|
|
/*++
Copyright (c) 2000 Microsoft Corporation
Module Name:
wmi.c
Abstract:
This file contains the code for handling WMI requests.
Author:
Jonathan Burstein (jonburs) 24-Jan-2000
Revision History:
--*/
#include "precomp.h"
#pragma hdrstop
#if NAT_WMI
//
// Data structures for identifying the guids and reporting them to
// WMI. Since the WMILIB callbacks pass an index into the guid list we make
// definitions for the various guids indicies.
//
GUID ConnectionCreationEventGuid = MSIPNAT_ConnectionCreationEventGuid;GUID ConnectionDeletionEventGuid = MSIPNAT_ConnectionDeletionEventGuid;GUID PacketDroppedEventGuid = MSIPNAT_PacketDroppedEventGuid;
WMIGUIDREGINFO NatWmiGuidList[] ={ { &ConnectionCreationEventGuid, 1, WMIREG_FLAG_TRACED_GUID | WMIREG_FLAG_TRACE_CONTROL_GUID },
{ &ConnectionDeletionEventGuid, 1, WMIREG_FLAG_TRACED_GUID },
{ &PacketDroppedEventGuid, 1, WMIREG_FLAG_TRACED_GUID | WMIREG_FLAG_TRACE_CONTROL_GUID }};
#define NatWmiGuidCount (sizeof(NatWmiGuidList) / sizeof(WMIGUIDREGINFO))
//
// Enabled events and associated log handles.
//
// NatWmiLogHandles should only be accessed while holding
// NatWmiLock.
//
// NatWmiEnabledEvents should only be modified while holding
// NatWmiLock. It may be read without holding the lock, according
// to these rules:
//
// If NatWmiEnabledEvents[ Event ] is 0, the that event is definately
// _not_ enabled, and there is no need to grab the spin lock.
//
// If NatWmiEnabledEvents[ Event ] is 1, the event _may_ be enabled.
// To determine if the event is truly enabled, grab the spin lock and
// see if NatWmiLogHandles[ Event ] is not 0.
//
LONG NatWmiEnabledEvents[ NatWmiGuidCount ];UINT64 NatWmiLogHandles[ NatWmiGuidCount ];KSPIN_LOCK NatWmiLock;
//
// Context block for WMILib routines
//
WMILIB_CONTEXT WmilibContext;
//
// MOF Resource Name
//
WCHAR IPNATMofResource[] = L"IPNATMofResource";
//
// WMI Base instance name
//
WCHAR BaseInstanceName[] = L"IPNat";
//
// Function Prototypes
//
NTSTATUSNatpWmiFunctionControl( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN ULONG GuidIndex, IN WMIENABLEDISABLECONTROL Function, IN BOOLEAN Enable );
NTSTATUSNatpExecuteWmiMethod( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN ULONG GuidIndex, IN ULONG InstanceIndex, IN ULONG MethodId, IN ULONG InBufferSize, IN ULONG OutBufferSize, IN PUCHAR Buffer );
NTSTATUSNatpSetWmiDataItem( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN ULONG InstanceIndex, IN ULONG GuidIndex, IN ULONG DataItemId, IN ULONG BufferSize, IN PUCHAR Buffer );
NTSTATUSNatpSetWmiDataBlock( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN ULONG GuidIndex, IN ULONG InstanceIndex, IN ULONG BufferSize, IN PUCHAR Buffer );
NTSTATUSNatpQueryWmiDataBlock( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN ULONG GuidIndex, IN ULONG InstanceIndex, IN ULONG InstanceCount, IN OUT PULONG InstanceLengthArray, IN ULONG BufferAvail, OUT PUCHAR Buffer );
NTSTATUSNatpQueryWmiRegInfo( IN PDEVICE_OBJECT DeviceObject, OUT ULONG *RegFlags, OUT PUNICODE_STRING InstanceName, OUT PUNICODE_STRING *RegistryPath, OUT PUNICODE_STRING MofResourceName, OUT PDEVICE_OBJECT *Pdo );
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGE, NatpQueryWmiRegInfo)
#pragma alloc_text(PAGE, NatpQueryWmiDataBlock)
#pragma alloc_text(PAGE, NatpSetWmiDataBlock)
#pragma alloc_text(PAGE, NatpSetWmiDataItem)
#pragma alloc_text(PAGE, NatpExecuteWmiMethod)
#pragma alloc_text(PAGE, NatpWmiFunctionControl)
#endif
�NTSTATUSNatExecuteSystemControl( PDEVICE_OBJECT DeviceObject, PIRP Irp, PBOOLEAN ShouldComplete ) /*++
Routine Description:
Dispatch routine for System Control IRPs (MajorFunction == IRP_MJ_SYSTEM_CONTROL)
Arguments:
DeviceObject - The device object for the firewall
Irp - Io Request Packet
ShouldComplete - [out] true on exit if the IRP needs to be complete
Return Value:
NT status code
--*/
{ NTSTATUS status; SYSCTL_IRP_DISPOSITION disposition;
CALLTRACE(( "NatExecuteSystemControl\n" ));
*ShouldComplete = FALSE;
//
// Call Wmilib helper function to crack the irp. If this is a wmi irp
// that is targetted for this device then WmiSystemControl will callback
// at the appropriate callback routine.
//
status = WmiSystemControl( &WmilibContext, DeviceObject, Irp, &disposition );
switch(disposition) { case IrpProcessed: { //
// This irp has been processed and may be completed or pending.
//
break; }
case IrpNotCompleted: { //
// This irp has not been completed, but has been fully processed.
// so we need to complete it
//
*ShouldComplete = TRUE; break; }
case IrpNotWmi: { //
// Not an WMI IRP -- just complete it. We don't handle
// IRP_MJ_SYSTEM_CONTROL in any other way
//
*ShouldComplete = TRUE; break; }
case IrpForward: default: { //
// We really should never get here...
//
ASSERT(FALSE); break; } }
if( !NT_SUCCESS( status )) { ERROR(( "NAT: Error (%08x) in NatExecuteSystemControl\n", status )); }
return status;} //NatExecuteSystemControl
�VOIDNatInitializeWMI( VOID )
/*++
Routine Description:
This routine is called to initialize WMI. Arguments:
none.
Return Value:
none.
--*/
{ NTSTATUS status;
CALLTRACE(( "NatInitializeWMI\n" ));
//
// Initialize the spinlock that protects the structure below.
//
KeInitializeSpinLock( &NatWmiLock );
//
// Zero-out the event tracking structure
//
RtlZeroMemory( NatWmiEnabledEvents, sizeof( NatWmiEnabledEvents )); RtlZeroMemory( NatWmiLogHandles, sizeof( NatWmiLogHandles )); //
// Fill in the WMILIB_CONTEXT structure with a pointer to the
// callback routines and a pointer to the list of guids
// supported by the driver
//
WmilibContext.GuidCount = NatWmiGuidCount; WmilibContext.GuidList = NatWmiGuidList; WmilibContext.QueryWmiRegInfo = NatpQueryWmiRegInfo; WmilibContext.QueryWmiDataBlock = NatpQueryWmiDataBlock; WmilibContext.SetWmiDataBlock = NatpSetWmiDataBlock; WmilibContext.SetWmiDataItem = NatpSetWmiDataItem; WmilibContext.ExecuteWmiMethod = NatpExecuteWmiMethod; WmilibContext.WmiFunctionControl = NatpWmiFunctionControl;
//
// Register w/ WMI
//
status = IoWMIRegistrationControl( NatDeviceObject, WMIREG_ACTION_REGISTER );
if( !NT_SUCCESS( status )) { ERROR(( "Nat: Error initializing WMI (%08x)\n", status )); }
} // NatInitializeWMI
�VOIDFASTCALLNatLogConnectionCreation( ULONG LocalAddress, ULONG RemoteAddress, USHORT LocalPort, USHORT RemotePort, UCHAR Protocol, BOOLEAN InboundConnection )
/*++
Routine Description:
This routine is called to log the creation of a TCP/UDP connection (mapping). If this event is not enabled, no action is taken. Arguments:
Return Value:
none.
