我正在尝试编写一个简单的windows过滤平台内核驱动程序来添加一些过滤器。我使用VS2019内核驱动程序项目模板并添加代码来创建驱动程序和设备。这工作得很好,我能够看到WPP日志和devcon状态返回成功。但是当我在驱动程序中添加WFP代码时,devcon显示安装成功,但是devcon状态命令返回39。我在谷歌上搜索了一下,但没有找到一个解决方案。在添加WFP代码后,WPP跟踪似乎也不起作用。
与WFP相关的唯一一行代码是驱动程序卸载中的CloseEngine调用。如果我删除这一行,驱动程序安装成功,并且我在devcon status命令中没有看到任何错误。
Driver.c =祝辞
/*++
Module Name:
driver.c
Abstract:
This file contains the driver entry points and callbacks.
Environment:
Kernel-mode Driver Framework
--*/
#include "driver.h"
#include "driver.tmh"
#include <fwpmk.h>
PDEVICE_OBJECT gDeviceObject;
HANDLE gEngineHandle;
VOID
MyCalloutUnload(
IN WDFDRIVER DriverObject
)
{
// TODO : Memory cleanups
// - Unregister callouts?
// - Free any allocated memory
UNREFERENCED_PARAMETER(DriverObject);
TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "%!FUNC! Entry");
if (gEngineHandle != NULL)
{
FwpmEngineClose(gEngineHandle); // If I comment this line, there are no problems with the driver
gEngineHandle = NULL;
}
}
//NTSTATUS
//FilterByApplication()
//{
// NTSTATUS status = STATUS_SUCCESS;
// FWPM_SESSION session = { 0 };
//
// TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "%!FUNC! Entry");
//
// do
// {
// session.flags = FWPM_SESSION_FLAG_DYNAMIC;
// status = FwpmEngineOpen(
// L"MyCalloutDriver",
// RPC_C_AUTHN_WINNT,
// NULL,
// &session,
// &gEngineHandle
// );
//
// if (!NT_SUCCESS(status))
// {
// TraceEvents(TRACE_LEVEL_ERROR, TRACE_DRIVER, "FwpmEngineOpen failed %!STATUS!", status);
// break;
// }
//
// } while (FALSE);
//
// return status;
//}
NTSTATUS
DriverEntry(
_In_ PDRIVER_OBJECT DriverObject,
_In_ PUNICODE_STRING RegistryPath
)
{
WDF_DRIVER_CONFIG config;
NTSTATUS status;
WDF_OBJECT_ATTRIBUTES attributes;
WDFDRIVER driver;
WDFDEVICE device;
PWDFDEVICE_INIT pInit = NULL;
//
// Initialize WPP Tracing
//
WPP_INIT_TRACING(DriverObject, RegistryPath);
TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "%!FUNC! Entry");
//
// Register a cleanup callback so that we can call WPP_CLEANUP when
// the framework driver object is deleted during driver unload.
//
WDF_OBJECT_ATTRIBUTES_INIT(&attributes);
attributes.EvtCleanupCallback = MyCalloutDriver1EvtDriverContextCleanup;
WDF_DRIVER_CONFIG_INIT(&config, WDF_NO_EVENT_CALLBACK);
config.DriverInitFlags |= WdfDriverInitNonPnpDriver;
config.EvtDriverUnload = MyCalloutUnload;
do
{
status = WdfDriverCreate(DriverObject,
RegistryPath,
&attributes,
&config,
&driver
);
if (!NT_SUCCESS(status)) {
TraceEvents(TRACE_LEVEL_ERROR, TRACE_DRIVER, "WdfDriverCreate failed %!STATUS!", status);
break;
}
TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "Driver created successfully!");
pInit = WdfControlDeviceInitAllocate(driver, &SDDL_DEVOBJ_KERNEL_ONLY);
if (!pInit)
{
status = STATUS_INSUFFICIENT_RESOURCES;
TraceEvents(TRACE_LEVEL_ERROR, TRACE_DRIVER, "WdfControlDeviceInitAllocate failed %!STATUS!", status);
break;
}
TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "Control Device Initialized Successfully!");
WdfDeviceInitSetDeviceType(pInit, FILE_DEVICE_NETWORK); // Set the device type as a network device
// If a device object's FILE_DEVICE_SECURE_OPEN characteristic is set,
// the system applies the device object's security descriptor to
// all file open requests in the device's namespace.
WdfDeviceInitSetCharacteristics(pInit, FILE_DEVICE_SECURE_OPEN, FALSE);
// The FILE_AUTOGENERATED_DEVICE_NAME is only used for PDOs. What does this do??
