Greetings,
I am interested in developing a simple system that would intercept file read/write/modify operations on their way to the kernel and report them (or make them available) to an application running in user space. Is this something that you would go about implementing by way of a Filesystem Filter Driver? There are two books available through OSR press that look useful but I’m not sure which would be the right choice for this sort of project.
Any idea how difficult of a task this would be for someone with no experience developing device drivers? Time estimates?
I hope I’ve come to the right place, and thanks in advance for help even if it’s just a kick in the right direction.
Greg
> I am interested in developing a simple system that would intercept
file read/write/modify operations on their way to the kernel and
report them (or make them available) to an application running in
user space.
I think you look for FileSpy, a sample driver available
in the WDK.
L.
Look at the filter manager kit.
Thanks,
Garyc
— Ladislav Zezula wrote:
> > I am interested in developing a simple system that
> would intercept
> > file read/write/modify operations on their way to
> the kernel and
> > report them (or make them available) to an
> application running in
> > user space.
>
> I think you look for FileSpy, a sample driver
> available
> in the WDK.
>
> L.
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
Hi,
I’m finally getting around to this project after a bit of delay.
Thanks for your responses, I’ve got a few more questions though as I’m
still not sure where to start.
Gary - by Filter Manager Kit, are you referring to the “Installable
File System Kit” (IFS kit) that is available for purchase from
Microsoft’s website for $100+?
Ladislav - I’ve downloaded the WDK as you suggested only to find,
after a 2GB download and some headache trying to get the DVD burned,
that it is not meant for production code as of yet and that I should
download the DDK instead. Also, searching for FileSpy on Google leads
me to the IFS kit mentioned by Gary so I’m thinking this is what I
need. The “About the IFS Kit” page lists Filespy under “legacy filter
driver samples.” Should I be looking at Minispy instead?
It’s looking like the IFS kit is what I need to persue here, I just
wanted to check with people before I spend the money on this. It seems
to me that the WDK is still in beta and is really only necessary at
this point for people developing for Vista, is that right?
Greg
On 3/14/07, gary clark wrote:
> Look at the filter manager kit.
>
> Thanks,
> Garyc
>
> — Ladislav Zezula wrote:
>
> > > I am interested in developing a simple system that
> > would intercept
> > > file read/write/modify operations on their way to
> > the kernel and
> > > report them (or make them available) to an
> > application running in
> > > user space.
> >
> > I think you look for FileSpy, a sample driver
> > available
> > in the WDK.
> >
> > L.
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as:
> > xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> >
>
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gnance.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Yes thats correct. IFS KIT.
Thanks,
Garyc
— Greg Nance wrote:
> Hi,
>
> I’m finally getting around to this project after a
> bit of delay.
> Thanks for your responses, I’ve got a few more
> questions though as I’m
> still not sure where to start.
>
> Gary - by Filter Manager Kit, are you referring to
> the “Installable
> File System Kit” (IFS kit) that is available for
> purchase from
> Microsoft’s website for $100+?
>
> Ladislav - I’ve downloaded the WDK as you suggested
> only to find,
> after a 2GB download and some headache trying to get
> the DVD burned,
> that it is not meant for production code as of yet
> and that I should
> download the DDK instead. Also, searching for
> FileSpy on Google leads
> me to the IFS kit mentioned by Gary so I’m thinking
> this is what I
> need. The “About the IFS Kit” page lists Filespy
> under “legacy filter
> driver samples.” Should I be looking at Minispy
> instead?
>
> It’s looking like the IFS kit is what I need to
> persue here, I just
> wanted to check with people before I spend the money
> on this. It seems
> to me that the WDK is still in beta and is really
> only necessary at
> this point for people developing for Vista, is that
> right?
>
> Greg
>
> On 3/14/07, gary clark
> wrote:
> > Look at the filter manager kit.
> >
> > Thanks,
> > Garyc
> >
> > — Ladislav Zezula wrote:
> >
> > > > I am interested in developing a simple system
> that
> > > would intercept
> > > > file read/write/modify operations on their way
> to
> > > the kernel and
> > > > report them (or make them available) to an
> > > application running in
> > > > user space.
> > >
> > > I think you look for FileSpy, a sample driver
> > > available
> > > in the WDK.
> > >
> > > L.
> > >
> > >
> > >
> > > —
> > > Questions? First check the IFS FAQ at
> > > https://www.osronline.com/article.cfm?id=17
> > >
> > > You are currently subscribed to ntfsd as:
> > > xxxxx@yahoo.com
> > > To unsubscribe send a blank email to
> > > xxxxx@lists.osr.com
> > >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as:
> xxxxx@gnance.com
> > To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> >
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
The WDK has been for production code for the last 5 months. It contains
the latest IFS kit, and is no charge.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
“Greg Nance” wrote in message news:xxxxx@ntfsd…
> Hi,
>
> I’m finally getting around to this project after a bit of delay.
