标注驱动程序列表 [英] List of callout drivers

问题描述

是否有一个命令列出系统中的所有标注驱动程序。

Is there a command that lists all the callout drivers in the system.

还有一种机制可以知道标注的顺序。

Also is there a mechanism to know the order of the callout.

谢谢

推荐答案

您可以使用"NetSh.exe WFP Show State"显示在BFE注册的标注。 这将为您提供一个包含添加的标注的xml文件，例如：

You can use "NetSh.exe WFP Show State" to show what callouts are registered with BFE.  This will give you an xml file containing the added callouts like:

<callouts numItems="2">
	<item>
		<calloutKey>FWPM_CALLOUT_IPSEC_FORWARD_INBOUND_TUNNEL_V4</calloutKey>
		<displayData>
			<name>WFP Built-in IPsec Forward Inbound Tunnel v4 Layer Callout</name>
			<description>Verifies that each received packet that is supposed to arrive over a tunnel mode security association arrives securely.</description>
		</displayData>
		<flags numItems="3">
			<item>FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT</item>
			<item>FWPM_CALLOUT_FLAG_REGISTERED</item>
			<item>00000020</item>
		</flags>
		<providerKey/>
		<providerData/>
		<applicableLayer>FWPM_LAYER_IPFORWARD_V4</applicableLayer>
		<calloutId>9</calloutId>
	</item>
	<item>
		<calloutKey>FWPM_CALLOUT_IPSEC_FORWARD_OUTBOUND_TUNNEL_V4</calloutKey>
		<displayData>
			<name>WFP Built-in IPsec Forward Outbound Tunnel v4 Layer Callout</name>
			<description>Indicates to IPsec the outbound traffic that must be secured over a tunnel mode security association.</description>
		</displayData>
		<flags numItems="3">
			<item>FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT</item>
			<item>FWPM_CALLOUT_FLAG_REGISTERED</item>
			<item>00000020</item>
		</flags>
		<providerKey/>
		<providerData/>
		<applicableLayer>FWPM_LAYER_IPFORWARD_V4</applicableLayer>
		<calloutId>11</calloutId>
	</item>
</callouts>

这使用FwpmCalloutEnum API（ http://msdn.microsoft.com/en-us/library/windows/desktop/aa364020（v = vs.85）的.aspx）

This uses the FwpmCalloutEnum API (http://msdn.microsoft.com/en-us/library/windows/desktop/aa364020(v=vs.85).aspx)

没有预先打包的机制来识别标注驱动程序与任何其他驱动程序。 为此，您可以使用NtQuerySystemInformation来获取已加载驱动程序的列表，然后确定它们是否与FWPKClnt.sys链接（并且可选地验证
它们调用FwpsCalloutRegister以清除任何执行任何不必要链接的驱动程序）。

There is no prepackaged mechanism to identify a callout driver versus any other driver.  For this you can use something NtQuerySystemInformation to get a list of the loaded drivers, and then determine if they link with FWPKClnt.sys (and optionally validate that they call FwpsCalloutRegister to weed out any drivers that do any unnecessary linking).

通过过滤仲裁程序决定了呼出的调用顺序（http://msdn.microsoft.com/en-us/library/windows/desktop/aa364008(v=vs.85).aspx）。

Order of the callouts' invocation is dictated through the filter arbitration process (http://msdn.microsoft.com/en-us/library/windows/desktop/aa364008(v=vs.85).aspx).

希望这会有所帮助， 

Hope this helps, 

这篇关于标注驱动程序列表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！