none
minifilter Microsoft validation question RRS feed

  • Question

  • I would like to know if a minifilter which registers preoperation callback routines for all available major function codes in which it completes all the I/O operations would pass Microsoft certification phase or would be considered some kind of dangerous software.
    Thursday, September 14, 2017 1:17 PM

Answers

  • It sounds like you are trying to create a file system from a minifilter, this is a really stupid idea.   I tried it once at the urging of a client and never got anything that was stable, let alone ready to run tests on.   If you are writing a file system, write a file system, either take the FASTFAT sample from Microsoft and put your code into it, or if you can afford it get the OSR file system kit.

    AFAIK the filter tests expect many things to report the same with or without the filter present, from what you are saying this will not be the case.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Friday, September 15, 2017 12:25 AM

All replies

  • It sounds like you are trying to create a file system from a minifilter, this is a really stupid idea.   I tried it once at the urging of a client and never got anything that was stable, let alone ready to run tests on.   If you are writing a file system, write a file system, either take the FASTFAT sample from Microsoft and put your code into it, or if you can afford it get the OSR file system kit.

    AFAIK the filter tests expect many things to report the same with or without the filter present, from what you are saying this will not be the case.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Friday, September 15, 2017 12:25 AM
  • Thank you, Don. Your reply was exactly what I was looking for.
    Friday, September 15, 2017 10:57 PM
  • Something still puzzles me, Don, and I hope you can enlighten me about this, just as you did above for that minifilter usage I was asking about.

    From what I can see, the Microsoft team at SQL Server 2008 (and above) uses a legacy filter, namely one named RsFx followed by a numeric suffix according to the OS version for which it is used, in order to expose their special tables to a Windows API usage. The thing is that they expose it as a network share, visible and operable in FileExplorer as if it was just another network share. This is where it got me interested. I detail below.

    From what I also exposed in the OSR's ntfsd list discussions, you could saw there that I'm interested in translating all I/O flow into DB queries. But the thing that I didn't detailed there (but should have, as it makes a big difference I now see) is that the DB with which I intend to work with is over the network, thus making the scenario's bottleneck be the network, not how fast is the kernel-mode to user-mode communication inside a possible legacy filter/minifilter or how fast is the resulted file system as a whole. Not knowing where the limitations were when you tried to implement a filesystem with this approach puzzles me more. This is due to the fact that some blocking limitations for what you were trying to do are not necessarily translated into blocking limitations for the scenario I'm here looking at.

    With all this being said, the question is: would it be possible that such a limited scenario could be implemented by means of legacy filters/minifilters and at the same time a full scenario would be impossible to be implemented likewise, as you said?

    I'm thinking that if the Microsoft team somehow succeeded in using this legacy filter to do this kind of limited job (that pretty much ressembles what I'm trying to do), maybe somehow my endeavor isn't impossible after all.

    Another specific thing about what I'm trying to do and about what Microsoft SQL Server has already done is that a good part of the I/O flow would get wished away at the volume query level, as Rod Widdowson mentioned in the OSR's ntfsd list discussion. This further simplifies things.

    Another question then arises: is it possible for Windows to have improved the capabilities of such filter drivers so much in recent time that what was then not possible has become possible nowadays at least for limited scenarios where implementing a full-blown file system is not desired? How could I understand otherwise the Microsoft SQL Server decision to go for a legacy filter instead of one of their filesystems?

    Thank you very much.




    Saturday, September 16, 2017 6:26 PM