Hi,
I just wanted to list out the filter drivers in my
system. Can someone suggest a way how to find the
drivers in the system?
I’m thinking of the following options but I’m not sure
about the solution.
-
Go to C:\winnt\system32\drivers. Open a handle to
these drivers. But how to identify the type of
drivers?
-
Go to Registry
HKLM\system\currentcontrolset\services and from here
get the drivers and open a handle to these
drivers.Again how to identify the type of drivers?
Actual scenario is that my driver is file system
filter driver. So the presence of other filter drivers
like antvirus may affect the functionality of my
driver.So I wanted to know whether any other filter
driver is running on the system. Please suggest some
way to implement the same.
Is there any function call or any method to identify
the type of the driver(file system , filter ,class
etc…)?
Regards,
Priya
Yahoo! Mail - PC Magazine Editors’ Choice 2005
http://mail.yahoo.com
Priya,
Sean Park posted an answer to a similar question a few days ago. Below is his post.
Sean Park wrote:
Starting from the FileSystem name you want (check it out using WinObj or
DeviceTree tool from OSR), walk through all the attached devices of those in
the FileSystem. For example, NTFS has the following devices in object name
space.
\FileSystem\Ntfs\ –> Driver Name
Device 1 –> These devices are function device objects and
unnamed.
Device 2
Device 3
…
\Ntfs –> This device is a control device and named.
Every filter driver should attach its devices to underlying drivers in the
file system stack. These can be observed in AttachedDevice field of the NTFS
devices. There could be multiple filter drivers. So keep walking
AttachedDevice till you find NULL. The filter driver name can be obtained
through DeviceObject->DriverObject->DriverName.
Refer to DeviceTree. It basically displays the above algorithm with more
information. For the whole list of ‘file systems’, do the above for all
drivers with \FileSystem\ prefix in object name space.
Sean
“Sreenidhi Ramanuja Iyangar” wrote in message
>news:xxxxx@ntfsd…
>Hi,
>
>Is there any way to detect/list all “File system” filter drivers in a
>system?
>
>Thanks,
>Sreenidhi
>
>
>Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
>
>
>
>—
>Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
>You are currently subscribed to ntfsd as: xxxxx@comcast.net
>To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
Priya,
I just wanted to list out the filter drivers in my
system. Can someone suggest a way how to find the
drivers in the system?
I’m thinking of the following options but I’m not sure
about the solution.
Just three days ago there was a thread on the same topic. The subject was
“Detecting all Filter drivers in a system”
You may use OSR tools like DeviceTree, another one is DevFilter try them
out. Basically, for each device present, filter drivers should attach its
devices to underlying drivers in the
file system stack. Thus by observing the AttachedDevice field of the FSD
(NTFS, FAT) we could find out more about all it’s filters. Remember though,
that there is a possibility (and there will be) multiple filters for a
device, thus you need to walk the AttachedDevice ( which is a list) till you
find a NULL… The names of each filter attached can be obtained through
DeviceObject->DriverObject- >DriverName field.
Also, what type of a filter are you implementing, all minifilters can
detected by “fltmc”, but the programmatic way is what is suggested above.
Best,
amitrajit