API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 2nd, 2012
96
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 19.92 KB | None | 0 0
raw download clone embed print report
  1. /*++
  2.  
  3. Copyright (c) 1999 - 2002  Microsoft Corporation
  4.  
  5. Module Name:
  6.  
  7.     nullFilter.c
  8.  
  9. Abstract:
  10.  
  11.     This is the main module of the nullFilter mini filter driver.
  12.     It is a simple minifilter that registers itself with the main filter
  13.     for no callback operations.
  14.  
  15. Environment:
  16.  
  17.     Kernel mode
  18.  
  19. --*/
  20.  
  21. #include <fltKernel.h>
  22. #include <wdm.h>
  23. #include <dontuse.h>
  24. #include <stdio.h>
  25. #include <suppress.h>
  26. #include "policiessandbox.h"
  27.  
  28. #pragma prefast(disable:__WARNING_ENCODE_MEMBER_FUNCTION_POINTER, "Not valid for kernel mode drivers")
  29.  
  30. //---------------------------------------------------------------------------
  31. //      Global variables
  32. //---------------------------------------------------------------------------
  33.  
  34. #define NULL_FILTER_FILTER_NAME     L"policiessandbox"
  35.  
  36. typedef struct {
  37.  
  38.     PDRIVER_OBJECT      pDriverObject;
  39.     PFLT_FILTER         fltHandle;
  40.     ULONG               state;                                  // driver state (see DRIVER_STATE_* values)
  41.  
  42.     struct {
  43.         PEPROCESS       UserProcess;                            // user process that connected to the port
  44.         PFLT_PORT       ServerPort;                             // listens for incoming connections
  45.         PFLT_PORT       ClientPort;                             // client port for a connection to user-mode
  46.     } Connection;
  47.  
  48.     struct {
  49.         HANDLE          CurrentProcessID;
  50.         HANDLE          CurrentThreadID;
  51.     } procinfo;
  52.  
  53.     LONG volatile       pcListCount;                            // number of processes (note it may be more than PID_NUMHASH)
  54.     EX_PUSH_LOCK        pcListLock;
  55.  
  56.     LIST_ENTRY          cnList;                                 // context-node list (PS_CONTEXT_NODE entries)
  57.     EX_PUSH_LOCK        cnListLock;
  58.  
  59. } _DRIVER_DATA, *PDRIVER_DATA;
  60.  
  61. _DRIVER_DATA DRIVER_DATA = {0};
  62.  
  63. /*************************************************************************
  64.     Prototypes for the startup and unload routines used for
  65.     this Filter.
  66.  
  67.     Implementation in nullFilter.c
  68. *************************************************************************/
  69.  
  70. DRIVER_INITIALIZE DriverEntry;
  71. NTSTATUS FLTAPI
  72. DriverEntry (
  73.     __in PDRIVER_OBJECT DriverObject,
  74.     __in PUNICODE_STRING RegistryPath
  75.     );
  76.  
  77. NTSTATUS FLTAPI
  78. PtFilterUnload (
  79.     __in FLT_FILTER_UNLOAD_FLAGS Flags
  80.     );
  81.  
  82. NTSTATUS FLTAPI
  83. PtFilterTeardown (
  84.     __in FLT_FILTER_UNLOAD_FLAGS Flags
  85.     );
  86.  
  87. NTSTATUS FLTAPI
  88. PtFilterQueryTeardown (
  89.     __in PCFLT_RELATED_OBJECTS FltObjects,
  90.     __in FLT_INSTANCE_QUERY_TEARDOWN_FLAGS Flags
  91.     );
  92.  
  93. //
  94. //  Assign text sections for each routine.
  95. //
  96.  
  97. #ifdef ALLOC_PRAGMA
  98. #pragma alloc_text(INIT, DriverEntry)
  99. #pragma alloc_text(PAGE, PtFilterUnload)
  100. #pragma alloc_text(PAGE, PtFilterTeardown)
  101. #pragma alloc_text(PAGE, PtInstanceSetup)
  102. #pragma alloc_text(PAGE, PtInstanceQueryTeardown)
  103. #pragma alloc_text(PAGE, PtInstanceTeardownStart)
  104. #pragma alloc_text(PAGE, PtInstanceTeardownComplete)
  105. #pragma alloc_text(PAGE, CommPortConnect)
  106. #pragma alloc_text(PAGE, CommPortDisconnect)
  107. #pragma alloc_text(PAGE, CommPortMessageNotify)
  108. #endif
  109.  
