Visual Studio 2013开发 mini-filter driver step by step 应用层与内核通讯(8)
應用層與內核通訊是通過通訊端口來進行的,下面的這個API就是內核用來創建一個內核端口的。
NTSTATUS FltCreateCommunicationPort(_In_??????PFLT_FILTER Filter,_Out_?????PFLT_PORT *ServerPort,_In_??????POBJECT_ATTRIBUTES ObjectAttributes,_In_opt_??PVOID ServerPortCookie,_In_??????PFLT_CONNECT_NOTIFY ConnectNotifyCallback,_In_??????PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback,_In_opt_??PFLT_MESSAGE_NOTIFY MessageNotifyCallback,_In_??????LONG MaxConnections );
這里面有重要的三個回調函數,ConnectNotifyCallback,DisconnectNotifyCallback,MessageNotifyCallback。
ConnectNotifyCallback:當應用層調用FilterConnectCommunicationPort 來與minifilter driver建立連接的時候,Filter Manager 會調用這個回調函數。
Pointer to a caller-supplied callback routine to be called whenever the user-mode handle count for the client port reaches zero or when the minifilter driver is about to be unloaded。
The Filter Manager calls this routine, at IRQL?=?PASSIVE_LEVEL, whenever a user-mode application callsFilterSendMessage to send a message to the minifilter driver through the client port.
學習最有效,最快的方式不是看書和看文檔,而是實戰,來看看示例代碼:
NTSTATUS
SSMFInitializeCommPort()
{
?NTSTATUS status = STATUS_SUCCESS;
?PSECURITY_DESCRIPTOR sd;
?OBJECT_ATTRIBUTES oa;
?UNICODE_STRING uniString;
?status = FltBuildDefaultSecurityDescriptor(&sd,
??FLT_PORT_ALL_ACCESS);
?if (!NT_SUCCESS(status))
?{
??return status;
?}
?RtlInitUnicodeString(&uniString, SSMF_PORT_NAME);
?InitializeObjectAttributes(&oa,
??&uniString,
??OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
??NULL,
??sd);
?status = FltCreateCommunicationPort(gFilterHandle,
??&gServerPort,
??&oa,
??NULL,
??SSMFConnect,
??SSMFDisconnect,
??SSMFMessage,
??1);
?FltFreeSecurityDescriptor(sd);
?return status;
}
這個SSMFInitializeCommPort函數就是創建了一個內核端口供應用層連接,當然還有那三個重要的函數要實現,在這里我們只是簡單的輸出一下log信息和返回一些簡單的數據。
NTSTATUS
SSMFConnect(
_In_ PFLT_PORT ClientPort,
_In_ PVOID ServerPortCookie,
_In_reads_bytes_(SizeOfContext) PVOID ConnectionContext,
_In_ ULONG SizeOfContext,
_Flt_ConnectionCookie_Outptr_ PVOID *ConnectionCookie
)
{
?PAGED_CODE();
?UNREFERENCED_PARAMETER(ServerPortCookie);
?UNREFERENCED_PARAMETER(ConnectionContext);
?UNREFERENCED_PARAMETER(SizeOfContext);
?UNREFERENCED_PARAMETER(ConnectionCookie);
?PT_DBG_PRINT(PTDBG_TRACE_ROUTINES, ("SSMF!SSMFConnect entered"));
?gClientPort = ClientPort;
?return STATUS_SUCCESS;
}
VOID
SSMFDisconnect(
_In_opt_ PVOID ConnectionCookie
)
{
?PAGED_CODE();
?UNREFERENCED_PARAMETER(ConnectionCookie);
?//
?//? Close our handle
?//
?PT_DBG_PRINT(PTDBG_TRACE_ROUTINES, ("SSMF!SSMFDisconnect entered"));
?FltCloseClientPort(gFilterHandle, &gClientPort);
}
NTSTATUS
SSMFMessage(
_In_ PVOID ConnectionCookie,
_In_reads_bytes_opt_(InputBufferSize) PVOID InputBuffer,
_In_ ULONG InputBufferSize,
_Out_writes_bytes_to_opt_(OutputBufferSize, *ReturnOutputBufferLength) PVOID OutputBuffer,
_In_ ULONG OutputBufferSize,
_Out_ PULONG ReturnOutputBufferLength
)
{
?
?NTSTATUS status = STATUS_SUCCESS;
?PAGED_CODE();
?UNREFERENCED_PARAMETER(ConnectionCookie);
?UNREFERENCED_PARAMETER(InputBuffer);
?UNREFERENCED_PARAMETER(OutputBuffer);
?UNREFERENCED_PARAMETER(OutputBufferSize);
?UNREFERENCED_PARAMETER(ReturnOutputBufferLength);
?UNREFERENCED_PARAMETER(InputBufferSize);
?if (InputBuffer)
?{
??char* data = (char*)InputBuffer;
??PT_DBG_PRINT(PTDBG_TRACE_ROUTINES, ("The message data is %s",data));
?}
?if (OutputBuffer != NULL && OutputBufferSize > 4)
?{
??RtlCopyMemory(OutputBuffer, "1234", 4);
??*ReturnOutputBufferLength = 4;
?}
?PT_DBG_PRINT(PTDBG_TRACE_ROUTINES, ("SSMF!SSMFMessage entered"));
?return status;
}
下面我們來看看應用層怎么來與內核通訊并且傳遞數據:
HANDLE port = INVALID_HANDLE_VALUE;
?printf("Connecting to filter's port...\n");
?HRESULT hResult = FilterConnectCommunicationPort(SSMF_PORT_NAME,
??0,
??NULL,
??0,
??NULL,
??&port);
?if (hResult != S_OK)
?{
??return false;
?}
?printf("connected to the filter's port\n");
?//send message
?char buffer[100] = { 0 };
?strcpy_s(buffer, "abcdefg");
?char out_buf[100] = { 0 };
?DWORD ret_size = 0;
?hResult = FilterSendMessage(port, buffer, strlen(buffer), out_buf, 100, &ret_size);
?if (hResult == S_OK)
?{
??printf("The data is %s,len is %d\n", out_buf,ret_size);
?}
?CloseHandle(port);
總結
以上是生活随笔為你收集整理的Visual Studio 2013开发 mini-filter driver step by step 应用层与内核通讯(8)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Visual Studio 2013开发
- 下一篇: Visual Studio 2013开发