Hi,
I am trying to implement a Windows Filtering Platform callout driver to document information on a network. I am gathering the information with a callout in kernel mode. I want to be able to send this information to the user mode to process the information retrieved. I have looked into a few ways to so this. I have looked into inverted calls, shared events, named pipes, and shared memory. I will need to be able to send a lot of information a lot of times from the kernel mode to the user mode. Does anyone have any suggestions of a technique to use in this situation or any helpful hints or more information on a particular way to do this?
Please correct me if I have interpreted something wrong, but what I have gotten so far is that shared events are basically like inverted calls, but contain separate calls for the signaling of an event to process and then a call to retrieve the information. Shared memory does not seem ideal in this situation. Named pipes are an undocumented feature that could cause problems in my driver along the line and shouldnt be used. Inverted calls seem to be most widely used.
Thank you for your help.