--*/
{ NTSTATUS Status; KIRQL Irql; UINT64 Logger; ULONG Size; UCHAR Buffer[ sizeof(EVENT_TRACE_HEADER) + sizeof(MSIPNAT_ConnectionCreationEvent) ]; PEVENT_TRACE_HEADER EventHeaderp; PMSIPNAT_ConnectionCreationEvent EventDatap;
CALLTRACE(( "NatLogConnectionCreation\n" ));
if( !NatWmiEnabledEvents[ NAT_WMI_CONNECTION_CREATION_EVENT ] ) { //
// Event not enabled -- exit quickly.
//
TRACE(WMI, ("NatLogConnectionCreation: Event not enabled\n")); return; }
KeAcquireSpinLock( &NatWmiLock, &Irql ); Logger = NatWmiLogHandles[ NAT_WMI_CONNECTION_CREATION_EVENT ]; KeReleaseSpinLock( &NatWmiLock, Irql ); if( Logger ) { //
// Zero out the buffer
//
RtlZeroMemory( Buffer, sizeof( Buffer )); //
// Locate structure locations within the buffer
//
EventHeaderp = (PEVENT_TRACE_HEADER) Buffer; EventDatap = (PMSIPNAT_ConnectionCreationEvent) ((PUCHAR)Buffer + sizeof(EVENT_TRACE_HEADER)); //
// Fill out the event header
//
EventHeaderp->Size = sizeof( Buffer ); EventHeaderp->Version = 0; EventHeaderp->GuidPtr = (ULONGLONG) &ConnectionCreationEventGuid; EventHeaderp->Flags = WNODE_FLAG_TRACED_GUID | WNODE_FLAG_USE_GUID_PTR | WNODE_FLAG_USE_TIMESTAMP; ((PWNODE_HEADER)EventHeaderp)->HistoricalContext = Logger; KeQuerySystemTime( &EventHeaderp->TimeStamp ); //
// Fill out event data
//
EventDatap->LocalAddress = LocalAddress; EventDatap->RemoteAddress = RemoteAddress, EventDatap->LocalPort = LocalPort; EventDatap->RemotePort = RemotePort; EventDatap->Protocol = Protocol; EventDatap->InboundConnection = InboundConnection;
//
// Fire the event. Since this is a trace event and not a standard
// WMI event, IoWMIWriteEvent will not attempt to free the buffer
// passed into it.
//
Status = IoWMIWriteEvent( Buffer ); if( !NT_SUCCESS( Status )) { TRACE( WMI, ("NatLogConnectionCreation: IoWMIWriteEvent returned %08x\n", Status ) ); } } else { TRACE(WMI, ("NatLogConnectionCreation: No logging handle\n")); }
} // NatLogConnectionCreation
�VOIDFASTCALLNatLogConnectionDeletion( ULONG LocalAddress, ULONG RemoteAddress, USHORT LocalPort, USHORT RemotePort, UCHAR Protocol, BOOLEAN InboundConnection )
/*++
Routine Description:
This routine is called to log the deletion of a TCP/UDP connection (mapping). If this event is not enabled, no action is taken. Arguments:
Return Value:
none.
--*/
{ NTSTATUS Status; KIRQL Irql; UINT64 Logger; ULONG Size; UCHAR Buffer[ sizeof(EVENT_TRACE_HEADER) + sizeof(MSIPNAT_ConnectionDeletionEvent) ]; PEVENT_TRACE_HEADER EventHeaderp; PMSIPNAT_ConnectionDeletionEvent EventDatap;
CALLTRACE(( "NatLogConnectionDeletion\n" ));
if( !NatWmiEnabledEvents[ NAT_WMI_CONNECTION_DELETION_EVENT ] ) { //
// Event not enabled -- exit quickly.
