SHARE
TWEET

RtlGetElementGenericTableAvl issue

a guest Jul 24th, 2019 29 in 187 days
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /*++
  2.  
  3. Module Name:
  4.  
  5.     testDrvAvl.c
  6.  
  7. Abstract:
  8.  
  9.     This is the main module of the testDrvAvl miniFilter driver.
  10.  
  11. Environment:
  12.  
  13.     Kernel mode
  14.  
  15. --*/
  16.  
  17. #include <fltKernel.h>
  18. #include <dontuse.h>
  19.  
  20. #pragma prefast(disable:__WARNING_ENCODE_MEMBER_FUNCTION_POINTER, "Not valid for kernel mode drivers")
  21.  
  22.  
  23. PFLT_FILTER gFilterHandle;
  24. ULONG_PTR OperationStatusCtx = 1;
  25.  
  26. #define PTDBG_TRACE_ROUTINES            0x00000001
  27. #define PTDBG_TRACE_OPERATION_STATUS    0x00000002
  28.  
  29. ULONG gTraceFlags = 0;
  30.  
  31.  
  32. #define PT_DBG_PRINT( _dbgLevel, _string )          \
  33.     (FlagOn(gTraceFlags,(_dbgLevel)) ?              \
  34.         DbgPrint _string :                          \
  35.         ((int)0))
  36.  
  37. /*************************************************************************
  38.     Prototypes
  39. *************************************************************************/
  40.  
  41. EXTERN_C_START
  42.  
  43. DRIVER_INITIALIZE DriverEntry;
  44. NTSTATUS
  45. DriverEntry (
  46.     _In_ PDRIVER_OBJECT DriverObject,
  47.     _In_ PUNICODE_STRING RegistryPath
  48.     );
  49.  
  50. NTSTATUS
  51. testDrvAvlInstanceSetup (
  52.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  53.     _In_ FLT_INSTANCE_SETUP_FLAGS Flags,
  54.     _In_ DEVICE_TYPE VolumeDeviceType,
  55.     _In_ FLT_FILESYSTEM_TYPE VolumeFilesystemType
  56.     );
  57.  
  58. VOID
  59. testDrvAvlInstanceTeardownStart (
  60.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  61.     _In_ FLT_INSTANCE_TEARDOWN_FLAGS Flags
  62.     );
  63.  
  64. VOID
  65. testDrvAvlInstanceTeardownComplete (
  66.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  67.     _In_ FLT_INSTANCE_TEARDOWN_FLAGS Flags
  68.     );
  69.  
  70. NTSTATUS
  71. testDrvAvlUnload (
  72.     _In_ FLT_FILTER_UNLOAD_FLAGS Flags
  73.     );
  74.  
  75. NTSTATUS
  76. testDrvAvlInstanceQueryTeardown (
  77.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  78.     _In_ FLT_INSTANCE_QUERY_TEARDOWN_FLAGS Flags
  79.     );
  80.  
  81. FLT_PREOP_CALLBACK_STATUS
  82. testDrvAvlPreOperation (
  83.     _Inout_ PFLT_CALLBACK_DATA Data,
  84.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  85.     _Flt_CompletionContext_Outptr_ PVOID *CompletionContext
  86.     );
  87.  
  88. VOID
  89. testDrvAvlOperationStatusCallback (
  90.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  91.     _In_ PFLT_IO_PARAMETER_BLOCK ParameterSnapshot,
  92.     _In_ NTSTATUS OperationStatus,
  93.     _In_ PVOID RequesterContext
  94.     );
  95.  
  96. FLT_POSTOP_CALLBACK_STATUS
  97. testDrvAvlPostOperation (
  98.     _Inout_ PFLT_CALLBACK_DATA Data,
  99.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  100.     _In_opt_ PVOID CompletionContext,
  101.     _In_ FLT_POST_OPERATION_FLAGS Flags
  102.     );
  103.  
  104. FLT_PREOP_CALLBACK_STATUS
  105. testDrvAvlPreOperationNoPostOperation (
  106.     _Inout_ PFLT_CALLBACK_DATA Data,
  107.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  108.     _Flt_CompletionContext_Outptr_ PVOID *CompletionContext
  109.     );
  110.  
  111. BOOLEAN
  112. testDrvAvlDoRequestOperationStatus(
  113.     _In_ PFLT_CALLBACK_DATA Data
  114.     );
  115.  
  116. EXTERN_C_END
  117.  
  118. //
  119. //  Assign text sections for each routine.
  120. //
  121.  
