📄 metadatamanagerinit.c
字号:
/*++
Copyright (c) 1999 - 2003 Microsoft Corporation
Module Name:
MetadataManagerInit.c
Abstract:
This is the main module of the kernel mode filter driver implementing
filter metadata management.
Environment:
Kernel mode
--*/
#include "pch.h"
//
// Global variables
//
FMM_GLOBAL_DATA Globals;
//
// Local constants
//
#define FMM_UNSUPPORTED_DEVICE_CHARACS FILE_FLOPPY_DISKETTE | \
FILE_REMOVABLE_MEDIA | \
FILE_READ_ONLY_DEVICE | \
FILE_VIRTUAL_VOLUME
//
// Local function prototypes
//
NTSTATUS
DriverEntry (
__in PDRIVER_OBJECT DriverObject,
__in PUNICODE_STRING RegistryPath
);
NTSTATUS
FmmUnload (
__in FLT_FILTER_UNLOAD_FLAGS Flags
);
VOID
FmmContextCleanup (
__in PFLT_CONTEXT Context,
__in FLT_CONTEXT_TYPE ContextType
);
NTSTATUS
FmmInstanceSetup (
__in PCFLT_RELATED_OBJECTS FltObjects,
__in FLT_INSTANCE_SETUP_FLAGS Flags,
__in DEVICE_TYPE VolumeDeviceType,
__in FLT_FILESYSTEM_TYPE VolumeFilesystemType
);
NTSTATUS
FmmInstanceQueryTeardown (
__in PCFLT_RELATED_OBJECTS FltObjects,
__in FLT_INSTANCE_QUERY_TEARDOWN_FLAGS Flags
);
VOID
FmmInstanceTeardownStart (
__in PCFLT_RELATED_OBJECTS FltObjects,
__in FLT_INSTANCE_TEARDOWN_FLAGS Flags
);
VOID
FmmInstanceTeardownComplete (
__in PCFLT_RELATED_OBJECTS FltObjects,
__in FLT_INSTANCE_TEARDOWN_FLAGS Flags
);
#if DBG
VOID
FmmInitializeDebugLevel (
__in PUNICODE_STRING RegistryPath
);
#endif
//
// Assign text sections for each routine.
//
#ifdef ALLOC_PRAGMA
#pragma alloc_text(INIT, DriverEntry)
#if DBG
#pragma alloc_text(INIT, FmmInitializeDebugLevel)
#endif
#pragma alloc_text(PAGE, FmmUnload)
#pragma alloc_text(PAGE, FmmContextCleanup)
#pragma alloc_text(PAGE, FmmInstanceSetup)
#pragma alloc_text(PAGE, FmmInstanceQueryTeardown)
#pragma alloc_text(PAGE, FmmInstanceTeardownStart)
#pragma alloc_text(PAGE, FmmInstanceTeardownComplete)
#endif
//
// Filter driver initialization and unload routines
//
NTSTATUS
DriverEntry (
__in PDRIVER_OBJECT DriverObject,
__in PUNICODE_STRING RegistryPath
)
/*++
Routine Description:
This is the initialization routine for this filter driver. It registers
itself with the filter manager and initializes all its global data structures.
Arguments:
DriverObject - Pointer to driver object created by the system to
represent this driver.
RegistryPath - Unicode string identifying where the parameters for this
driver are located in the registry.
Return Value:
Returns STATUS_SUCCESS.
