![]() When handling an I/O operation, the filter manager calls the appropriate callback routine for each minifilter driver that registered for that operation. For each of the I/O operations it chooses to filter, a minifilter driver can register a preoperation callback routine, a postoperation callback routine, or both. Altitudes are allocated and managed by Microsoft.Ī minifilter driver can filter IRP-based I/O operations as well as fast I/O and file system filter (FSFilter) callback operations. The attachment of a minifilter driver at a particular altitude on a particular volume is called an instance of the minifilter driver.Ī minifilter driver's altitude ensures that the instance of the minifilter driver is always loaded at the appropriate location relative to other minifilter driver instances, and it determines the order in which the filter manager calls the minifilter driver to handle I/O. However, the order of attachment is determined by a unique identifier called an altitude. ![]() Like legacy filter drivers, minifilter drivers attach in a particular order. Each load order group has a corresponding system-defined class and class GUID used in the INF file for the filter driver. ![]() Therefore, filter drivers in the FSFilter Anti-Virus load order group are loaded before filter drivers in the FSFilter Replication group. For example, an antivirus filter driver should be higher in the stack than a replication filter driver, so it can detect viruses and disinfect files before they are replicated to remote servers. A minifilter driver attaches to the file system stack indirectly, by registering with the filter manager for the I/O operations the minifilter driver chooses to filter.Ī legacy filter driver's position in the file system I/O stack relative to other filter drivers is determined at system startup by its load order group. The filter manager attaches to the file system stack for a target volume. ![]() The filter manager is installed with Windows, but it becomes active only when a minifilter driver is loaded. Typical applications for file system filter drivers include antivirus utilities, encryption programs, and hierarchical storage management systems. Depending on the nature of the driver, filter can mean log, observe, modify, or even prevent. A file system filter driver is a kernel-mode component that runs as part of the Microsoft Windows NT executive.Ī file system filter driver can filter I/O operations for one or more file systems or file system volumes. A file system filter driver is an optional driver that adds value to or modifies the behavior of a file system. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |