1c2c66affSColin Finck #ifndef _FLTMGR_H 2c2c66affSColin Finck #define _FLTMGR_H 3c2c66affSColin Finck 4c2c66affSColin Finck #include <ntifs.h> 5c2c66affSColin Finck #include <ndk/obfuncs.h> 6c2c66affSColin Finck #include <ndk/exfuncs.h> 7c2c66affSColin Finck #include <fltkernel.h> 8c2c66affSColin Finck #include <pseh/pseh2.h> 9c2c66affSColin Finck 10*3adf4508SJérôme Gardou #include <section_attribs.h> 11*3adf4508SJérôme Gardou 12c2c66affSColin Finck #define DRIVER_NAME L"FltMgr" 13c2c66affSColin Finck 14c2c66affSColin Finck #define FLT_MAJOR_VERSION 0x0200 15c2c66affSColin Finck #define FLT_MINOR_VERSION 0x0000 //win2k3 16c2c66affSColin Finck 17c2c66affSColin Finck #define FM_TAG_DISPATCH_TABLE 'ifMF' 18c2c66affSColin Finck #define FM_TAG_REGISTRY_DATA 'rtMF' 19c2c66affSColin Finck #define FM_TAG_DEV_OBJ_PTRS 'ldMF' 20c2c66affSColin Finck #define FM_TAG_UNICODE_STRING 'suMF' 21c2c66affSColin Finck #define FM_TAG_FILTER 'lfMF' 22c2c66affSColin Finck #define FM_TAG_CONTEXT_REGISTA 'rcMF' 23dfb77638SGed Murphy #define FM_TAG_CCB 'bcMF' 24dfb77638SGed Murphy #define FM_TAG_TEMP_REGISTRY 'rtMF' 25c2c66affSColin Finck 26c2c66affSColin Finck #define MAX_DEVNAME_LENGTH 64 27c2c66affSColin Finck 28c2c66affSColin Finck 29c2c66affSColin Finck typedef struct _DRIVER_DATA 30c2c66affSColin Finck { 31c2c66affSColin Finck PDRIVER_OBJECT DriverObject; 32c2c66affSColin Finck PDEVICE_OBJECT DeviceObject; 33c2c66affSColin Finck UNICODE_STRING ServiceKey; 34c2c66affSColin Finck 35c2c66affSColin Finck PDEVICE_OBJECT CommsDeviceObject; 36c2c66affSColin Finck 37c2c66affSColin Finck PFAST_IO_DISPATCH FastIoDispatch; 38c2c66affSColin Finck 39c2c66affSColin Finck FAST_MUTEX FilterAttachLock; 40c2c66affSColin Finck 41c2c66affSColin Finck } DRIVER_DATA, *PDRIVER_DATA; 42c2c66affSColin Finck 43c2c66affSColin Finck typedef struct _FLTMGR_DEVICE_EXTENSION 44c2c66affSColin Finck { 45c2c66affSColin Finck /* The file system we're attached to */ 46c2c66affSColin Finck PDEVICE_OBJECT AttachedToDeviceObject; 47c2c66affSColin Finck 48c2c66affSColin Finck /* The storage stack(disk) associated with the file system device object we're attached to */ 49c2c66affSColin Finck PDEVICE_OBJECT StorageStackDeviceObject; 50c2c66affSColin Finck 51c2c66affSColin Finck /* Either physical drive for volume device objects otherwise 52c2c66affSColin Finck * it's the name of the control device we're attached to */ 53c2c66affSColin Finck UNICODE_STRING DeviceName; 54c2c66affSColin Finck WCHAR DeviceNameBuffer[MAX_DEVNAME_LENGTH]; 55c2c66affSColin Finck 56c2c66affSColin Finck } FLTMGR_DEVICE_EXTENSION, *PFLTMGR_DEVICE_EXTENSION; 57c2c66affSColin Finck 58c2c66affSColin Finck 59c2c66affSColin Finck NTSTATUS 60c2c66affSColin Finck FltpRegisterContexts( 61c2c66affSColin Finck _In_ PFLT_FILTER Filter, 62c2c66affSColin Finck _In_ const FLT_CONTEXT_REGISTRATION *Context 63c2c66affSColin Finck ); 64c2c66affSColin Finck 65c2c66affSColin Finck VOID 66c2c66affSColin Finck FltpExInitializeRundownProtection( 67c2c66affSColin Finck _Out_ PEX_RUNDOWN_REF RundownRef 68c2c66affSColin Finck ); 69c2c66affSColin Finck 70c2c66affSColin Finck BOOLEAN 71c2c66affSColin Finck FltpExAcquireRundownProtection( 72c2c66affSColin Finck _Inout_ PEX_RUNDOWN_REF