Minifilter function role type declarations for static verifier

I’m giving the static verifier a go on my minifilter since PREfast and
driver verifier proved so helpful.

http://msdn.microsoft.com/en-us/library/bb725835.aspx
mentions 3 kinds of drivers, KMDF, WDM and NDIS - none of which I would
have related to a minifilter - possibly WDM at a stretch,

However I skip this step and the driver scans OK (but only if my WDK is
installed on my hard disk and not a network drive, likewise for my project!)

I get a very small sdv-map file:

//Approved=false
#define fun_DriverEntry DriverEntry

but I can’t think of what else to add.

I then invoke with:
staticdv /rule:*

and watch my box beat itself up compiling for various test harnesses

Finally I get 2 rule passes (wmiforward and wmicomplete) with 69 not
applicable (including splinlock [I use spinlocks] and zwregistryopen pI
use zwopenkey]).

So I’m not sure if I missed anything out, but staticdv seems to like
what little it saw.

Sam

SDV will work on things it does not explicitly have rules for, but the
problem is that it does not have enough context to do that much useful.
The power of SDV is its ability to understand the relationships between
paths through the driver, and until they set up an environment for
mini-filters you are not getting that.


Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

“Sam Liddicott” wrote in message news:xxxxx@ntfsd…
> I’m giving the static verifier a go on my minifilter since PREfast and
> driver verifier proved so helpful.
>
> http://msdn.microsoft.com/en-us/library/bb725835.aspx
> mentions 3 kinds of drivers, KMDF, WDM and NDIS - none of which I would
> have related to a minifilter - possibly WDM at a stretch,
>
> However I skip this step and the driver scans OK (but only if my WDK is
> installed on my hard disk and not a network drive, likewise for my
> project!)
>
> I get a very small sdv-map file:
>
> //Approved=false
> #define fun_DriverEntry DriverEntry
>
> but I can’t think of what else to add.
>
> I then invoke with:
> staticdv /rule:*
>
> and watch my box beat itself up compiling for various test harnesses
>
> Finally I get 2 rule passes (wmiforward and wmicomplete) with 69 not
> applicable (including splinlock [I use spinlocks] and zwregistryopen pI
> use zwopenkey]).
>
> So I’m not sure if I missed anything out, but staticdv seems to like what
> little it saw.
>
> Sam
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4632 (20091124)

>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>

Information from ESET NOD32 Antivirus, version of virus signature database 4632 (20091124)

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com