I have a ‘decision question’… my next goal in Kernel-land is learning about filter drivers( file system and network ). The filter drivers will be part of a project that I work on for my university, as I like to learn-by-doing.
I know that a lot has changed since Vista regarding filter drivers, but I aim to support XP as well. So how do I prevent wasting too much time on the OS version differences?
E.g.
Do I write an NDIS 5.0 intermediate driver first that will run on all versions, and then change it for Vista and higher to an NDIS 6.0 filter driver? Or the other way around…
Or are the differences too big to be done in one project? (meaning I create two projects with just the ‘filter engine’ in common).
Secondly, so far I’ve only written software-only drivers in WDM, is it worth to learn about KMDF or can the filter drivers just as well be done using WDM ?
Thank you once again for your expertise 
Chris
CAVEAT: I only can comment intelligently on some of your questions.
-
Network filters of the NDIS variety (not redirectors, for example) and fs filters are totally different animals.
-
In the case of fs filters, the answer to wdm v. kmdf is none of the above; they’re their own thing, most similar to a legacy (NT4) style driver.
While there are two possible models - ‘legacy’ fs filters & minifilters - but unless you have a very specific reason to use the legacy model, you should definitely start with the minifilter model.
- As a general statement about KMDF (opinion, really), you would be well served to use it anywhere you can over wdm. The big ticket item of KDMF is that gets you out of having to deal with the deep ugliness that is windows (wdm) plug and play/power management.
No matter what you end up doing in this specific case, going forward, you’ll never regret learning kdmf.
-
The specifics of network filters is where I definitely cannot offer advice. That being said, I cannot imagine that going the 6 -> 5 route makes sense, simply because of the way that msft tends to structure things.
-
That being said, what I think that I can say quite safely here is that given that it sounds like you’re doing this for the sake of learning (and not for a client), personally, I would pick one OS and start there.
Now a year or so ago, this actually would have been a choice without a really good answer, because while XP was clearly going to go the way of the dodo, it was equally clear that Vista was not going to be its replacement. Today, however, while there are still many, many, many more XP desktops than any other type of Windows desktops (IMO), I don’t think that there’s any question that Win 7 will start to change that pretty quickly, especially considering the official msft support status for XP.
So, I guess what I’m saying is that unless you’re specifically looking for the challenge of handling this on XP as well as Vista+ - and I don’t know how much of a challenge that is - I think that you’re life will be easier if you stick to one model.
- Finally, I think that the biggest favor that you can do yourself in this process is to pick the best sample that’s available.
Good luck,
mm
Comments inline:
I have a ‘decision question’… my next goal in Kernel-land is
learning about
filter drivers( file system and network ). The filter drivers will be
part of
a project that I work on for my university, as I like to
learn-by-doing.
I know that a lot has changed since Vista regarding filter drivers,
but I aim
to support XP as well. So how do I prevent wasting too much time on
the OS
version differences?
Actually the only big change has been NDIS 6. Both KMDF and File system
mini-filters have been back ported to XP. For file systems use
mini-filters if possible, there are reasons to use the legacy filter
model, but until you know what your project is plan on the mini-filter.
E.g.
Do I write an NDIS 5.0 intermediate driver first that will run on all
versions, and then change it for Vista and higher to an NDIS 6.0
filter
driver? Or the other way around…
Or are the differences too big to be done in one project? (meaning I
create
two projects with just the ‘filter engine’ in common).
For NDIS filters, you may want to check out
http://www.pcausa.com/filters/default.htm This is an approach that will
in some cases work for NDIS 5 and NDIS 6.
Secondly, so far I’ve only written software-only drivers in WDM, is it
worth
to learn about KMDF or can the filter drivers just as well be done
using WDM ?
Filter drivers and PnP drivers in general are much easier with KMDF.
You should be working on this, to become your primary development
platform.
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Excellent replies, thank you both.
The idea behind this project is for me to learn about filter drivers (first filesystem, then networking) and then pass on the knowledge to other interested students (it’s basically open-sourced on a dedicated page of the university) and on top of that also having something useful.
My path is clear to me now: work on KMDF and filesystem mini-filters. I’ve tried a KMDF driver before, but fell back to WDM when time was pressing as I am not satisfied by simple modifying a DDK sample driver to work… and any documentation on KMDF that I found was very unclear to me at the time… but this time I will win :).
Thanks again
I hear what you’re saying about not wanting to just modify a sample, but I think that there’s a lot to be said for having a reasonably similar sample to what you’re trying to do that you can reference if you get in a bind. In particular, as you also observed, the docs kind of suck sometimes, and known good src (good enough at least) is very helpful in those cases.
Good luck,
mm
Yes I absolutely agree with you. I am not against using the samples as a “red line” through my code as we say it in Dutch… but my point was that I want to understand what I am copying instead of simply using it and accepting that it works. The samples have been written by people who (should) know what they are doing… so I try to learn from them as much as I can
Now that we’re on the subject of source code anyway, does anyone know a (respected) open source sample base of Windows drivers besides the DDK? Just out of curiosity.
No. Actually, unless you’re looking for some very specific things (like paravirtualized drivers), it’s more like there’s almost NO other source of sample windows drivers, good, bad or otherwise, other than a few random samples associated with articles.
What are you looking for in particular? I mean, I would imagine that the answer is some sort of fs filter and some sort of ndis intermediate driver, but if you could share a little bit more about what you have in mind, we might be able to come up with something.
mm
The projects I create for the university are all going to be open source, as most of the guys in my faculty are Linux gurus. So my question was purely out of curiosity to see if there were more places where general open source Windows drivers are posted.
Unfortunately there is definitely nothing like that.
mm
Good learning attitude :). Keep it up.
On Mon, Apr 26, 2010 at 12:23 AM, wrote:
> Yes I absolutely agree with you. I am not against using the samples as a
> “red line” through my code as we say it in Dutch… but my point was that I
> want to understand what I am copying instead of simply using it and
> accepting that it works. The samples have been written by people who
> (should) know what they are doing… so I try to learn from them as much as
> I can
>
> Now that we’re on the subject of source code anyway, does anyone know a
> (respected) open source sample base of Windows drivers besides the DDK? Just
> out of curiosity.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Thanks
Anshul Makkar
justkernel.com
xxxxx@justkernel.com