Questions tagged [minifilter]
Minifilter: A file system filter developed to work with the file system filter manager.
minifilter
197
questions
1
vote
0
answers
34
views
Why IRP_MJ_WRITE not trigger when do the file compressing?
I am devleoping the file filter driver on windows.
I want to detect the compressing operation on windows , so i listen the IRP_MJ_WRITE in my minifilter dirver and calculate the entropy to determine ...
- 103
3
votes
0
answers
52
views
Why windows Minifilter driver could not be stopped by sc or net command?
This is my first time to develop the minifilter drvier.
And i follow the document to create the inf file and use the
sc/net start command to start my minifilter driver success.
Unfortunately , when i ...
- 103
0
votes
0
answers
56
views
Visual Studio - missing project Driver: Filessytem MiniFilter
Please explain why I don’t have the “Filter Driver: Filesystem minifilter” template in VIsual Studio 2022:
although it is in the video tutorial I’m watching.
At the same time, I installed the WDK ...
- 31
0
votes
0
answers
18
views
Why .inf file in visuals studio 2022 is different
I am trying to develop a file system filter and I trying to install in my vm but it does not have serveral information like service name ,driver name idk that it is not available to any one or it is ...
0
votes
0
answers
97
views
Is it possible to create docker image from windows ISO?
I need a Windows docker image to run in a docker VM (backed by Hyper-V) to run tests on Windows mini-filter drivers there. I was able to run mcr.microsoft.com/windows:20H2-amd64 image but the mini-...
- 49
0
votes
0
answers
17
views
How can I get file mime type in kernel mode
In user mode application in windows application I can get the mime type from a file path with the FindMimeFromData
But I would like to avoid going into user mode every time I have to control the mime ...
- 23
1
vote
0
answers
239
views
Windows Minifilter Driver: Error Faced - fltmc load failed with error: 0x8007007f the specified procedure could not be found
This post is for any driver developer facing the same issue and looking for some solution.
I Faced this error while loading the minifilter driver.
The minifilter driver build was successful.
The ...
- 31
0
votes
1
answer
172
views
Distinguish file creation from file open
Although not the end goal, the best way of describing what I'm doing is tracking file creations like Sysinternals Sysmon does. I copied the nullfilter sample from here and made adjustments. The ...
- 1,462
1
vote
1
answer
290
views
Can we monitor windows network information in realtime using minifilters?
I am trying to write a minifilter that more or less captures everything that happens in the kernel and was wondering if I could also capture "URLs"/network information; I stumbled upon ...
- 879
1
vote
0
answers
767
views
C1189 "No target architecture" when building a driver
I am trying to run a simple driver for windows, but am getting the following error:
C1189 #error: "No Target Architecture" C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\shared\...
- 31
0
votes
1
answer
160
views
Open file from minifilter during the instance_setup
I am new in minifilter development and I am wondering if I can read some information from a xml/txt file in the instance_setup function. The idea is to pass information to the minifilter from a config ...
-2
votes
1
answer
168
views
Is possible to send data from a minifilter kernel driver to a Python Application?
I'm building a Minifilter Kernel Driver for Antivirus purposes that whanever a filesystem operation (open | write | read) happens it retrieves the filename and process ID involved in the operation. I ...
0
votes
1
answer
510
views
Visual Studio 2022 unable to find FS minifilter driver project template
My Visual Studio 2022 (Community Edition) doesn't list the template to create a FS minifilter driver project. I have tried to uninstall VS itself, all SDKs, all WDKs and re-installed following ...
- 120
0
votes
2
answers
129
views
using RtlCompareString to compare user data crashes OS
I have the following code which is responsible to receive and send data between my mini-filter driver and user-mode:
NTSTATUS MiniSendRecv(PVOID portcookie, PVOID InputBuffer, ULONG InputBufferLength, ...
- 305
1
vote
1
answer
854
views
FltRegisterFilter referenced in Function DriverEntry in filter.obj
Basically I am trying create a simple FileSystem MiniFilter Driver where I can modify a notepad file from writing. Following this tutorial. So I created a project in visual studio which is type Filter ...
- 305