Re: File system filter driver: WDF or WDM?

Actually, what you want is a file system mini-filter. This is in the
current WDK including samples. Take a look at the FileSpy example which
tracks all operations on files in a manner simlar to FileMon from
Sysinternals. You should also go to http://www,osronline.com the site has
data on File system work, and they have an email/newsgroup NTFSD where the
file system people hang out.


--
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr


"Maurizio Colucci" <> wrote in message
news:d90f0bd4-8284-4d7c-ab9f-...
> Hi, I can't figure out what technology to use for my problem. In order
> to write a "filter driver" for the file system, can I use the newer
> WDF (Windows Driver Foundation) or do I need to use the older WDM?
> (And if I can use WDF, should I use KMDF or UMDF?)
>
> Here is a longer explanation:
>
> I need my application (www.tabbles.net) to be notified of any file
> that is created, deleted, or moved, in any disk in the current
> computer, reliably. The filesystemwatcher in .NET is not reliable
> enough. I seem to understand that, for total reliability, I need to
> write a "filter driver" (which is the solution that most antivirus
> take for the same task. )
>
> Writing a filter driver seems to require a great deal of study; I have
> found some sample code
>
>
> http://www.codeguru.com/cpp/w-p/syst...le.php/c16543/
>
> and a few books
>
> Windows NT filesystem internals
>
> Windows 2000 Device Driver Book - A guide for programmers - 2nd ed.
>
> but all these sources seem to involve an old technology (WDM = Windows
> Driver Model), which looks like it has been superseded by the newer
> WDF. However, for WDF, I can't seem to find any info about filter
> drivers.
>
> So I need to decide what direction to take: should I study WDF, or
> should I read the aforementioned books? Thanks for any pointer in the
> right direction.
>
> Maurizio
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 4690 (20091215) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>



__________ Information from ESET NOD32 Antivirus, version of virus signature database 4690 (20091215) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

You might also check out file system filter driver page on the WHDC Web site:
http://www.microsoft.com/whdc/driver...v/default.mspx

And more specifically, if you are in a position to travel, you might find
the IFS Plugfest helpful. The IFS Plugfest is an event for file system filter
driver ISVs organized by the File System Filters team at Microsoft where the
developers work with the ISVs to solve interoperability issues among various
vendor solutions and the Filter Manager. It is also been a place where the
ISV community is informed of the roadmap and informative sessions are
presented on filter-driver related issues. Register for the January 2010
event: http://www.microsoft.com/whdc/driver...SPlugfest.mspx

"Maurizio Colucci" wrote:

> Don, thank you very much for the precious information. I am checking
> all the sources you pointed me to.
>
> Maurizio
> .
>