> Thanks for your responses, I’ve got a few more questions though as I’m
> still not sure where to start.
>
> Gary - by Filter Manager Kit, are you referring to the “Installable
> File System Kit” (IFS kit) that is available for purchase from
> Microsoft’s website for $100+?
>
> Ladislav - I’ve downloaded the WDK as you suggested only to find,
> after a 2GB download and some headache trying to get the DVD burned,
> that it is not meant for production code as of yet and that I should
> download the DDK instead. Also, searching for FileSpy on Google leads
> me to the IFS kit mentioned by Gary so I’m thinking this is what I
> need. The “About the IFS Kit” page lists Filespy under “legacy filter
> driver samples.” Should I be looking at Minispy instead?
>
> It’s looking like the IFS kit is what I need to persue here, I just
> wanted to check with people before I spend the money on this. It seems
> to me that the WDK is still in beta and is really only necessary at
> this point for people developing for Vista, is that right?
>
> Greg
>
> On 3/14/07, gary clark wrote:
>> Look at the filter manager kit.
>>
>> Thanks,
>> Garyc
>>
>> — Ladislav Zezula wrote:
>>
>> > > I am interested in developing a simple system that
>> > would intercept
>> > > file read/write/modify operations on their way to
>> > the kernel and
>> > > report them (or make them available) to an
>> > application running in
>> > > user space.
>> >
>> > I think you look for FileSpy, a sample driver
>> > available
>> > in the WDK.
>> >
>> > L.
>> >
>> >
>> >
>> > —
>> > Questions? First check the IFS FAQ at
>> > https://www.osronline.com/article.cfm?id=17
>> >
>> > You are currently subscribed to ntfsd as:
>> > xxxxx@yahoo.com
>> > To unsubscribe send a blank email to
>> > xxxxx@lists.osr.com
>> >
>>
>>
>> —
>> Questions? First check the IFS FAQ at
>> https://www.osronline.com/article.cfm?id=17
>>
>> You are currently subscribed to ntfsd as: xxxxx@gnance.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
Don,
I downloaded a 2GB iso image from conect.microsoft.com (“Windows
Driver Kit RTM”) which appeared to be the latest release of the WDK.
The date matches what you’ve just said (released 12/5/2006), but the
release notes state:
“Use the WDK build environments in this version of the WDK for
evaluation and preview purposes only. Do not use these WDK build
environments for production-level coding. At this time, you should use
the Windows Server 2003 SP1 DDK for production.”
Greg
On 4/6/07, Don Burn wrote:
> The WDK has been for production code for the last 5 months. It contains
> the latest IFS kit, and is no charge.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
> Remove StopSpam to reply
>
> “Greg Nance” wrote in message news:xxxxx@ntfsd…
> > Hi,
> >
> > I’m finally getting around to this project after a bit of delay.
> > Thanks for your responses, I’ve got a few more questions though as I’m
> > still not sure where to start.
> >
> > Gary - by Filter Manager Kit, are you referring to the “Installable
> > File System Kit” (IFS kit) that is available for purchase from
> > Microsoft’s website for $100+?
> >
> > Ladislav - I’ve downloaded the WDK as you suggested only to find,
> > after a 2GB download and some headache trying to get the DVD burned,
> > that it is not meant for production code as of yet and that I should
> > download the DDK instead. Also, searching for FileSpy on Google leads
> > me to the IFS kit mentioned by Gary so I’m thinking this is what I
> > need. The “About the IFS Kit” page lists Filespy under “legacy filter
> > driver samples.” Should I be looking at Minispy instead?
> >
> > It’s looking like the IFS kit is what I need to persue here, I just
> > wanted to check with people before I spend the money on this. It seems
> > to me that the WDK is still in beta and is really only necessary at
> > this point for people developing for Vista, is that right?
> >
> > Greg
> >
> > On 3/14/07, gary clark wrote:
> >> Look at the filter manager kit.
> >>
> >> Thanks,
> >> Garyc
> >>
> >> — Ladislav Zezula wrote:
> >>
> >> > > I am interested in developing a simple system that
> >> > would intercept
> >> > > file read/write/modify operations on their way to
> >> > the kernel and
> >> > > report them (or make them available) to an
> >> > application running in
> >> > > user space.
> >> >
> >> > I think you look for FileSpy, a sample driver
> >> > available
> >> > in the WDK.
> >> >
> >> > L.