//
TRACE(WMI, ("NatLogConnectionDeletion: Event not enabled\n")); return; }
KeAcquireSpinLock( &NatWmiLock, &Irql ); Logger = NatWmiLogHandles[ NAT_WMI_CONNECTION_DELETION_EVENT ]; KeReleaseSpinLock( &NatWmiLock, Irql ); if( Logger ) { //
// Zero out the buffer
//
RtlZeroMemory( Buffer, sizeof( Buffer )); //
// Locate structure locations within the buffer
//
EventHeaderp = (PEVENT_TRACE_HEADER) Buffer; EventDatap = (PMSIPNAT_ConnectionDeletionEvent) ((PUCHAR)Buffer + sizeof(EVENT_TRACE_HEADER)); //
// Fill out the event header
//
EventHeaderp->Size = sizeof( Buffer ); EventHeaderp->Version = 0; EventHeaderp->GuidPtr = (ULONGLONG) &ConnectionDeletionEventGuid; EventHeaderp->Flags = WNODE_FLAG_TRACED_GUID | WNODE_FLAG_USE_GUID_PTR | WNODE_FLAG_USE_TIMESTAMP; ((PWNODE_HEADER)EventHeaderp)->HistoricalContext = Logger; KeQuerySystemTime( &EventHeaderp->TimeStamp ); //
// Fill out event data
//
EventDatap->LocalAddress = LocalAddress; EventDatap->RemoteAddress = RemoteAddress, EventDatap->LocalPort = LocalPort; EventDatap->RemotePort = RemotePort; EventDatap->Protocol = Protocol; EventDatap->InboundConnection = InboundConnection;
//
// Fire the event. Since this is a trace event and not a standard
// WMI event, IoWMIWriteEvent will not attempt to free the buffer
// passed into it.
//
Status = IoWMIWriteEvent( Buffer ); if( !NT_SUCCESS( Status )) { TRACE( WMI, ("NatLogConnectionDeletion: IoWMIWriteEvent returned %08x\n", Status ) ); } } else { TRACE(WMI, ("NatLogConnectionDeletion: No logging handle\n")); }
} // NatLogConnectionDeletion
�VOIDFASTCALLNatLogDroppedPacket( NAT_XLATE_CONTEXT *Contextp )
/*++
Routine Description:
This routine is called to log a dropped packet. If no packet dropped logging events are enabled, the routine will take no action. Arguments:
Contextp - the translation context of the packet
Return Value:
none.
--*/
{ NTSTATUS Status; KIRQL Irql; UINT64 Logger; ULONG Size; IPRcvBuf *PacketBuffer; UCHAR Protocol; UCHAR Buffer[ sizeof(EVENT_TRACE_HEADER) + sizeof(MSIPNAT_PacketDroppedEvent) ]; PEVENT_TRACE_HEADER EventHeaderp; PMSIPNAT_PacketDroppedEvent EventDatap;
CALLTRACE(( "NatLogDroppedPacket\n" ));
if( !NatWmiEnabledEvents[ NAT_WMI_PACKET_DROPPED_EVENT ] ) { //
// Event not enabled -- exit quickly.