  122. #ifdef ALLOC_PRAGMA
  123. #pragma alloc_text(INIT, DriverEntry)
  124. #pragma alloc_text(PAGE, testDrvAvlUnload)
  125. #pragma alloc_text(PAGE, testDrvAvlInstanceQueryTeardown)
  126. #pragma alloc_text(PAGE, testDrvAvlInstanceSetup)
  127. #pragma alloc_text(PAGE, testDrvAvlInstanceTeardownStart)
  128. #pragma alloc_text(PAGE, testDrvAvlInstanceTeardownComplete)
  129. #endif
  130.  
  131. //
  132. //  operation registration
  133. //
  134.  
  135. CONST FLT_OPERATION_REGISTRATION Callbacks[] = {
  136.  
  137. #if 0 // TODO - List all of the requests to filter.
  138.     { IRP_MJ_CREATE,
  139.       0,
  140.       testDrvAvlPreOperation,
  141.       testDrvAvlPostOperation },
  142.  
  143.     { IRP_MJ_CREATE_NAMED_PIPE,
  144.       0,
  145.       testDrvAvlPreOperation,
  146.       testDrvAvlPostOperation },
  147.  
  148.     { IRP_MJ_CLOSE,
  149.       0,
  150.       testDrvAvlPreOperation,
  151.       testDrvAvlPostOperation },
  152.  
  153.     { IRP_MJ_READ,
  154.       0,
  155.       testDrvAvlPreOperation,
  156.       testDrvAvlPostOperation },
  157.  
  158.     { IRP_MJ_WRITE,
  159.       0,
  160.       testDrvAvlPreOperation,
  161.       testDrvAvlPostOperation },
  162.  
  163.     { IRP_MJ_QUERY_INFORMATION,
  164.       0,
  165.       testDrvAvlPreOperation,
  166.       testDrvAvlPostOperation },
  167.  
  168.     { IRP_MJ_SET_INFORMATION,
  169.       0,
  170.       testDrvAvlPreOperation,
  171.       testDrvAvlPostOperation },
  172.  
  173.     { IRP_MJ_QUERY_EA,
  174.       0,
  175.       testDrvAvlPreOperation,
  176.       testDrvAvlPostOperation },
  177.  
  178.     { IRP_MJ_SET_EA,
  179.       0,
  180.       testDrvAvlPreOperation,
  181.       testDrvAvlPostOperation },
  182.  
  183.     { IRP_MJ_FLUSH_BUFFERS,
  184.       0,
  185.       testDrvAvlPreOperation,
  186.       testDrvAvlPostOperation },
  187.  
  188.     { IRP_MJ_QUERY_VOLUME_INFORMATION,
  189.       0,
  190.       testDrvAvlPreOperation,
  191.       testDrvAvlPostOperation },
  192.  
  193.     { IRP_MJ_SET_VOLUME_INFORMATION,
  194.       0,
  195.       testDrvAvlPreOperation,
  196.       testDrvAvlPostOperation },
  197.  
  198.     { IRP_MJ_DIRECTORY_CONTROL,
  199.       0,
  200.       testDrvAvlPreOperation,
  201.       testDrvAvlPostOperation },
  202.  
  203.     { IRP_MJ_FILE_SYSTEM_CONTROL,
  204.       0,
  205.       testDrvAvlPreOperation,
  206.       testDrvAvlPostOperation },
  207.  
  208.     { IRP_MJ_DEVICE_CONTROL,
  209.       0,
  210.       testDrvAvlPreOperation,
  211.       testDrvAvlPostOperation },
  212.  
  213.     { IRP_MJ_INTERNAL_DEVICE_CONTROL,
  214.       0,
  215.       testDrvAvlPreOperation,
  216.       testDrvAvlPostOperation },
  217.  
  218.     { IRP_MJ_SHUTDOWN,
  219.       0,
  220.       testDrvAvlPreOperationNoPostOperation,
  221.       NULL },                               //post operations not supported
  222.  
  223.     { IRP_MJ_LOCK_CONTROL,
  224.       0,
  225.       testDrvAvlPreOperation,
  226.       testDrvAvlPostOperation },
  227.  
  228.     { IRP_MJ_CLEANUP,
  229.       0,
  230.       testDrvAvlPreOperation,
  231.       testDrvAvlPostOperation },
  232.  
  233.     { IRP_MJ_CREATE_MAILSLOT,
  234.       0,
  235.       testDrvAvlPreOperation,
  236.       testDrvAvlPostOperation },
  237.  
  238.     { IRP_MJ_QUERY_SECURITY,
  239.       0,
  240.       testDrvAvlPreOperation,
  241.       testDrvAvlPostOperation },
  242.  
