4 // Hack - our SDK reports NTDDI_VERSION as 0x05020100 (from _WIN32_WINNT 0x502)
5 // which doesn't pass the FLT_MGR_BASELINE check in fltkernel.h
6 #define NTDDI_VERSION NTDDI_WS03SP1
10 #include <pseh/pseh2.h>
12 #define DRIVER_NAME L"RosFltMgr"
14 #define FLT_MAJOR_VERSION 0x02
15 #define FLT_MINOR_VERSION 0x00 //win2k3
17 #define FM_TAG_DISPATCH_TABLE 'ifMF'
18 #define FM_TAG_REGISTRY_DATA 'rtMF'
19 #define FM_TAG_DEV_OBJ_PTRS 'ldMF'
20 #define FM_TAG_UNICODE_STRING 'suMF'
21 #define FM_TAG_FILTER 'lfMF'
24 typedef struct _DRIVER_DATA
26 PDRIVER_OBJECT DriverObject
;
27 PDEVICE_OBJECT DeviceObject
;
28 UNICODE_STRING ServiceKey
;
30 PFAST_IO_DISPATCH FastIoDispatch
;
32 FAST_MUTEX FilterAttachLock
;
34 } DRIVER_DATA
, *PDRIVER_DATA
;
37 typedef enum _FLT_OBJECT_FLAGS
39 FLT_OBFL_DRAINING
= 1,
41 FLT_OBFL_TYPE_INSTANCE
= 0x1000000,
42 FLT_OBFL_TYPE_FILTER
= 0x2000000,
43 FLT_OBFL_TYPE_VOLUME
= 0x4000000
45 } FLT_OBJECT_FLAGS
, *PFLT_OBJECT_FLAGS
;
47 typedef enum _FLT_FILTER_FLAGS
49 FLTFL_MANDATORY_UNLOAD_IN_PROGRESS
= 1,
50 FLTFL_FILTERING_INITIATED
= 2
52 } FLT_FILTER_FLAGS
, *PFLT_FILTER_FLAGS
;
54 typedef struct _FLT_OBJECT
// size = 0x14
56 volatile FLT_OBJECT_FLAGS Flags
;
58 EX_RUNDOWN_REF RundownRef
;
59 LIST_ENTRY PrimaryLink
;
61 } FLT_OBJECT
, *PFLT_OBJECT
;
63 typedef struct _FLT_RESOURCE_LIST_HEAD
69 } FLT_RESOURCE_LIST_HEAD
, *PFLT_RESOURCE_LIST_HEAD
;
71 typedef struct _FLT_MUTEX_LIST_HEAD
77 } FLT_MUTEX_LIST_HEAD
, *PFLT_MUTEX_LIST_HEAD
;
79 typedef struct _FLT_FILTER
// size = 0x120
82 PVOID Frame
; //FLTP_FRAME
84 UNICODE_STRING DefaultAltitude
;
85 FLT_FILTER_FLAGS Flags
;
86 PDRIVER_OBJECT DriverObject
;
87 FLT_RESOURCE_LIST_HEAD InstanceList
;
88 PVOID VerifierExtension
;
89 PFLT_FILTER_UNLOAD_CALLBACK FilterUnload
;
90 PFLT_INSTANCE_SETUP_CALLBACK InstanceSetup
;
91 PFLT_INSTANCE_QUERY_TEARDOWN_CALLBACK InstanceQueryTeardown
;
92 PFLT_INSTANCE_TEARDOWN_CALLBACK InstanceTeardownStart
;
93 PFLT_INSTANCE_TEARDOWN_CALLBACK InstanceTeardownComplete
;
94 PVOID SupportedContextsListHead
; //PALLOCATE_CONTEXT_HEADER
95 PVOID SupportedContexts
; //PALLOCATE_CONTEXT_HEADER
97 PVOID PostVolumeMount
;
98 PFLT_GENERATE_FILE_NAME GenerateFileName
;
99 PFLT_NORMALIZE_NAME_COMPONENT NormalizeNameComponent
;
100 PFLT_NORMALIZE_CONTEXT_CLEANUP NormalizeContextCleanup
;
101 PFLT_OPERATION_REGISTRATION Operations
;
102 PFLT_FILTER_UNLOAD_CALLBACK OldDriverUnload
;
103 FLT_MUTEX_LIST_HEAD ActiveOpens
;
104 FLT_MUTEX_LIST_HEAD PortList
;
105 EX_PUSH_LOCK PortLock
;
107 } FLT_FILTER
, *PFLT_FILTER
;
109 typedef enum _FLT_INSTANCE_FLAGS
111 INSFL_CAN_BE_DETACHED
= 0x01,
112 INSFL_DELETING
= 0x02,
115 } FLT_INSTANCE_FLAGS
, *PFLT_INSTANCE_FLAGS
;
117 typedef struct _FLT_INSTANCE
// size = 0x144
120 ULONG OperationRundownRef
;
121 PVOID Volume
; //PFLT_VOLUME
123 FLT_INSTANCE_FLAGS Flags
;
124 UNICODE_STRING Altitude
;
126 LIST_ENTRY FilterLink
;
127 ERESOURCE ContextLock
;
129 PVOID TrackCompletionNodes
;
132 } FLT_INSTANCE
, *PFLT_INSTANCE
;
139 FltpExInitializeRundownProtection(
140 _Out_ PEX_RUNDOWN_REF RundownRef
144 FltpExAcquireRundownProtection(
145 _Inout_ PEX_RUNDOWN_REF RundownRef
149 FltpExReleaseRundownProtection(
150 _Inout_ PEX_RUNDOWN_REF RundownRef
155 FltpObjectRundownWait(
156 _Inout_ PEX_RUNDOWN_REF RundownRef
160 FltpExRundownCompleted(
161 _Inout_ PEX_RUNDOWN_REF RundownRef
164 /////////// FIXME: put these into the correct header
166 FltpGetBaseDeviceObjectName(_In_ PDEVICE_OBJECT DeviceObject
,
167 _Inout_ PUNICODE_STRING ObjectName
);
170 FltpGetObjectName(_In_ PVOID Object
,
171 _Inout_ PUNICODE_STRING ObjectName
);
174 FltpReallocateUnicodeString(_In_ PUNICODE_STRING String
,
175 _In_ SIZE_T NewLength
,
176 _In_ BOOLEAN CopyExisting
);
179 FltpFreeUnicodeString(_In_ PUNICODE_STRING String
);
180 ////////////////////////////////////////////////
193 //FM ? ? -fltmgr.sys - Unrecognized FltMgr tag(update pooltag.w)
194 //FMac - fltmgr.sys - ASCII String buffers
195 //FMas - fltmgr.sys - ASYNC_IO_COMPLETION_CONTEXT structure
196 //FMcb - fltmgr.sys - FLT_CCB structure
197 //FMcr - fltmgr.sys - Context registration structures
198 //FMct - fltmgr.sys - TRACK_COMPLETION_NODES structure
199 //FMdl - fltmgr.sys - Array of DEVICE_OBJECT pointers
200 //FMea - fltmgr.sys - EA buffer for create
201 //FMfc - fltmgr.sys - FLTMGR_FILE_OBJECT_CONTEXT structure
202 //FMfi - fltmgr.sys - Fast IO dispatch table
203 //FMfk - fltmgr.sys - Byte Range Lock structure
204 //FMfl - fltmgr.sys - FLT_FILTER structure
205 //FMfn - fltmgr.sys - NAME_CACHE_NODE structure
206 //FMfr - fltmgr.sys - FLT_FRAME structure
207 //FMfz - fltmgr.sys - FILE_LIST_CTRL structure
208 //FMib - fltmgr.sys - Irp SYSTEM buffers
209 //FMic - fltmgr.sys - IRP_CTRL structure
210 //FMin - fltmgr.sys - FLT_INSTANCE name
211 //FMil - fltmgr.sys - IRP_CTRL completion node stack
212 //FMis - fltmgr.sys - FLT_INSTANCE structure
213 //FMla - fltmgr.sys - Per - processor IRPCTRL lookaside lists
214 //FMnc - fltmgr.sys - NAME_CACHE_CREATE_CTRL structure
215 //FMng - fltmgr.sys - NAME_GENERATION_CONTEXT structure
216 //FMol - fltmgr.sys - OPLOCK_CONTEXT structure
217 //FMos - fltmgr.sys - Operation status ctrl structure
218 //FMpl - fltmgr.sys - Cache aware pushLock
219 //FMpr - fltmgr.sys - FLT_PRCB structure
220 //FMrl - fltmgr.sys - FLT_OBJECT rundown logs
221 //FMrp - fltmgr.sys - Reparse point data buffer
222 //FMrr - fltmgr.sys - Per - processor Cache - aware rundown ref structure
223 //FMsd - fltmgr.sys - Security descriptors
224 //FMsl - fltmgr.sys - STREAM_LIST_CTRL structure
225 //FMtn - fltmgr.sys - Temporary file names
226 //FMtr - fltmgr.sys - Temporary Registry information
227 //FMts - fltmgr.sys - Tree Stack
228 //FMus - fltmgr.sys - Unicode string
229 //FMvf - fltmgr.sys - FLT_VERIFIER_EXTENSION structure
230 //FMvj - fltmgr.sys - FLT_VERIFIER_OBJECT structure
231 //FMvo - fltmgr.sys - FLT_VOLUME structure
232 //FMwi - fltmgr.sys - Work item structures
233 //FMcn - fltmgr.sys - Non paged context extension structures.
