none
How to load (install) a WFP filter driver sample ? RRS feed

  • Question

  • Can anyone direct me to the utility which will load (install) a WFP filter driver on Windows 7. IS the service control manager the only way on how to do this ? I need the driver to load on Windows 7 boot up. Would it be better to test this driver on a test machine as opposed to the development machine ?



    Sunday, May 14, 2017 7:53 PM

Answers

  • It is always better to test a driver on a test machine.  For a boot start driver test it as much as you can with system start since you can then use .kdfiles with Windbg to upgrade the driver.   Only after you are pretty comfortable it works, should you make it a boot start driver.   You may want a "kill switch" in DriverEntry for example I use:

    BOOLEAN KillDriver = FALSE;

    KdBreakPoint(); if (KillDriver) return STATUS_UNSUCCESSFUL;

    Then in the debugger you can at the breakpoint set KillDriver to TRUE if you get into trouble.

    Also, remember if you are talking about a boot start WFP driver, your driver is not active until

    FwpmBfeStateGet( ) == FWPM_SERVICE_RUNNING

    Is true.  If you need to start earlier you have to use FWPM_FILTER_FLAG_BOOTTIME and handle the limitations of a boot time WFP driver.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by Victor Mehta Wednesday, May 17, 2017 11:24 PM
    Wednesday, May 17, 2017 8:44 PM

All replies

  • It is always better to test a driver on a test machine.  For a boot start driver test it as much as you can with system start since you can then use .kdfiles with Windbg to upgrade the driver.   Only after you are pretty comfortable it works, should you make it a boot start driver.   You may want a "kill switch" in DriverEntry for example I use:

    BOOLEAN KillDriver = FALSE;

    KdBreakPoint(); if (KillDriver) return STATUS_UNSUCCESSFUL;

    Then in the debugger you can at the breakpoint set KillDriver to TRUE if you get into trouble.

    Also, remember if you are talking about a boot start WFP driver, your driver is not active until

    FwpmBfeStateGet( ) == FWPM_SERVICE_RUNNING

    Is true.  If you need to start earlier you have to use FWPM_FILTER_FLAG_BOOTTIME and handle the limitations of a boot time WFP driver.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by Victor Mehta Wednesday, May 17, 2017 11:24 PM
    Wednesday, May 17, 2017 8:44 PM
  • Don thank you. But will this method described here work just to get the driver to load or install ? installation-of-callout-drivers
    Wednesday, May 17, 2017 9:02 PM
  • Yes the mechanism will, of course you asked for a non-SCM approach, and that link is a an SCM based model.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Wednesday, May 17, 2017 9:17 PM
  • Yes the mechanism will, of course you asked for a non-SCM approach, and that link is a an SCM based model.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Thanks again Don.
    Wednesday, May 17, 2017 11:25 PM