Writing a DriverEntry Routine for a Minifilter Driver
Every file system minifilter driver must have a DriverEntry routine. The DriverEntry routine is called when the minifilter driver is loaded.
The DriverEntry routine performs global initialization, registers the minifilter driver, and initiates filtering. This routine runs in a system thread context at IRQL PASSIVE_LEVEL.
The DriverEntry routine is defined as follows:
NTSTATUS
(*PDRIVER_INITIALIZE) (
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
);
DriverEntry has two input parameters. The first, DriverObject, is the driver object that was created when the minifilter driver was loaded. The second, RegistryPath, is a pointer to a counted Unicode string that contains a path to the minifilter driver's registry key.
A minifilter driver's DriverEntry routine must perform the following steps, in order:
Perform any needed global initialization for the minifilter driver.
Register the minifilter driver by calling FltRegisterFilter.
Initiate filtering by calling FltStartFiltering.
Return an appropriate NTSTATUS value.
This section includes:
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for