using Windows Filtering Platform in Kernel Driver
https://stackoverflow.com/questions/8710253
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
We recently added Windows Filtering Platform capabilities to our driver.
We managed to get the information we required from the wfp with no problem, but the problem is during the boot process - eversince we added the wfp capabilities, machines using the driver cannot boot - they get a deadlock (the computer's "stuck" in the splash screen).
We figured its probably because our driver is dependent only on FltMgr and is probably loaded before the wfp framework is loaded (TcpStack?).
My question is - is there a way to ask the Service Manager or any other authority whether or not the wfp framework is loaded? or even further - what is the drivers wfp is dependent on? (so I could check if they are loaded before starting using it)
Solution
Here is what I do in DriverEntry.
//
// Wait for the WFP engine to be ready.
//
FWPM_SERVICE_STATE bfeState;
bfeState = FwpmBfeStateGet0();
if (bfeState != FWPM_SERVICE_RUNNING)
{
WaitTime.QuadPart = (-5000000); // wait 500000us (500ms) relative
do {
KeDelayExecutionThread (KernelMode, FALSE, &WaitTime);
bfeState = FwpmBfeStateGet0();
WaitCycles--;
} while (bfeState != FWPM_SERVICE_RUNNING && WaitCycles > 0);
}
if (bfeState != FWPM_SERVICE_RUNNING)
{
// log and error handling
}