WdfDeviceInitSetCharacteristics(pInit, FILE_AUTOGENERATED_DEVICE_NAME, TRUE);
status = WdfDeviceCreate(&pInit, WDF_NO_OBJECT_ATTRIBUTES, &device);
if (!NT_SUCCESS(status))
{
TraceEvents(TRACE_LEVEL_ERROR, TRACE_DRIVER, "WdfDeviceCreate failed %!STATUS!", status);
break;
}
TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "Device created successfully!");
// The system will not send I/O requests or Windows Management Instrumentation (WMI)
// requests to a control device object unless the driver has called WdfControlFinishInitializing.
WdfControlFinishInitializing(device);
// Get the Device Object
gDeviceObject = WdfDeviceWdmGetDeviceObject(device);
} while (FALSE);
TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "%!FUNC! Exit");
if (!NT_SUCCESS(status))
{
TraceEvents(TRACE_LEVEL_ERROR, TRACE_DRIVER, "Failed %!STATUS!", status);
WPP_CLEANUP(DriverObject);
}
return status;
}
VOID
MyCalloutDriver1EvtDriverContextCleanup(
_In_ WDFOBJECT DriverObject
)
/*++
Routine Description:
Free all the resources allocated in DriverEntry.
Arguments:
DriverObject - handle to a WDF Driver object.
Return Value:
VOID.
--*/
{
UNREFERENCED_PARAMETER(DriverObject);
PAGED_CODE();
TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "%!FUNC! Entry");
//
// Stop WPP Tracing
//
WPP_CLEANUP(WdfDriverWdmGetDriverObject((WDFDRIVER)DriverObject));
}
INF File =>
;
; MyCalloutDriver1.inf
;
[Version]
Signature="$WINDOWS NT$"
Class=System ; TODO: specify appropriate Class
ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318} ; TODO: specify appropriate ClassGuid
Provider=%ManufacturerName%
CatalogFile=MyCalloutDriver1.cat
DriverVer= ; TODO: set DriverVer in stampinf property pages
PnpLockdown=1
[DestinationDirs]
DefaultDestDir = 12
MyCalloutDriver1_Device_CoInstaller_CopyFiles = 11
[SourceDisksNames]
1 = %DiskName%,,,""
[SourceDisksFiles]
MyCalloutDriver1.sys = 1,,
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
;*****************************************
; Install Section
;*****************************************
[Manufacturer]
%ManufacturerName%=Standard,NT$ARCH$
[Standard.NT$ARCH$]
%MyCalloutDriver1.DeviceDesc%=MyCalloutDriver1_Device, RootMyCalloutDriver1 ; TODO: edit hw-id
[MyCalloutDriver1_Device.NT]
CopyFiles=Drivers_Dir
[Drivers_Dir]
MyCalloutDriver1.sys
;-------------- Service installation
[MyCalloutDriver1_Device.NT.Services]
AddService = MyCalloutDriver1,%SPSVCINST_ASSOCSERVICE%, MyCalloutDriver1_Service_Inst
; -------------- MyCalloutDriver1 driver install sections
[MyCalloutDriver1_Service_Inst]
DisplayName = %MyCalloutDriver1.SVCDESC%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
ServiceBinary = %12%MyCalloutDriver1.sys
;
;--- MyCalloutDriver1_Device Coinstaller installation ------
;
[MyCalloutDriver1_Device.NT.CoInstallers]
AddReg=MyCalloutDriver1_Device_CoInstaller_AddReg
CopyFiles=MyCalloutDriver1_Device_CoInstaller_CopyFiles
[MyCalloutDriver1_Device_CoInstaller_AddReg]
HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
[MyCalloutDriver1_Device_CoInstaller_CopyFiles]
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
[MyCalloutDriver1_Device.NT.Wdf]
KmdfService = MyCalloutDriver1, MyCalloutDriver1_wdfsect
[MyCalloutDriver1_wdfsect]
KmdfLibraryVersion = $KMDFVERSION$
[Strings]
SPSVCINST_ASSOCSERVICE= 0x00000002
ManufacturerName="<Your manufacturer name>" ;TODO: Replace with your manufacturer name
DiskName = "MyCalloutDriver1 Installation Disk"
MyCalloutDriver1.DeviceDesc = "MyCalloutDriver1 Device"
MyCalloutDriver1.SVCDESC = "MyCalloutDriver1 Service"
不知道我错过了什么。如有任何帮助,不胜感激。
我的代码中有两个问题。
1 -对于callout驱动程序,inf文件中的驱动程序类必须为WFPCALLOUTS, inf文件中的类GUID必须为{57465043-616C-6C6F-7574-5F636C617373}。此外,INF文件的一些部分不适用于调出驱动程序。参考microsoft inspect callout驱动程序代码。
2 -在callout驱动程序中链接用户模式库不起作用。我试图使用一些方法在Fwpuclnt。Lib是一个用户模式库。