I have built a WFP callout driver which runs in kernel mode. Now, I'm trying to figure out how to communicate between this driver and my GUI application which runs in user-mode. Any ideas?

Exactly what I want is something like this:

1. The callout driver detects an incomming connection on port 4444 (This is not part of my question)
2. The drivers send a message to the user-mode app.
3. The app shows a notification to the user and asks it if we should accept/block the connection.
4. The user-mode app sends back the user's response to the callout driver.

Thanks!

I agree with LordDoskias. You need to create a device object and make it available to the Win32 realm. Then you can use CreateFile, ReadFile, WriteFile and the already mentioned DeviceIoControl to send requests.

In order to get notifications from the driver to the application, you can use the so-called inverted call model. You send down some IRPs (via one of the mentioned mechanisms) and do that in an asynchronous manner (or in separate threads). Then, the driver keeps them dangling until it has to notify the user mode component about something and then returns the completed IRP. Alternative methods are to set some event and have the UM request whatever the driver keeps in some kind of queue...

The gist is, there is no direct way that the driver can send some message to the user mode application.

Check this API call - DeviceIoControl

Essentially what you would do is register the driver in the object manager, then your GUI application will be able to open it and send different commands and data (there are buffers to do that) and then you have to send some custom made IOCTL code (check with the WDK manual).

If your driver is registered as a minifilter driver, you can use minifilter communication functions, such as FltSendMessage.

Otherwise, you can use the DeviceIoControl function as it was already suggested by the other users.