//
TRACE(WMI, ("NatLogDroppedPacket: Event not enabled\n")); return; }
//
// Exit if this packet has already been logged
//
if( NAT_XLATE_LOGGED( Contextp )) { TRACE( WMI, ("NatLogDroppedPacket: Duplicate dropped packet log attemp\n" )); return; }
KeAcquireSpinLock( &NatWmiLock, &Irql ); Logger = NatWmiLogHandles[ NAT_WMI_PACKET_DROPPED_EVENT ]; KeReleaseSpinLock( &NatWmiLock, Irql ); if( Logger ) { //
// Zero out the buffer
//
RtlZeroMemory( Buffer, sizeof( Buffer )); //
// Locate structure locations within the buffer
//
EventHeaderp = (PEVENT_TRACE_HEADER) Buffer; EventDatap = (PMSIPNAT_PacketDroppedEvent) ((PUCHAR)Buffer + sizeof(EVENT_TRACE_HEADER)); //
// Fill out the event header
//
EventHeaderp->Size = sizeof( Buffer ); EventHeaderp->Version = 0; EventHeaderp->GuidPtr = (ULONGLONG) &PacketDroppedEventGuid; EventHeaderp->Flags = WNODE_FLAG_TRACED_GUID | WNODE_FLAG_USE_GUID_PTR | WNODE_FLAG_USE_TIMESTAMP; ((PWNODE_HEADER)EventHeaderp)->HistoricalContext = Logger; KeQuerySystemTime( &EventHeaderp->TimeStamp ); //
// Fill out event data
//
Protocol = Contextp->Header->Protocol; EventDatap->SourceAddress = Contextp->SourceAddress; EventDatap->DestinationAddress = Contextp->DestinationAddress; EventDatap->Protocol = Protocol; EventDatap->PacketSize = NTOHS(Contextp->Header->TotalLength);
if( NAT_PROTOCOL_TCP == Protocol || NAT_PROTOCOL_UDP == Protocol ) { EventDatap->SourceIdentifier = ((PUSHORT)Contextp->ProtocolHeader)[0]; EventDatap->DestinationIdentifier = ((PUSHORT)Contextp->ProtocolHeader)[1];
if( NAT_PROTOCOL_TCP == Protocol ) { EventDatap->ProtocolData1 = ((PTCP_HEADER)Contextp->ProtocolHeader)->SequenceNumber; EventDatap->ProtocolData2 = ((PTCP_HEADER)Contextp->ProtocolHeader)->AckNumber; EventDatap->ProtocolData3 = ((PTCP_HEADER)Contextp->ProtocolHeader)->WindowSize; EventDatap->ProtocolData4 = TCP_ALL_FLAGS( (PTCP_HEADER)Contextp->ProtocolHeader ); } } else if( NAT_PROTOCOL_ICMP == Protocol ) { EventDatap->ProtocolData1 = ((PICMP_HEADER)Contextp->ProtocolHeader)->Type; EventDatap->ProtocolData2 = ((PICMP_HEADER)Contextp->ProtocolHeader)->Code; }
//
// Fire the event. Since this is a trace event and not a standard
// WMI event, IoWMIWriteEvent will not attempt to free the buffer
// passed into it.
//
Status = IoWMIWriteEvent( Buffer ); if( !NT_SUCCESS( Status )) { TRACE( WMI, ("NatLogDroppedPacket: IoWMIWriteEvent returned %08x\n", Status ) ); }
Contextp->Flags |= NAT_XLATE_FLAG_LOGGED; } else { TRACE(WMI, ("NatLogDroppedPacket: No logging handle\n")); } } // NatLogDroppedPacket
�NTSTATUSNatpExecuteWmiMethod( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN ULONG GuidIndex, IN ULONG InstanceIndex, IN ULONG MethodId, IN ULONG InBufferSize, IN ULONG OutBufferSize, IN PUCHAR Buffer ) /*++
Routine Description:
This routine is a callback into the driver to execute a method. If the driver can complete the method within the callback it should call WmiCompleteRequest to complete the irp before returning to the caller. Or the driver can return STATUS_PENDING if the irp cannot be completed immediately and must then call WmiCompleteRequest once the data is changed.
Arguments:
DeviceObject is the device whose method is being executed
Irp is the Irp that makes this request
GuidIndex is the index into the list of guids provided when the device registered
MethodId has the id of the method being called
InBufferSize has the size of the data block passed in as the input to the method.
