问题
We recently added Windows Filtering Platform capabilities to our driver.
We managed to get the information we required from the wfp with no problem, but the problem is during the boot process - eversince we added the wfp capabilities, machines using the driver cannot boot - they get a deadlock (the computer's "stuck" in the splash screen).
We figured its probably because our driver is dependent only on FltMgr and is probably loaded before the wfp framework is loaded (TcpStack?).
My question is - is there a way to ask the Service Manager or any other authority whether or not the wfp framework is loaded? or even further - what is the drivers wfp is dependent on? (so I could check if they are loaded before starting using it)
回答1:
Here is what I do in DriverEntry.
//
// Wait for the WFP engine to be ready.
//
FWPM_SERVICE_STATE bfeState;
bfeState = FwpmBfeStateGet0();
if (bfeState != FWPM_SERVICE_RUNNING)
{
WaitTime.QuadPart = (-5000000); // wait 500000us (500ms) relative
do {
KeDelayExecutionThread (KernelMode, FALSE, &WaitTime);
bfeState = FwpmBfeStateGet0();
WaitCycles--;
} while (bfeState != FWPM_SERVICE_RUNNING && WaitCycles > 0);
}
if (bfeState != FWPM_SERVICE_RUNNING)
{
// log and error handling
}
来源:https://stackoverflow.com/questions/8710253/using-windows-filtering-platform-in-kernel-driver