|
WDK Mini Filter Example
|
mspyKern.h File Reference
Go to the source code of this file.
Data Structures | |
| struct | _MINISPY_DATA |
| struct | _MINISPY_TRANSACTION_CONTEXT |
Macros | |
| #define | SPY_TAG 'ypSM' |
| #define | MINISPY_WIN8 (NTDDI_VERSION >= NTDDI_WIN8) |
| #define | MINISPY_WIN7 (NTDDI_VERSION >= NTDDI_WIN7) |
| #define | MINISPY_VISTA (NTDDI_VERSION >= NTDDI_VISTA) |
| #define | MINISPY_NOT_W2K (OSVER(NTDDI_VERSION) > NTDDI_WIN2K) |
| #define | ECP_TYPE_FLAG_PREFETCH 0x00000001 |
| #define | ECP_TYPE_FLAG_OPLOCK_KEY 0x00000002 |
| #define | ECP_TYPE_FLAG_NFS 0x00000004 |
| #define | ECP_TYPE_FLAG_SRV 0x00000008 |
| #define | ADDRESS_STRING_BUFFER_SIZE 64 |
| #define | MINISPY_ENLISTED_IN_TRANSACTION 0x01 |
| #define | DEFAULT_MAX_RECORDS_TO_ALLOCATE 500 |
| #define | MAX_RECORDS_TO_ALLOCATE L"MaxRecords" |
| #define | DEFAULT_NAME_QUERY_METHOD FLT_FILE_NAME_QUERY_ALWAYS_ALLOW_CACHE_LOOKUP |
| #define | NAME_QUERY_METHOD L"NameQueryMethod" |
| #define | SPY_DEBUG_PARSE_NAMES 0x00000001 |
Typedefs | |
| typedef NTSTATUS(* | PFLT_SET_TRANSACTION_CONTEXT) (_In_ PFLT_INSTANCE Instance, _In_ PKTRANSACTION Transaction, _In_ FLT_SET_CONTEXT_OPERATION Operation, _In_ PFLT_CONTEXT NewContext, _Outptr_opt_ PFLT_CONTEXT *OldContext) |
| typedef NTSTATUS(* | PFLT_GET_TRANSACTION_CONTEXT) (_In_ PFLT_INSTANCE Instance, _In_ PKTRANSACTION Transaction, _Outptr_ PFLT_CONTEXT *Context) |
| typedef NTSTATUS(* | PFLT_ENLIST_IN_TRANSACTION) (_In_ PFLT_INSTANCE Instance, _In_ PKTRANSACTION Transaction, _In_ PFLT_CONTEXT TransactionContext, _In_ NOTIFICATION_MASK NotificationMask) |
| typedef enum _ECP_TYPE | ECP_TYPE |
| typedef struct _MINISPY_DATA | MINISPY_DATA |
| typedef struct _MINISPY_DATA * | PMINISPY_DATA |
| typedef struct _MINISPY_TRANSACTION_CONTEXT | MINISPY_TRANSACTION_CONTEXT |
| typedef struct _MINISPY_TRANSACTION_CONTEXT * | PMINISPY_TRANSACTION_CONTEXT |
Enumerations | |
| enum | _ECP_TYPE { EcpPrefetchOpen, EcpOplockKey, EcpNfsOpen, EcpSrvOpen, NumKnownEcps } |
Functions | |
| FLT_PREOP_CALLBACK_STATUS | SpyPreOperationCallback (_Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _Flt_CompletionContext_Outptr_ PVOID *CompletionContext) |
| FLT_POSTOP_CALLBACK_STATUS | SpyPostOperationCallback (_Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _In_ PVOID CompletionContext, _In_ FLT_POST_OPERATION_FLAGS Flags) |
| NTSTATUS | SpyKtmNotificationCallback (_In_ PCFLT_RELATED_OBJECTS FltObjects, _In_ PFLT_CONTEXT TransactionContext, _In_ ULONG TransactionNotification) |
| NTSTATUS | SpyFilterUnload (_In_ FLT_FILTER_UNLOAD_FLAGS Flags) |
| NTSTATUS | SpyQueryTeardown (_In_ PCFLT_RELATED_OBJECTS FltObjects, _In_ FLT_INSTANCE_QUERY_TEARDOWN_FLAGS Flags) |
| VOID | SpyReadDriverParameters (_In_ PUNICODE_STRING RegistryPath) |
