Share via

Should I learn about WDM or WDF to be able to work with file system minifilters?

Eyad Hossam 1 Reputation point
2022-10-22T16:56:01.747+00:00

It's a bit unclear what I need to learn.
I will start working on an antivirus software and I need to be able to monitor the filesystem for file creation and modification. Digging up through the internet I found out about WDM, WDF, and Filesystem minifilters the past couple of days.

There's also this lingering thought in my head that, to work with filesystem minifilters, I will actually need to learn a 3rd kind of drivers ("filesystem drivers") and neither WDM or WDF, but I couldn't find anything on the internet to support this idea so I am not entirely sure yet

I'd greatly appreciate it if anyone more knowledgeable would just give me an idea of what my learning path should look like. Topics, books, anything.

Here's my plan so far, feel free to comment on it

First, one of these books (depending on whether I need to learn WDM or WDF)

  • Windows Kernel Programming (Pavel Yosifovich) (I think this book is about WDMs)
  • Programming The Microsoft Windows Driver Model (Walter Oney) (WDM)
  • Developing Drivers with the Microsoft Windows Driver Foundation (Penny Orwick, Guy Smith) (WDF)

Then, I would read the "Windows NT File System Internals - A Developer's Guide" book by Rajeev Nagar.

I would also study the Windows Driver Samples code while I read those books

I was made aware of OSR's seminars, and they look very good honestly, but they are simply too expensive for a self-learning individual like myself (each seminar costs the equivalent of 7 months salary in my country, and there are 5 seminars so...)

This is all I know after having spent the past couple of days just digging through the internet for resources, all help will be greatly appreciated

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Castorix31 90,686 Reputation points
    2022-10-22T18:15:06.493+00:00

    You can see MSDN docs, like File systems driver design guide,
    with MS samples like AvScan File System Minifilter Driver or others

  2. Limitless Technology 44,766 Reputation points
    2022-10-25T10:00:41.83+00:00

    Hi,

    Thank you for posting your query.

    Kindly check the details provided below to answer your query.

    As you can see, we've thought long and hard about this problem over the past couple of years. As we designed our WDF seminar, we needed to consider what concepts from WDM we needed to include. Because we're not about giving people surface-level knowledge, or providing cookbooks, we wanted to be sure we "did the right thing" by students who learned KMDF and UMDF.

    So here are some guidelines we developed:

    If you need to write file systems or file system filters, forget you've even heard of WDF. Sorry, you've got to learn all of WDM and then all about the world of Windows file systems. Good luck, you've got a long row to hoe. Stop reading here. Have a nice day.

    If you need to write video, audio, most types of network or storage adapter drivers, there are specialized driver models that apply to you. WDF may be useful for filters in your stack, or for special purposes, but you're going to have to learn the specific driver model and interface that Windows uses to support your device. Because WDM is the underlying technology for all Windows drivers, learning the basics of WDM will enhance your understanding. But learning and using WDF by itself is pretty much not an option.

    If you need to write drivers for printers there's a special model for you, too, and I have no idea what it is. But it's not WDF. I think it's some user-mode thing. Anyhow, if you're a printer driver developer you're not reading this article anyhow. Or, if you are, please give this issue back to the person from whom you stole it.

    If you need to maintain or enhance an existing WDM driver, you're going to have to learn WDM in the short term. In the long term, consider learning WDF and re-writing the driver if at all possible. Your boss will hate the idea, but when you finally do it you'll be the hero of your company due to the decrease in bug reports.

    If the performance (or resource utilization) of your device is ultra-critical, you'll probably have to learn WDM. I'm not saying the WDF isn't performant. Rather, I'm saying that in order for you to be able to make the best possible trade-offs when it comes to optimizing the performance of your device and driver, you're going to need all the architecture and I/O subsystem knowledge you can get. And that means you're going to have to learn WDM.

    If you don't fall into any of the previous categories or...
    You need to write a filter driver to modify or add-value to the behavior of (most any) device stack in Windows.

    Go to this link for your reference https://www.osronline.com/article.cfm%5Earticle=489.htm

    Note: This is a non-Microsoft website kindly take precautions before downloading anything.

    -------------------------------------------------------------------------------------------------------------------------------------------------

    If the answer is helpful kindly click "Accept as Answer" and upvote it. Thanks.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.