Hello OSR team,
I am trying to implement WMI on a file system mini filter driver. I have used toaster bus driver(WDM) sample, which is available with WINDOWS DDK 7 samples (GRMWDK_EN_7600_1.ISO) as a reference to implement WMI. When the ‘DpWmiQueryReginfo’ function is called, the sample driver returns the flag ‘WMIREG_FLAG_INSTANCE_PDO’ at ‘RegFlags’, and returns the PDO obtained in "AddDevice’ at '‘Pdo’. But , in my case, I cannot do that because I do not have any PDO for my filter driver. SO Please give your valuable comments on this
Questions
-
Can I use WMIREG_FLAG_INSTANCE_BASENAME flag instead of WMIREG_FLAG_INSTANCE_PDO
-
If yes, what value I should return at 'InstanceName ’ ( Since I was not clear about it, I gave some name, like “testname”, but it was not working). Please give me an example
-
Is there any work around for this?
-
Do I have to supply *.bmf files along with *.sys file, when we make an installer. If yes, where should we copy *.bmf file ( system32/Drivers?) on the targert machine
Reference
https://msdn.microsoft.com/en-us/library/windows/hardware/ff544097(v=vs.85).aspx
More details will be provided on request
Thanks
Midhun.k
The kernel mode WMI interface gets very annoying very quickly if you don’t
have a PDO. The last time I tried to do this in a file system filter I gave
up on that approach because I hit some annoying limitation that made me give
up, but unfortunately I don’t remember what it was anymore.
Ultimately we instead went with creating a user mode WMI provider. We then
used a standard Communication Port to the filter so that we could query the
necessary data to populate the WMI database. The file system filter then
wasn’t polluted with WMI nonsense and the user mode code figured out
how/when to present the data.
For now unimportant reasons, the user mode code had to be native so the code
ended up being a complete and total COM nightmare but it was doable. There
are some examples in the Server 2003 SDK (no, that’s not a typo…).
Probably would have been much easier if we only needed to deal with very
recent versions of the OS.
Do I have to supply *.bmf files along with *.sys file, when we make an
installer. If yes, where should we copy *.bmf file
( system32/Drivers?) on the targert machine
If you go with a kernel provider, you embed the binary MOF data into your
executable, thus you don’t need to provide it.
With a user mode provider you need to bring the MOFs to the target machine
and run mofcomp on them to register them with WMI.
-scott
OSR
@OSRDrivers
Hello Scott
Thank you for your quick reply.
>>>>Ultimately we instead went with creating a user mode WMI provider.
Is it possible to create a user mode WMI provider on Windows Service.?My understadning is WMI is an extension to WDM.
Before I give up , I would like to spend some time here. Could you tell me how to use WMIREG_FLAG_INSTANCE_BASENAME? (If you could recollect…)
Thank you very much
by midhun
Wmi is not a kernel specific technology. A driver can be a wmi provider. So can a user mode application
Bent from my phone
From: xxxxx@lists.osr.com on behalf of xxxxx@gmail.com
Sent: Saturday, September 30, 2017 8:01:34 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] WMI implementation on filesystem mini filter driver
Hello Scott
Thank you for your quick reply.
>>>>>Ultimately we instead went with creating a user mode WMI provider.
Is it possible to create a user mode WMI provider on Windows Service.?My understadning is WMI is an extension to WDM.
Before I give up , I would like to spend some time here. Could you tell me how to use WMIREG_FLAG_INSTANCE_BASENAME? (If you could recollect…)
Thank you very much
by midhun
—
NTDEV is sponsored by OSR
Visit the list online at: https:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at https:
To unsubscribe, visit the List Server section of OSR Online at https:</https:></https:></https:>