| LONG | SpyExceptionFilter (_In_ PEXCEPTION_POINTERS ExceptionPointer, _In_ BOOLEAN AccessingUserBuffer) |
| PRECORD_LIST | SpyAllocateBuffer (_Out_ PULONG RecordType) |
| VOID | SpyFreeBuffer (_In_ PVOID Buffer) |
| PRECORD_LIST | SpyNewRecord (VOID) |
| VOID | SpyFreeRecord (_In_ PRECORD_LIST Record) |
| VOID | SpyParseEcps (_In_ PFLT_CALLBACK_DATA Data, _Inout_ PRECORD_LIST RecordList, _Inout_ PUNICODE_STRING EcpData) |
| VOID | SpyBuildEcpDataString (_In_ PRECORD_LIST RecordList, _Inout_ PUNICODE_STRING EcpData, _In_reads_(NumKnownEcps) PVOID *ContextPointers) |
| VOID | SpySetRecordNameAndEcpData (_Inout_ PLOG_RECORD LogRecord, _In_ PUNICODE_STRING Name, _In_opt_ PUNICODE_STRING EcpData) |
| VOID | SpyLogPreOperationData (_In_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _Inout_ PRECORD_LIST RecordList) |
| VOID | SpyLogPostOperationData (_In_ PFLT_CALLBACK_DATA Data, _Inout_ PRECORD_LIST RecordList) |
| VOID | SpyLogTransactionNotify (_In_ PCFLT_RELATED_OBJECTS FltObjects, _Inout_ PRECORD_LIST RecordList, _In_ ULONG TransactionNotification) |
| VOID | SpyLog (_In_ PRECORD_LIST RecordList) |
| NTSTATUS | SpyGetLog (_Out_writes_bytes_to_(OutputBufferLength, *ReturnOutputBufferLength) PUCHAR OutputBuffer, _In_ ULONG OutputBufferLength, _Out_ PULONG ReturnOutputBufferLength) |
| VOID | SpyEmptyOutputBufferList (VOID) |
| VOID | SpyDeleteTxfContext (_Inout_ PFLT_CONTEXT Context, _In_ FLT_CONTEXT_TYPE ContextType) |
Variables | |
| MINISPY_DATA | MiniSpyData |
| const FLT_REGISTRATION | FilterRegistration |
Macro Definition Documentation
◆ ADDRESS_STRING_BUFFER_SIZE
| #define ADDRESS_STRING_BUFFER_SIZE 64 |
Definition at line 95 of file mspyKern.h.
◆ DEFAULT_MAX_RECORDS_TO_ALLOCATE
| #define DEFAULT_MAX_RECORDS_TO_ALLOCATE 500 |
Definition at line 242 of file mspyKern.h.
◆ DEFAULT_NAME_QUERY_METHOD
| #define DEFAULT_NAME_QUERY_METHOD FLT_FILE_NAME_QUERY_ALWAYS_ALLOW_CACHE_LOOKUP |
Definition at line 245 of file mspyKern.h.
◆ ECP_TYPE_FLAG_NFS
| #define ECP_TYPE_FLAG_NFS 0x00000004 |
Definition at line 90 of file mspyKern.h.
◆ ECP_TYPE_FLAG_OPLOCK_KEY
| #define ECP_TYPE_FLAG_OPLOCK_KEY 0x00000002 |
Definition at line 89 of file mspyKern.h.
◆ ECP_TYPE_FLAG_PREFETCH
| #define ECP_TYPE_FLAG_PREFETCH 0x00000001 |
Definition at line 85 of file mspyKern.h.
◆ ECP_TYPE_FLAG_SRV
| #define ECP_TYPE_FLAG_SRV 0x00000008 |
Definition at line 91 of file mspyKern.h.
◆ MAX_RECORDS_TO_ALLOCATE
| #define MAX_RECORDS_TO_ALLOCATE L"MaxRecords" |
Definition at line 243 of file mspyKern.h.
◆ MINISPY_ENLISTED_IN_TRANSACTION
| #define MINISPY_ENLISTED_IN_TRANSACTION 0x01 |
Definition at line 234 of file mspyKern.h.
◆ MINISPY_NOT_W2K
| #define MINISPY_NOT_W2K (OSVER(NTDDI_VERSION) > NTDDI_WIN2K) |
Definition at line 45 of file mspyKern.h.
