Calling Other Windows Filtering Platform Functions

Many of the other Windows Filtering Platform functions that are available to user-mode management applications are also available to callout drivers. This enables a callout driver to perform management tasks, such as adding filters to the filter engine. The only difference between the user-mode and kernel-mode versions of these functions is the data type that is returned. The user-mode functions return Win32 error codes, whereas the kernel-mode functions return the equivalent NTSTATUS codes.

许多用户模式使用的WFP函数对于callout driver也是可以使用的,这使callout driver可以执行向过滤引擎添加过滤器的操作。这些函数在用户模式和内核模式之间的不同仅仅是返回类型不同,用户模式返回win32错误码,而内核返回NTSTATUS值。

Most of the Windows Filtering Platform management functions require a handle to an open session to the filter engine as a parameter. The following topics discuss how a callout driver can open and close a session to the filter engine.

许多WFP管理函数需要一个打开过滤引擎的会话句柄。

A callout driver must open a session to the filter engine to perform management tasks such as adding filters to the filter engine. A callout driver opens a session to the filter engine by calling the FwpmEngineOpen0 function. For example:

callout驱动可以调用FwpmEngineOpen0函数打开一个会话,然后可以后续执行添加过滤器的操作。

HANDLE engineHandle;
NTSTATUS status;

// Open a session to the filter engine
status =
  FwpmEngineOpen0(
    NULL,              // The filter engine on the local system
    RPC_C_AUTHN_WINNT, // Use the Windows authentication service
    NULL,              // Use the calling thread's credentials
    NULL,              // There are no session-specific parameters
    &engineHandle      // Pointer to a variable to receive the handle
    );

After a callout driver has successfully opened a session to the filter engine, it can use the returned handle to call the other Windows Filtering Platform management functions.


After a callout driver has performed the desired management tasks, it should close the session to the filter engine. A callout driver does this by calling the FwpmEngineClose0 function. For example:

执行完必须的操作后,应该关闭会话。调用FwpmEngineClose0关闭会话。

status =
  FwpmEngineClose0(
    engineHandle  // An handle to the open session
    );

展开阅读全文

ZT:Calling conventions on the x86 platform

01-21

http://www.angelcode.com/dev/callconv/callconv.htmlrnrnThis is a document that I wrote as research for the AngelCode Scripting Library. Since the library uses assembly to make the interaction between the script engine and the host application I needed to have complete knowledge of how the calling conventions are implemented by different compilers. To my surprise there were a lot more differences than I had initially thought. Most of the differences are related to C++ features, so the differences can be understood as there were no standard when the compilers were first written. Today there is a standard, but I believe that it doesn't mention how calling conventions should be implemented. Which leads to binary incompatibility between compilers, even though the source code is compatible.rnrnThe differences doesn't stop AngelScript from supporting each of the compilers. Though new compilers may have to make a few changes in order to follow the conventions used. As support for more compilers are added to AngelScript I will add those compilers to the article.rnrncdecl rnstdcall rnthiscall rnfastcall rnfurther reading rnrn--------------------------------------------------------------------------------rnrncdeclrnThis calling convention is the default for C programs and also global functions in C++ programs. Generally the function arguments are passed on the stack in reverse order so that the callee can access them in the correct order. The caller is responsible for popping the arguments after the function returns, which makes it possible to use the ... to send runtime defined arguments. Return values are returned in the registers.rnrnVisual C++ / Win32rnArguments are pushed on the stack in reverse order. rnThe caller pops arguments after return. rnPrimitive data types, except floating point values, are returned in EAX or EAX:EDX depending on the size. rnfloat and double are returned in fp0, i.e. the first floating point register. rnSimple data structures with 8 bytes or less in size are returned in EAX:EDX. rnClass objects that require special treatment by the exception handler are returned in memory. Classes with a defined constructor, destructor, or overloaded assignment operator are examples of these. rnObjects larger than 8 bytes are returned in memory. rnWhen a return is made in memory the caller passes a pointer to the memory location as the first parameter (hidden). The callee populates the memory, and returns the pointer. The caller pops the hidden pointer together with the rest of the arguments. rnMinGW g++ / Win32rnArguments are pushed on the stack in reverse order. rnThe caller pops arguments after return. rnPrimitive data types, except floating point values, are returned in EAX or EAX:EDX depending on the size. rnfloat and double are returned in fp0, i.e. the first floating point register. rnObjects with 8 bytes or less in size are returned in EAX:EDX. rnObjects larger than 8 bytes are returned in memory. rnClasses that have a destructor are returned in memory regardless of size. rnWhen a return is made in memory the caller passes a pointer to the memory location as the first parameter (hidden). The callee populates the memory, and returns the pointer. The callee pops the hidden pointer from the stack when returning. rnClasses that have a destructor are always passed by reference, even if the parameter is defined to be by value. rnGCC g++ / LinuxrnArguments are pushed on the stack in reverse order. rnThe caller pops arguments after return. rnPrimitive data types, except floating point values, are returned in EAX or EAX:EDX depending on the size. rnfloat and double are returned in fp0, i.e. the first floating point register. rnAll structures and classes are returned in memory regardless of complexity or size. rnWhen a return is made in memory the caller passes a pointer to the memory location as the first parameter (hidden). The callee populates the memory, and returns the pointer. The callee pops the hidden pointer from the stack when returning. rnClasses that have a destructor are always passed by reference, even if the parameter is defined to be by value. rnrn--------------------------------------------------------------------------------rnrnstdcallrnstdcall is the calling conventions used by the Win32 API. It is basically the same as the cdecl convention with the difference in that the callee is responsible for popping the arguments from the stack. This makes the call slightly faster, but also prevents the use of the ... operator.rnrnVisual C++ / Win32rnArguments are pushed on the stack in reverse order. rnThe callee pops arguments when returning. rnPrimitive data types, except floating point values, are returned in EAX or EAX:EDX depending on the size. rnfloat and double are returned in fp0, i.e. the first floating point register. rnSimple data structures with 8 bytes or less in size are returned in EAX:EDX. rnClass objects that require special treatment by the exception handler are returned in memory. Classes with a defined constructor, destructor, or overloaded assignment operator are examples of these. rnObjects larger than 8 bytes are returned in memory. rnWhen a return is made in memory the caller passes a pointer to the memory location as the first parameter (hidden). The callee populates the memory, and returns the pointer. The callee pops the hidden pointer together with the rest of the arguments. rnMinGW g++ / Win32rnArguments are pushed on the stack in reverse order. rnThe callee pops arguments when returning. rnPrimitive data types, except floating point values, are returned in EAX or EAX:EDX depending on the size. rnfloat and double are returned in fp0, i.e. the first floating point register. rnObjects with 8 bytes or less in size are returned in EAX:EDX. rnObjects larger than 8 bytes are returned in memory. rnClasses that have a destructor are returned in memory regardless of size. rnWhen a return is made in memory the caller passes a pointer to the memory location as the first parameter (hidden). The callee populates the memory, and returns the pointer. The callee pops the hidden pointer from the stack together with the rest of the arguments. rnClasses that have a destructor are always passed by reference, even if the parameter is defined to be by value. rn 论坛

没有更多推荐了,返回首页