RundownRef 73c2c66affSColin Finck ); 74c2c66affSColin Finck 75c2c66affSColin Finck BOOLEAN 76c2c66affSColin Finck FltpExReleaseRundownProtection( 77c2c66affSColin Finck _Inout_ PEX_RUNDOWN_REF RundownRef 78c2c66affSColin Finck ); 79c2c66affSColin Finck 80c2c66affSColin Finck NTSTATUS 81c2c66affSColin Finck NTAPI 82c2c66affSColin Finck FltpObjectRundownWait( 83c2c66affSColin Finck _Inout_ PEX_RUNDOWN_REF RundownRef 84c2c66affSColin Finck ); 85c2c66affSColin Finck 86c2c66affSColin Finck BOOLEAN 87c2c66affSColin Finck FltpExRundownCompleted( 88c2c66affSColin Finck _Inout_ PEX_RUNDOWN_REF RundownRef 89c2c66affSColin Finck ); 90c2c66affSColin Finck 91c2c66affSColin Finck /////////// FIXME: put these into the correct header 92c2c66affSColin Finck NTSTATUS 93c2c66affSColin Finck FltpGetBaseDeviceObjectName(_In_ PDEVICE_OBJECT DeviceObject, 94c2c66affSColin Finck _Inout_ PUNICODE_STRING ObjectName); 95c2c66affSColin Finck 96c2c66affSColin Finck NTSTATUS 97c2c66affSColin Finck FltpGetObjectName(_In_ PVOID Object, 98c2c66affSColin Finck _Inout_ PUNICODE_STRING ObjectName); 99c2c66affSColin Finck 100c2c66affSColin Finck NTSTATUS 101c2c66affSColin Finck FltpReallocateUnicodeString(_In_ PUNICODE_STRING String, 102c2c66affSColin Finck _In_ SIZE_T NewLength, 103c2c66affSColin Finck _In_ BOOLEAN CopyExisting); 104c2c66affSColin Finck 105c2c66affSColin Finck VOID 106c2c66affSColin Finck FltpFreeUnicodeString(_In_ PUNICODE_STRING String); 107dfb77638SGed Murphy 108dfb77638SGed Murphy 109dfb77638SGed Murphy 110c2c66affSColin Finck //////////////////////////////////////////////// 111c2c66affSColin Finck 112c2c66affSColin Finck 113c2c66affSColin Finck 114c2c66affSColin Finck 115c2c66affSColin Finck 116c2c66affSColin Finck 117c2c66affSColin Finck 118c2c66affSColin Finck 119c2c66affSColin Finck 120c2c66affSColin Finck 121c2c66affSColin Finck 122c2c66affSColin Finck 123c2c66affSColin Finck //FM ? ? -fltmgr.sys - Unrecognized FltMgr tag(update pooltag.w) 124c2c66affSColin Finck //FMac - fltmgr.sys - ASCII String buffers 125c2c66affSColin Finck //FMas - fltmgr.sys - ASYNC_IO_COMPLETION_CONTEXT structure 126c2c66affSColin Finck //FMcb - fltmgr.sys - FLT_CCB structure 127c2c66affSColin Finck //FMcr - fltmgr.sys - Context registration structures 128c2c66affSColin Finck //FMct - fltmgr.sys - TRACK_COMPLETION_NODES structure 129c2c66affSColin Finck //FMdl - fltmgr.sys - Array of DEVICE_OBJECT pointers 130c2c66affSColin Finck //FMea - fltmgr.sys - EA buffer for create 131c2c66affSColin Finck //FMfc - fltmgr.sys - FLTMGR_FILE_OBJECT_CONTEXT structure 132c2c66affSColin Finck //FMfi - fltmgr.sys - Fast IO dispatch table 133c2c66affSColin Finck //FMfk - fltmgr.sys - Byte Range Lock structure 134c2c66affSColin Finck //FMfl - fltmgr.sys - FLT_FILTER structure 135c2c66affSColin Finck //FMfn - fltmgr.sys - NAME_CACHE_NODE structure 136c2c66affSColin Finck //FMfr - fltmgr.sys - FLT_FRAME structure 137c2c66affSColin Finck //FMfz - fltmgr.sys - FILE_LIST_CTRL structure 138c2c66affSColin Finck //FMib - fltmgr.sys - Irp SYSTEM buffers 139c2c66affSColin Finck //FMic - fltmgr.sys - IRP_CTRL structure 140c2c66affSColin Finck //FMin - fltmgr.sys - FLT_INSTANCE name 141c2c66affSColin Finck //FMil - fltmgr.sys - IRP_CTRL completion node stack 142c2c66affSColin Finck //FMis - fltmgr.sys - FLT_INSTANCE structure 143c2c66affSColin Finck //FMla - fltmgr.sys - Per - processor IRPCTRL lookaside lists 144c2c66affSColin Finck //FMnc - fltmgr.sys - NAME_CACHE_CREATE_CTRL structure 145c2c66affSColin Finck //FMng - fltmgr.sys - NAME_GENERATION_CONTEXT structure 146c2c66affSColin Finck //FMol - fltmgr.sys - OPLOCK_CONTEXT structure 147c2c66affSColin Finck //FMos - fltmgr.sys - Operation status ctrl structure 148c2c66affSColin Finck //FMpl - fltmgr.sys - Cache aware pushLock 149c2c66affSColin Finck //FMpr - fltmgr.sys - FLT_PRCB structure 150c2c66affSColin Finck //FMrl - fltmgr.sys - FLT_OBJECT rundown logs 151c2c66affSColin Finck //FMrp - fltmgr.sys - Reparse point data buffer 152c2c66affSColin Finck //FMrr - fltmgr.sys - Per - processor Cache - aware rundown ref structure 153c2c66affSColin Finck //FMsd - fltmgr.sys - Security descriptors 154c2c66affSColin Finck //FMsl - fltmgr.sys - STREAM_LIST_CTRL structure 155c2c66affSColin Finck //FMtn - fltmgr.sys - Temporary file names 156c2c66affSColin Finck //FMtr - fltmgr.sys - Temporary Registry information 157c2c66affSColin Finck //FMts - fltmgr.sys - Tree Stack 158c2c66affSColin Finck //FMus - fltmgr.sys - Unicode string 159c2c66affSColin Finck //FMvf - fltmgr.sys - FLT_VERIFIER_EXTENSION structure 160c2c66affSColin Finck //FMvj - fltmgr.sys - FLT_VERIFIER_OBJECT structure 161c2c66affSColin Finck //FMvo - fltmgr.sys - FLT_VOLUME structure 162c2c66affSColin Finck //FMwi - fltmgr.sys - Work item structures 163c2c66affSColin Finck //FMcn - fltmgr.sys - Non paged context extension structures. 164c2c66affSColin Finck //FMtp - fltmgr.sys - Non Paged tx vol context structures. 165c2c66affSColin Finck //FMlp - fltmgr.sys - Paged stream list control entry structures. 166c2c66affSColin Finck 167c2c66affSColin Finck 168c2c66affSColin Finck 169c2c66affSColin Finck 170c2c66affSColin Finck /* 171c2c66affSColin Finck FltAcquirePushLockExclusive 172c2c66affSColin Finck FltAcquirePushLockShared 173c2c66affSColin Finck FltAcquireResourceExclusive 174c2c66affSColin Finck FltAcquireResourceShared 175c2c66affSColin Finck FltAllocateCallbackData 176c2c66affSColin Finck FltAllocateContext 177c2c66affSColin Finck FltAllocateDeferredIoWorkItem 178c2c66affSColin Finck FltAllocateFileLock 179c2c66affSColin Finck FltAllocateGenericWorkItem 180c2c66affSColin Finck FltAllocatePoolAlignedWithTag 181c2c66affSColin Finck FltAttachVolume 182c2c66affSColin Finck FltAttachVolumeAtAltitude 183c2c66affSColin Finck FltBuildDefaultSecurityDescriptor 184c2c66affSColin Finck FltCancelFileOpen 185c2c66affSColin Finck FltCancelIo 186c2c66affSColin Finck FltCbdqDisable 187c2c66affSColin Finck FltCbdqEnable 188c2c66affSColin Finck FltCbdqInitialize 189c2c66affSColin Finck FltCbdqInsertIo 190c2c66affSColin Finck FltCbdqRemoveIo 191c2c66affSColin Finck FltCbdqRemoveNextIo 192c2c66affSColin Finck FltCheckAndGrowNameControl 193c2c66affSColin Finck FltCheckLockForReadAccess 194c2c66affSColin Finck FltCheckLockForWriteAccess 195c2c66affSColin Finck FltCheckOplock 196c2c66affSColin Finck FltClearCallbackDataDirty 197c2c66affSColin Finck FltClearCancelCompletion 198c2c66affSColin Finck FltClose 