  243.     { IRP_MJ_SET_SECURITY,
  244.       0,
  245.       testDrvAvlPreOperation,
  246.       testDrvAvlPostOperation },
  247.  
  248.     { IRP_MJ_QUERY_QUOTA,
  249.       0,
  250.       testDrvAvlPreOperation,
  251.       testDrvAvlPostOperation },
  252.  
  253.     { IRP_MJ_SET_QUOTA,
  254.       0,
  255.       testDrvAvlPreOperation,
  256.       testDrvAvlPostOperation },
  257.  
  258.     { IRP_MJ_PNP,
  259.       0,
  260.       testDrvAvlPreOperation,
  261.       testDrvAvlPostOperation },
  262.  
  263.     { IRP_MJ_ACQUIRE_FOR_SECTION_SYNCHRONIZATION,
  264.       0,
  265.       testDrvAvlPreOperation,
  266.       testDrvAvlPostOperation },
  267.  
  268.     { IRP_MJ_RELEASE_FOR_SECTION_SYNCHRONIZATION,
  269.       0,
  270.       testDrvAvlPreOperation,
  271.       testDrvAvlPostOperation },
  272.  
  273.     { IRP_MJ_ACQUIRE_FOR_MOD_WRITE,
  274.       0,
  275.       testDrvAvlPreOperation,
  276.       testDrvAvlPostOperation },
  277.  
  278.     { IRP_MJ_RELEASE_FOR_MOD_WRITE,
  279.       0,
  280.       testDrvAvlPreOperation,
  281.       testDrvAvlPostOperation },
  282.  
  283.     { IRP_MJ_ACQUIRE_FOR_CC_FLUSH,
  284.       0,
  285.       testDrvAvlPreOperation,
  286.       testDrvAvlPostOperation },
  287.  
  288.     { IRP_MJ_RELEASE_FOR_CC_FLUSH,
  289.       0,
  290.       testDrvAvlPreOperation,
  291.       testDrvAvlPostOperation },
  292.  
  293.     { IRP_MJ_FAST_IO_CHECK_IF_POSSIBLE,
  294.       0,
  295.       testDrvAvlPreOperation,
  296.       testDrvAvlPostOperation },
  297.  
  298.     { IRP_MJ_NETWORK_QUERY_OPEN,
  299.       0,
  300.       testDrvAvlPreOperation,
  301.       testDrvAvlPostOperation },
  302.  
  303.     { IRP_MJ_MDL_READ,
  304.       0,
  305.       testDrvAvlPreOperation,
  306.       testDrvAvlPostOperation },
  307.  
  308.     { IRP_MJ_MDL_READ_COMPLETE,
  309.       0,
  310.       testDrvAvlPreOperation,
  311.       testDrvAvlPostOperation },
  312.  
  313.     { IRP_MJ_PREPARE_MDL_WRITE,
  314.       0,
  315.       testDrvAvlPreOperation,
  316.       testDrvAvlPostOperation },
  317.  
  318.     { IRP_MJ_MDL_WRITE_COMPLETE,
  319.       0,
  320.       testDrvAvlPreOperation,
  321.       testDrvAvlPostOperation },
  322.  
  323.     { IRP_MJ_VOLUME_MOUNT,
  324.       0,
  325.       testDrvAvlPreOperation,
  326.       testDrvAvlPostOperation },
  327.  
  328.     { IRP_MJ_VOLUME_DISMOUNT,
  329.       0,
  330.       testDrvAvlPreOperation,
  331.       testDrvAvlPostOperation },
  332.  
  333. #endif // TODO
  334.  
  335.     { IRP_MJ_OPERATION_END }
  336. };
  337.  
  338. //
  339. //  This defines what we want to filter with FltMgr
  340. //
  341.  
  342. CONST FLT_REGISTRATION FilterRegistration = {
  343.  
  344.     sizeof( FLT_REGISTRATION ),         //  Size
  345.     FLT_REGISTRATION_VERSION,           //  Version
  346.     0,                                  //  Flags
  347.  
  348.     NULL,                               //  Context
  349.     Callbacks,                          //  Operation callbacks
  350.  
  351.     testDrvAvlUnload,                           //  MiniFilterUnload
  352.  
  353.     testDrvAvlInstanceSetup,                    //  InstanceSetup
  354.     testDrvAvlInstanceQueryTeardown,            //  InstanceQueryTeardown
  355.     testDrvAvlInstanceTeardownStart,            //  InstanceTeardownStart
  356.     testDrvAvlInstanceTeardownComplete,         //  InstanceTeardownComplete
  357.  