  110.  
  111. //
  112. //  This defines what we want to filter with FltMgr
  113. //
  114.  
  115. CONST FLT_REGISTRATION FilterRegistration = {
  116.  
  117.     sizeof( FLT_REGISTRATION ),         //  Size
  118.     FLT_REGISTRATION_VERSION,           //  Version
  119.     0,                                  //  Flags
  120.  
  121.     NULL,                               //  Context
  122.     NULL,                               //  Operation callbacks
  123.  
  124.     PtFilterUnload,                     //  FilterUnload
  125.  
  126.     PtInstanceSetup,                    //  InstanceSetup
  127.     PtInstanceQueryTeardown,            //  InstanceQueryTeardown
  128.     PtInstanceTeardownStart,            //  InstanceTeardownStart
  129.     PtInstanceTeardownComplete,         //  InstanceTeardownComplete
  130.  
  131.     NULL,                               //  GenerateFileName
  132.     NULL,                               //  GenerateDestinationFileName
  133.     NULL                                //  NormalizeNameComponent
  134.  
  135. };
  136.  
  137. /*************************************************************************
  138.     Filter initialization and unload routines.
  139. *************************************************************************/
  140.  
  141. /*++
  142.  
  143. Routine Description:
  144.  
  145.     This is the initialization routine for this miniFilter driver. This
  146.     registers the miniFilter with FltMgr and initializes all
  147.     its global data structures.
  148.  
  149. Arguments:
  150.  
  151.     DriverObject - Pointer to driver object created by the system to
  152.         represent this driver.
  153.     RegistryPath - Unicode string identifying where the parameters for this
  154.         driver are located in the registry.
  155.  
  156. Return Value:
  157.  
  158.     Returns STATUS_SUCCESS.
  159.  
  160. --*/
  161.  
  162. NTSTATUS FLTAPI
  163. DriverEntry (
  164.     __in PDRIVER_OBJECT DriverObject,
  165.     __in PUNICODE_STRING RegistryPath
  166.     )
  167.  
  168. {
  169.     /* locals */
  170.     NTSTATUS             status;
  171.     OBJECT_ATTRIBUTES    attr;
  172.     UNICODE_STRING       portName;
  173.         PSECURITY_DESCRIPTOR securityDescriptor;
  174.  
  175.     /* unused */
  176.     UNREFERENCED_PARAMETER( RegistryPath );
  177.  
  178.     /* code */
  179.     __try {
  180.         // Init process contexts list
  181.         FltInitializePushLock( &DRIVER_DATA.pcListLock );
  182.  
  183.         // Init context node list
  184.         InitializeListHead( &DRIVER_DATA.cnList );
  185.         FltInitializePushLock( &DRIVER_DATA.cnListLock );
  186.  
  187.         // Register filter
  188.         status =  FltRegisterFilter( DriverObject,
  189.                                     &FilterRegistration,
  190.                                     &DRIVER_DATA.fltHandle );
  191.        
  192.         // Setup security descriptor
  193.         status = FltBuildDefaultSecurityDescriptor( &securityDescriptor, FLT_PORT_ALL_ACCESS );
  194.         if ( !NT_SUCCESS( status )) __leave;
  195.  
  196.         RtlInitUnicodeString( &portName, PIPortName );
  197.  
  198.         InitializeObjectAttributes( &attr, &portName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, securityDescriptor );
  199.         status = FltCreateCommunicationPort( DRIVER_DATA.fltHandle, &DRIVER_DATA.Connection.ServerPort, &attr, NULL, CommPortConnect, CommPortDisconnect, CommPortMessageNotify, 1 );
  200.  
  201.         // - free the security descriptor in all cases. It is not needed once the call to FltCreateCommunicationPort( ) is made.
  202.         FltFreeSecurityDescriptor( securityDescriptor );
  203.         if ( !NT_SUCCESS( status )) __leave;
  204.  
  205.         if (NT_SUCCESS( status )) {
  206.  
  207.             //  Start filtering i/o
  208.             status = FltStartFiltering( DRIVER_DATA.fltHandle );
  209.         }
  210.    
  211.         ASSERT( NT_SUCCESS( status ) );
  212.     } __finally {
  213.         FltUnregisterFilter( DRIVER_DATA.fltHandle );
  214.         FltCloseCommunicationPort( DRIVER_DATA.Connection.ServerPort );
  215.     }
  216.  
