从筛选器驱动程序调用应用程序 [英] Call application from filter driver
问题描述
你好,
我的目标是使用过滤器驱动程序挂接特定的IRP(例如IRP_MJ_WRITE).我得到了一个文件名列表(保存在文件中),该文件的驱动程序应返回带有STATUS_ACCESS_DENIED的IRP.
如何从驱动程序调用应用程序以查明文件是否在列表中?应用程序会在开始时解析文件,因此当驱动程序要求它返回TRUE或FALSE来阻止或否时,该文件将返回.
关键是驱动程序应该开始与应用程序通信,发送给应用程序一个字符串(DIR/FILENAME)并从中获取TRUE或FALSE.
倒置的IOCTL是最好的解决方案吗?
Hello,
My goal is to hook specific IRPs (like IRP_MJ_WRITE) with filter driver. I got a list of file names (saved in file) for which dirver should return IRP with STATUS_ACCESS_DENIED.
How can I call an application from driver to find out if the file is in the list or not? The application parse the file on the start so when the driver asks it should return TRUE or FALSE to block or no.
The point is that driver should start the communication with the app,send to app a string(DIR/FILENAME) and get TRUE or FALSE from it.
Is the inverted IOCTL the best solution?
推荐答案
否,这总是一个糟糕的IDEA,出于很多原因,我不会在这里讨论实现的方法这样的事情是将来自用户模式应用程序的IRPS排队,并在数据可用时完成它们.
(我建议您使用DeviceIoControl以获得更大的灵活性)
在用户模式下,您将创建一个单独的线程,因此您不会挂起该应用程序,因为DeviceIoControl会一直等待,直到它收到驱动程序的响应为止.
问候,
K,D.
No, This is always a bad IDEA, for a alot of reasons that i wont go into here, the way to accompish something like this is to queue IRPS from the user mode application and complete them when the data becomes available.
(i suggest you use DeviceIoControl for greater flexibility)
in you user mode you would create a separate thread so you wont hang the application since the DeviceIoControl will keep waiting until it receives a response from the driver
Regards,
K,D.
这篇关于从筛选器驱动程序调用应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
