Where is there a description of the requirements of how to load a file
system filter driver during boot and/or system time for the purpose of
filtering all files opened on the system disk?
An existing driver that currently loads at auto does not even start when the
startup type is changed to boot. No reasons are given when the driver does
not start just that it could not be started.
How does the driver get loaded?
How does it get attached to the system disk?
Thanks,
Ken
Start = 0
Type = 1
ErrorControl = 0
Group = filter
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: Ken Galipeau
To: Windows File Systems Devs Interest List
Sent: Wednesday, August 25, 2004 5:46 AM
Subject: [ntfsd] Boot and System Time Drivers
Where is there a description of the requirements of how to load a file system filter driver during boot and/or system time for the purpose of filtering all files opened on the system disk?
An existing driver that currently loads at auto does not even start when the startup type is changed to boot. No reasons are given when the driver does not start just that it could not be started.
How does the driver get loaded?
How does it get attached to the system disk?
Thanks,
Ken
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
I made the changes you indicated. Also removed the depends on Group and
Service. Now, not only does it not start but there is no error in the event
log that it couldn’t be started.
To filter all files on the systems disk does it have to load at boot ro will
loading as system be enough.
Thanks,
Ken
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Wednesday, August 25, 2004 7:08 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Boot and System Time Drivers
Start = 0
Type = 1
ErrorControl = 0
Group = filter
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com mailto:xxxxx
http://www.storagecraft.com http:
----- Original Message -----
From: Ken Galipeau mailto:xxxxx
To: Windows File mailto:xxxxx Systems Devs Interest List
Sent: Wednesday, August 25, 2004 5:46 AM
Subject: [ntfsd] Boot and System Time Drivers
Where is there a description of the requirements of how to load a file
system filter driver during boot and/or system time for the purpose of
filtering all files opened on the system disk?
An existing driver that currently loads at auto does not even start when the
startup type is changed to boot. No reasons are given when the driver does
not start just that it could not be started.
How does the driver get loaded?
How does it get attached to the system disk?
Thanks,
Ken
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com</mailto:xxxxx></mailto:xxxxx></http:></mailto:xxxxx>
Ken,
There are two fundamental registry keys that control load ordering
within a given system startup pass:
HKLM\System\CurrentControlSet\Control\ServiceGroupOrder
HKLM\System\CurrentControlSet\GroupOrderList
The first lists the order in which groups are loaded, the second lists
the order of the tag values within a single group are loaded.
During system startup, the OS loads explicitly enumerated drivers (like
file systems) at one of two times: boot time or system start time. The
third option (automatic) is actually loaded by the Service Control
Manager (and SCM is the component that uses the DependOnXxx values). In
parallel, the plug and play manager loads discovered components as well.
File systems never fall into this latter category.
A “boot start” driver is loaded by the OS loader phase. The goal for
boot start is to load the OS, hal and ALL drivers necessary to boot the
OS into memory. Thus, the registry is actually read by the loader and
the appropriate drivers loaded. At the end of system initialization,
the boot start drivers must provide sufficient access to the boot file
system in order to allow the later stages of OS loading to continue. A
“system start” driver is loaded by the OS through the file system driver
If your driver is not starting AND you do not get an event log message,
my guess is you have a problem in the registry key. I’ve seen this
happen (for instance) when booting from a FAT volume with a driver that
has a non-8.3 compliant name. It can also occur if the ImagePath value
is set to a path that does not exist at boot time (safest: don’t use an
Image Path and put your driver in the usual place. Some drivers DO use
a path. For example, the ACPI driver on my system has an ImagePath
value of System32\DRIVERS\ACPI.sys and that presumably works.)
I hope this helps. I know we’ve written about this before, but the DDK
doesn’t emphasize this anymore because device drivers typically are
loaded via the PnP mechanism - and that doesn’t apply to file system
drivers.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
Looking forward to seeing you at the Next OSR File Systems Class October
18, 2004 in Silicon Valley!
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ken Galipeau
Sent: Wednesday, August 25, 2004 12:01 PM
To: ntfsd redirect
Subject: RE: [ntfsd] Boot and System Time Drivers
I made the changes you indicated. Also removed the depends on Group and
Service. Now, not only does it not start but there is no error in the
event log that it couldn’t be started.
To filter all files on the systems disk does it have to load at boot ro
will loading as system be enough.
Thanks,
Ken
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Wednesday, August 25, 2004 7:08 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Boot and System Time Drivers
Start = 0
Type = 1
ErrorControl = 0
Group = filter
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: Ken Galipeau mailto:xxxxx
To: Windows File Systems Devs Interest List
mailto:xxxxx
Sent: Wednesday, August 25, 2004 5:46 AM
Subject: [ntfsd] Boot and System Time Drivers
Where is there a description of the requirements of how to load
a file system filter driver during boot and/or system time for the
purpose of filtering all files opened on the system disk?
An existing driver that currently loads at auto does not even
start when the startup type is changed to boot. No reasons are given
when the driver does not start just that it could not be started.
How does the driver get loaded?
How does it get attached to the system disk?
Thanks,
Ken
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag
argument: ‘’
To unsubscribe send a blank email to
xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com</mailto:xxxxx></mailto:xxxxx>
Thanks Tony!
Just what I needed and more!
The immediate problem was the ImagePath.
I currently do not have the two keys mentioned below defined, however, it
seems to be working fine.
Max had only mentioned “Group” which is currently set to ‘filter’.
For filter ‘boot’ loading, what should the settings be to see all the opens?
Thanks,
Ken
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tony Mason
Sent: Wednesday, August 25, 2004 12:24 PM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Boot and System Time Drivers
Ken,
There are two fundamental registry keys that control load ordering within a
given system startup pass:
HKLM\System\CurrentControlSet\Control\ServiceGroupOrder
HKLM\System\CurrentControlSet\GroupOrderList
The first lists the order in which groups are loaded, the second lists the
order of the tag values within a single group are loaded.
During system startup, the OS loads explicitly enumerated drivers (like file
systems) at one of two times: boot time or system start time. The third
option (automatic) is actually loaded by the Service Control Manager (and
SCM is the component that uses the DependOnXxx values). In parallel, the
plug and play manager loads discovered components as well. File systems
never fall into this latter category.
A “boot start” driver is loaded by the OS loader phase. The goal for boot
start is to load the OS, hal and ALL drivers necessary to boot the OS into
memory. Thus, the registry is actually read by the loader and the
appropriate drivers loaded. At the end of system initialization, the boot
start drivers must provide sufficient access to the boot file system in
order to allow the later stages of OS loading to continue. A “system
start” driver is loaded by the OS through the file system driver - so if you
are loading as a system start driver it is too late if you want to see every
file opened. Max’s suggestion is correct (although brief on the
explanation of why) because he loads as a boot start driver. His choice of
a load group may or may not work for your filter, depending upon the OS
version. For example, on my XP SP2 system, filter loads AFTER all of the
enumerated file system filter groups but before boot file system.
If your driver is not starting AND you do not get an event log message, my
guess is you have a problem in the registry key. I’ve seen this happen (for
instance) when booting from a FAT volume with a driver that has a non-8.3
compliant name. It can also occur if the ImagePath value is set to a path
that does not exist at boot time (safest: don’t use an Image Path and put
your driver in the usual place. Some drivers DO use a path. For example,
the ACPI driver on my system has an ImagePath value of
System32\DRIVERS\ACPI.sys and that presumably works.)
I hope this helps. I know we’ve written about this before, but the DDK
doesn’t emphasize this anymore because device drivers typically are loaded
via the PnP mechanism - and that doesn’t apply to file system drivers.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com http:
Looking forward to seeing you at the Next OSR File Systems Class October 18,
2004 in Silicon Valley!