  217.     return status;
  218. }
  219.  
  220. /*++
  221.  
  222. Routine Description:
  223.  
  224.     This is the unload routine for this miniFilter driver. This is called
  225.     when the minifilter is about to be unloaded. We can fail this unload
  226.     request if this is not a mandatory unloaded indicated by the Flags
  227.     parameter.
  228.  
  229. Arguments:
  230.  
  231.     Flags - Indicating if this is a mandatory unload.
  232.  
  233. Return Value:
  234.  
  235.     Returns the final status of this operation.
  236.  
  237. --*/
  238. NTSTATUS FLTAPI
  239. PtFilterUnload(
  240.     __in FLT_FILTER_UNLOAD_FLAGS Flags
  241.     )
  242. {
  243.     UNREFERENCED_PARAMETER( Flags );
  244.  
  245.     PAGED_CODE();
  246.  
  247.     FltUnregisterFilter(  DRIVER_DATA.fltHandle );
  248.     FltCloseCommunicationPort( DRIVER_DATA.Connection.ServerPort );
  249.    
  250.     DbgPrint("PoliciesSandbox!PtFilterUnload: Entered\n");
  251.  
  252.     return STATUS_SUCCESS;
  253. }
  254.  
  255. /*++
  256.  
  257. Routine Description:
  258.  
  259.     This is the unload routine for this miniFilter driver. This is called
  260.     when the minifilter is about to be unloaded. We can fail this unload
  261.     request if this is not a mandatory unloaded indicated by the Flags
  262.     parameter.
  263.  
  264. Arguments:
  265.  
  266.     Flags - Indicating if this is a mandatory unload.
  267.  
  268. Return Value:
  269.  
  270.     Returns the final status of this operation.
  271.  
  272. --*/
  273. NTSTATUS FLTAPI
  274. PtFilterTeardown(
  275.     __in FLT_FILTER_UNLOAD_FLAGS Flags
  276.     )
  277. {
  278.     UNREFERENCED_PARAMETER( Flags );
  279.  
  280.     PAGED_CODE();
  281.  
  282.     DbgPrint("PoliciesSandbox!PtFilterTeardown: Entered\n");
  283.  
  284.     return STATUS_SUCCESS;
  285. }
  286. /*++
  287.  
  288. Routine Description:
  289.  
  290.     This routine is called whenever a new instance is created on a volume. This
  291.     gives us a chance to decide if we need to attach to this volume or not.
  292.  
  293.     If this routine is not defined in the registration structure, automatic
  294.     instances are alwasys created.
  295.  
  296. Arguments:
  297.  
  298.     FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
  299.         opaque handles to this filter, instance and its associated volume.
  300.  
  301.     Flags - Flags describing the reason for this attach request.
  302.  
  303. Return Value:
  304.  
  305.     STATUS_SUCCESS - attach
  306.     STATUS_FLT_DO_NOT_ATTACH - do not attach
  307.  
  308. --*/
  309. NTSTATUS FLTAPI
  310. PtInstanceSetup (
  311.     __in PCFLT_RELATED_OBJECTS FltObjects,
  312.     __in FLT_INSTANCE_SETUP_FLAGS Flags,
  313.     __in DEVICE_TYPE VolumeDeviceType,
  314.     __in FLT_FILESYSTEM_TYPE VolumeFilesystemType
  315.     )
  316. {
  317.     UNREFERENCED_PARAMETER( FltObjects );
  318.     UNREFERENCED_PARAMETER( Flags );
  319.     UNREFERENCED_PARAMETER( VolumeDeviceType );
  320.     UNREFERENCED_PARAMETER( VolumeFilesystemType );
  321.  
  322.     PAGED_CODE();
  323.  
  324.     DbgPrint("PoliciesSandbox!PtInstanceSetup: Entered\n");
  325.  
  326.     return STATUS_SUCCESS;
  327. }
  328.  
  329. /*++
  330.  
  331. Routine Description:
  332.  
  333.     This is the instance detach routine for this miniFilter driver.
  334.     This is called when an instance is being manually deleted by a
  335.     call to FltDetachVolume or FilterDetach thereby giving us a
  336.     chance to fail that detach request.
  337.  
  338. Arguments:
  339.  
