Система не может найти указанный файл — драйвер мини-фильтра

Система не может найти указанный файл — драйвер мини-фильтра ⇐ C++

1 сообщение • Страница 1 из 1

Anonymous

Система не может найти указанный файл — драйвер мини-фильтра

Цитата

Сообщение Anonymous » 19 янв 2025, 16:51

Я пытаюсь разработать простой драйвер MiniFilter файловой системы, но постоянно получаю сообщение «Произошла системная ошибка 2». Система не может найти указанный файл
Мой инф-файл:

Код: Выделить всё

;-------------------------------------------------------------------------
; companyName.INF -- NDIS LightWeight Filter Driver
;
; TODO: Search for comments marked "TODO:", and follow their instructions to
; customize this INF for your driver.  Then delete the "TODO:" comments.
;-------------------------------------------------------------------------

[version]
; Do not change these values "NetService"
Signature       = "$Windows NT$"
Class           = NetService
ClassGUID       = {4D36E974-E325-11CE-BFC1-08002BE10318}
; TODO: Customize this string for your company name
Provider        = %Msft%
DriverVer       =
CatalogFile     = companyName.cat

; TODO: Include each architecture for which your driver package contains a
; compiled binary.  If you do not supply a driver compiled for ia64, delete the
; NTia64 section.
[Manufacturer]
%Msft%=MSFT,NTx86,NTia64,NTamd64,NTarm,NTarm64

; MS_companyName can be used with netcfg.exe to install/uninstall the driver.
[MSFT.NTx86]
%companyName_Desc%=Install, MS_companyName

[MSFT.NTia64]
%companyName_Desc%=Install, MS_companyName

[MSFT.NTamd64]
%companyName_Desc%=Install, MS_companyName

[MSFT.NTarm]
%companyName_Desc%=Install, MS_companyName

[MSFT.NTarm64]
%companyName_Desc%=Install, MS_companyName

;-------------------------------------------------------------------------
; Installation Section
;-------------------------------------------------------------------------
[Install]
AddReg=Inst_Ndi
; All LWFs must include the 0x40000 bit (NCF_LW_FILTER). Unlike miniports, you
; don't usually need to customize this value.
Characteristics=0x40000

; This must be a random, unique value.
; FILTER_UNIQUE_NAME in filter.h must match this GUID identically.
; Both should have {curly braces}.
NetCfgInstanceId="{33e89230-1de5-44cf-959b-bba7ed0e72d1}"

Copyfiles = companyName.copyfiles.sys

[SourceDisksNames]
1=%companyName_Desc%,"",,

[SourceDisksFiles]
; TODO: Include any related files that should be installed with your driver.
companyName.sys=1

[DestinationDirs]
DefaultDestDir=12
companyName.copyfiles.sys=12

[companyName.copyfiles.sys]
companyName.sys,,,2

;-------------------------------------------------------------------------
; Ndi installation support
;-------------------------------------------------------------------------
[Inst_Ndi]
HKR, Ndi,Service,,"companyName"
HKR, Ndi,CoServices,0x00010000,"companyName"
HKR, Ndi,HelpText,,%companyName_HelpText%
; TODO: Set the FilterClass here.  The FilterClass controls the order in which
; filters are bound to the underlying miniport.  Possible options include:
;     Custom, Diagnostic, Failover, Loadbalance, Vpn, Compression, Encryption, Scheduler
; See MSDN for a description of each.
HKR, Ndi,FilterClass,, compression
; TODO: Specify whether you have a Modifying or Monitoring filter.
; For a Monitoring filter, use this:
;     HKR, Ndi,FilterType,0x00010001, 1 ; Monitoring filter
; For a Modifying filter, use this:
;     HKR, Ndi,FilterType,0x00010001, 2 ; Modifying filter
HKR, Ndi,FilterType,0x00010001,2
; Do not change these values
HKR, Ndi\Interfaces,UpperRange,,"noupper"
HKR, Ndi\Interfaces,LowerRange,,"nolower"
; TODO: Ensure that the list of media types below is correct.  Typically,
; filters include "ethernet".   Filters may also include "ppip" to include
; native WWAN stacks, but you must be prepared to handle the packet framing.
; Possible values are listed on MSDN, but common values include:
;     ethernet, wan, ppip, wlan
HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, wan, ppip"
; TODO: Specify whether you have a Mandatory or Optional filter.
; For a Mandatory filter, use this:
;     HKR, Ndi,FilterRunType,0x00010001, 1 ; Mandatory filter
; For an Optional filter, use this:
;     HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
HKR, Ndi,FilterRunType,0x00010001, 1 ; Mandatory filter