> >> >
> >> >
> >> >
> >> > —
> >> > Questions? First check the IFS FAQ at
> >> > https://www.osronline.com/article.cfm?id=17
> >> >
> >> > You are currently subscribed to ntfsd as:
> >> > xxxxx@yahoo.com
> >> > To unsubscribe send a blank email to
> >> > xxxxx@lists.osr.com
> >> >
> >>
> >>
> >> —
> >> Questions? First check the IFS FAQ at
> >> https://www.osronline.com/article.cfm?id=17
> >>
> >> You are currently subscribed to ntfsd as: xxxxx@gnance.com
> >> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >>
> >
>
>
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gnance.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
The release notes are WRONG. This has been reported (repeatedly) to
Microsoft. They’re aware. Please ignore the release notes; Don is right.
-Steve
On Apr 6, 2007, at 11:20 AM, Greg Nance wrote:
Don,
I downloaded a 2GB iso image from conect.microsoft.com (“Windows
Driver Kit RTM”) which appeared to be the latest release of the WDK.
The date matches what you’ve just said (released 12/5/2006), but the
release notes state:
“Use the WDK build environments in this version of the WDK for
evaluation and preview purposes only. Do not use these WDK build
environments for production-level coding. At this time, you should use
the Windows Server 2003 SP1 DDK for production.”
Greg
On 4/6/07, Don Burn wrote:
>> The WDK has been for production code for the last 5 months. It
>> contains
>> the latest IFS kit, and is no charge.
>>
>>
>> –
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>> Website: http://www.windrvr.com
>> Blog: http://msmvps.com/blogs/WinDrvr
>> Remove StopSpam to reply
>>
>> “Greg Nance” wrote in message news:xxxxx@ntfsd…
>> > Hi,
>> >
>> > I’m finally getting around to this project after a bit of delay.
>> > Thanks for your responses, I’ve got a few more questions though
>> as I’m
>> > still not sure where to start.
>> >
>> > Gary - by Filter Manager Kit, are you referring to the “Installable
>> > File System Kit” (IFS kit) that is available for purchase from
>> > Microsoft’s website for $100+?
>> >
>> > Ladislav - I’ve downloaded the WDK as you suggested only to find,
>> > after a 2GB download and some headache trying to get the DVD
>> burned,
>> > that it is not meant for production code as of yet and that I
>> should
>> > download the DDK instead. Also, searching for FileSpy on Google
>> leads
>> > me to the IFS kit mentioned by Gary so I’m thinking this is what I
>> > need. The “About the IFS Kit” page lists Filespy under “legacy
>> filter
>> > driver samples.” Should I be looking at Minispy instead?
>> >
>> > It’s looking like the IFS kit is what I need to persue here, I just
>> > wanted to check with people before I spend the money on this. It
>> seems
>> > to me that the WDK is still in beta and is really only necessary at
>> > this point for people developing for Vista, is that right?
>> >
>> > Greg
>> >
>> > On 3/14/07, gary clark wrote:
>> >> Look at the filter manager kit.
>> >>
>> >> Thanks,
>> >> Garyc
>> >>
>> >> — Ladislav Zezula wrote:
>> >>
>> >> > > I am interested in developing a simple system that
>> >> > would intercept
>> >> > > file read/write/modify operations on their way to
>> >> > the kernel and
>> >> > > report them (or make them available) to an
>> >> > application running in
>> >> > > user space.
>> >> >
>> >> > I think you look for FileSpy, a sample driver
>> >> > available
>> >> > in the WDK.
>> >> >
>> >> > L.
>> >> >
>> >> >
>> >> >
>> >> > —
>> >> > Questions? First check the IFS FAQ at
>> >> > https://www.osronline.com/article.cfm?id=17
>> >> >
>> >> > You are currently subscribed to ntfsd as:
>> >> > xxxxx@yahoo.com
>> >> > To unsubscribe send a blank email to
>> >> > xxxxx@lists.osr.com
>> >> >
>> >>
>> >>
>> >> —
>> >> Questions? First check the IFS FAQ at
>> >> https://www.osronline.com/article.cfm?id=17
>> >>
>> >> You are currently subscribed to ntfsd as: xxxxx@gnance.com
>> >> To unsubscribe send a blank email to
>> xxxxx@lists.osr.com
>> >>
>> >
>>
>>
>>
>> —
>> Questions? First check the IFS FAQ at https://www.osronline.com/
>> article.cfm?id=17
>>
>> You are currently subscribed to ntfsd as: xxxxx@gnance.com
>> To unsubscribe send a blank email to
>> xxxxx@lists.osr.com
>>
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/
> article.cfm?id=17
>
> You are currently subscribed to ntfsd as:
> xxxxx@positivenetworks.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com