  358.     NULL,                               //  GenerateFileName
  359.     NULL,                               //  GenerateDestinationFileName
  360.     NULL                                //  NormalizeNameComponent
  361.  
  362. };
  363.  
  364.  
  365.  
  366. NTSTATUS
  367. testDrvAvlInstanceSetup (
  368.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  369.     _In_ FLT_INSTANCE_SETUP_FLAGS Flags,
  370.     _In_ DEVICE_TYPE VolumeDeviceType,
  371.     _In_ FLT_FILESYSTEM_TYPE VolumeFilesystemType
  372.     )
  373. /*++
  374.  
  375. Routine Description:
  376.  
  377.     This routine is called whenever a new instance is created on a volume. This
  378.     gives us a chance to decide if we need to attach to this volume or not.
  379.  
  380.     If this routine is not defined in the registration structure, automatic
  381.     instances are always created.
  382.  
  383. Arguments:
  384.  
  385.     FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
  386.         opaque handles to this filter, instance and its associated volume.
  387.  
  388.     Flags - Flags describing the reason for this attach request.
  389.  
  390. Return Value:
  391.  
  392.     STATUS_SUCCESS - attach
  393.     STATUS_FLT_DO_NOT_ATTACH - do not attach
  394.  
  395. --*/
  396. {
  397.     UNREFERENCED_PARAMETER( FltObjects );
  398.     UNREFERENCED_PARAMETER( Flags );
  399.     UNREFERENCED_PARAMETER( VolumeDeviceType );
  400.     UNREFERENCED_PARAMETER( VolumeFilesystemType );
  401.  
  402.     PAGED_CODE();
  403.  
  404.     PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
  405.                   ("testDrvAvl!testDrvAvlInstanceSetup: Entered\n") );
  406.  
  407.     return STATUS_SUCCESS;
  408. }
  409.  
  410.  
  411. NTSTATUS
  412. testDrvAvlInstanceQueryTeardown (
  413.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  414.     _In_ FLT_INSTANCE_QUERY_TEARDOWN_FLAGS Flags
  415.     )
  416. /*++
  417.  
  418. Routine Description:
  419.  
  420.     This is called when an instance is being manually deleted by a
  421.     call to FltDetachVolume or FilterDetach thereby giving us a
  422.     chance to fail that detach request.
  423.  
  424.     If this routine is not defined in the registration structure, explicit
  425.     detach requests via FltDetachVolume or FilterDetach will always be
  426.     failed.
  427.  
  428. Arguments:
  429.  
  430.     FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
  431.         opaque handles to this filter, instance and its associated volume.
  432.  
  433.     Flags - Indicating where this detach request came from.
  434.  
  435. Return Value:
  436.  
  437.     Returns the status of this operation.
  438.  
  439. --*/
  440. {
  441.     UNREFERENCED_PARAMETER( FltObjects );
  442.     UNREFERENCED_PARAMETER( Flags );
  443.  
  444.     PAGED_CODE();
  445.  
  446.     PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
  447.                   ("testDrvAvl!testDrvAvlInstanceQueryTeardown: Entered\n") );
  448.  
  449.     return STATUS_SUCCESS;
  450. }
  451.  
  452.  
  453. VOID
  454. testDrvAvlInstanceTeardownStart (
  455.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  456.     _In_ FLT_INSTANCE_TEARDOWN_FLAGS Flags
  457.     )
  458. /*++
  459.  
  460. Routine Description:
  461.  
  462.     This routine is called at the start of instance teardown.
  463.  
  464. Arguments:
  465.  
  466.     FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
  467.         opaque handles to this filter, instance and its associated volume.
  468.  
  469.     Flags - Reason why this instance is being deleted.
  470.  
  471. Return Value:
  472.  
  473.     None.
  474.  
  475. --*/
  476. {
  477.     UNREFERENCED_PARAMETER( FltObjects );
  478.     UNREFERENCED_PARAMETER( Flags );
  479.  
  480.     PAGED_CODE();
  481.  
  482.     PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
  483.                   ("testDrvAvl!testDrvAvlInstanceTeardownStart: Entered\n") );
  484. }
  485.  
  486.  
  487. VOID
  488. testDrvAvlInstanceTeardownComplete (
  489.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  490.     _In_ FLT_INSTANCE_TEARDOWN_FLAGS Flags
  491.     )
  492. /*++
  493.  
  494. Routine Description:
  495.  
  496.     This routine is called at the end of instance teardown.
  497.  
  498. Arguments:
  499.  
  500.     FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
  501.         opaque handles to this filter, instance and its associated volume.
  502.  
  503.     Flags - Reason why this instance is being deleted.
  504.  
  505. Return Value:
  506.  