199c2c66affSColin Finck FltCloseClientPort 200c2c66affSColin Finck FltCloseCommunicationPort 201c2c66affSColin Finck FltCompareInstanceAltitudes 202c2c66affSColin Finck FltCompletePendedPostOperation 203c2c66affSColin Finck FltCompletePendedPreOperation 204c2c66affSColin Finck FltCreateCommunicationPort 205c2c66affSColin Finck FltCreateFile 206c2c66affSColin Finck FltCreateFileEx 207c2c66affSColin Finck FltCreateSystemVolumeInformationFolder 208c2c66affSColin Finck FltCurrentBatchOplock 209c2c66affSColin Finck FltDecodeParameters 210c2c66affSColin Finck FltDeleteContext 211c2c66affSColin Finck FltDeleteFileContext 212c2c66affSColin Finck FltDeleteInstanceContext 213c2c66affSColin Finck FltDeletePushLock 214c2c66affSColin Finck FltDeleteStreamContext 215c2c66affSColin Finck FltDeleteStreamHandleContext 216c2c66affSColin Finck FltDeleteVolumeContext 217c2c66affSColin Finck FltDetachVolume 218c2c66affSColin Finck FltDeviceIoControlFile 219c2c66affSColin Finck FltDoCompletionProcessingWhenSafe 220c2c66affSColin Finck FltEnumerateFilterInformation 221c2c66affSColin Finck FltEnumerateFilters 222c2c66affSColin Finck FltEnumerateInstanceInformationByFilter 223c2c66affSColin Finck FltEnumerateInstanceInformationByVolume 224c2c66affSColin Finck FltEnumerateInstances 225c2c66affSColin Finck FltEnumerateVolumeInformation 226c2c66affSColin Finck FltEnumerateVolumes 227c2c66affSColin Finck FltFlushBuffers 228c2c66affSColin Finck FltFreeCallbackData 229c2c66affSColin Finck FltFreeDeferredIoWorkItem 230c2c66affSColin Finck FltFreeFileLock 231c2c66affSColin Finck FltFreeGenericWorkItem 232c2c66affSColin Finck FltFreePoolAlignedWithTag 233c2c66affSColin Finck FltFreeSecurityDescriptor 234c2c66affSColin Finck FltFsControlFile 235c2c66affSColin Finck FltGetBottomInstance 236c2c66affSColin Finck FltGetContexts 237c2c66affSColin Finck FltGetDestinationFileNameInformation 238c2c66affSColin Finck FltGetDeviceObject 239c2c66affSColin Finck FltGetDiskDeviceObject 240c2c66affSColin Finck FltGetFileContext 241c2c66affSColin Finck FltGetFileNameInformation 242c2c66affSColin Finck FltGetFileNameInformationUnsafe 243c2c66affSColin Finck FltGetFilterFromInstance 244c2c66affSColin Finck FltGetFilterFromName 245c2c66affSColin Finck FltGetFilterInformation 246c2c66affSColin Finck FltGetInstanceContext 247c2c66affSColin Finck FltGetInstanceInformation 248c2c66affSColin Finck FltGetIrpName 249c2c66affSColin Finck FltGetLowerInstance 250c2c66affSColin Finck FltGetRequestorProcess 251c2c66affSColin Finck FltGetRequestorProcessId 252c2c66affSColin Finck FltGetRoutineAddress 253c2c66affSColin Finck FltGetStreamContext 254c2c66affSColin Finck FltGetStreamHandleContext 255c2c66affSColin Finck FltGetSwappedBufferMdlAddress 256c2c66affSColin Finck FltGetTopInstance 257c2c66affSColin Finck FltGetTunneledName 258c2c66affSColin Finck FltGetUpperInstance 259c2c66affSColin Finck FltGetVolumeContext 260c2c66affSColin Finck FltGetVolumeFromDeviceObject 261c2c66affSColin Finck FltGetVolumeFromFileObject 262dfb77638SGed Murphy FltLoadFilter 263c2c66affSColin Finck FltGetVolumeFromName 264c2c66affSColin Finck FltGetVolumeGuidName 265c2c66affSColin Finck FltGetVolumeInstanceFromName 266c2c66affSColin Finck FltGetVolumeName 