Hello there,
I must admit that I am new in driver development and I wanted to ask you for a simple example of minifilter filesystem driver in order to start with.
I already have examined some samples shipped with the WDK but I find them very hard to unerstand.It would be nice if you can point me to the simplest source code possible of minifilter driver capable for just logging file/folder operations for example when user opens file/folder,deletes file/folder etc.
I have already coded a simple device driver and minifilter drivers are little bit different and hard for me to understand.
Thank you very much in advance.
Best regards,
Civa
Minispy does that logging. What you have to remember is that use operations
do not always translate directly into an operation of the file system.
Now the problem with minispy is that it does most of the logging in two
functions SpyPreOperationCallback and SpyPostOperationCallback. The design
makes sense for minispy because it is doing essentially the same action on
all calls. For most minifilters, you will want to differing actions
depending on the type of call, and so instead of one generic call you would
want specific calls for the individual actions. You may want to look at
passThrough since it is simpler but does not really log the actions.
–
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
wrote in message news:xxxxx@ntfsd…
> Hello there,
>
> I must admit that I am new in driver development and I wanted to ask you
> for a simple example of minifilter filesystem driver in order to start
> with.
>
> I already have examined some samples shipped with the WDK but I find them
> very hard to unerstand.It would be nice if you can point me to the
> simplest source code possible of minifilter driver capable for just
> logging file/folder operations for example when user opens
> file/folder,deletes file/folder etc.
>
> I have already coded a simple device driver and minifilter drivers are
> little bit different and hard for me to understand.
>
> Thank you very much in advance.
>
> Best regards,
>
> Civa
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4844 (20100207)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
Information from ESET NOD32 Antivirus, version of virus signature database 4844 (20100207)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
Thank you very much Don for your fast reply!
As I said I have already looked at minispy in WDK and I found it difficult for me.
But I will try to combine msdn with osronline and I hope I will make some progress :).
Best regards,
Civa
Consider taking pass through, then choosing an operation such as IRP_MJ_READ
and creating a new callback with DbgPrint’s to display the parameters for
that call. Use a structure like this to explore things, and you learn.
–
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
wrote in message news:xxxxx@ntfsd…
> Thank you very much Don for your fast reply!
>
> As I said I have already looked at minispy in WDK and I found it difficult
> for me.
> But I will try to combine msdn with osronline and I hope I will make some
> progress :).
>
> Best regards,
>
> Civa
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4844 (20100207)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
Information from ESET NOD32 Antivirus, version of virus signature database 4844 (20100207)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com