;-------------------------------------------------------------------------
; Service installation support
;-------------------------------------------------------------------------
[Install.Services]
; TODO: You may want to add the SPSVCINST_STARTSERVICE flag, like this:
;     AddService=companyName,0x800,companyName_Service_Inst ; SPSVCINST_STARTSERVICE
AddService=companyName,,companyName_Service_Inst

[companyName_Service_Inst]
DisplayName     = %companyName_Desc%
ServiceType     = 1 ;SERVICE_KERNEL_DRIVER
; Typically you will want your filter driver to start with SERVICE_SYSTEM_START.
; If it is an Optional filter, you may also use 3;SERVICE_DEMAND_START.
StartType       = 1 ;SERVICE_SYSTEM_START
ErrorControl    = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary   = %12%\companyName.sys
LoadOrderGroup  = companyName
Description     = %companyName_Desc%
AddReg          = Common.Params.reg, NdisImPlatformBindingOptions.reg

[Install.Remove.Services]
; The SPSVCINST_STOPSERVICE flag instructs SCM to stop the NT service
; before uninstalling the driver.
DelService=companyName,0x200 ; SPSVCINST_STOPSERVICE

[Common.Params.reg]
; TODO: You can add any sort of NDIS parameters here.  Filter drivers
; don't always need NDIS parameters, so it's okay to have nothing here.

; TODO: Remove the sample parameters below.

; Sample 1: "DriverParam" is a per-driver parameter.
HKR, FilterDriverParams\DriverParam,     ParamDesc,   , "Driverparam for lwf"
HKR, FilterDriverParams\DriverParam,     default,     , "5"
HKR, FilterDriverParams\DriverParam,     type,        , "int"

; Sample 2: "AdapterParam" is a per-module parameter.
HKR, FilterAdapterParams\AdapterParam,   ParamDesc,   , "Adapterparam for lwf"
HKR, FilterAdapterParams\AdapterParam,   default,     , "10"
HKR, FilterAdapterParams\AdapterParam,   type,        , "int"

[NdisImPlatformBindingOptions.reg]
; By default, when an LBFO team or Bridge is created, all filters will be
; unbound from the underlying members and bound to the TNic(s). This keyword
; allows a component to opt out of the default behavior
; To prevent binding this filter to the TNic(s):
;   HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,1 ; Do not bind to TNic
; To prevent unbinding this filter from underlying members:
;   HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,2 ; Do not unbind from Members
; To prevent both binding to TNic and unbinding from members:
;   HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,3 ; Do not bind to TNic or unbind from Members
HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,0 ; Subscribe to default behavior

[Strings]
; TODO: Customize these strings.
Msft = "companyName" ;TODO: Replace with your manufacturer name
companyName_Desc = "companyName Driver Test"
companyName_HelpText = "companyName Driver Test"

Код C++:

Код: Выделить всё

/*++

Copyright (c) 1999 - 2002  Microsoft Corporation

Module Name:

SwapBuffers.c

Abstract:

This is a sample filter which demonstrates proper access of data buffer
and a general guideline of how to swap buffers.
For now it only swaps buffers for:

IRP_MJ_READ
IRP_MJ_WRITE
IRP_MJ_DIRECTORY_CONTROL

By default this filter attaches to all volumes it is notified about.   It
does support having multiple instances on a given volume.

Environment:

Kernel mode

--*/

#include 
#include 
#include 

PFLT_FILTER FilterHandle = NULL;
NTSTATUS MiniUnload(FLT_FILTER_UNLOAD_FLAGS Flags);
FLT_POSTOP_CALLBACK_STATUS MiniPostCreate(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext, FLT_POST_OPERATION_FLAGS flags);
FLT_PREOP_CALLBACK_STATUS MiniPreCreate(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext);
FLT_PREOP_CALLBACK_STATUS MiniPreWrite(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext);