OutBufferSize on entry has the maximum size available to write the returned data block.
Buffer is filled with the input buffer on entry and returns with the output data block
Return Value:
status
--*/
{ NTSTATUS status;
PAGED_CODE();
CALLTRACE(( "NatpExecuteWmiMethod\n" )); status = WmiCompleteRequest( DeviceObject, Irp, STATUS_WMI_GUID_NOT_FOUND, 0, IO_NO_INCREMENT );
return status;} // NatpExecuteWmiMethod
�NTSTATUSNatpQueryWmiDataBlock( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN ULONG GuidIndex, IN ULONG InstanceIndex, IN ULONG InstanceCount, IN OUT PULONG InstanceLengthArray, IN ULONG BufferAvail, OUT PUCHAR Buffer ) /*++
Routine Description:
This routine is a callback into the driver to query for the contents of all instances of a data block. If the driver can satisfy the query within the callback it should call WmiCompleteRequest to complete the irp before returning to the caller. Or the driver can return STATUS_PENDING if the irp cannot be completed immediately and must then call WmiCompleteRequest once the query is satisfied.
Arguments:
DeviceObject is the device whose data block is being queried
Irp is the Irp that makes this request
GuidIndex is the index into the list of guids provided when the device registered
InstanceCount is the number of instances expected to be returned for the data block.
InstanceLengthArray is a pointer to an array of ULONG that returns the lengths of each instance of the data block. If this is NULL then there was not enough space in the output buffer to fufill the request so the irp should be completed with the buffer needed.
BufferAvail on entry has the maximum size available to write the data blocks.
Buffer on return is filled with the returned data blocks. Note that each instance of the data block must be aligned on a 8 byte boundry.
Return Value:
status
--*/
{ NTSTATUS status;
PAGED_CODE();
CALLTRACE(( "NatpQueryWmiDataBlock\n" )); status = WmiCompleteRequest( DeviceObject, Irp, STATUS_WMI_GUID_NOT_FOUND, 0, IO_NO_INCREMENT );
return status;} // NatpQueryWmiDataBlock
�NTSTATUSNatpQueryWmiRegInfo( IN PDEVICE_OBJECT DeviceObject, OUT ULONG *RegFlags, OUT PUNICODE_STRING InstanceName, OUT PUNICODE_STRING *RegistryPath, OUT PUNICODE_STRING MofResourceName, OUT PDEVICE_OBJECT *Pdo ) /*++
Routine Description:
This routine is a callback into the driver to retrieve the list of guids or data blocks that the driver wants to register with WMI. This routine may not pend or block. Driver should NOT call WmiCompleteRequest.
Arguments:
DeviceObject is the device whose registration info is being queried
*RegFlags returns with a set of flags that describe the guids being registered for this device. If the device wants enable and disable collection callbacks before receiving queries for the registered guids then it should return the WMIREG_FLAG_EXPENSIVE flag. Also the returned flags may specify WMIREG_FLAG_INSTANCE_PDO in which case the instance name is determined from the PDO associated with the device object. Note that the PDO must have an associated devnode. If WMIREG_FLAG_INSTANCE_PDO is not set then Name must return a unique name for the device.
InstanceName returns with the instance name for the guids if WMIREG_FLAG_INSTANCE_PDO is not set in the returned *RegFlags. The caller will call ExFreePool with the buffer returned.
*RegistryPath returns with the registry path of the driver. The caller does NOT free this buffer.
*MofResourceName returns with the name of the MOF resource attached to the binary file. If the driver does not have a mof resource attached then this can be returned as NULL. The caller does NOT free this buffer.
*Pdo returns with the device object for the PDO associated with this device if the WMIREG_FLAG_INSTANCE_PDO flag is retured in *RegFlags.
Return Value:
status
--*/
{ PAGED_CODE();
CALLTRACE(( "NatpQueryWmiRegInfo\n" )); //
// Return the registry path for this driver. This is required so WMI
// can find your driver image and can attribute any eventlog messages to
// your driver.
