 
251 #endif
252 
#define AV_RESOURCE_TAG
FORCEINLINE VOID _Acquires_lock_(_Global_critical_region_) AvAcquireResourceExclusive(_Inout_ _Acquires_exclusive_lock_(*Resource) PERESOURCE Resource)
RTL_GENERIC_COMPARE_ROUTINE AvCompareEntry
NTSTATUS AvGetFileEncrypted(_In_ PFLT_INSTANCE Instance, _In_ PFILE_OBJECT FileObject, _Out_ PBOOLEAN Encrypted)
_In_opt_ PFILE_OBJECT _In_opt_ PFLT_INSTANCE Instance
Definition: nc.h:493
struct _AV_GENERIC_TABLE_ENTRY AV_GENERIC_TABLE_ENTRY
FORCEINLINE VOID AvFreeResource(_In_ PERESOURCE Resource)
FLT_ASSERT(IS_MY_CONTROL_DEVICE_OBJECT(DeviceObject))
return TRUE
LONG AvExceptionFilter(_In_ PEXCEPTION_POINTERS ExceptionPointer, _In_ BOOLEAN AccessingUserBuffer)
FORCEINLINE PERESOURCE AvAllocateResource(VOID)
RTL_GENERIC_ALLOCATE_ROUTINE AvAllocateGenericTableEntry
FORCEINLINE VOID AvFreeKevent(_In_ PKEVENT Event)
NTSTATUS AvGetFileId(_In_ PFLT_INSTANCE Instance, _In_ PFILE_OBJECT FileObject, _Out_ PAV_FILE_REFERENCE FileId)
RTL_GENERIC_FREE_ROUTINE AvFreeGenericTableEntry
struct _AV_FILE_REFERENCE::@0 FileId64
union _AV_FILE_REFERENCE * PAV_FILE_REFERENCE
FORCEINLINE VOID _Releases_lock_(_Global_critical_region_) _Requires_lock_held_(_Global_critical_region_) AvReleaseResource(_Inout_ _Requires_lock_held_(*Resource) _Releases_lock_(*Resource) PERESOURCE Resource)
_Requires_lock_held_(_Global_critical_region_)
Definition: DataStore.c:38
#define AV_KEVENT_TAG
union _AV_FILE_REFERENCE AV_FILE_REFERENCE
struct _AV_GENERIC_TABLE_ENTRY * PAV_GENERIC_TABLE_ENTRY
NTSTATUS AvGetFileSize(_In_ PFLT_INSTANCE Instance, _In_ PFILE_OBJECT FileObject, _Out_ PLONGLONG Size)
_In_opt_ PFILE_OBJECT FileObject
Definition: nc.h:493
FORCEINLINE PKEVENT AvAllocateKevent(VOID)

Social Network


Services Overview

Architect, implement and test file system filter drivers for a wide range of functionality. We can offer several levels of assistance to meet your specific.

Contact Us

You are welcome to contact us for salse or partnership.

Sales: sales@easefilter.com
Support: support@easefilter.com
Info: info@easefilter.com