◆ MINISPY_VISTA
| #define MINISPY_VISTA (NTDDI_VERSION >= NTDDI_VISTA) |
Definition at line 44 of file mspyKern.h.
◆ MINISPY_WIN7
| #define MINISPY_WIN7 (NTDDI_VERSION >= NTDDI_WIN7) |
Definition at line 43 of file mspyKern.h.
◆ MINISPY_WIN8
| #define MINISPY_WIN8 (NTDDI_VERSION >= NTDDI_WIN8) |
Definition at line 42 of file mspyKern.h.
◆ NAME_QUERY_METHOD
| #define NAME_QUERY_METHOD L"NameQueryMethod" |
Definition at line 246 of file mspyKern.h.
◆ SPY_DEBUG_PARSE_NAMES
| #define SPY_DEBUG_PARSE_NAMES 0x00000001 |
Definition at line 252 of file mspyKern.h.
◆ SPY_TAG
| #define SPY_TAG 'ypSM' |
Definition at line 33 of file mspyKern.h.
Typedef Documentation
◆ ECP_TYPE
◆ MINISPY_DATA
| typedef struct _MINISPY_DATA MINISPY_DATA |
◆ MINISPY_TRANSACTION_CONTEXT
| typedef struct _MINISPY_TRANSACTION_CONTEXT MINISPY_TRANSACTION_CONTEXT |
◆ PFLT_ENLIST_IN_TRANSACTION
| typedef NTSTATUS(* PFLT_ENLIST_IN_TRANSACTION) (_In_ PFLT_INSTANCE Instance, _In_ PKTRANSACTION Transaction, _In_ PFLT_CONTEXT TransactionContext, _In_ NOTIFICATION_MASK NotificationMask) |
Definition at line 74 of file mspyKern.h.
◆ PFLT_GET_TRANSACTION_CONTEXT
| typedef NTSTATUS(* PFLT_GET_TRANSACTION_CONTEXT) (_In_ PFLT_INSTANCE Instance, _In_ PKTRANSACTION Transaction, _Outptr_ PFLT_CONTEXT *Context) |
Definition at line 67 of file mspyKern.h.
◆ PFLT_SET_TRANSACTION_CONTEXT
| typedef NTSTATUS(* PFLT_SET_TRANSACTION_CONTEXT) (_In_ PFLT_INSTANCE Instance, _In_ PKTRANSACTION Transaction, _In_ FLT_SET_CONTEXT_OPERATION Operation, _In_ PFLT_CONTEXT NewContext, _Outptr_opt_ PFLT_CONTEXT *OldContext) |
Definition at line 58 of file mspyKern.h.
◆ PMINISPY_DATA
| typedef struct _MINISPY_DATA * PMINISPY_DATA |
◆ PMINISPY_TRANSACTION_CONTEXT
| typedef struct _MINISPY_TRANSACTION_CONTEXT * PMINISPY_TRANSACTION_CONTEXT |
Enumeration Type Documentation
◆ _ECP_TYPE
| enum _ECP_TYPE |
| Enumerator | |
|---|---|
| EcpPrefetchOpen | |
| EcpOplockKey | |
| EcpNfsOpen | |
| EcpSrvOpen | |
| NumKnownEcps | |
Definition at line 101 of file mspyKern.h.