  507.     None.
  508.  
  509. --*/
  510. {
  511.     UNREFERENCED_PARAMETER( FltObjects );
  512.     UNREFERENCED_PARAMETER( Flags );
  513.  
  514.     PAGED_CODE();
  515.  
  516.     PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
  517.                   ("testDrvAvl!testDrvAvlInstanceTeardownComplete: Entered\n") );
  518. }
  519.  
  520.  
  521. /*************************************************************************
  522.     MiniFilter initialization and unload routines.
  523. *************************************************************************/
  524.  
  525. #include <ntddk.h>
  526.  
  527. #define TAG '1qq1'
  528. #define SIZE_CH 16
  529.  
  530. typedef struct _RECORD
  531. {
  532.     WCHAR str[SIZE_CH];
  533.  
  534. }RECORD, *PRECORD;
  535.  
  536. void __stdcall FreeRoutine(__in struct _RTL_AVL_TABLE  *Table, __in PVOID  Buffer)
  537. {
  538.     ASSERT(ARGUMENT_PRESENT(Buffer));
  539.  
  540.     if (Buffer)
  541.     {
  542.         ExFreePoolWithTag(Buffer, TAG);
  543.     }
  544.  
  545.     UNREFERENCED_PARAMETER(Table);
  546. }
  547.  
  548. PVOID __stdcall AllocateRoutine(_In_ struct _RTL_AVL_TABLE* Table, _In_ CLONG ByteSize)
  549. {
  550.     PVOID p = ExAllocatePoolWithTag(PagedPool, ByteSize, TAG);
  551.  
  552.     RtlZeroMemory(p, ByteSize);
  553.  
  554.     return p;
  555.  
  556.     UNREFERENCED_PARAMETER(Table);
  557. }
  558.  
  559. RTL_GENERIC_COMPARE_RESULTS __stdcall CompareRoutine(_In_ struct _RTL_AVL_TABLE* p, _In_ PVOID first, _In_ PVOID second)
  560. {
  561.     UNREFERENCED_PARAMETER(p);
  562.  
  563.     LONG res = RtlCompareUnicodeString(first, second, TRUE);
  564.  
  565.     DbgPrint(" first<%wZ> second<%wZ> %d\n", first, second, res);
  566.  
  567.     if (!res) {
  568.         return GenericEqual;
  569.     }
  570.  
  571.     return (res < 0) ? GenericLessThan : GenericGreaterThan;
  572. }
  573.  
  574. static RTL_AVL_TABLE m_table;
  575.  
  576. NTSTATUS
  577. DriverEntry (
  578.     _In_ PDRIVER_OBJECT DriverObject,
  579.     _In_ PUNICODE_STRING RegistryPath
  580.     )
  581. /*++
  582.  
  583. Routine Description:
  584.  
  585.     This is the initialization routine for this miniFilter driver.  This
  586.     registers with FltMgr and initializes all global data structures.
  587.  
  588. Arguments:
  589.  
  590.     DriverObject - Pointer to driver object created by the system to
  591.         represent this driver.
  592.  
  593.     RegistryPath - Unicode string identifying where the parameters for this
  594.         driver are located in the registry.
  595.  
  596. Return Value:
  597.  
  598.     Routine can return non success error codes.
  599.  
  600. --*/
  601. {
  602.     UNREFERENCED_PARAMETER(DriverObject);
  603.     UNREFERENCED_PARAMETER(RegistryPath);
  604.  
  605.     DbgBreakPoint();
  606.  
  607.     RtlZeroMemory(&m_table, sizeof(m_table));
  608.  
  609.  
  610.     RtlInitializeGenericTableAvl(&m_table, CompareRoutine, AllocateRoutine, FreeRoutine, NULL);
  611. //  m_table
  612.  
  613.     DECLARE_CONST_UNICODE_STRING(str2, L"SOFTWARE");
  614.     DECLARE_CONST_UNICODE_STRING(str1, L"SYSTEM");
  615.  
  616.  
  617.     const LONG size_cb = sizeof(UNICODE_STRING);
  618.     BOOLEAN new_elem = FALSE;
  619.  
  620.     PVOID p = RtlInsertElementGenericTableAvl(&m_table, (PUNICODE_STRING)&str1, size_cb, &new_elem);
  621.  
  622.     ASSERT(NULL != p);
  623.  
  624.  
  625.     ULONG capacity = RtlNumberGenericTableElementsAvl(&m_table);
  626.  
  627.     for (ULONG i = 0; i < capacity; i++)
  628.     {
  629.         PVOID tmp = RtlGetElementGenericTableAvl(&m_table, i);
  630.  
