I try to use Nagar’s SFilter sample as a start for my file filter,but I
have some problems(I have Softice running if this info helps you):
-
The driver doesnt want to load at boot time but it loads at system time
(what’s so special with boot time loading devices?I see that NTice.sys from
Softice loads ok.)
-
After I load my checked driver at system time when I open files I dont
receive all DbgPrints from my dispatch routine or from SFilterCreate
(IRP_MJ_CREATE) . Why? I know that for any file activity I should receive
at least one IRP(e.g. I open a txt file from my desktop and I receive no
message in my debugger)
-
Could I get a handle from Ring3 (with CreateFile) of my system time
loaded device for future sending of messages with DeviceIoControl ?I try to
do this :
hndFile = CreateFile(
“\\.\SFilter”,
GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,
0,NULL);
but I receive hndFile=INVALID_HANDLE
On Tue, 21 Mar 2000 xxxxx@excite.com wrote:
I try to use Nagar’s SFilter sample as a start for my file filter,
- The driver doesnt want to load at boot time but it loads at system time
(what’s so special with boot time loading devices?I see that NTice.sys from
Softice loads ok.)
This is an issue that has come up before for that driver:
If you are using the registry settings that comes with his sample it wont
load at boot time because the ImagePath is expressed in a way that is not
valid yet. Change the ImagePath to a valid value or remove it and put the
driver in the default place.
Bo Branten
> hndFile = CreateFile(
“\\.\SFilter”,
You’ll need to register a symbolic link “\DosDevices\SFilter” to your device
object for this code to work.
Max
Thanks,but I already registered a dos link as you said, but it doesnt
work.In fact I want to get a handle of a device driver which is loaded into
memory.How to do that?