Ntifs.h or ntddk.h ?

Hi,

I have a PNP KMDF driver but I need functions that are only defined in NTIFS.H. Can i replace NTDDK.H with NTIFS.H or can I copy/paste prototypes and typedefs ?

I read once that NTIFS.H is reserved for filter and filesystems drivers. Is that correct ?

Thank you.

xxxxx@outlook.com wrote:

I have a PNP KMDF driver but I need functions that are only defined in
NTIFS.H. Can i replace NTDDK.H with NTIFS.H or can I copy/paste
prototypes and typedefs ?

I read once that NTIFS.H is reserved for filter and filesystems
drivers. Is that correct ?

It would have been much quicker for you to try this yourself.

Drivers are all the same. The kernel doesn’t have any clue whether a
given piece of code is part of a USB driver or a file system filter
driver. Everything in ntifs.h is available to any driver.

The only reason ntifs.h is separate is that, historically, you had to
pay extra to get the “file system DDK”.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

You can include both. Macros in the header files will make sure it compiles
clean.

On Thu, May 4, 2017 at 2:51 PM Tim Roberts wrote:

> xxxxx@outlook.com wrote:
> >
> >
> > I have a PNP KMDF driver but I need functions that are only defined in
> > NTIFS.H. Can i replace NTDDK.H with NTIFS.H or can I copy/paste
> > prototypes and typedefs ?
> >
> >
> >
> > I read once that NTIFS.H is reserved for filter and filesystems
> > drivers. Is that correct ?
> >
>
> It would have been much quicker for you to try this yourself.
>
> Drivers are all the same. The kernel doesn’t have any clue whether a
> given piece of code is part of a USB driver or a file system filter
> driver. Everything in ntifs.h is available to any driver.
>
> The only reason ntifs.h is separate is that, historically, you had to
> pay extra to get the “file system DDK”.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: <
> http://www.osronline.com/showlists.cfm?list=ntdev&gt;
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:>

Thank you all for your replies.

Tim’s right, historically speaking.

Ntifs.h includes NTDDK.h which includes WDM.h – the headers are now separate for more than historical reasons.

In the modern era (since the death of Win9x), WDM.h contains the set of functions that are the “recommended” and “forward moving” interfaces for Windows driver development. This is not the original use of WDM,h but it’s who it evolved.

NTDDK.h contains legacy DDIs, and DDIs that are generally to be avoided. I often describe many of the functions prototyped here as “bug bait” – functions that seem innocent and useful, but will bit the unsuspecting driver dev (MmIsAddressValideing my go-to example).

NTIFS.h contains definitions that should generally on be required by file systems… in fact, a number of functions defined this header are really only useful, valid, or supported for use by file systems.

There’s no harm done by using functions from any of these header files in any driver, so long as you carefully read the docs and you’re careful.

Peter
OSR
@OSRDrivers