Using regular expressions in wfp driver

I need to use regular expressions to match strings in a driver. But I couldn't find a way in kernel mode. Can anyone suggest a way for this.

Full standard re evaluation is not available. Obviously there are open source implementations, with the usual potential licensing issues.

I use "wildmatch.c" (from GIT sources) for file paths matching per .gitignore format.

See fort/src/3rdparty/wildmatch at master · tnodir/fort · GitHub

Yeah that is glp3 so it subsumes all of your source code under gpl3 if you use it.

1 Like

If you're only interested in path matching look at FsRtlIsNameInExpression

1 Like

I tried using FsRtlIsNameInExpression but couldn't include ntddk.h and ntifs.h at the same time. was getting error.

Odd. Include ntifs.h — IT includes ntddk.h for you.

1 Like

Try to #include <fltKernel.h> instead.