  340.     FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
  341.         opaque handles to this filter, instance and its associated volume.
  342.  
  343.     Flags - Indicating where this detach request came from.
  344.  
  345. Return Value:
  346.  
  347.     Returns the status of this operation.
  348.  
  349. --*/
  350. NTSTATUS FLTAPI
  351. PtInstanceQueryTeardown (
  352.     __in PCFLT_RELATED_OBJECTS FltObjects,
  353.     __in FLT_INSTANCE_QUERY_TEARDOWN_FLAGS Flags
  354.     )
  355. {
  356.     UNREFERENCED_PARAMETER( FltObjects );
  357.     UNREFERENCED_PARAMETER( Flags );
  358.  
  359.     PAGED_CODE();
  360.     DbgPrint("PoliciesSandbox!PtInstanceQueryTeardown: Entered\n");
  361.  
  362.     return STATUS_SUCCESS;
  363. }
  364.  
  365. VOID FLTAPI
  366. PtInstanceTeardownStart (
  367.     __in PCFLT_RELATED_OBJECTS FltObjects,
  368.     __in FLT_INSTANCE_TEARDOWN_FLAGS Flags
  369.     )
  370. /*++
  371.  
  372. Routine Description:
  373.  
  374.     This routine is called at the start of instance teardown.
  375.  
  376. Arguments:
  377.  
  378.     FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
  379.         opaque handles to this filter, instance and its associated volume.
  380.  
  381.     Flags - Reason why this instance is been deleted.
  382.  
  383. Return Value:
  384.  
  385.     None.
  386.  
  387. --*/
  388. {
  389.     UNREFERENCED_PARAMETER( FltObjects );
  390.     UNREFERENCED_PARAMETER( Flags );
  391.  
  392.     PAGED_CODE();
  393.  
  394.     DbgPrint("PassThrough!PtInstanceTeardownStart: Entered\n");
  395. }
  396.  
  397.  
  398. VOID FLTAPI
  399. PtInstanceTeardownComplete (
  400.     __in PCFLT_RELATED_OBJECTS FltObjects,
  401.     __in FLT_INSTANCE_TEARDOWN_FLAGS Flags
  402.     )
  403. /*++
  404.  
  405. Routine Description:
  406.  
  407.     This routine is called at the end of instance teardown.
  408.  
  409. Arguments:
  410.  
  411.     FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
  412.         opaque handles to this filter, instance and its associated volume.
  413.  
  414.     Flags - Reason why this instance is been deleted.
  415.  
  416. Return Value:
  417.  
  418.     None.
  419.  
  420. --*/
  421. {
  422.     UNREFERENCED_PARAMETER( FltObjects );
  423.     UNREFERENCED_PARAMETER( Flags );
  424.  
  425.     PAGED_CODE();
  426.  
  427.     DbgPrint("PassThrough!PtInstanceTeardownComplete: Entered\n");
  428. }
  429.  
  430. /*++
  431.  
  432. Routine Description:
  433.  
  434.     This function is called when user-mode connects to the server port - to estabilish a
  435.     connection.
  436.  
  437. Arguments:
  438.  
  439.    InitializedAttributes [out] - Specifies the OBJECT_ATTRIBUTES structure to initialize.
  440.     ObjectName [in]            - A pointer to a Unicode string that contains name of the object for
  441.                                  which a handle is to be opened. This must either be a fully qualified object name,
  442.                                  or a relative path name to the object directory specified by the RootDirectory parameter.
  443.     Attributes [in]            - Specifies one or more of the flags Indicating where this detach request came from.
  444.     RootDirectory [in]         - A handle to the root object directory for the path name specified in the ObjectName parameter.
  445.                                  If ObjectName is a fully qualified object name, RootDirectory is NULL. Use ZwCreateDirectoryObject
  446.                                  to obtain a handle to an object directory.
  447.     SecurityDescriptor [in, optional] - Specifies a security descriptor to apply to an object when it is created.
  448.                                  This parameter is optional. Drivers can specify NULL to accept the default security for the object.
  449.                                  For more information, see the following Remarks section.
  450. Return Value:
  451.  
  452.     Returns the status of this operation.
  453.  
  454. --*/
  455. NTSTATUS FLTAPI CommPortConnect(
  456.     IN PFLT_PORT ClientPort,
  457.     IN PVOID ServerPortCookie,
  458.     IN PVOID ConnectionContext,
  459.     IN ULONG SizeOfContext,
  460.     OUT PVOID* ConnectionCookie )
  461.  
