What is the correct way to load a kernel mode WFP driver

Forum for discussion about kernel-mode development.

What is the correct way to load a kernel mode WFP driver

Postby Victor43 » Wed May 17, 2017 5:42 pm

I need to load a WFP filter driver and want it to load on Windows 7 boot up. How would this be done properly ? I recall using Service Control Manager some time ago for a non WFP driver. I would appreciate any links to code that will load a WFP driver and I would like for the driver to load on each system boot up. Last question does a WFP have to load on a Windows reboot ?
Victor43
 
Posts: 35
Joined: Thu Dec 15, 2011 7:34 am
Location: Canada
Reputation point: 0

Re: What is the correct way to load a kernel mode WFP driver

Postby Brock » Thu May 18, 2017 4:13 pm

How would this be done properly ?


"Properly" is to use a .INF file containing your driver installation and start information such as start type, loader order group etc. However, it's not required as you can use SCM directly and any registry values that may not be created you can then create by hand, it's an old trick to load mini-filter drivers the same way without needing a .INF file. It's recommended by Microsoft that WFP drivers load at boot, this way as soon as the filtering engine starts up your filters are installed at the earliest phase possible.

does a WFP have to load on a Windows reboot ?


No, you can use SCM and have it start on demand, it doesn't have to be at boot.

An example .INF file can be seen here for callout drivers

https://github.com/Microsoft/Windows-dr ... Driver.InX
Accept nothing less than STATUS_SUCCESS
User avatar
Brock
 
Posts: 186
Joined: Wed Apr 28, 2010 3:13 am
Location: Navarre, Florida USA
Reputation point: 19


Return to Kernel-Mode Development

Who is online

Users browsing this forum: No registered users and 3 guests