Driver Installation

Thanks to this mailing list, I was able to successfully compile my first
HelloWorld driver. I am having trouble with installing it. I think I
understand the concept of the inf file, but it isn’t showing in
services.msc or the Driver’s list.

Before I go much further, I figure I should probably share my goal and
understand from the list if I am going in the right direction of my
studying. I am attempting to learn how to take action when a file is opened
or created, much like your common Anti-Virus. I have read OSR’s website and
many articles in MSDN’s documentation about drivers. I figure I should
start with HelloWorld, then hunt around to figure out how to enact action
upon a file opening or when it is being created.

The compiled system driver is at C:\HelloWorld\x64\Win7Debug\HelloWorld.sys

The inf file is at: C:\HelloWorld\x64\Win7Debug\install.inf

The contents of the inf file:

[Version]
Signature = “$WINDOWS NT$”
Class = “Hello World”
ClassGuid = {b1d1a169-c54f-4379-8adb-bee7d88d7454}
Provider = %Test Corp%
DriverVer = /09/04/2014,0.0.1
[DestinationDirs]
DefaultDestDir = 12
HelloWorld.DriverFiles = 12
[DefaultInstall]
OptionDesc = %Test Corp%
CopyFiles = HellowWorld.DriverFiles, HelloWorld.UserFiles
[HelloWorld.Service]
DisplayName = %Hello World%
Description = %Test Corp’s Hello World%
ServiceBinary = %12%\HelloWorld.sys
ServiceType = 2
StartType = 3
ErrorControl = 1
LoadOrderGroup = “FSFilter Anti-Virus”
AddReg = HelloWorld.AddRegistry
[DefaultUninstall]
DelFiles = HelloWorld.DriverFiles, HelloWorld.UserFiles
DelReg = HelloWorld.DelRegistry
[DefaultUninstall.Services]
DelService = HelloWorld,0x200
[Strings]
TestCorp = “Test Corp”
HelloWorldServiceDesc = “HelloWorld”
HelloWorldServiceName = “HelloWorld”
RegInstancesSubkeyName = “Instances”
RegDefaultInstanceValueName = “DefaultInstance”
RegAltitudeValueName = “Altitude”
RegFlagsValueName = “Flags”

DefaultInstance = “HelloWorld - Top Instance”
Instance1.Name = “HelloWorld - Middle Instance
Instance1.Altitude = 370000”
Instance1.Flags = 0x1

This type of driver is called a File System Filter Driver. It uses, and is installed using, an entirely unique model which is referred to as the MiniFilter Model.

File system filter drivers, like those for Anti-Virus or on-access encryption, are among the very hardest drivers to write correctly in Windows. They require an intimate knowledge of Windows I/O subsystem and file system cache architecture. THEN you need to understand Windows file systems in general, and then the file system filter API.

Beyond the fact that both have a DriverEntry entry point, there is nothing about WDF that will be relevant for your goal of building a File System Filter. The drivers are that different.

I’m not trying to discourage you, but saying you’re starting to learn Windows driver development by writing a File System Filter is a bit like saying “I think I’ll start getting to work by figuring out how to drive this fly this helicopter.” Learning how to fly a helicopter is cool, and useful, but it’s very specialized and rather difficult. And learning how to driver a car to work, won’t be any use at all if learning how to fly a helicopter is your end goal.

BTW, the cool file systems kids all hang out on our NTFSD list…

Peter
OSR
@OSRDrivers