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Ken Galipeau
Sent: Wednesday, August 25, 2004 12:01 PM
To: ntfsd redirect
Subject: RE: [ntfsd] Boot and System Time Drivers
I made the changes you indicated. Also removed the depends on Group and
Service. Now, not only does it not start but there is no error in the event
log that it couldn’t be started.
To filter all files on the systems disk does it have to load at boot ro will
loading as system be enough.
Thanks,
Ken
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Wednesday, August 25, 2004 7:08 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Boot and System Time Drivers
Start = 0
Type = 1
ErrorControl = 0
Group = filter
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com mailto:xxxxx
http://www.storagecraft.com http:
----- Original Message -----
From: Ken Galipeau mailto:xxxxx
To: Windows File mailto:xxxxx Systems Devs Interest List
Sent: Wednesday, August 25, 2004 5:46 AM
Subject: [ntfsd] Boot and System Time Drivers
Where is there a description of the requirements of how to load a file
system filter driver during boot and/or system time for the purpose of
filtering all files opened on the system disk?
An existing driver that currently loads at auto does not even start when the
startup type is changed to boot. No reasons are given when the driver does
not start just that it could not be started.
How does the driver get loaded?
How does it get attached to the system disk?
Thanks,
Ken
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com</mailto:xxxxx></mailto:xxxxx></http:></mailto:xxxxx></http:>
You should use the appropriate “FSFILTER xxxxx” load order group based on the type of functionality your filter provides. For W2K you should simply use “filter”. The IFSKit documents this. All filters defined by one of these file system filter load order groups are loaded before the boot file system (or any other file system) is loaded. Note, if you misspell the name you will be loaded at the end of the specified phase.
Note that Max specified the wrong “type” value below. The type should be 2 for file systems and file system filters. When in doubt look at the .INF files for the sample filters in the IFSKit.
Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no rights
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Ken Galipeau
Sent: Thursday, August 26, 2004 10:53 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Boot and System Time Drivers
Thanks Tony!
Just what I needed and more!
The immediate problem was the ImagePath.
I currently do not have the two keys mentioned below defined, however, it seems to be working fine.
Max had only mentioned “Group” which is currently set to ‘filter’.
For filter ‘boot’ loading, what should the settings be to see all the opens?
Thanks,
Ken
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Tony Mason
Sent: Wednesday, August 25, 2004 12:24 PM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Boot and System Time Drivers
Ken,
There are two fundamental registry keys that control load ordering within a given system startup pass:
HKLM\System\CurrentControlSet\Control\ServiceGroupOrder
HKLM\System\CurrentControlSet\GroupOrderList
The first lists the order in which groups are loaded, the second lists the order of the tag values within a single group are loaded.
During system startup, the OS loads explicitly enumerated drivers (like file systems) at one of two times: boot time or system start time.? The third option (automatic) is actually loaded by the Service Control Manager (and SCM is the component that uses the DependOnXxx values).? In parallel, the plug and play manager loads discovered components as well.? File systems never fall into this latter category.
A “boot start” driver is loaded by the OS loader phase.? The goal for boot start is to load the OS, hal and ALL drivers necessary to boot the OS into memory.? Thus, the registry is actually read by the loader and the appropriate drivers loaded.? At the end of system initialization, the boot start drivers must provide sufficient access to the boot file system in order to allow the later stages of OS loading to continue.?? A “system start” driver is loaded by the OS through the file system driver - so if you are loading as a system start driver it is too late if you want to see every file opened.?? Max’s suggestion is correct (although brief on the explanation of why) because he loads as a boot start driver.? His choice of a load group may or may not work for your filter, depending upon the OS version.? For example, on my XP SP2 system, filter loads AFTER all of the enumerated file system filter groups but before boot file system.
If your driver is not starting AND you do not get an event log message, my guess is you have a problem in the registry key.? I’ve seen this happen (for instance) when booting from a FAT volume with a driver that has a non-8.3 compliant name.? It can also occur if the ImagePath value is set to a path that does not exist at boot time (safest: don’t use an Image Path and put your driver in the usual place.?? Some drivers DO use a path.? For example, the ACPI driver on my system has an ImagePath value of System32\DRIVERS\ACPI.sys and that presumably works.)
