Afd.sys - Ancillary Function Driver for WinSock.
Tdx.sys - TDI Translation Driver.
Another producer (Tdx.sys) - consumer (Afd.sys) pattern (as in TcpConnectionCallbackTemp). Inside Tdx.sys callback object creation is governed by TdxInitializeTransportAddressModule function and all notifications (4 call references) on this object are triggered from TdxActivateTransportAddress function. Afd.sys registers a callback named AfdTdxCallbackRoutine inside AfdTdxInitCallback function. What is the consumer receiving as Argument1 and Argument2(see CallbackFunction) when the callback object is notified?
Argument1is of typestruct _ECP_LIST *.Argument2is used as an output argument (communication channel), through whichAfd.syspasses back data toTdx.sys. Here we can see that the authors are abusing the definition of the CallbackFunction which in the documentation hasINSAL annotation, but here is used as anOUTparameter.
Argument1 can be useful in a call to FsRtlFindExtraCreateParameter (that's the use case in afd.sys), where the ECP context structure is obtained through using an appropriate GUID (like ones listed in System-Defined ECPs). Last note, afd.sys uses the following GUID: d37479c1-4502-a067-0e35-2e8cd59134f5.