  631.         DbgPrint("   %u  --> %p\n", i, tmp);
  632.     }
  633.  
  634.     p = RtlInsertElementGenericTableAvl(&m_table, (PUNICODE_STRING)&str2, size_cb, &new_elem);
  635.  
  636.     ASSERT(NULL != p);
  637.  
  638.     capacity = RtlNumberGenericTableElementsAvl(&m_table);
  639.  
  640.     for (ULONG i = 0; i < capacity; i++)
  641.     {
  642.         PVOID tmp = RtlGetElementGenericTableAvl(&m_table, i);
  643.  
  644.         DbgPrint("   %u  --> %p\n", i, tmp);
  645.  
  646.         if (tmp == (PVOID)0x10)
  647.         {
  648.             for (ULONG i2 = 0; i2 < capacity; i2++)
  649.             {
  650.                 PVOID tmp2 = RtlGetElementGenericTableAvl(&m_table, i2);
  651.  
  652.                 DbgPrint(" >>>  %u  --> %p\n", i2, tmp2);
  653.             }
  654.         }
  655.     }
  656.  
  657.  
  658.     for (ULONG i = 0; i < capacity; i++)
  659.     {
  660.         PVOID tmp = RtlGetElementGenericTableAvl(&m_table, 0);
  661.  
  662.         RtlDeleteElementGenericTableAvl(&m_table, tmp);
  663.     }
  664.  
  665.     DbgBreakPoint();
  666.  
  667.     return STATUS_UNSUCCESSFUL;
  668.     /*
  669.     UNREFERENCED_PARAMETER( RegistryPath );
  670.  
  671.     PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
  672.                   ("testDrvAvl!DriverEntry: Entered\n") );
  673.  
  674.     //
  675.     //  Register with FltMgr to tell it our callback routines
  676.     //
  677.  
  678.     status = FltRegisterFilter( DriverObject,
  679.                                 &FilterRegistration,
  680.                                 &gFilterHandle );
  681.  
  682.     FLT_ASSERT( NT_SUCCESS( status ) );
  683.  
  684.     if (NT_SUCCESS( status )) {
  685.  
  686.         //
  687.         //  Start filtering i/o
  688.         //
  689.  
  690.         status = FltStartFiltering( gFilterHandle );
  691.  
  692.         if (!NT_SUCCESS( status )) {
  693.  
  694.             FltUnregisterFilter( gFilterHandle );
  695.         }
  696.     }
  697.  
  698.     return status;
  699.     */
  700. }
  701.  
  702. NTSTATUS
  703. testDrvAvlUnload (
  704.     _In_ FLT_FILTER_UNLOAD_FLAGS Flags
  705.     )
  706. /*++
  707.  
  708. Routine Description:
  709.  
  710.     This is the unload routine for this miniFilter driver. This is called
  711.     when the minifilter is about to be unloaded. We can fail this unload
  712.     request if this is not a mandatory unload indicated by the Flags
  713.     parameter.
  714.  
  715. Arguments:
  716.  
  717.     Flags - Indicating if this is a mandatory unload.
  718.  
  719. Return Value:
  720.  
  721.     Returns STATUS_SUCCESS.
  722.  
  723. --*/
  724. {
  725.     UNREFERENCED_PARAMETER( Flags );
  726.  
  727.     PAGED_CODE();
  728.  
  729.     PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
  730.                   ("testDrvAvl!testDrvAvlUnload: Entered\n") );
  731.  
  732.     FltUnregisterFilter( gFilterHandle );
  733.  
  734.     return STATUS_SUCCESS;
  735. }
  736.  
  737.  
  738. /*************************************************************************
  739.     MiniFilter callback routines.
  740. *************************************************************************/
  741. FLT_PREOP_CALLBACK_STATUS
  742. testDrvAvlPreOperation (
  743.     _Inout_ PFLT_CALLBACK_DATA Data,
  744.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  745.     _Flt_CompletionContext_Outptr_ PVOID *CompletionContext
  746.     )
  747. /*++
  748.  
  749. Routine Description:
  750.  
  751.     This routine is a pre-operation dispatch routine for this miniFilter.
  752.  
  753.     This is non-pageable because it could be called on the paging path
  754.  
  755. Arguments:
  756.  
  757.     Data - Pointer to the filter callbackData that is passed to us.
  758.  
  759.     FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
  760.         opaque handles to this filter, instance, its associated volume and
  761.         file object.
  762.  
  763.     CompletionContext - The context for the completion routine for this
  764.         operation.
  765.  
  766. Return Value:
  767.  
  768.     The return value is the status of the operation.
  769.  