I hope this helps.? I know we’ve written about this before, but the DDK doesn’t emphasize this anymore because device drivers typically are loaded via the PnP mechanism - and that doesn’t apply to file system drivers.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
?
Looking forward to seeing you at the Next OSR File Systems Class October 18, 2004 in Silicon Valley!
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Ken Galipeau
Sent: Wednesday, August 25, 2004 12:01 PM
To: ntfsd redirect
Subject: RE: [ntfsd] Boot and System Time Drivers
I made the changes you indicated. Also removed the depends on Group and Service. Now, not only does it not start but there is no error in the event log that it couldn’t be started.
To filter all files on the systems disk does it have to load at boot ro will loading as system be enough.
Thanks,
Ken
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Wednesday, August 25, 2004 7:08 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Boot and System Time Drivers
??? Start = 0
??? Type = 1
??? ErrorControl = 0
??? Group = filter
???
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: Ken Galipeau
To: Windows File Systems Devs Interest List
Sent: Wednesday, August 25, 2004 5:46 AM
Subject: [ntfsd] Boot and System Time Drivers
Where is there a description of the requirements of how to load a file system filter driver during boot and/or system time for the purpose of filtering all files opened on the system disk?
An existing driver that currently loads at auto does not even start when the startup type is changed to boot. No reasons are given when the driver does not start just that it could not be started.
How does the driver get loaded?
How does it get attached to the system disk?
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
> Note that Max specified the wrong “type” value below. The type should be 2
for file systems
and file system filters. When in doubt look at the .INF files for the sample
filters in the IFSKit.
And what is the difference between SERVICE_KERNEL_DRIVER and
SERVICE_FILE_SYSTEM_DRIVER? What behaviour depends on this difference?
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
As far as I have ever been able to tell, the difference is whether or
not the DRIVER_OBJECT is created in \FileSystem or in \Device. There
might be some other subtle difference in the OS, but I have yet to see
it.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
Looking forward to seeing you at the Next OSR File Systems Class October
18, 2004 in Silicon Valley!
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Sunday, August 29, 2004 5:27 PM
To: ntfsd redirect
Subject: Re: [ntfsd] Boot and System Time Drivers
Note that Max specified the wrong “type” value below. The type should
be 2
for file systems
and file system filters. When in doubt look at the .INF files for the
sample
filters in the IFSKit.
And what is the difference between SERVICE_KERNEL_DRIVER and
SERVICE_FILE_SYSTEM_DRIVER? What behaviour depends on this difference?
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
As has been pointed out it might not matter that much which value is
used today; but you never know how we might want to take advantage of
this information in the future. For example they are modifying the .INF
format to better support file systems, minifilters, and file system
filters and the type value will become more important.
I would request that you specify the correct “type” value (2) for your
file systems and file system filters so there will be no issues in the
future. Now is the time to correct this in your products so you will
not have problems in the future.
Thank you,
Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no
rights
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tony Mason
Sent: Monday, August 30, 2004 5:25 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Boot and System Time Drivers
As far as I have ever been able to tell, the difference is whether or
not the DRIVER_OBJECT is created in \FileSystem or in \Device. There
might be some other subtle difference in the OS, but I have yet to see
it.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
Looking forward to seeing you at the Next OSR File Systems Class October
18, 2004 in Silicon Valley!
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Sunday, August 29, 2004 5:27 PM
To: ntfsd redirect
Subject: Re: [ntfsd] Boot and System Time Drivers
Note that Max specified the wrong “type” value below. The type should
be 2
for file systems
and file system filters. When in doubt look at the .INF files for the
sample
filters in the IFSKit.
And what is the difference between SERVICE_KERNEL_DRIVER and
SERVICE_FILE_SYSTEM_DRIVER? What behaviour depends on this difference?
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com