Skip to content

Instantly share code, notes, and snippets.

@corytodd
Created November 24, 2019 17:42
Show Gist options
  • Save corytodd/09d112f1d6eb2ba264a1a4ee736ed52c to your computer and use it in GitHub Desktop.
Save corytodd/09d112f1d6eb2ba264a1a4ee736ed52c to your computer and use it in GitHub Desktop.
The latest Windows 10 build, 1903-1909, rejects the minifilter INI samples shown in the DDK Github. This modified version allows the driver to at least load and function. I don't know if it is 100% correct though.
;;;
;;; Minispy
;;;
;;;
;;; Copyright (c) 2001, Microsoft Corporation
;;;
[Version]
Signature = "$Windows NT$"
Class = "ActivityMonitor" ;This is determined by the work this filter driver does
ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2} ;This value is determined by the Class
Provider = %ProviderString%
DriverVer = 06/16/2007,1.0.0.0
CatalogFile = minispy.cat
[DestinationDirs]
DefaultDestDir = 12
Minispy.DriverFiles = 12 ;%windir%\system32\drivers
Minispy.UserFiles = 10,FltMgr ;%windir%\FltMgr
;;
;; Default install sections
;;
[Manufacturer]
%ManufacturerString%=YourCompany,NTamd64...1
[YourCompany.NTamd64...1]
[MinispySrc_Inst.NT.Services]
AddService = %ServiceName%,,Minispy.Service
[MinispySrc_Inst.NT]
CopyFiles = Minispy.DriverFiles, Minispy.UserFiles
;
; Services Section
;
[Minispy.Service]
DisplayName = %ServiceName%
Description = %ServiceDescription%
ServiceBinary = %12%\%DriverName%.sys ;%windir%\system32\drivers\
Dependencies = FltMgr
ServiceType = 2 ;SERVICE_FILE_SYSTEM_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
LoadOrderGroup = "FSFilter Activity Monitor"
AddReg = Minispy.AddRegistry
;
; Registry Modifications
;
[Minispy.AddRegistry]
HKR,,"SupportedFeatures",0x00010001,0x3
HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
HKR,"Instances\"%Instance2.Name%,"Altitude",0x00000000,%Instance2.Altitude%
HKR,"Instances\"%Instance2.Name%,"Flags",0x00010001,%Instance2.Flags%
HKR,"Instances\"%Instance3.Name%,"Altitude",0x00000000,%Instance3.Altitude%
HKR,"Instances\"%Instance3.Name%,"Flags",0x00010001,%Instance3.Flags%
;
; Copy Files
;
[Minispy.DriverFiles]
%DriverName%.sys
[Minispy.UserFiles]
%UserAppName%.exe
[SourceDisksFiles]
minispy.sys = 1,,
minispy.exe = 1,,
[SourceDisksNames]
1 = %DiskId1%,,,
;;
;; String Section
;;
[Strings]
ManufacturerString = "YourCompany"
ProviderString = "YourCompany"
ServiceDescription = "Minispy mini-filter driver"
ServiceName = "Minispy"
DriverName = "minispy"
UserAppName = "minispy"
DiskId1 = "Minispy Device Installation Disk"
;Instances specific information.
DefaultInstance = "Minispy - Top Instance"
Instance1.Name = "Minispy - Middle Instance"
Instance1.Altitude = "370000"
Instance1.Flags = 0x1 ; Suppress automatic attachments
Instance2.Name = "Minispy - Bottom Instance"
Instance2.Altitude = "361000"
Instance2.Flags = 0x1 ; Suppress automatic attachments
Instance3.Name = "Minispy - Top Instance"
Instance3.Altitude = "385100"
Instance3.Flags = 0x1 ; Suppress automatic attachments
@kyanha
Copy link

kyanha commented Jan 14, 2020

...could you submit this as a pull request against the DDK repo, so it's easy to see diffs?

@apekros
Copy link

apekros commented May 27, 2020

Having an issue getting this to load on 1909.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment