none
minispy RRS feed

  • Question

  • Team:

    April 3 2017, Visual Studio 2015, Desktop\Windows-driver-samples-master\Windows-driver-samples-master\filesys\miniFilter\minispy

    Has anyone got the minispy filter to actually work?  With instructions?

    If I receive any help I will document and post here.

    Thank you,

    Robert.

    Tuesday, April 4, 2017 12:27 AM

Answers

  • You don't say what version of Windows, but from the WDK 8.1 version of minispy, the doc's have it pretty good:

    Installation

    The minifilter samples come with an INF file that will install the minifilter. To install the minifilter, do the following:

    1. Make sure that filtername.sys and filtername.inf are in the same directory.

      Note  This installation will make the necessary registry updates to register the minifilter service and place filtername.sys in the %SystemRoot%\system32\drivers directory.

    2. In Windows Explorer, right-click filtername.inf, and click Install.

    3. To load the minifilter, run fltmc load filtername or net start filtername.

    I've used this for a number of minifilters over the years, and you can modify the INF so that the driver starts at System or Boot time and always runs.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Tuesday, April 4, 2017 12:32 AM

All replies

  • You don't say what version of Windows, but from the WDK 8.1 version of minispy, the doc's have it pretty good:

    Installation

    The minifilter samples come with an INF file that will install the minifilter. To install the minifilter, do the following:

    1. Make sure that filtername.sys and filtername.inf are in the same directory.

      Note  This installation will make the necessary registry updates to register the minifilter service and place filtername.sys in the %SystemRoot%\system32\drivers directory.

    2. In Windows Explorer, right-click filtername.inf, and click Install.

    3. To load the minifilter, run fltmc load filtername or net start filtername.

    I've used this for a number of minifilters over the years, and you can modify the INF so that the driver starts at System or Boot time and always runs.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Tuesday, April 4, 2017 12:32 AM
  • Don Burn:

    You are the best.  Thank you. 

    Here is my complete guide to use the Minifilter (thanks to Don Burn)

    1. compile and get minispy files over to target machine.


    2. create minispy service:

         sc create minispy type= filesys binPath= c:\DriverTest\Drivers\minispy


    3. Using file explorer right click and install minispy.inf


    4. minispy.exe must be compiled in ReleaseMode.


    5a. fltmc attach minispy f:  (f is my thumb driver)


    OR


    5b. run minispy.exe as administrator then use option /a f:


    Thank you,


    Robert.

    Wednesday, May 10, 2017 1:58 AM