--*/
{
NTSTATUS status;
//
// Filters callback routines
//
FLT_OPERATION_REGISTRATION callbacks[] = {
{ IRP_MJ_CREATE,
FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
FmmPreCreate,
FmmPostCreate },
{ IRP_MJ_CLEANUP,
FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
FmmPreCleanup,
FmmPostCleanup },
{ IRP_MJ_FILE_SYSTEM_CONTROL,
FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
FmmPreFSControl,
FmmPostFSControl },
{ IRP_MJ_DEVICE_CONTROL,
FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
FmmPreDeviceControl,
FmmPostDeviceControl },
{ IRP_MJ_SHUTDOWN,
FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
FmmPreShutdown,
NULL },
{ IRP_MJ_PNP,
FLTFL_OPERATION_REGISTRATION_SKIP_PAGING_IO,
FmmPrePnp,
NULL },
{ IRP_MJ_OPERATION_END }
};
const FLT_CONTEXT_REGISTRATION contextRegistration[] = {
{ FLT_INSTANCE_CONTEXT,
0,
FmmContextCleanup,
FMM_INSTANCE_CONTEXT_SIZE,
FMM_INSTANCE_CONTEXT_TAG },
{ FLT_CONTEXT_END }
};
//
// Filters registration data structure
//
FLT_REGISTRATION filterRegistration = {
sizeof( FLT_REGISTRATION ), // Size
FLT_REGISTRATION_VERSION, // Version
0, // Flags
contextRegistration, // Context
callbacks, // Operation callbacks
FmmUnload, // Filters unload routine
FmmInstanceSetup, // InstanceSetup routine
FmmInstanceQueryTeardown, // InstanceQueryTeardown routine
FmmInstanceTeardownStart, // InstanceTeardownStart routine
FmmInstanceTeardownComplete, // InstanceTeardownComplete routine
NULL, NULL, NULL // Unused naming support callbacks
};
RtlZeroMemory( &Globals, sizeof( Globals ) );
#if DBG
//
// Initialize global debug level
//
FmmInitializeDebugLevel( RegistryPath );
#else
UNREFERENCED_PARAMETER( RegistryPath );
#endif
DebugTrace( DEBUG_TRACE_LOAD_UNLOAD,
("[Fmm]: Driver being loaded\n") );
//
// Register with the filter manager
//
status = FltRegisterFilter( DriverObject,
&filterRegistration,
&Globals.Filter );
if (!NT_SUCCESS( status )) {
return status;
}
//
// Start filtering I/O
//
status = FltStartFiltering( Globals.Filter );
if (!NT_SUCCESS( status )) {
FltUnregisterFilter( Globals.Filter );
}
DebugTrace( DEBUG_TRACE_LOAD_UNLOAD,
("[Fmm]: Driver loaded complete (Status = 0x%08X)\n",
status) );
return status;
}
#if DBG
VOID
FmmInitializeDebugLevel (
__in PUNICODE_STRING RegistryPath
)
/*++
Routine Description:
This routine tries to read the filter DebugLevel parameter from
the registry. This value will be found in the registry location
indicated by the RegistryPath passed in.
Arguments:
RegistryPath - The path key passed to the driver during DriverEntry.
Return Value:
None.
--*/
{
OBJECT_ATTRIBUTES attributes;
HANDLE driverRegKey;
NTSTATUS status;
ULONG resultLength;
UNICODE_STRING valueName;
UCHAR buffer[sizeof( KEY_VALUE_PARTIAL_INFORMATION ) + sizeof( LONG )];
Globals.DebugLevel = DEBUG_TRACE_ERROR;
//
// Open the desired registry key
//
InitializeObjectAttributes( &attributes,
RegistryPath,
OBJ_CASE_INSENSITIVE,
NULL,
NULL );
status = ZwOpenKey( &driverRegKey,
KEY_READ,
&attributes );
if (NT_SUCCESS( status )) {
//
// Read the DebugFlags value from the registry.
//
RtlInitUnicodeString( &valueName, L"DebugLevel" );
status = ZwQueryValueKey( driverRegKey,
&valueName,
KeyValuePartialInformation,
buffer,
sizeof(buffer),
&resultLength );
if (NT_SUCCESS( status )) {
Globals.DebugLevel = *((PULONG) &(((PKEY_VALUE_PARTIAL_INFORMATION) buffer)->Data));
}
}
//
// Close the registry entry
//
ZwClose( driverRegKey );
}
#endif
NTSTATUS
FmmUnload (
__in FLT_FILTER_UNLOAD_FLAGS Flags
)
/*++
Routine Description:
This is the unload routine for this filter driver. This is called
when the minifilter is about to be unloaded. We can fail this unload
request if this is not a mandatory unloaded indicated by the Flags
parameter.
Arguments:
Flags - Indicating if this is a mandatory unload.
Return Value:
Returns the final status of this operation.
--*/
{
UNREFERENCED_PARAMETER( Flags );
PAGED_CODE();
DebugTrace( DEBUG_TRACE_LOAD_UNLOAD,
("[Fmm]: Unloading driver\n") );
FltUnregisterFilter( Globals.Filter );
Globals.Filter = NULL;
return STATUS_SUCCESS;
}
VOID
FmmContextCleanup (
__in PFLT_CONTEXT Context,
__in FLT_CONTEXT_TYPE ContextType
)
{
PFMM_INSTANCE_CONTEXT instanceContext;
PAGED_CODE();
switch(ContextType) {
case FLT_INSTANCE_CONTEXT:
instanceContext = Context;
DebugTrace( DEBUG_TRACE_INFO,
("[Fmm]: Cleaning up instance context for volume (Context = %p)\n",
instanceContext) );
ExDeleteResourceLite( &instanceContext->MetadataResouce );
break;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -