1

I am working on an application which need to manage (access, create, write, read) files on a distant server and which will mount the storage as a virtual drive/volume on a specified location on the computer (eg. H:), like a local USB device for example.

On Linux, it is possible to do such a thing using FUSE. However, on Windows, there is no equivalent and the only way is to use a driver. So I started to create a driver using the WDF but I get stuck at the very beginning with the inf file and the minimal code adaptation to fit my needs.
I have looked at many official driver samples (eg. the nonpnp sample) and also many various resources on the internet (eg. OSR Online), but I was not able to get this working.

Steps I have followed

To start my driver project, I created a Kernel Mode Driver (KMDF) in Visual Studio 2013. It is a template project. I was able to set up my whole test environment with this project (test machine + signing stuff + deployment configuration), so these things are properly working.

However, the template project does not fit my needs very well: I need to have a desktop application which will interact with the (sofware-only) driver and which will ask the driver to mount/unmount volumes and give specifics (connection) information for each volume. Based on this, the initial inf file has to be changed because it's for an hardware driver (waiting for a real device being plugged in) which is not the case here. The change of the inf file also implies some changes in the initial code of the template. But, since I started to modify both inf file and code to fit my minimal needs, the driver installation fails during the deployment step.

This is the error I get:

1>------ Début de la génération : Projet : cadwd Package, Configuration : Win7 Debug Win32 ------
1>  ..........................
1>  Signability test complete.
1>
1>  Errors:
1>  None
1>
1>  Warnings:
1>  None
1>
1>  Catalog generation complete.
1>  C:\project\driver\Win7Debug\cadwd Package\cadwd.cat
1>  Done Adding Additional Store
1>  Successfully signed: C:\project\driver\Win7Debug\cadwd Package\cadwd.cat
1>
1>  Deploying driver files for project "C:\project\driver\cadwd Package\cadwd Package.vcxproj".  Deployment may take a few minutes...
1>C:\Program Files (x86)\Windows Kits\8.1\build\Win32\ImportAfter\DriverDeployment.targets(69,9): error : Driver Deployment Task Failed: Default Driver Package Installation Task (possible reboot)
========== Génération : 0 a réussi, 1 a échoué, 1 mis à jour, 0 a été ignoré ==========

Here is the minimal code : https://github.com/gupascal/StackOverflow-Q201503-1. The first commit is the initial code generated by the VS project, the second one shows the current state of my tests (however, I made tons of small tests [none of them worked], and I can't list all of them here).

Can anyone help me on this problem please? I spent a lot of time on this and I am really stuck.

Thanks for your help,
Guillaume

Guillaume Pascal
  • 845
  • 1
  • 9
  • 19
  • Did you check if a file system mini filter driver fits your needs ? (look at http://msdn.microsoft.com/en-us/library/windows/hardware/ff540402 and http://code.msdn.microsoft.com/windowshardware/passThrough-File-System-f9975611). If this is a possible way for you, I may probably give you some more tips (I recently wrote a small mini filter driver as a proof of concept) – Rainer Schaack Mar 14 '15 at 18:36
  • While a file system driver is a kernel-mode driver, it's a very special case; even documented separately, IIRC. I'm not sure whether or not the KMDF template is a sensible starting point. Also, have you considered whether iSCSI could meet your needs? – Harry Johnston Mar 14 '15 at 22:54
  • Thanks for your answers. First of all, no, iSCSI can't meet my needs because I have to communicate with an API through HTTPS (and I can't change the server side). Doing a choice between a KMDF and a File System mini-filter driver was the first difficulty I met in my project. At that time, it seems I misunderstood how the FS mini filter worked, and it probably led me to a wrong choice. (1/2) – Guillaume Pascal Mar 15 '15 at 10:12
  • By having a new look on FS filter, I found that it is possible to *complete* an I/O operation by returning FLT_PREOP_COMPLETE from the preop routine (please correct me if I am wrong) instead of simply passing the I/O operation to the next filter. Secondly, a FS filter driver has to be attached to a volume, but in my case I need to create a virtual volume. The fact is that I don't know how neither where to do that. Should this be done in the driver or in the user application part? Thanks. (2/2) – Guillaume Pascal Mar 15 '15 at 10:13
  • Hello, @RainerSchaack . I am now trying to deploy my fs filter driver but I get some issues to deploy it: `Driver Preparation (x86) (possible reboot): Fail`. In VS, in deployment properties, section "Driver Installation Options", I selected "Install and Verify" but I am not sure if it is the right option for fs driver deployment. Can you help me please? Also, could you give me some tips regarding my other question in my last comment please? Thanks for your help. – Guillaume Pascal Mar 21 '15 at 10:34
  • Ok, just saw your comment. I have to collect my own documentation notes, I will come back soon (next days). – Rainer Schaack Mar 21 '15 at 10:51
  • @RainerSchaack Ok. Thanks a lot for your help. I just noticed that make a mistake in my previous comment. The error I get is `Default Driver Package Installation Task (possible reboot): Fail` Sorry for the mistake. – Guillaume Pascal Mar 21 '15 at 12:57

1 Answers1

5

First: Writing a (kernel) driver is not an easy task. If this is not for educational purposes, I strongly recommend to ask the real experts for commercial support, e.g. take a look at https://www.osr.com/custom-development

(I have no relationship to OSR, but they seem to be very competent)

By having a new look on FS filter, I found that it is possible to complete an I/O operation by returning FLT_PREOP_COMPLETE from the preop routine (please correct me if I am wrong) instead of simply passing the I/O operation to the next filter.