  462. {
  463.     // Check basic "credentials"
  464.     // TODO: check: we should to understand, connection is estabilished with our service, not third-party
  465.     if(DRIVER_DATA.procinfo.CurrentProcessID != PsGetCurrentProcessId())
  466.     {
  467.         return STATUS_ACCESS_DENIED;
  468.     }
  469.  
  470.     // We shoud to understand who tries to manipulate us
  471.     DRIVER_DATA.procinfo.CurrentProcessID = PsGetCurrentProcessId();
  472.     DRIVER_DATA.procinfo.CurrentThreadID  = PsGetCurrentThreadId();
  473.  
  474.     // Remember connection details
  475.     DRIVER_DATA.Connection.ClientPort = ClientPort;
  476.  
  477.     // All is ok, connection estabilished
  478.     return STATUS_SUCCESS;
  479. }
  480.  
  481. /*++
  482.  
  483. Routine Description:
  484.  
  485.     This function is called when user-mode connects to the server port - to estabilish a
  486.     connection.
  487.  
  488. Arguments:
  489.  
  490.    InitializedAttributes [out] - Specifies the OBJECT_ATTRIBUTES structure to initialize.
  491.     ObjectName [in]            - A pointer to a Unicode string that contains name of the object for
  492.                                  which a handle is to be opened. This must either be a fully qualified object name,
  493.                                  or a relative path name to the object directory specified by the RootDirectory parameter.
  494.     Attributes [in]            - Specifies one or more of the flags Indicating where this detach request came from.
  495.     RootDirectory [in]         - A handle to the root object directory for the path name specified in the ObjectName parameter.
  496.                                  If ObjectName is a fully qualified object name, RootDirectory is NULL. Use ZwCreateDirectoryObject
  497.                                  to obtain a handle to an object directory.
  498.     SecurityDescriptor [in, optional] - Specifies a security descriptor to apply to an object when it is created.
  499.                                  This parameter is optional. Drivers can specify NULL to accept the default security for the object.
  500.                                  For more information, see the following Remarks section.
  501. Return Value:
  502.  
  503.     Returns the status of this operation.
  504.  
  505. --*/
  506. void FLTAPI CommPortDisconnect( IN PVOID ConnectionCookie )
  507. {
  508.     FltCloseClientPort(DRIVER_DATA.fltHandle, &DRIVER_DATA.Connection.ClientPort);
  509.     DRIVER_DATA.procinfo.CurrentProcessID = NULL;
  510. }
  511.  
  512. /*++
  513.  
  514. Routine Description:
  515.  
  516.     This function is called when user-mode connects to the server port - to estabilish a
  517.     connection.
  518.  
  519. Arguments:
  520.  
  521.     PortCookie [in] -            Pointer to information that uniquely identifies this client port. This information is defined by the
  522.                                  minifilter driver. When the client port was created, the minifilter driver returned this context pointer
  523.                                  in the ConnectionPortCookie parameter of its ConnectNotifyCallback routine.
  524.  
  525.     InputBuffer [in,opt] -       Pointer to a caller-allocated buffer containing the message to be sent to the minifilter driver.
  526.                                  Note that InputBuffer is a pointer to a raw, unlocked user-mode buffer. This pointer is valid only
  527.                                  in the context of the user-mode process and must only be accessed from within a try/except block.
  528.                                  The filter manager calls ProbeForRead to validate this pointer, but it does not ensure that the buffer
  529.                                  is properly aligned. If the buffer contains structures that have alignment requirements, the minifilter
  530.                                  driver is responsible for performing any necessary alignment checks. To do this, the minifilter driver
  531.                                  can use the IS_ALIGNED macro as shown in the MiniSpy sample minifilter driver.
  532.                                  This parameter is optional and can be NULL.
  533.  
  534.     InputBufferLength [in] -     Size, in bytes, of the buffer that InputBuffer points to. This parameter is ignored if InputBuffer is NULL.
  535.  
  536.     OutputBuffer [ouy,opt] -     Pointer to a caller-allocated buffer that receives the reply (if any) from the minifilter driver.
  537.                                  Note that OutputBuffer is a pointer to a raw, unlocked user-mode buffer. This pointer is valid only in the
  538.                                  context of the user-mode process and must only be accessed from within a try/except block.
