HI I am a newbie to driver development. I am trying to write an upper filter driver for USB mass storage device class. I have tried to install the generic filter driver in
C:\WinDDK\7600.16385.1\src\general\toaster\kmdf\filter\generic as an upper filter driver for USB mass storage class. But it does not work. After I did it, an yellow exclamation mark came up on the the USB hub driver and it never worked.
Hope someone could help me
Thank you in advance
Chathura
How did you install it?
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Saturday, August 06, 2011 4:21 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Help with Filter Driver
HI I am a newbie to driver development. I am trying to write an upper filter
driver for USB mass storage device class. I have tried to install the
generic filter driver in
C:\WinDDK\7600.16385.1\src\general\toaster\kmdf\filter\generic as an upper
filter driver for USB mass storage class. But it does not work. After I did
it, an yellow exclamation mark came up on the the USB hub driver and it
never worked.
Hope someone could help me
Thank you in advance
Chathura
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Thank you for your reply, I installed it using an .inf file it is
; This INF file and the accompanying readme demonstrate how to programmatically install a class filter driver.
; See the comments inline below for items that need to be modified when using this sample. The accompanying
; readme discusses using this INF file to install the class filter driver.
;
[Version]
signature = “$Windows NT$”
; Distribution Media information
;
[SourceDisksNames]
1 = %ClasFilt.MediaDesc%
[SourceDisksFiles]
filter.sys = 1
[DestinationDirs]
;
; Driver to be installed in the drivers subdirectory.
;
DefaultDestDir = 12 ; DIRID_DRIVERS
[DefaultInstall.NT]
;
; DefaultInstall section is used to install the class filter driver. Use .NT platform extension so this
; section won’t be executed on Windows 9x/ME.
;
; Change clasfilt.sys to the name of the class filter driver you need to copy.
;
CopyFiles = @filter.sys
AddReg = ClassFilter_AddReg
[ClassFilter_AddReg]
;
; Change {setup-ClassGUID} to the string form of the ClassGUID that you are installing the filter on.
;
; Change UpperFilters to LowerFilters if this is a lower class filter.
;
HKLM, System\CurrentControlSet\Control\Class{36FC9E60-C465-11CF-8056-444553540000}, UpperFilters, 0x00010008, clasfilt
[DefaultInstall.NT.Services]
;
; Services section is required for installation of drivers on NT-based operating systems.
;
AddService = clasfilt, , clasfilt_Service_Inst, clasfilt_EventLog_Inst
[clasfilt_Service_Inst]
DisplayName = %ClasFilt.SvcDesc%
ServiceType = %SERVICE_KERNEL_DRIVER%
StartType = %SERVICE_DEMAND_START%
ErrorControl = %SERVICE_ERROR_IGNORE%
ServiceBinary = %12%\filter.sys ;change clasfilt.sys to the name of your driver binary.
[clasfilt_EventLog_Inst]
AddReg = clasfilt_EventLog_AddReg
[clasfilt_EventLog_AddReg]
;Change clasfilt.sys to the name of your driver file.
HKR,EventMessageFile, %REG_EXPAND_SZ%,“%%SystemRoot%%\System32\IoLogMsg.dll;%%SystemRoot%%\System32\drivers\filter.sys”
HKR,TypesSupported, %REG_DWORD%, 7
;To uninstall the filter driver
[DefaultUninstall]
DelFiles = @filter.sys
DelReg = ClassFilter_AddReg ’
;removes the added (ClassFilter_AddReg) registery record
;[DefaultUninstall.Services]
;DelService = Minispy,0x200
[Strings]
;
; Change the service description to describe your driver.
;
ClasFilt.SvcDesc = “Upper Class Filter Driver”
; Change the media description to describe your media.
;
ClasFilt.MediaDesc = “Class Filter Driver Disc”
; Useful constants
SERVICE_KERNEL_DRIVER = 1
SERVICE_DEMAND_START = 3
SERVICE_ERROR_IGNORE = 0
REG_EXPAND_SZ = 0x00020000
REG_DWORD = 0x00010001
First did you notice in the WDK documentation that for the GUID you are
using it says “This class includes USB host controllers and USB hubs,
but not USB peripherals. Drivers for this class are system-supplied.”
Second can you tell us what you are going to do with the filter. For
instance if you care about only disks you may be better off writing a
disk class filter, and then in the add device routine testing if the
device is on a USB bus and only attaching the filter for devices that
are on the bus. I have found this is much easier, and then you know
what to expect since the disk driver sources are in the WDK so you can
get a clear idea of what is going on.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“xxxxx@gmail.com” wrote in message
news:xxxxx@ntdev:
> Thank you for your reply, I installed it using an .inf file it is
>
>
> ; This INF file and the accompanying readme demonstrate how to programmatically install a class filter driver.
> ; See the comments inline below for items that need to be modified when using this sample. The accompanying
> ; readme discusses using this INF file to install the class filter driver.
