Search code examples
cwindowswindows-serviceskerneldriver

Messages between driver and user mode service


How can you send notifications from the driver to the user mode service? At the same time, I want this to work only in one direction, that is, so that the service doesn't have the ability to send messages to the driver. Yeah, I know about IOCTL, Events and all this stuff... But maybe I don't know about some technology


Solution

  • Communication Between User Mode and Kernel Mode

    The filter manager supports communication between user mode and kernel mode through communication ports. The minifilter driver controls security on the port by specifying a security descriptor to be applied to the communication port object. Communication through a communication port is not buffered, so it is faster and more efficient. A user-mode application or service can reply to messages from a minifilter driver for bidirectional communication.

    When the minifilter driver creates a communication server port, it implicitly begins to listen for incoming connections on the port. When a user-mode caller attempts to connect to the port, the filter manager calls the minifilter driver's ConnectNotifyCallback routine with a handle to the newly created connection. When the filter manager regains control, it passes the user-mode caller a separate file handle that represents the user-mode caller's endpoint to the connection. This handle can be used to associate I/O completion ports with the listener port.

    A connection is accepted only if the user-mode caller has sufficient access as specified by the security descriptor on the port. Each connection to the port gets its own message queue and private endpoints.

    Closing either endpoint (kernel or user) terminates that connection. When a user-mode caller closes its handle to the endpoint, the filter manager calls the minifilter driver's DisconnectNotifyCallback routine so the minifilter driver can close its handle to the connection.

    Closing the communication server port prevents new connections but does not terminate existing connections. The filter manager terminates existing connections when the minifilter driver unloads.


    Filter Manager Routines for Communication Between User Mode and Kernel Mode

    The filter manager provides the following support routines for kernel-mode minifilter drivers to communicate with user-mode applications:

    The following support routines are provided for user-mode applications to communicate with minifilter drivers:


    Minifilter Driver Callback Routines for Communication Between User Mode and Kernel Mode

    The following minifilter driver callback routines are passed as parameters to FltCreateCommunicationPort:

    Callback Routine Name Callback Routine Type
    ConnectNotifyCallback PFLT_CONNECT_NOTIFY
    DisconnectNotifyCallback PFLT_DISCONNECT_NOTIFY
    MessageNotifyCallback PFLT_MESSAGE_NOTIFY

    Learn more: Examples