What is the correct way to load a kernel mode WFP driver

Forum for discussion about kernel-mode development.

What is the correct way to load a kernel mode WFP driver

Postby Victor43 » Wed May 17, 2017 5:42 pm

I need to load a WFP filter driver and want it to load on Windows 7 boot up. How would this be done properly ? I recall using Service Control Manager some time ago for a non WFP driver. I would appreciate any links to code that will load a WFP driver and I would like for the driver to load on each system boot up. Last question does a WFP have to load on a Windows reboot ?
Victor43
 
Posts: 44
Joined: Thu Dec 15, 2011 7:34 am
Location: Canada
Reputation point: 0

Re: What is the correct way to load a kernel mode WFP driver

Postby Brock » Thu May 18, 2017 4:13 pm

How would this be done properly ?


"Properly" is to use a .INF file containing your driver installation and start information such as start type, loader order group etc. However, it's not required as you can use SCM directly and any registry values that may not be created you can then create by hand, it's an old trick to load mini-filter drivers the same way without needing a .INF file. It's recommended by Microsoft that WFP drivers load at boot, this way as soon as the filtering engine starts up your filters are installed at the earliest phase possible.

does a WFP have to load on a Windows reboot ?


No, you can use SCM and have it start on demand, it doesn't have to be at boot.

An example .INF file can be seen here for callout drivers

https://github.com/Microsoft/Windows-dr ... Driver.InX
Accept nothing less than STATUS_SUCCESS
User avatar
Brock
 
Posts: 196
Joined: Wed Apr 28, 2010 3:13 am
Location: Navarre, Florida USA
Reputation point: 19

Re: What is the correct way to load a kernel mode WFP driver

Postby Victor43 » Fri May 26, 2017 5:56 pm

Brock wrote:
How would this be done properly ?


"Properly" is to use a .INF file containing your driver installation and start information such as start type, loader order group etc. However, it's not required as you can use SCM directly and any registry values that may not be created you can then create by hand, it's an old trick to load mini-filter drivers the same way without needing a .INF file. It's recommended by Microsoft that WFP drivers load at boot, this way as soon as the filtering engine starts up your filters are installed at the earliest phase possible.

does a WFP have to load on a Windows reboot ?


No, you can use SCM and have it start on demand, it doesn't have to be at boot.

An example .INF file can be seen here for callout drivers

https://github.com/Microsoft/Windows-dr ... Driver.InX


Thank you Brock I was fortunate enough to find an article which I believe describes on how to load/install a callout driver. If you can confer the details that would be greatly appreciated.

https://docs.microsoft.com/en-us/window ... ut-drivers

Thank you for the posting and advice.
Victor43
 
Posts: 44
Joined: Thu Dec 15, 2011 7:34 am
Location: Canada
Reputation point: 0

Re: What is the correct way to load a kernel mode WFP driver

Postby Brock » Fri May 26, 2017 10:23 pm

Article looks accurate after quickly glancing over it. Something not mentioned in that however is this, if you want to avoid user intervention when installing the .INF then you can just spawn an instance of the InfDefaultInstall.exe process and pass your .INF filename as a parameter. This accomplishes the same thing as right-clicking the .INF file and choosing "Install"
Accept nothing less than STATUS_SUCCESS
User avatar
Brock
 
Posts: 196
Joined: Wed Apr 28, 2010 3:13 am
Location: Navarre, Florida USA
Reputation point: 19

Re: What is the correct way to load a kernel mode WFP driver

Postby Victor43 » Sat May 27, 2017 8:02 pm

Brock wrote:Article looks accurate after quickly glancing over it. Something not mentioned in that however is this, if you want to avoid user intervention when installing the .INF then you can just spawn an instance of the InfDefaultInstall.exe process and pass your .INF filename as a parameter. This accomplishes the same thing as right-clicking the .INF file and choosing "Install"


Thanks for the tip.

Just one question is this the place for asking about cloud computing ?
Victor43
 
Posts: 44
Joined: Thu Dec 15, 2011 7:34 am
Location: Canada
Reputation point: 0

Re: What is the correct way to load a kernel mode WFP driver

Postby Brock » Sat May 27, 2017 11:24 pm

I don't see why not. Perhaps create a new thread with any question(s) pertaining to cloud computing, maybe a few members can offer you information about the subject
Accept nothing less than STATUS_SUCCESS
User avatar
Brock
 
Posts: 196
Joined: Wed Apr 28, 2010 3:13 am
Location: Navarre, Florida USA
Reputation point: 19


Return to Kernel-Mode Development

Who is online

Users browsing this forum: No registered users and 2 guests