> ;
>
>
> [Version]
> signature = “$Windows NT$”
>
>
>
> ; Distribution Media information
> ;
> [SourceDisksNames]
> 1 = %ClasFilt.MediaDesc%
>
>
> [SourceDisksFiles]
> filter.sys = 1
>
>
> [DestinationDirs]
> ;
> ; Driver to be installed in the drivers subdirectory.
> ;
> DefaultDestDir = 12 ; DIRID_DRIVERS
>
>
>
> [DefaultInstall.NT]
> ;
> ; DefaultInstall section is used to install the class filter driver. Use .NT platform extension so this
> ; section won’t be executed on Windows 9x/ME.
> ;
> ; Change clasfilt.sys to the name of the class filter driver you need to copy.
> ;
> CopyFiles = @filter.sys
> AddReg = ClassFilter_AddReg
>
> [ClassFilter_AddReg]
> ;
> ; Change {setup-ClassGUID} to the string form of the ClassGUID that you are installing the filter on.
> ;
> ; Change UpperFilters to LowerFilters if this is a lower class filter.
> ;
> HKLM, System\CurrentControlSet\Control\Class{36FC9E60-C465-11CF-8056-444553540000}, UpperFilters, 0x00010008, clasfilt
>
>
> [DefaultInstall.NT.Services]
> ;
> ; Services section is required for installation of drivers on NT-based operating systems.
> ;
> AddService = clasfilt, , clasfilt_Service_Inst, clasfilt_EventLog_Inst
>
>
> [clasfilt_Service_Inst]
> DisplayName = %ClasFilt.SvcDesc%
> ServiceType = %SERVICE_KERNEL_DRIVER%
> StartType = %SERVICE_DEMAND_START%
> ErrorControl = %SERVICE_ERROR_IGNORE%
> ServiceBinary = %12%\filter.sys ;change clasfilt.sys to the name of your driver binary.
>
>
> [clasfilt_EventLog_Inst]
> AddReg = clasfilt_EventLog_AddReg
>
>
> [clasfilt_EventLog_AddReg]
> ;Change clasfilt.sys to the name of your driver file.
> HKR,EventMessageFile, %REG_EXPAND_SZ%,“%%SystemRoot%%\System32\IoLogMsg.dll;%%SystemRoot%%\System32\drivers\filter.sys”
> HKR,TypesSupported, %REG_DWORD%, 7
>
> ;To uninstall the filter driver
> [DefaultUninstall]
> DelFiles = @filter.sys
> DelReg = ClassFilter_AddReg '
> ;removes the added (ClassFilter_AddReg) registery record
>
> ;[DefaultUninstall.Services]
> ;DelService = Minispy,0x200
>
> [Strings]
> ;
> ; Change the service description to describe your driver.
> ;
> ClasFilt.SvcDesc = “Upper Class Filter Driver”
>
> ; Change the media description to describe your media.
> ;
> ClasFilt.MediaDesc = “Class Filter Driver Disc”
>
>
> ; Useful constants
> SERVICE_KERNEL_DRIVER = 1
> SERVICE_DEMAND_START = 3
> SERVICE_ERROR_IGNORE = 0
> REG_EXPAND_SZ = 0x00020000
> REG_DWORD = 0x00010001
Thanks for your reply Don,
OK, so what is the actual GUID for the Mass storage filter classes?
ok, Basically what I wanna do is that I wanna register USB storage devices and then block the devices that are not registered with my application/ driver. That is what I am hoping to do. Am I able to do that by just doing a filter driver for disks? if so how?
Use
Disk Drives
Class = DiskDrive
ClassGuid = {4d36e967-e325-11ce-bfc1-08002be10318}
This class includes hard disk drives.
For the GUID, use IOCTL_STORAGE_QUERY_PROPERTY to determine if the
device is connected via USB. If it is and is not one of yours, then
block the IRP_MJ_CREATE.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“xxxxx@gmail.com” wrote in message
news:xxxxx@ntdev:
> Thanks for your reply Don,
>
> OK, so what is the actual GUID for the Mass storage filter classes?
>
> ok, Basically what I wanna do is that I wanna register USB storage devices and then block the devices that are not registered with my application/ driver. That is what I am hoping to do. Am I able to do that by just doing a filter driver for disks? if so how?
awesome thanks Don,
I will do that, I have been looking for a solution for a long time.
Is that ok if I ask you if there are any more questions as I writing the driver?
Thank you
Chathura
I have some question,
So how do I determine if it is one if mine or not?
how do I uniquely identify the USB storage drivers?
Where do I store them unique identifications?
As this driver need to communicate with a user mode application to register devices, how do I do it?
Determining whether it is one of you devices depends on what you are
attempting to accomplish. Most USB devices have a unique ID so that is
one obvious way to identify the device, the problem is how to make this
a recognized ID.
