root/honeyclient/branches/rel/1.0/Capture2/capture-client-xeno-mod/MiniFilter.h

Revision 823, 4.9 kB (checked in by xkovah, 1 year ago)

adding the files finally

Line 
1 /*
2  *  PROJECT: Capture
3  *  FILE: MiniFilter.h
4  *  AUTHORS: Ramon Steenson (rsteenson@gmail.com) & Christian Seifert (christian.seifert@gmail.com)
5  *
6  *  Developed by Victoria University of Wellington and the New Zealand Honeynet Alliance
7  *
8  *  This file is part of Capture.
9  *
10  *  Capture is free software; you can redistribute it and/or modify
11  *  it under the terms of the GNU General Public License as published by
12  *  the Free Software Foundation; either version 2 of the License, or
13  *  (at your option) any later version.
14  *
15  *  Capture is distributed in the hope that it will be useful,
16  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
17  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  *  GNU General Public License for more details.
19  *
20  *  You should have received a copy of the GNU General Public License
21  *  along with Capture; if not, write to the Free Software
22  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
23  */
24
25 /* Various methods and structures to interact with minifilter drivers */
26 typedef struct _INSTANCE_FULL_INFORMATION {
27   ULONG  NextEntryOffset;
28   USHORT  InstanceNameLength;
29   USHORT  InstanceNameBufferOffset;
30   USHORT  AltitudeLength;
31   USHORT  AltitudeBufferOffset;
32   USHORT  VolumeNameLength;
33   USHORT  VolumeNameBufferOffset;
34   USHORT  FilterNameLength;
35   USHORT  FilterNameBufferOffset;
36 } INSTANCE_FULL_INFORMATION, *PINSTANCE_FULL_INFORMATION;
37
38 typedef struct _INSTANCE_BASIC_INFORMATION {
39     ULONG  NextEntryOffset;
40     USHORT  InstanceNameLength;
41     USHORT  InstanceNameBufferOffset;
42 } INSTANCE_BASIC_INFORMATION, *PINSTANCE_BASIC_INFORMATION;
43
44 typedef struct _FILTER_VOLUME_BASIC_INFORMATION {
45   USHORT  FilterVolumeNameLength;
46   WCHAR  FilterVolumeName[1];
47 } FILTER_VOLUME_BASIC_INFORMATION, *PFILTER_VOLUME_BASIC_INFORMATION;
48
49 typedef enum _FILTER_VOLUME_INFORMATION_CLASS {
50
51     FilterVolumeBasicInformation,
52     FilterVolumeStandardInformation     //Longhorn and later
53
54 } FILTER_VOLUME_INFORMATION_CLASS, *PFILTER_VOLUME_INFORMATION_CLASS;
55
56 #define IRP_MJ_CREATE                   0x00
57 #define IRP_MJ_CREATE_NAMED_PIPE        0x01
58 #define IRP_MJ_CLOSE                    0x02
59 #define IRP_MJ_READ                     0x03
60 #define IRP_MJ_WRITE                    0x04
61 #define IRP_MJ_QUERY_INFORMATION        0x05
62 #define IRP_MJ_SET_INFORMATION          0x06
63 #define IRP_MJ_QUERY_EA                 0x07
64 #define IRP_MJ_SET_EA                   0x08
65 #define IRP_MJ_FLUSH_BUFFERS            0x09
66 #define IRP_MJ_QUERY_VOLUME_INFORMATION 0x0a
67 #define IRP_MJ_SET_VOLUME_INFORMATION   0x0b
68 #define IRP_MJ_DIRECTORY_CONTROL        0x0c
69 #define IRP_MJ_FILE_SYSTEM_CONTROL      0x0d
70 #define IRP_MJ_DEVICE_CONTROL           0x0e
71 #define IRP_MJ_INTERNAL_DEVICE_CONTROL  0x0f
72 #define IRP_MJ_SHUTDOWN                 0x10
73 #define IRP_MJ_LOCK_CONTROL             0x11
74 #define IRP_MJ_CLEANUP                  0x12
75 #define IRP_MJ_CREATE_MAILSLOT          0x13
76 #define IRP_MJ_QUERY_SECURITY           0x14
77 #define IRP_MJ_SET_SECURITY             0x15
78 #define IRP_MJ_POWER                    0x16
79 #define IRP_MJ_SYSTEM_CONTROL           0x17
80 #define IRP_MJ_DEVICE_CHANGE            0x18
81 #define IRP_MJ_QUERY_QUOTA              0x19
82 #define IRP_MJ_SET_QUOTA                0x1a
83 #define IRP_MJ_PNP                      0x1b
84 #define IRP_MJ_PNP_POWER                IRP_MJ_PNP      // Obsolete....
85 #define IRP_MJ_MAXIMUM_FUNCTION         0x1b
86
87 /* THIS IS A CUSTOM IRP. We use this in the user space process to make this nice */
88 #define IRP_MJ_DELETE         0x99
89
90 extern "C" {
91 HRESULT
92 WINAPI
93   FilterConnectCommunicationPort(
94     IN LPCWSTR  lpPortName,
95     IN DWORD  dwOptions,
96     IN LPVOID  lpContext OPTIONAL,
97     IN DWORD  dwSizeOfContext,
98     IN LPSECURITY_ATTRIBUTES  lpSecurityAttributes OPTIONAL,
99     OUT HANDLE  *hPort
100     );
101
102 HRESULT
103 WINAPI
104   FilterSendMessage(
105     IN HANDLE  hPort,
106     IN LPVOID  lpInBuffer OPTIONAL,
107     IN DWORD  dwInBufferSize,
108     IN OUT LPVOID  lpOutBuffer OPTIONAL,
109     IN DWORD  dwOutBufferSize,
110     OUT LPDWORD  lpBytesReturned
111     );
112
113 HRESULT
114 WINAPI
115   FilterLoad(
116     IN LPCWSTR  lpFilterName
117     );
118 HRESULT
119 WINAPI
120   FilterUnload(
121     IN LPCWSTR  lpFilterName
122     );
123
124 HRESULT
125 WINAPI
126   FilterGetDosName(
127     IN LPCWSTR  lpVolumeName,
128     IN OUT LPWSTR  lpDosName,
129     IN DWORD  dwDosNameBufferSize
130     );
131
132 HRESULT
133 WINAPI
134   FilterVolumeFindFirst(
135     IN FILTER_VOLUME_INFORMATION_CLASS  dwInformationClass,
136     IN LPVOID  lpBuffer,
137     IN DWORD  dwBufferSize,
138     OUT LPDWORD  lpBytesReturned,
139     OUT PHANDLE  lpFilterFind
140     );
141
142 HRESULT
143 WINAPI
144   FilterVolumeFindNext(
145     IN HANDLE  hFilterFind,
146     IN FILTER_VOLUME_INFORMATION_CLASS  dwInformationClass,
147     IN LPVOID  lpBuffer,
148     IN DWORD  dwBufferSize,
149     OUT LPDWORD  lpBytesReturned
150     );
151 HRESULT
152 WINAPI
153   FilterVolumeFindClose(
154     IN HANDLE  hVolumeFind
155     );
156 }
Note: See TracBrowser for help on using the browser.