267c2c66affSColin Finck FltGetVolumeProperties 268c2c66affSColin Finck FltInitializeFileLock 269c2c66affSColin Finck FltInitializeOplock 270c2c66affSColin Finck FltInitializePushLock 271c2c66affSColin Finck FltIs32bitProcess 272c2c66affSColin Finck FltIsCallbackDataDirty 273c2c66affSColin Finck FltIsDirectory 274c2c66affSColin Finck FltIsIoCanceled 275c2c66affSColin Finck FltIsOperationSynchronous 276c2c66affSColin Finck FltIsVolumeWritable 277c2c66affSColin Finck FltLoadFilter 278c2c66affSColin Finck FltLockUserBuffer 279c2c66affSColin Finck FltNotifyFilterChangeDirectory 280c2c66affSColin Finck FltObjectDereference 281c2c66affSColin Finck FltObjectReference 282c2c66affSColin Finck FltOpenVolume 283c2c66affSColin Finck FltOplockFsctrl 284c2c66affSColin Finck FltOplockIsFastIoPossible 285c2c66affSColin Finck FltParseFileName 286c2c66affSColin Finck FltParseFileNameInformation 287c2c66affSColin Finck FltPerformAsynchronousIo 288c2c66affSColin Finck FltPerformSynchronousIo 289c2c66affSColin Finck FltProcessFileLock 290c2c66affSColin Finck FltPurgeFileNameInformationCache 291c2c66affSColin Finck FltQueryEaFile 292c2c66affSColin Finck FltQueryInformationFile 293c2c66affSColin Finck FltQuerySecurityObject 294c2c66affSColin Finck FltQueryVolumeInformation 295c2c66affSColin Finck FltQueryVolumeInformationFile 296c2c66affSColin Finck FltQueueDeferredIoWorkItem 297c2c66affSColin Finck FltQueueGenericWorkItem 298c2c66affSColin Finck FltReadFile 299c2c66affSColin Finck FltReferenceContext 300c2c66affSColin Finck FltReferenceFileNameInformation 301c2c66affSColin Finck FltRegisterFilter 302c2c66affSColin Finck FltReissueSynchronousIo 303c2c66affSColin Finck FltReleaseContext 304c2c66affSColin Finck FltReleaseContexts 305c2c66affSColin Finck FltReleaseFileNameInformation 306c2c66affSColin Finck FltReleasePushLock 307c2c66affSColin Finck FltReleaseResource 308c2c66affSColin Finck FltRequestOperationStatusCallback 309c2c66affSColin Finck FltRetainSwappedBufferMdlAddress 310c2c66affSColin Finck FltReuseCallbackData 311c2c66affSColin Finck FltSendMessage 312c2c66affSColin Finck FltSetCallbackDataDirty 313c2c66affSColin Finck FltSetCancelCompletion 314c2c66affSColin Finck FltSetEaFile 315c2c66affSColin Finck FltSetFileContext 316c2c66affSColin Finck FltSetInformationFile 317c2c66affSColin Finck FltSetInstanceContext 318c2c66affSColin Finck FltSetSecurityObject 319c2c66affSColin Finck FltSetStreamContext 320c2c66affSColin Finck FltSetStreamHandleContext 321c2c66affSColin Finck FltSetVolumeContext 322c2c66affSColin Finck FltSetVolumeInformation 323c2c66affSColin Finck FltStartFiltering 324c2c66affSColin Finck FltSupportsFileContexts 325c2c66affSColin Finck FltSupportsStreamContexts 326c2c66affSColin Finck FltSupportsStreamHandleContexts 327c2c66affSColin Finck FltTagFile 328c2c66affSColin Finck FltUninitializeFileLock 329c2c66affSColin Finck FltUninitializeOplock 330c2c66affSColin Finck FltUnloadFilter 331c2c66affSColin Finck FltUnregisterFilter 332c2c66affSColin Finck FltUntagFile 333c2c66affSColin Finck FltWriteFile 334c2c66affSColin Finck */ 335c2c66affSColin Finck 336c2c66affSColin Finck 337c2c66affSColin Finck 338c2c66affSColin Finck 339c2c66affSColin Finck #endif /* _FLTMGR_H */ 340