I was pretty sure at the time my issue with this was figured out but I am running into some pretty crazy errors with accessing protected memory and what not that I am unable to pin down to the source cause. At the moment I am able to build my mini filter driver with no errors, my user application is in vb.net this is were it gets complicated further but I am almost there also.
my driver code is:
ULONG PROC_TAG = 0;
UNICODE_STRING processName;
processName.Length = 0;
processName.MaximumLength = (USHORT)DoSPath.MaximumLength + Data->Iopb->TargetFileObject->FileName.MaximumLength + 2;
processName.Buffer = ExAllocatePoolWithTag(PagedPool, processName.MaximumLength, PROC_TAG);
RtlCopyUnicodeString(&processName, &DoSPath);
RtlAppendUnicodeStringToString(&processName, &Data->Iopb->TargetFileObject->FileName);
KdPrint(("%wZ \r\n", processName));
RtlCopyUnicodeString(&ImageP, &processName);
if (SendClientPort) {
USHORT nameLen = processName.Length;
USHORT len = sizeof(processName.MaximumLength) + nameLen;
processName.Buffer = ExAllocatePoolWithTag(PagedPool, len, PROC_TAG);
if (processName.Buffer) {
RtlCopyMemory(processName.Buffer, processName.Buffer, nameLen);
LARGE_INTEGER timeout;
timeout.QuadPart = -10000 * 100;
FltSendMessage(FilterHandle, &SendClientPort, processName.Buffer, len, NULL, NULL, &timeout);
}
}
And the code in vb.net is like this
What I have tried:
<StructLayout(LayoutKind.Sequential)>
Public Structure FILTER_MESSAGE_HEADER
Public ReplyLength As UInteger
Public MessageId As ULong
End Structure
Public Structure DATA_RECEIVE
Public messageHeader As FILTER_MESSAGE_HEADER
<MarshalAs(UnmanagedType.ByValArray, SizeConst:=BUFFER_SIZE)>
Public messageContent As Byte()
End Structure
<DllImport("fltlib.dll")>
Public Shared Function FilterConnectCommunicationPort(<MarshalAs(UnmanagedType.LPWStr)>
portName As String,
options As UInteger,
context As IntPtr,
sizeOfContext As UInteger,
securityAttributes As IntPtr,
<Out> ByRef portHandle As SafeFileHandle) As UInteger
End Function
<DllImport("fltlib.dll")>
Public Shared Function FilterGetMessage(portHandle As SafeFileHandle,
ByRef messageBuffer As FILTER_MESSAGE_HEADER,
messageBufferSize As Integer,
overlapped As IntPtr) As UInteger
End Function
Dim OpenPortStatus = FilterConnectCommunicationPort("\BitPort", 0, Nothing, 0, Nothing, OpenPortHandle)
MsgBox("Open Communication Port Status: " & OpenPortStatus & " Port Number: " & OpenPortHandle.DangerousGetHandle.ToString)
Dim dataReceive As DATA_RECEIVE = New DATA_RECEIVE()
dataReceive.messageContent = New Byte(BUFFER_SIZE - 1) {}
Dim headerSize As Integer = Marshal.SizeOf(dataReceive.messageHeader)
Dim dataSize As Integer = BUFFER_SIZE + headerSize
Dim status = FilterGetMessage(OpenPortHandle, dataReceive.messageHeader, dataSize, IntPtr.Zero)
If status = 0 Then
Dim message As String = Encoding.Unicode.GetString(dataReceive.messageContent)
MsgBox(message)
End If
Thank you for taking a look I am seriously stuck as to why I get no message or I always get a access violation.
Submit an article or tip