  770. --*/
  771. {
  772.     NTSTATUS status;
  773.  
  774.     UNREFERENCED_PARAMETER( FltObjects );
  775.     UNREFERENCED_PARAMETER( CompletionContext );
  776.  
  777.     PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
  778.                   ("testDrvAvl!testDrvAvlPreOperation: Entered\n") );
  779.  
  780.     //
  781.     //  See if this is an operation we would like the operation status
  782.     //  for.  If so request it.
  783.     //
  784.     //  NOTE: most filters do NOT need to do this.  You only need to make
  785.     //        this call if, for example, you need to know if the oplock was
  786.     //        actually granted.
  787.     //
  788.  
  789.     if (testDrvAvlDoRequestOperationStatus( Data )) {
  790.  
  791.         status = FltRequestOperationStatusCallback( Data,
  792.                                                     testDrvAvlOperationStatusCallback,
  793.                                                     (PVOID)(++OperationStatusCtx) );
  794.         if (!NT_SUCCESS(status)) {
  795.  
  796.             PT_DBG_PRINT( PTDBG_TRACE_OPERATION_STATUS,
  797.                           ("testDrvAvl!testDrvAvlPreOperation: FltRequestOperationStatusCallback Failed, status=%08x\n",
  798.                            status) );
  799.         }
  800.     }
  801.  
  802.     // This template code does not do anything with the callbackData, but
  803.     // rather returns FLT_PREOP_SUCCESS_WITH_CALLBACK.
  804.     // This passes the request down to the next miniFilter in the chain.
  805.  
  806.     return FLT_PREOP_SUCCESS_WITH_CALLBACK;
  807. }
  808.  
  809.  
  810.  
  811. VOID
  812. testDrvAvlOperationStatusCallback (
  813.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  814.     _In_ PFLT_IO_PARAMETER_BLOCK ParameterSnapshot,
  815.     _In_ NTSTATUS OperationStatus,
  816.     _In_ PVOID RequesterContext
  817.     )
  818. /*++
  819.  
  820. Routine Description:
  821.  
  822.     This routine is called when the given operation returns from the call
  823.     to IoCallDriver.  This is useful for operations where STATUS_PENDING
  824.     means the operation was successfully queued.  This is useful for OpLocks
  825.     and directory change notification operations.
  826.  
  827.     This callback is called in the context of the originating thread and will
  828.     never be called at DPC level.  The file object has been correctly
  829.     referenced so that you can access it.  It will be automatically
  830.     dereferenced upon return.
  831.  
  832.     This is non-pageable because it could be called on the paging path
  833.  
  834. Arguments:
  835.  
  836.     FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
  837.         opaque handles to this filter, instance, its associated volume and
  838.         file object.
  839.  
  840.     RequesterContext - The context for the completion routine for this
  841.         operation.
  842.  
  843.     OperationStatus -
  844.  
  845. Return Value:
  846.  
  847.     The return value is the status of the operation.
  848.  
  849. --*/
  850. {
  851.     UNREFERENCED_PARAMETER( FltObjects );
  852.  
  853.     PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
  854.                   ("testDrvAvl!testDrvAvlOperationStatusCallback: Entered\n") );
  855.  
  856.     PT_DBG_PRINT( PTDBG_TRACE_OPERATION_STATUS,
  857.                   ("testDrvAvl!testDrvAvlOperationStatusCallback: Status=%08x ctx=%p IrpMj=%02x.%02x \"%s\"\n",
  858.                    OperationStatus,
  859.                    RequesterContext,
  860.                    ParameterSnapshot->MajorFunction,
  861.                    ParameterSnapshot->MinorFunction,
  862.                    FltGetIrpName(ParameterSnapshot->MajorFunction)) );
  863. }
  864.  
  865.  
  866. FLT_POSTOP_CALLBACK_STATUS
  867. testDrvAvlPostOperation (
  868.     _Inout_ PFLT_CALLBACK_DATA Data,
  869.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  870.     _In_opt_ PVOID CompletionContext,
  871.     _In_ FLT_POST_OPERATION_FLAGS Flags
  872.     )
  873. /*++
  874.  
  875. Routine Description:
  876.  
  877.     This routine is the post-operation completion routine for this
  878.     miniFilter.
  879.  
  880.     This is non-pageable because it may be called at DPC level.
  881.  
  882. Arguments:
  883.  
  884.     Data - Pointer to the filter callbackData that is passed to us.
  885.  
  886.     FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
  887.         opaque handles to this filter, instance, its associated volume and
  888.         file object.
  889.  
  890.     CompletionContext - The completion context set in the pre-operation routine.
  891.  