If you are going to have a user mode application, the unique ID’s could
be stored in a secure database managed by that program. For the driver
to call the program use an inverted call see
http://www.osronline.com/article.cfm?id=94
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“xxxxx@gmail.com” wrote in message
news:xxxxx@ntdev:
> I have some question,
>
> So how do I determine if it is one if mine or not?
> how do I uniquely identify the USB storage drivers?
> Where do I store them unique identifications?
> As this driver need to communicate with a user mode application to register devices, how do I do it?
Thanks Don, That really helped, I have been looking for something like that.
Could you please suggest me where to start with? as In, if there are any samples you could point out to me or anything like that?
Chathura
I would take the filter from the WDK KMDF Toaster sample, and start with
that. You will need to put in your own stuff, but most of this is
pretty straight forward.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“xxxxx@gmail.com” wrote in message
news:xxxxx@ntdev:
> Thanks Don, That really helped, I have been looking for something like that.
>
> Could you please suggest me where to start with? as In, if there are any samples you could point out to me or anything like that?
>
> Chathura
Thank you for the reply,
Ok, so can I just to test, just install Toaster sample as a upper filter driver for the DiskDrive class ? would it work?
On the kmdf sample,it has not got the IRP_MJ_CREATE, instead all see a function call for WdfDeviceCreate() in the DriverEntry() and FilterEvtDeviceAdd(). I do not if they are relevant to IRP_MJ_CREATE
But I had a look at the sample in C:\WinDDK\7600.16385.1\src\storage\filters\diskperf and it is using IRP_MJ_CREATE. How relevant is that sample for my project and if I can use that sample what should I left out or not worry about, or what should I alter to get it working and then go ahead and add code.
How do I uniquely identify USB devices. Would VID/PID work with the same type of usb sticks which are produced from the same company, they are the same model and the they have got the same chip? if not what should I use to uniquely identify
Chathura
The generic filter from Toaster should work with any class. To get
IRP_MJ_CREATE equivalents you need to use
WdfDeviceInitSetFileObjectConfig in your driver, take a look at
src\general\ioctl\kmdf for a sample that shows how to do this.
Diskperf is a disk filter, but it uses the WDM model, using KMDF is
easier and you should use it where possible.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“xxxxx@gmail.com” wrote in message
news:xxxxx@ntdev:
> Thank you for the reply,
>
>
> 1. Ok, so can I just to test, just install Toaster sample as a upper filter driver for the DiskDrive class ? would it work?
>
> 2. On the kmdf sample,it has not got the IRP_MJ_CREATE, instead all see a function call for WdfDeviceCreate() in the DriverEntry() and FilterEvtDeviceAdd(). I do not if they are relevant to IRP_MJ_CREATE
>
> 3. But I had a look at the sample in C:\WinDDK\7600.16385.1\src\storage\filters\diskperf and it is using IRP_MJ_CREATE. How relevant is that sample for my project and if I can use that sample what should I left out or not worry about, or what should I alter to get it working and then go ahead and add code.
>
> How do I uniquely identify USB devices. Would VID/PID work with the same type of usb sticks which are produced from the same company, they are the same model and the they have got the same chip? if not what should I use to uniquely identify
>
> Chathura
Thank you for the reply, But I think you forgot something that I asked you, How would I uniquely identify a USB device?
If I could not find a way to uniquely identify the usb devices, The next option would be to make a filter system filter driver and block the devices which has not got the right header file of .vol file (which is a virtual drive), which the user mode application (Not developed by me) creates on every registered usb devices.
So I want to block any process from accessing the certain file, but my application.
how do I do this?
Thank you
Chathura
You could try with: iSerialNumber+iManufacturer+iProduct. Note that not all
USB devices have (unique?) iSerialNumber
Best regards,
Krystian Bigaj
On 8 August 2011 14:11, wrote:
> Thank you for the reply, But I think you forgot something that I asked you,
> How would I uniquely identify a USB device?
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
thank you for the reply Krystian.
I just want this to apply only on usb mass storage devices. So would this method work with them?
Chathura
xxxxx@gmail.com wrote:
OK, so what is the actual GUID for the Mass storage filter classes?
ok, Basically what I wanna do is that I wanna register USB storage devices and then block the devices that are not registered with my application/ driver. That is what I am hoping to do.
And are you aware that there are a billion products available today that
do exactly this?
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
xxxxx@gmail.com wrote:
Thank you for the reply, But I think you forgot something that I asked you, How would I uniquely identify a USB device?
Only you can answer this. You have to decide whether your requirements
are to identify all instances of a particular TYPE of device, or one
specific individual device, or one manufacturer’s devices, or something
in between.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Thank you for your reply,
I want to uniquely identify specific individual devices even though if they are from the same manufacturers and the same model, I want to be able to identify individual devices.
So I am still looking for a solution.
I hope my explanation cleared your confusion.
Chathura