Function Documentation
◆ SpyAllocateBuffer()
| PRECORD_LIST SpyAllocateBuffer | ( | _Out_ PULONG | RecordType | ) |
◆ SpyBuildEcpDataString()
| VOID SpyBuildEcpDataString | ( | _In_ PRECORD_LIST | RecordList, |
| _Inout_ PUNICODE_STRING | EcpData, | ||
| _In_reads_(NumKnownEcps) PVOID * | ContextPointers | ||
| ) |
◆ SpyDeleteTxfContext()
| VOID SpyDeleteTxfContext | ( | _Inout_ PFLT_CONTEXT | Context, |
| _In_ FLT_CONTEXT_TYPE | ContextType | ||
| ) |
◆ SpyEmptyOutputBufferList()
◆ SpyExceptionFilter()
| LONG SpyExceptionFilter | ( | _In_ PEXCEPTION_POINTERS | ExceptionPointer, |
| _In_ BOOLEAN | AccessingUserBuffer | ||
| ) |
◆ SpyFilterUnload()
| NTSTATUS SpyFilterUnload | ( | _In_ FLT_FILTER_UNLOAD_FLAGS | Flags | ) |
◆ SpyFreeBuffer()
◆ SpyFreeRecord()
| VOID SpyFreeRecord | ( | _In_ PRECORD_LIST | Record | ) |
◆ SpyGetLog()
| NTSTATUS SpyGetLog | ( | _Out_writes_bytes_to_(OutputBufferLength, *ReturnOutputBufferLength) PUCHAR | OutputBuffer, |
| _In_ ULONG | OutputBufferLength, | ||
| _Out_ PULONG | ReturnOutputBufferLength | ||
| ) |
◆ SpyKtmNotificationCallback()
| NTSTATUS SpyKtmNotificationCallback | ( | _In_ PCFLT_RELATED_OBJECTS | FltObjects, |
| _In_ PFLT_CONTEXT | TransactionContext, | ||
| _In_ ULONG | TransactionNotification | ||
| ) |
◆ SpyLog()
| VOID SpyLog | ( | _In_ PRECORD_LIST | RecordList | ) |
◆ SpyLogPostOperationData()
| VOID SpyLogPostOperationData | ( | _In_ PFLT_CALLBACK_DATA | Data, |
| _Inout_ PRECORD_LIST | RecordList | ||
| ) |
◆ SpyLogPreOperationData()
| VOID SpyLogPreOperationData | ( | _In_ PFLT_CALLBACK_DATA | Data, |
| _In_ PCFLT_RELATED_OBJECTS | FltObjects, | ||
| _Inout_ PRECORD_LIST | RecordList | ||
| ) |
◆ SpyLogTransactionNotify()
| VOID SpyLogTransactionNotify | ( | _In_ PCFLT_RELATED_OBJECTS | FltObjects, |
| _Inout_ PRECORD_LIST | RecordList, | ||
| _In_ ULONG | TransactionNotification | ||
| ) |
◆ SpyNewRecord()
| PRECORD_LIST SpyNewRecord | ( | VOID | ) |
◆ SpyParseEcps()
| VOID SpyParseEcps | ( | _In_ PFLT_CALLBACK_DATA | Data, |
| _Inout_ PRECORD_LIST | RecordList, | ||
| _Inout_ PUNICODE_STRING | EcpData | ||
| ) |
◆ SpyPostOperationCallback()
| FLT_POSTOP_CALLBACK_STATUS SpyPostOperationCallback | ( | _Inout_ PFLT_CALLBACK_DATA | Data, |
| _In_ PCFLT_RELATED_OBJECTS | FltObjects, | ||
| _In_ PVOID | CompletionContext, | ||
| _In_ FLT_POST_OPERATION_FLAGS | Flags | ||
| ) |
◆ SpyPreOperationCallback()
| FLT_PREOP_CALLBACK_STATUS SpyPreOperationCallback | ( | _Inout_ PFLT_CALLBACK_DATA | Data, |
| _In_ PCFLT_RELATED_OBJECTS | FltObjects, | ||
| _Flt_CompletionContext_Outptr_ PVOID * | CompletionContext | ||
| ) |
◆ SpyQueryTeardown()
| NTSTATUS SpyQueryTeardown | ( | _In_ PCFLT_RELATED_OBJECTS | FltObjects, |
| _In_ FLT_INSTANCE_QUERY_TEARDOWN_FLAGS | Flags | ||
| ) |
◆ SpyReadDriverParameters()
| VOID SpyReadDriverParameters | ( | _In_ PUNICODE_STRING | RegistryPath | ) |
◆ SpySetRecordNameAndEcpData()
| VOID SpySetRecordNameAndEcpData | ( | _Inout_ PLOG_RECORD | LogRecord, |
| _In_ PUNICODE_STRING | Name, | ||
| _In_opt_ PUNICODE_STRING | EcpData | ||
| ) |
Variable Documentation
◆ FilterRegistration
| const FLT_REGISTRATION FilterRegistration |
Definition at line 273 of file filter/avscan.c.
◆ MiniSpyData
| MINISPY_DATA MiniSpyData |
Social Network
Services Overview
Architect, implement and test file system filter drivers for a wide range of functionality. We can offer several levels of assistance to meet your specific.
Contact Us
You are welcome to contact us for salse or partnership.
Sales: sales@easefilter.com
Support: support@easefilter.com
Info: info@easefilter.com