//
*RegistryPath = &NatRegistryPath;
//
// Return the name specified in the .rc file of the resource which
// contains the bianry mof data. By default WMI will look for this
// resource in the driver image (.sys) file, however if the value
// MofImagePath is specified in the driver's registry key
// then WMI will look for the resource in the file specified there.
//
RtlInitUnicodeString(MofResourceName, IPNATMofResource);
//
// Tell WMI to generate instance names off of a static base name
//
*RegFlags = WMIREG_FLAG_INSTANCE_BASENAME;
//
// Set our base instance name. WmiLib will call ExFreePool on the buffer
// of the string, so we need to allocate it from paged pool.
//
InstanceName->Length = wcslen( BaseInstanceName ) * sizeof( WCHAR ); InstanceName->MaximumLength = InstanceName->Length + sizeof( UNICODE_NULL ); InstanceName->Buffer = ExAllocatePoolWithTag( PagedPool, InstanceName->MaximumLength, NAT_TAG_WMI ); if( NULL != InstanceName->Buffer ) { RtlCopyMemory( InstanceName->Buffer, BaseInstanceName, InstanceName->Length ); } else { ERROR(( "NAT: NatpQueryWmiRegInfo unable to allocate memory\n" )); return STATUS_NO_MEMORY; } return STATUS_SUCCESS;} // NatpQueryWmiRegInfo
�NTSTATUSNatpSetWmiDataBlock( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN ULONG GuidIndex, IN ULONG InstanceIndex, IN ULONG BufferSize, IN PUCHAR Buffer ) /*++
Routine Description:
This routine is a callback into the driver to change the contents of a data block. If the driver can change the data block within the callback it should call WmiCompleteRequest to complete the irp before returning to the caller. Or the driver can return STATUS_PENDING if the irp cannot be completed immediately and must then call WmiCompleteRequest once the data is changed.
Arguments:
DeviceObject is the device whose data block is being queried
Irp is the Irp that makes this request
GuidIndex is the index into the list of guids provided when the device registered
BufferSize has the size of the data block passed
Buffer has the new values for the data block
Return Value:
status
--*/
{ NTSTATUS status;
PAGED_CODE();
CALLTRACE(( "NatpSetWmiDataBlock\n" ));
status = WmiCompleteRequest( DeviceObject, Irp, STATUS_WMI_GUID_NOT_FOUND, 0, IO_NO_INCREMENT );
return status;} // NatpSetWmiDataBlock
�NTSTATUSNatpSetWmiDataItem( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN ULONG GuidIndex, IN ULONG InstanceIndex, IN ULONG DataItemId, IN ULONG BufferSize, IN PUCHAR Buffer ) /*++
Routine Description:
This routine is a callback into the driver to change the contents of a data block. If the driver can change the data block within the callback it should call WmiCompleteRequest to complete the irp before returning to the caller. Or the driver can return STATUS_PENDING if the irp cannot be completed immediately and must then call WmiCompleteRequest once the data is changed.
Arguments:
DeviceObject is the device whose data block is being changed
Irp is the Irp that makes this request
GuidIndex is the index into the list of guids provided when the device registered
DataItemId has the id of the data item being set
BufferSize has the size of the data item passed
Buffer has the new values for the data item
Return Value:
status
--*/
{ NTSTATUS status;
PAGED_CODE();
CALLTRACE(( "NatpSetWmiDataItem\n" )); status = WmiCompleteRequest( DeviceObject, Irp, STATUS_WMI_GUID_NOT_FOUND, 0, IO_NO_INCREMENT );
return status;} // NatpSetWmiDataItem
�NTSTATUSNatpWmiFunctionControl( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN ULONG GuidIndex, IN WMIENABLEDISABLECONTROL Function, IN BOOLEAN Enable ) /*++
Routine Description:
This routine is a callback into the driver to enabled or disable event generation or data block collection. A device should only expect a single enable when the first event or data consumer enables events or data collection and a single disable when the last event or data consumer disables events or data collection. Data blocks will only receive collection enable/disable if they were registered as requiring it. If the driver can complete enabling/disabling within the callback it should call WmiCompleteRequest to complete the irp before returning to the caller. Or the driver can return STATUS_PENDING if the irp cannot be completed immediately and must then call WmiCompleteRequest once the data is changed.