234 //FMtp - fltmgr.sys - Non Paged tx vol context structures.
235 //FMlp - fltmgr.sys - Paged stream list control entry structures.
241 FltAcquirePushLockExclusive
242 FltAcquirePushLockShared
243 FltAcquireResourceExclusive
244 FltAcquireResourceShared
245 FltAllocateCallbackData
247 FltAllocateDeferredIoWorkItem
249 FltAllocateGenericWorkItem
250 FltAllocatePoolAlignedWithTag
252 FltAttachVolumeAtAltitude
253 FltBuildDefaultSecurityDescriptor
262 FltCheckAndGrowNameControl
263 FltCheckLockForReadAccess
264 FltCheckLockForWriteAccess
266 FltClearCallbackDataDirty
267 FltClearCancelCompletion
270 FltCloseCommunicationPort
271 FltCompareInstanceAltitudes
272 FltCompletePendedPostOperation
273 FltCompletePendedPreOperation
274 FltCreateCommunicationPort
277 FltCreateSystemVolumeInformationFolder
278 FltCurrentBatchOplock
282 FltDeleteInstanceContext
284 FltDeleteStreamContext
285 FltDeleteStreamHandleContext
286 FltDeleteVolumeContext
288 FltDeviceIoControlFile
289 FltDoCompletionProcessingWhenSafe
290 FltEnumerateFilterInformation
292 FltEnumerateInstanceInformationByFilter
293 FltEnumerateInstanceInformationByVolume
294 FltEnumerateInstances
295 FltEnumerateVolumeInformation
299 FltFreeDeferredIoWorkItem
301 FltFreeGenericWorkItem
302 FltFreePoolAlignedWithTag
303 FltFreeSecurityDescriptor
307 FltGetDestinationFileNameInformation
309 FltGetDiskDeviceObject
311 FltGetFileNameInformation
312 FltGetFileNameInformationUnsafe
313 FltGetFilterFromInstance
315 FltGetFilterInformation
316 FltGetInstanceContext
317 FltGetInstanceInformation
320 FltGetRequestorProcess
321 FltGetRequestorProcessId
324 FltGetStreamHandleContext
325 FltGetSwappedBufferMdlAddress
330 FltGetVolumeFromDeviceObject
331 FltGetVolumeFromFileObject
332 FltGetVolumeFromInstance
335 FltGetVolumeInstanceFromName
337 FltGetVolumeProperties
338 FltInitializeFileLock
340 FltInitializePushLock
342 FltIsCallbackDataDirty
345 FltIsOperationSynchronous
349 FltNotifyFilterChangeDirectory
354 FltOplockIsFastIoPossible
356 FltParseFileNameInformation
357 FltPerformAsynchronousIo
358 FltPerformSynchronousIo
360 FltPurgeFileNameInformationCache
362 FltQueryInformationFile
363 FltQuerySecurityObject
364 FltQueryVolumeInformation
365 FltQueryVolumeInformationFile
366 FltQueueDeferredIoWorkItem
367 FltQueueGenericWorkItem
370 FltReferenceFileNameInformation
372 FltReissueSynchronousIo
375 FltReleaseFileNameInformation
378 FltRequestOperationStatusCallback
379 FltRetainSwappedBufferMdlAddress
382 FltSetCallbackDataDirty
383 FltSetCancelCompletion
386 FltSetInformationFile
387 FltSetInstanceContext
390 FltSetStreamHandleContext
392 FltSetVolumeInformation
394 FltSupportsFileContexts
395 FltSupportsStreamContexts
396 FltSupportsStreamHandleContexts
398 FltUninitializeFileLock
399 FltUninitializeOplock
409 #endif /* _FLTMGR_H */