Correct

Secondly, a FS filter driver has to be attached to a volume, but in my case I need to create a virtual volume. The fact is that I don't know how neither where to do that.

This seems to be the main problem here. I found no way to "introduce" a new (virtual) volume by the mini filter, you can only attach and filter an already existing one.

I can think of these options:

If using subst, you map e.g. X: to C:\fakepath, and in the filter, you parse the filename, and if it is beneath the fake path, you can complete the I/O in the filter.

I searched for other solutions:

https://www.eldos.com/cbfs (looks interesting)

Also look here: How to Create a Virtual Windows Drive

Since I developed (as a proof-of-concept) a simple mini filter, I documented my experiences with this.

The error I get is Default Driver Package Installation Task (possible reboot): Fail

I have no experience with this VS deployment scenario, I installed my driver manually. I am not sure what is the correct / best / simplest way.

I can only tell you that my description below worked for me (and I even tested this again using a new installation).

I add these instructions here, may be they can help you to try this way:

Documentation

https://msdn.microsoft.com/en-us/library/windows/hardware/ff548202%28v=vs.85%29.aspx

From this link:

"A file system filter driver can filter I/O operations for one or more file systems or file system volumes. Depending on the nature of the driver, filter can mean log, observe, modify, or even prevent. Typical applications for file system filter drivers include antivirus utilities, encryption programs, and hierarchical storage management systems."

Some other valuable information:

http://download.microsoft.com/download/f/0/5/f05a42ce-575b-4c60-82d6-208d3754b2d6/Filter_Manager.ppt

http://download.microsoft.com/download/e/b/a/eba1050f-a31d-436b-9281-92cdfeae4b45/FilterDriverDeveloperGuide.doc

Where to start

A filter driver which will be installed on a 64 bit OS (Windows 7, Server 2008R2...) must be signed. If you want to install such a driver on a "normal" system, an official driver certificate must be purchased. For development and testing purposes, you can set the system into a "test mode", in which a self-signed certificate can be used (no need for official certificate or registration)

First sample driver

There are some sample drivers from Microsoft, which can be used as a starting point. I can recommend to start with the Minispy filter.

Prerequisites

Build

Open minispy solution

There are some defined configurations. Since we want to install the driver on Windows Server 2008 R2, we set "Win7 Release" here.

Then right-click the solution in the Solutions Explorer and select Configuration Manager

From the Configuration Manager, select the Active Solution Configuration:

Win7 Release

Right, under "Active solution platform" set to x64

Optionally:

minispy properties (both Filter and User)

Configuration Properties => C/C++ => Code Generation => Runtime Library:

Change from Multi-threaded DLL to Multi-threaded (statically linked)

Advantage: you do not need to install the MSVCR120.DLL to the target system

Build solution

For the next steps, three files are needed:

  • minispy.sys (MiniSpy\C++\filter\x64\Win7Release)
  • minispy.exe (MiniSpy\C++\user\x64\Win7Release)
  • minispy.inf (MiniSpy\C++)

Copy these files into one directory

Visual Studio 2013 => Visual Studio Tools => VS2013 x64 Native Tools Command Prompt

cd to the directory with the files

makecert -r -pe -ss PrivateCertStore -n CN=TestCert test.cer

Edit minispy.inf Change line

DriverVer = 06/16/2007,1.0.0.0 to current date

inf2cat /driver:[path-to-dir]\ /os:Server2008R2_IA64

signtool sign /v /s PrivateCertStore /n TestCert /t http://timestamp.verisign.com/scripts/timestamp.dll minispy.cat

signtool sign /v /s PrivateCertStore /n TestCert /t http://timestamp.verisign.com/scripts/timestamp.dll minispy.sys

Copy these files to the Windows Server 2008 R2:

  • minispy.cat
  • minispy.exe
  • minispy.inf
  • minispy.sys
  • test.cer

On the Server 2008 R2:

To be able to load the driver, the server must be brought into "test mode".

Command prompt (run as Administrator)

bcdedit.exe -set TESTSIGNING ON

reboot

After reboot, "Test Mode" will be displayed on the right bottom

Import Test certificate

Start "certmgr"

Select Trusted Root Certification Authorities

Main menu => Action => All tasks => Import...

Choose test.cer

Place all certificates in the following store: Trusted Root Certification Authorities

Install filter driver

In Windows explorer, select minispy.inf, right-click => install

(you see only a short flashing and no "success type" message)

In a command prompt:

fltmc load minispy

If you see no message, the driver was loaded successfully.

To check if the driver was loaded, you can use

fltmc

All loaded filter drivers will be shown

For a first test:

minispy /a c: /f: log.txt

Press Enter to start the command mode. There, you can enter exit

Community
  • 1
  • 1
Rainer Schaack
  • 1,558
  • 13
  • 16
  • Thank you so much for this very detailed answer. Today, I only had a quick look at all your links and tips but I saw that most of them should be very helpful for me. I will study all of this in more details during the next days and I will come back to you for any precision. Thanks. – Guillaume Pascal Mar 25 '15 at 22:44
  • I was able to have something working now. Minispy sample helped a lot. Thanks again for your help. – Guillaume Pascal Jul 06 '15 at 20:22