1 / 14

Filter Manager Support In User Mode

Filter Manager Support In User Mode. Why provide user mode interfaces?. Provide common functionality for products that include filter drivers General control of driver Communication between user-mode service and filter driver Provide interfaces for management tools

ike
Download Presentation

Filter Manager Support In User Mode

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Filter Manager Support In User Mode © 2004 Microsoft Corporation. All rights reserved.

  2. Why provide user mode interfaces? • Provide common functionality for products that include filter drivers • General control of driver • Communication between user-mode service and filter driver • Provide interfaces for management tools • Allow enumeration of filters, volumes and instances © 2004 Microsoft Corporation. All rights reserved.

  3. What can be done from user mode? • Load and unload filters • Attach and detach filters to volumes • Open communication channels to filters from user mode and send/receive data from the filters • Query the system for information such as: • Filters loaded • Volumes • Instances attached to a given volume © 2004 Microsoft Corporation. All rights reserved.

  4. User mode library security • All user mode APIs require administrator privileges • User/Kernel mode communication APIs are an exception • Necessary privilege defined by minifilter through ACL defined on Port © 2004 Microsoft Corporation. All rights reserved.

  5. User mode library • Prototypes in: • FltUser.h • FltUserStructures.h • Link to: • FltLib.lib © 2004 Microsoft Corporation. All rights reserved.

  6. Load/Unload Filters • FilterLoad() • Loads a filter and calls its DriverEntry() routine • FilterUnload() • Unloads a filter • Unload request can be failed by the filter © 2004 Microsoft Corporation. All rights reserved.

  7. Handle creation • FilterCreate() • Opens a handle to a filter with the given filter name • FilterInstanceCreate() • Opens a handle to an instance • Identify with filter and volume • instance id optional • FilterClose()/FilterInstanceClose() • Closes the given handle © 2004 Microsoft Corporation. All rights reserved.

  8. Informational API’s • FilterGetInformation() • Returns information about the given filter, such as its name, number of instances, etc. • FilterInstanceGetInformation() • Returns information about an instance, such as its instance ID and the name of the volume it is attached to, etc. © 2004 Microsoft Corporation. All rights reserved.

  9. Adding/Removing Filter Instances • FilterAttach() • Creates a new instance for the given filter and attaches it to the stack of the volume specified • Instance altitude is determined from the given instance name • FilterAttachAtAltitude() • Creates a new instance for the given filter and attaches it to the stack of the volume at the specified altitude • For debug purpose only – may be removed in the final Filter Manager release • FilterDetach() • Detaches a filter instance from a volume for the specified filter with the given Instance Name © 2004 Microsoft Corporation. All rights reserved.

  10. Enumeration API’s • Filter enumeration: • FilterFindFirst() • FilterFindNext() • Volume enumeration: • FilterVolumeFindFirst() • FilterVolumeFindNext() • Filter Instance enumeration: • FilterInstanceFindFirst() • FilterInstanceFindNext() • Volume Instance enumeration: • FilterVolumeInstanceFindFirst() • FilterVolumeInstanceFindNext() © 2004 Microsoft Corporation. All rights reserved.

  11. User-InitiatedCommunication APIs • These routines send messages from user-mode to a port exposed by the minifilter • They potentially expect a response • Access to the port is controlled by the minifilter • FilterConnectCommunicationPort() • Opens a porthandle to the communication port created by the filter • FilterSendMessage() • Used to send a message from user-mode to kernel-mode through a port handle © 2004 Microsoft Corporation. All rights reserved.

  12. User-InitiatedCommunication APIs • FilterGetMessage() • Allows user to request a message from a kernel mode filter through a port handle • FilterReplyMessage() • Used to reply to a message received via FilterGetMessage() © 2004 Microsoft Corporation. All rights reserved.

  13. Kernel-InitiatedCommunication APIs • FltSendMessage() • Sends message to a user mode component through a port • Filter can wait on port object for a reply to this message from user mode • Timeout can be specified for user to receive message and reply to be returned © 2004 Microsoft Corporation. All rights reserved.

  14. Support APIs • FilterGetDosName() • Given a volume name it returns the DOS name for the device • Volume name can be one of the following forms: • NT device name, e.g. \Device\HarddiskVolume1 • Dos device name, e.g. D: • Volume GUID name, e.g. \\?\Volume{a4e6ccb3-134a-11d5-b660-00c04f72d8dd} • Mount point name, e.g. C:\MountPoint • Returned DOS name will be one of the following: • Drive letter (if one exists), e.g. D: • Mount point name, e.g. C:\MountPoint • Does not work for network drives © 2004 Microsoft Corporation. All rights reserved.

More Related