Reputation: 528
Minifilter PRE_OP_CALLBACK not being called
I'm trying to write a basic minifilter driver, and I have the following put together based on the examples from Minispy (as it's a lot of code, I'll link to a gist)
https://gist.github.com/anonymous/9dce7c550b028fa308a48d36c6098095
If I use WinDBG to attach to the kernel, I can see the DriverEntry being called and my registration completing successfully, and I can also see the unload happening if I call it. However I never see my PRE_OP_CALLBACK or my POST_OP_CALLBACK ever being called when I open/create a file. I'm not sure what I'm missing.
Upvotes: 0
Views: 286
Answers (2)
Reputation: 528
I figured it out actually, it had to do with my INF file. Specifically, the following line:
Instance1.Flags = 0x1 ; Suppress automatic attachments
Removing that line, or setting it to 0, allows it to attach automatically. For my purposes, since I want to monitor all volumes, I'm setting it to 0. On the same account, the minispy example only has 0x1 set on the Instance3 flags, so this makes sense.
Upvotes: 0
Reputation: 13073
I would recommend comparing with minispy sample which works correctly github : minispy
In DriverEntry it has a registration...
status = FltRegisterFilter( DriverObject,
&FilterRegistration,
&MiniSpyData.Filter );
as well as
status = FltStartFiltering( MiniSpyData.Filter );
Upvotes: 1
Related Questions
- minifilter driver append to user buffer in post operation
- Intercept Process Access using a Windows MiniFilter Driver
- Minifilter driver not blocking file edition
- Registered pre(post) operation callback not called on specific computer in Minifilter drive
- Minifilter: Block applications with notification
- Minifilter redirect file creation in pre operation?
- How Debug File System Minifilter Driver on WDK 7.1
- Filter hook driver: dispatch routine isn't called
- I want to create a minifilter driver to transparently redirect disk i/o, but I'm having trouble getting started
- HowTo connect FS Minifilter Driver and my application on Vista & Win7?