Arguments:
DeviceObject is the device object
GuidIndex is the index into the list of guids provided when the device registered
Function specifies which functionality is being enabled or disabled
Enable is TRUE then the function is being enabled else disabled
Return Value:
status
--*/
{ NTSTATUS status = STATUS_SUCCESS; PIO_STACK_LOCATION IrpSp; PUINT64 Loggerp; UINT64 Logger; KIRQL Irql;
PAGED_CODE();
CALLTRACE(( "NatpWmiFunctionControl\n" ));
if( WmiEventControl == Function ) { if( GuidIndex < NatWmiGuidCount ) { if( Enable ) { //
// Get the logger handle from the Irp
//
IrpSp = IoGetCurrentIrpStackLocation( Irp );
//
// The logging handle is in the first UINT64 following the
// WNODE header.
//
if( ((PWNODE_HEADER)IrpSp->Parameters.WMI.Buffer)->BufferSize >= sizeof(WNODE_HEADER) + sizeof(UINT64) ) { Loggerp = (PUINT64) ((PUCHAR)IrpSp->Parameters.WMI.Buffer + sizeof(WNODE_HEADER)); Logger = *Loggerp; } else { TRACE(WMI, ("NatpWmiFunctionControl: Wnode too small for logger handle\n")); Logger = 0; Enable = FALSE; } } else { Logger = 0; }
KeAcquireSpinLock( &NatWmiLock, &Irql ); NatWmiLogHandles[ GuidIndex ] = Logger; NatWmiEnabledEvents[ GuidIndex ] = (Enable ? 1 : 0);
if( NAT_WMI_CONNECTION_CREATION_EVENT == GuidIndex ) { //
// NAT_WMI_CONNECTION_CREATION_EVENT is the control guid for
// NAT_WMI_CONNECTION_DELETION_EVENT, so we also need to update
// that latter's entry
//
NatWmiLogHandles[ NAT_WMI_CONNECTION_DELETION_EVENT ] = Logger; NatWmiEnabledEvents[ NAT_WMI_CONNECTION_DELETION_EVENT ] = (Enable ? 1 : 0); }
KeReleaseSpinLock( &NatWmiLock, Irql );
TRACE( WMI, ("NatpWmiFunctionControl: %s event %i; Logger = 0x%016x\n", (Enable ? "Enabled" : "Disabled"), GuidIndex, Logger )); } else { //
// Invalid guid index.
//
status = STATUS_WMI_GUID_NOT_FOUND;
TRACE( WMI, ( "NatpWmiFunctionControl: Invalid WMI guid %i", GuidIndex )); } } else { //
// We currently don't have any (expensive) data blocks
//
status = STATUS_INVALID_DEVICE_REQUEST; }
status = WmiCompleteRequest( DeviceObject, Irp, status, 0, IO_NO_INCREMENT ); return status;} // NatpWmiFunctionControl
�VOIDNatShutdownWMI( VOID )
/*++
Routine Description:
This routine is called to shutdown WMI. Arguments:
none.
Return Value:
none.
--*/
{ NTSTATUS status;
CALLTRACE(( "NatShutdownWMI\n" ));
//
// Deregister w/ WMI
//
status = IoWMIRegistrationControl( NatDeviceObject, WMIREG_ACTION_DEREGISTER );
if( !NT_SUCCESS( status )) { ERROR(( "Nat: Error shutting down WMI (%08x)\n", status )); }
} // NatShutdownWMI
#endif
|
