The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I am developing a WFP callout driver and I have successfully implemented a FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 connection redirection. I have also implemented the inverted call model to be able to send notifications from my driver to a user-land application.
So here's the flow I would like to implement:
My question is what would be the best place to persist the context while waiting for the user-land application to respond?
Since I am a beginner in kernel mode development, the most obvious way for me would be to generate some unique identifier, persist the context in some global variable using this identifier, then send the identifier to the user-land application. When the user-land application responds back it can return the identifier allowing me to retrieve back the state and complete the classification process. Of course if there's some better way, for example pushing the state in some I/O queue and later be able to retrieve my message from the queue using the unique identifier, that would be perfect. It's just that I am having hard time finding the proper concepts and API to use in kernel mode.
Also it would be nice if there was some way those messages to expire after some time (to handle the case if the user-land application crashes before returning any response).
|Upcoming OSR Seminars
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
|13-17 May 2024
|1-5 Apr 2024
|Internals & Software Drivers
|11-15 Mar 2024
|Writing WDF Drivers
|20-24 May 2024