  539.                                  The filter manager calls ProbeForWrite to validate this pointer, but it does not ensure that the buffer is
  540.                                  properly aligned. If the buffer contains structures that have alignment requirements, the minifilter driver is
  541.                                  responsible for performing any necessary alignment checks. To do this, the minifilter driver can use the IS_ALIGNED
  542.                                  macro as shown in the MiniSpy sample minifilter driver.
  543.                                  This parameter is optional and can be NULL.
  544.     OutputBufferLength [out] -   Size, in bytes, of the buffer that OutputBuffer points to. This parameter is ignored if OutputBuffer is NULL.
  545.     ReturnOutputBufferLength [in] - Pointer to a caller-allocated variable that receives the number of bytes returned in the buffer that OutputBuffer points to.
  546.     MaxConnections [in] -        Maximum number of simultaneous client connections to be allowed for this server port. This parameter is required and must be greater than zero.
  547. --*/
  548. NTSTATUS FLTAPI CommPortMessageNotify (
  549.       IN PVOID PortCookie,
  550.       IN PVOID InputBuffer OPTIONAL,
  551.       IN ULONG InputBufferLength,
  552.       OUT PVOID OutputBuffer OPTIONAL,
  553.       IN ULONG OutputBufferLength,
  554.       OUT PULONG ReturnOutputBufferLength
  555.       )
  556. {
  557.     MINIFILTER_COMMAND command;
  558.     NTSTATUS status;
  559.  
  560.     if(InputBufferLength == 0)
  561.     {
  562.         return STATUS_SUCCESS;
  563.     }
  564.  
  565.     DbgPrint("Message from service recieved: %x, size: %d", InputBuffer, InputBufferLength);
  566.  
  567.     if((InputBufferLength >= (FIELD_OFFSET(COMMAND_MESSAGE, Command) +
  568.                         sizeof(MINIFILTER_COMMAND))))
  569.     {
  570.  
  571.         try  {
  572.  
  573.             //
  574.             //  Probe and capture input message: the message is raw user mode
  575.             //  buffer, so need to protect with exception handler
  576.             //
  577.  
  578.             command = ((PCOMMAND_MESSAGE) InputBuffer)->Command;
  579.  
  580.         } except (EXCEPTION_EXECUTE_HANDLER)
  581.         {
  582.             return GetExceptionCode();
  583.         }
  584.  
  585.         switch(command)
  586.         {
  587.             case GetVersion:
  588.  
  589.                 //
  590.                 //  Return version of the filter driver.  Verify
  591.                 //  we have a valid user buffer including valid
  592.                 //  alignment
  593.                 //
  594.  
  595.                 if ((OutputBufferLength < sizeof( PFILTERVERSION )) ||
  596.                     (OutputBuffer == NULL)) {
  597.  
  598.                     status = STATUS_INVALID_PARAMETER;
  599.                     break;
  600.                 }
  601.  
  602.                 //
  603.                 //  Validate Buffer alignment.  If a minfilter cares about
  604.                 //  the alignment value of the buffer pointer they must do
  605.                 //  this check themselves.  Note that a try/except will not
  606.                 //  capture alignment faults.
  607.                 //
  608.  
  609.                 if (!IS_ALIGNED(OutputBuffer,sizeof(ULONG))) {
  610.  
  611.                     status = STATUS_DATATYPE_MISALIGNMENT;
  612.                     break;
  613.                 }
  614.  
  615.                 //
  616.                 //  Protect access to raw user-mode output buffer with an
  617.                 //  exception handler
  618.                 //
  619.  
  620.                 try {
  621.  
  622.                     ((PFILTERVERSION)OutputBuffer)->Major = MINISPY_MAJ_VERSION;
  623.                     ((PFILTERVERSION)OutputBuffer)->Minor = MINISPY_MIN_VERSION;
  624.  
  625.                 } except ( EXCEPTION_EXECUTE_HANDLER ) {
  626.  
  627.                       return GetExceptionCode();
  628.                 }
  629.  
  630.                 *ReturnOutputBufferLength = sizeof( PFILTERVERSION );
  631.                 status = STATUS_SUCCESS;
  632.                 break;
  633.  
  634.             default:
  635.                 status = STATUS_INVALID_PARAMETER;
  636.                 break;
  637.         }
  638.         return status;
  639.     }
  640. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!