Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2004 Microsoft Corporation. All rights reserved. 1 User / Kernel Communication Model.

Published byCurtis Caldwell Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2004 Microsoft Corporation. All rights reserved. 1 User / Kernel Communication Model."— Presentation transcript:

1 © 2004 Microsoft Corporation. All rights reserved. 1 User / Kernel Communication Model

2 © 2004 Microsoft Corporation. All rights reserved. 2 Advantages Bi-directional messaging facility Minifilter defines the security on the channel Fast User-to-Kernel messaging, no buffering Efficient Kernel-to-User messaging with the capability for user mode to reply back to the filter. Can associate I/O completion ports for Kernel-to-User communication

3 © 2004 Microsoft Corporation. All rights reserved. 3 Communication Ports Filter creates a named communication port Filter implicitly begins to listen for incoming connections on the port Connection will be denied if user doesn’t have sufficient access as specified by security descriptor on listener port Each connection to the listener port gets its own message queue and private endpoints

4 © 2004 Microsoft Corporation. All rights reserved. 4 Communication Ports (cont’d) Closing either endpoint (kernel/user) terminates that connection Closing listener port handle prevents future connections Existing connections will not be terminated Unload safe When minifilter unloads, Filter manager forcibly terminates existing connections

5 © 2004 Microsoft Corporation. All rights reserved. 5 Creating Communication Port Minifilter creates a named port with: FltCreateCommunicationPort( IN PFLT_FILTER Filter, OUT PFLT_PORT *ServerPort, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PVOID ServerPortCookie OPTIONAL, IN PFLT_CONNECT_NOTIFY ConnectNotifyCallback, IN PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback, IN PFLT_MESSAGE_NOTIFY MessageNotifyCallback, IN ULONG MaxConnections); Minifilter closes named port with: FltCloseCommunicationPort()

6 © 2004 Microsoft Corporation. All rights reserved. 6 Establishing a Connection from User-Mode Application connects to named port with: FilterConnectCommunicationPort( IN LPCWSTR lpPortName, IN DWORD dwOptions, IN LPVOID lpContext OPTIONAL, IN WORD wSizeOfContext, IN LPSECURITY_ATTRIBUTES lpSecurityAttributes OPTIONAL, OUT HANDLE *hPort); Application disconnects from named port with: CloseHandle()

7 © 2004 Microsoft Corporation. All rights reserved. 7 Establishing a Connection (cont’d) User connect triggers ConnectNotify() callback in minifilter Receives a handle to the new connection just created On return, user-mode receives a separate handle representing its endpoint to the connection User-mode handle is a file handle Can be used to associate I/O completion ports

8 © 2004 Microsoft Corporation. All rights reserved. 8 User-to-Kernel Messaging FilterSendMessage() Sends synchronous message from user to kernel Minifilter receives message via MessageNotify() callback Buffers are raw user buffers Must use try-except(), probe/capture, etc., to safely access buffers

9 © 2004 Microsoft Corporation. All rights reserved. 9 Kernel-to-User Messaging FltSendMessage() Sends message to waiting user-mode receiver Can block if no user-mode receivers are available Timeout may be specified, use with care FilterGetMessage() Called by user mode application to receive a message from the minifilter Recommend that you use overlapped structure to issue multiple asynchronous gets FilterReplyMessage() Applications reply to a specific message Requires agreed upon message protocol between application and minifilter

10 © 2004 Microsoft Corporation. All rights reserved. 10 Terminating a Connection User-mode close of handle triggers DisconnectNotify() in minifilter Filter then calls FltCloseClientPort() to finish closing the connection Minifilter unload also triggers DisconnectNotify()

11 © 2004 Microsoft Corporation. All rights reserved. 11 Sample Look at Scanner minifilter sample

Download ppt "© 2004 Microsoft Corporation. All rights reserved. 1 User / Kernel Communication Model."

Similar presentations

1 Symbian Client Server Architecture. 2 Client, who (a software module) needs service from service provider (another software module) Server, who provide.

1 Symbian Client Server Architecture. 2 Client, who (a software module) needs service from service provider (another software module) Server, who provide.
Processes Management.

Processes Management.
Sockets Programming Network API Socket Structures Socket Functions

Sockets Programming Network API Socket Structures Socket Functions
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Lecture 2b Sockets Erick Pranata © Sekolah Tinggi Teknik Surabaya 1.

Lecture 2b Sockets Erick Pranata © Sekolah Tinggi Teknik Surabaya 1.
© Janice Regan, CMPT 128, 2007-2012 CMPT 371 Data Communications and Networking Socket Programming 0.

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Socket Programming 0.
Interprocess Communications

Interprocess Communications
Generic Transport Service Primitives Listen –notify Transport layer a call is expected Connect –establish Transport layer connection Send (or Write) Receive.

Generic Transport Service Primitives Listen –notify Transport layer a call is expected Connect –establish Transport layer connection Send (or Write) Receive.
Socket Programming.

Socket Programming.
1 Generic Transport Service Primitives Listen –notify Transport layer a call is expected Connect –establish Transport layer connection Send (or Write)

1 Generic Transport Service Primitives Listen –notify Transport layer a call is expected Connect –establish Transport layer connection Send (or Write)
I/O Hardware n Incredible variety of I/O devices n Common concepts: – Port – connection point to the computer – Bus (daisy chain or shared direct access)

I/O Hardware n Incredible variety of I/O devices n Common concepts: – Port – connection point to the computer – Bus (daisy chain or shared direct access)
7-1 JMH Associates © 2003, All rights reserved Designing and Developing Reliable, Scaleable Multithreaded Windows Applications Chapter 10 Supplement Advanced.

7-1 JMH Associates © 2003, All rights reserved Designing and Developing Reliable, Scaleable Multithreaded Windows Applications Chapter 10 Supplement Advanced.
USER LEVEL INTERPROCESS COMMUNICATION FOR SHARED MEMORY MULTIPROCESSORS Presented by Elakkiya Pandian CS 533 OPERATING SYSTEMS – SPRING 2011 Brian N. Bershad.

USER LEVEL INTERPROCESS COMMUNICATION FOR SHARED MEMORY MULTIPROCESSORS Presented by Elakkiya Pandian CS 533 OPERATING SYSTEMS – SPRING 2011 Brian N. Bershad.
Socket Addresses. Domains Internet domains –familiar with these Unix domains –for processes communicating on the same hosts –not sure of widespread use.

Socket Addresses. Domains Internet domains –familiar with these Unix domains –for processes communicating on the same hosts –not sure of widespread use.
1 Nonblocking I/O Nonblocking reads and writes Buffers enabling overlapped nonblocking I/O Nonblocking connect.

1 Nonblocking I/O Nonblocking reads and writes Buffers enabling overlapped nonblocking I/O Nonblocking connect.
1 I/O Management in Representative Operating Systems.

1 I/O Management in Representative Operating Systems.
Message-Oriented Communication Synchronous versus asynchronous communications Message-Queuing System Message Brokers Example: IBM MQSeries 02 – 26 Communication/2.4.

Message-Oriented Communication Synchronous versus asynchronous communications Message-Queuing System Message Brokers Example: IBM MQSeries 02 – 26 Communication/2.4.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Interprocess Communication. Process Concepts Last class.

Interprocess Communication. Process Concepts Last class.
© Microsoft Corporation1 Windows Kernel Internals Lightweight Procedure Calls David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation.

© Microsoft Corporation1 Windows Kernel Internals Lightweight Procedure Calls David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation.

Similar presentations

Ads by Google