  892.     Flags - Denotes whether the completion is successful or is being drained.
  893.  
  894. Return Value:
  895.  
  896.     The return value is the status of the operation.
  897.  
  898. --*/
  899. {
  900.     UNREFERENCED_PARAMETER( Data );
  901.     UNREFERENCED_PARAMETER( FltObjects );
  902.     UNREFERENCED_PARAMETER( CompletionContext );
  903.     UNREFERENCED_PARAMETER( Flags );
  904.  
  905.     PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
  906.                   ("testDrvAvl!testDrvAvlPostOperation: Entered\n") );
  907.  
  908.     return FLT_POSTOP_FINISHED_PROCESSING;
  909. }
  910.  
  911.  
  912. FLT_PREOP_CALLBACK_STATUS
  913. testDrvAvlPreOperationNoPostOperation (
  914.     _Inout_ PFLT_CALLBACK_DATA Data,
  915.     _In_ PCFLT_RELATED_OBJECTS FltObjects,
  916.     _Flt_CompletionContext_Outptr_ PVOID *CompletionContext
  917.     )
  918. /*++
  919.  
  920. Routine Description:
  921.  
  922.     This routine is a pre-operation dispatch routine for this miniFilter.
  923.  
  924.     This is non-pageable because it could be called on the paging path
  925.  
  926. Arguments:
  927.  
  928.     Data - Pointer to the filter callbackData that is passed to us.
  929.  
  930.     FltObjects - Pointer to the FLT_RELATED_OBJECTS data structure containing
  931.         opaque handles to this filter, instance, its associated volume and
  932.         file object.
  933.  
  934.     CompletionContext - The context for the completion routine for this
  935.         operation.
  936.  
  937. Return Value:
  938.  
  939.     The return value is the status of the operation.
  940.  
  941. --*/
  942. {
  943.     UNREFERENCED_PARAMETER( Data );
  944.     UNREFERENCED_PARAMETER( FltObjects );
  945.     UNREFERENCED_PARAMETER( CompletionContext );
  946.  
  947.     PT_DBG_PRINT( PTDBG_TRACE_ROUTINES,
  948.                   ("testDrvAvl!testDrvAvlPreOperationNoPostOperation: Entered\n") );
  949.  
  950.     // This template code does not do anything with the callbackData, but
  951.     // rather returns FLT_PREOP_SUCCESS_NO_CALLBACK.
  952.     // This passes the request down to the next miniFilter in the chain.
  953.  
  954.     return FLT_PREOP_SUCCESS_NO_CALLBACK;
  955. }
  956.  
  957.  
  958. BOOLEAN
  959. testDrvAvlDoRequestOperationStatus(
  960.     _In_ PFLT_CALLBACK_DATA Data
  961.     )
  962. /*++
  963.  
  964. Routine Description:
  965.  
  966.     This identifies those operations we want the operation status for.  These
  967.     are typically operations that return STATUS_PENDING as a normal completion
  968.     status.
  969.  
  970. Arguments:
  971.  
  972. Return Value:
  973.  
  974.     TRUE - If we want the operation status
  975.     FALSE - If we don't
  976.  
  977. --*/
  978. {
  979.     PFLT_IO_PARAMETER_BLOCK iopb = Data->Iopb;
  980.  
  981.     //
  982.     //  return boolean state based on which operations we are interested in
  983.     //
  984.  
  985.     return (BOOLEAN)
  986.  
  987.             //
  988.             //  Check for oplock operations
  989.             //
  990.  
  991.              (((iopb->MajorFunction == IRP_MJ_FILE_SYSTEM_CONTROL) &&
  992.                ((iopb->Parameters.FileSystemControl.Common.FsControlCode == FSCTL_REQUEST_FILTER_OPLOCK)  ||
  993.                 (iopb->Parameters.FileSystemControl.Common.FsControlCode == FSCTL_REQUEST_BATCH_OPLOCK)   ||
  994.                 (iopb->Parameters.FileSystemControl.Common.FsControlCode == FSCTL_REQUEST_OPLOCK_LEVEL_1) ||
  995.                 (iopb->Parameters.FileSystemControl.Common.FsControlCode == FSCTL_REQUEST_OPLOCK_LEVEL_2)))
  996.  
  997.               ||
  998.  
  999.               //
  1000.               //    Check for directy change notification
  1001.               //
  1002.  
  1003.               ((iopb->MajorFunction == IRP_MJ_DIRECTORY_CONTROL) &&
  1004.                (iopb->MinorFunction == IRP_MN_NOTIFY_CHANGE_DIRECTORY))
  1005.              );
  1006. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top