How do i start runing a file system mini filter

0

I'm new to mini filter programming , i compiled the Windows swapBuffers mini filter example (with a bit extra dbgprinting) and tried to run it on windows xp and windows 7.

i tried to use th install option of the inf file and nothing happend (i checked with dbgView - ther is no printing and with fltmc.exe - there is no new mini filtering).

i tried use fltmc.exe load option , i got load failed with error: 0x80070002 The system cannot find the file specified (even thet i in the minifilter folder and double checked the path and the spelling).

i tried to use sc create my_filter type= filesys binPath=... and when i tried sc start my_filter i got a blue screen (got the same results when trying to load with OSR louder).

can sombody please help me to start runing my first "hello world" minifilter?

thank you pit

minifilter
filter-driver
asked on Stack Overflow Jul 7, 2017 by pit

3 Answers

0

Please do check file path info in inf file. For your initial error.

answered on Stack Overflow Jul 8, 2017 by samjeba
0

Build you driver for x86 or x64 do not use universal driver for windows 7 it is for windows 10. now set the bcdedit -set testsigning on fand -set debug on. reboot your system. now after reboot hit f8 and go for disable signing option.

after system up, make sure .sys and inf in same dir i assume you have written ur inf properly. now install your driver by inf. open cmd elevated mode type fltmc load drivername without .sys. filter will load without a problem.

If problem persist then check your inf file for correction.

Hope this may help.

:)

answered on Stack Overflow Jul 27, 2017 by Dev
0

win7

attach kernel debugger

then

pnputil -a infname.inf

sc query servicename

should say stopped

sc start servicename

should see it load in debugger if verbose is on (alt+ctrl+v)

answered on Stack Overflow Aug 8, 2019 by jolyon

User contributions licensed under CC BY-SA 3.0