Many of the other Windows Filtering Platform functions that are available to user-mode management applications are also available to callout drivers. This enables a callout driver to perform management tasks, such as adding filters to the filter engine. The only difference between the user-mode and kernel-mode versions of these functions is the data type that is returned. The user-mode functions return Win32 error codes, whereas the kernel-mode functions return the equivalent NTSTATUS codes.
许多用户模式使用的WFP函数对于callout driver也是可以使用的，这使callout driver可以执行向过滤引擎添加过滤器的操作。这些函数在用户模式和内核模式之间的不同仅仅是返回类型不同，用户模式返回win32错误码，而内核返回NTSTATUS值。
Most of the Windows Filtering Platform management functions require a handle to an open session to the filter engine as a parameter. The following topics discuss how a callout driver can open and close a session to the filter engine.
A callout driver must open a session to the filter engine to perform management tasks such as adding filters to the filter engine. A callout driver opens a session to the filter engine by calling the FwpmEngineOpen0 function. For example:
// Open a session to the filter engine
NULL, // The filter engine on the local system
RPC_C_AUTHN_WINNT, // Use the Windows authentication service
NULL, // Use the calling thread's credentials
NULL, // There are no session-specific parameters
&engineHandle // Pointer to a variable to receive the handle
After a callout driver has successfully opened a session to the filter engine, it can use the returned handle to call the other Windows Filtering Platform management functions.
After a callout driver has performed the desired management tasks, it should close the session to the filter engine. A callout driver does this by calling the FwpmEngineClose0 function. For example:
engineHandle // An handle to the open session