> Initially it was not intercepting i/o requests but when i set
> Debug Flag in registry for my driver in HKEY
> LOCAL MACHINE/system/CurrentControlSet/services/mydriver to value
> 0x0 and type DWORD. it started to intercept all irps…I m not
> getting what is the purpose of this flag actually…can anybody help me? thanking in advance…
Most probably, you have taken the FileSpy or MiniSpy example.
Both of them support a “Debug” value. If it is set in certain way,
both these filters (more exactly: legacy filter + minifilter)
start to output IRPs and Fast IOs into the kernel debugger.
So it’s not true that the filter does not intercept IRPs
if there is no “Debug” value. It just does not output them.
Anyway. You have complete source and if you don’t understand the
meaning of a value in the registry, how about to try to search the
sources for the name of registry value and try to get more ?
L.