const FLT_OPERATION_REGISTRATION Callbacks[] = {
{IRP_MJ_CREATE,0,MiniPreCreate,MiniPostCreate},
{IRP_MJ_WRITE,0,MiniPreCreate,NULL},
{IRP_MJ_OPERATION_END}
};
const FLT_REGISTRATION FilterRegistration = {
sizeof(FLT_REGISTRATION),
FLT_REGISTRATION_VERSION,
0,
NULL,
Callbacks,
MiniUnload,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL
};
NTSTATUS MiniUnload(FLT_FILTER_UNLOAD_FLAGS Flags) {
KdPrint(("driver unload \r\n"));
FltUnregisterFilter(FilterHandle);
return STATUS_SUCCESS;
}
FLT_POSTOP_CALLBACK_STATUS MiniPostCreate(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext, FLT_POST_OPERATION_FLAGS flags) {
KdPrint(("Post Create is running \r\n"));
return FLT_POSTOP_FINISHED_PROCESSING;
}
FLT_PREOP_CALLBACK_STATUS MiniPreCreate(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext) {
PFLT_FILE_NAME_INFORMATION FileNameInfo;
NTSTATUS status;
WCHAR Name[300] = { 0 };

status = FltGetFileNameInformation(Data, FLT_FILE_NAME_NORMALIZED | FLT_FILE_NAME_QUERY_DEFAULT, &FileNameInfo);
if (NT_SUCCESS(status)) {
status = FltParseFileNameInformation(FileNameInfo);
if (NT_SUCCESS(status)) {
if (FileNameInfo->Name.MaximumLength < 260) {
RtlCopyMemory(Name, FileNameInfo->Name.Buffer, FileNameInfo->Name.MaximumLength);
KdPrint(("CreateFile: %ws \r\n", Name));
}
}
FltReleaseFileNameInformation(FileNameInfo);
}

return FLT_PREOP_SUCCESS_WITH_CALLBACK;
}

FLT_PREOP_CALLBACK_STATUS MiniPreWrite(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext) {
PFLT_FILE_NAME_INFORMATION FileNameInfo;
NTSTATUS status;
WCHAR Name[300] = { 0 };

status = FltGetFileNameInformation(Data, FLT_FILE_NAME_NORMALIZED | FLT_FILE_NAME_QUERY_DEFAULT, &FileNameInfo);
if (NT_SUCCESS(status)) {
status = FltParseFileNameInformation(FileNameInfo);
if (NT_SUCCESS(status)) {
if (FileNameInfo->Name.MaximumLength < 260) {
RtlCopyMemory(Name, FileNameInfo->Name.Buffer, FileNameInfo->Name.MaximumLength);
_wcsupr(Name);
if (wcsstr(Name, L"OPENME.TXT") != NULL) {
KdPrint(("Write File: %ws Blocked \r\n", Name));
Data->IoStatus.Status = STATUS_INVALID_PARAMETER;
Data->IoStatus.Information = 0;
FltReleaseFileNameInformation(FileNameInfo);
return FLT_PREOP_COMPLETE;
}
KdPrint(("CreateFile: %ws \r\n", Name));
}
}
FltReleaseFileNameInformation(FileNameInfo);
}

return FLT_PREOP_SUCCESS_WITH_CALLBACK;
}

NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
NTSTATUS status;

status = FltRegisterFilter(DriverObject, &FilterRegistration, &FilterHandle);
if (NT_SUCCESS(status)) {
status = FltStartFiltering(FilterHandle);
if (!NT_SUCCESS(status)) {
FltUnregisterFilter(FilterHandle);
}
}
return status;
}

Я попробовал множество вариантов, предложенных в Интернете, например:

Использование SC Create для создания службы. >
Подтверждение существования файла system32\drivers\companyName.sys
BCDedit для отключения безопасности подписи подписи или использования расширенного режима загрузки
и т. д.

Когда я пытаюсь бежать net start название компании Получаю:

Код: Выделить всё

System error 2 has occurred.

The system cannot find the file specified.

Мне не удалось найти свою службу (имя компании) в службе, но я вижу, что она существует в реестре по адресу: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\companyName
Значение ImagePath:
\??\C:\Users\Dev\Desktop\Debug\companyName.sys
Я также изменил это на C:\windows\system32\drivers\companyName.sys, но ничего не помогло.
В основном я использую OSRLoader для регистрации и загрузки драйвера, но в данном случае это тоже не помогло.< /p>
Мне интересно, что-то не так с моим INF-файлом.
Может ли кто-нибудь помочь?

Подробнее здесь: https://stackoverflow.com/questions/725 ... ter-driver

1737294671

Anonymous

Я пытаюсь разработать простой драйвер MiniFilter файловой системы, но постоянно получаю сообщение «Произошла системная ошибка 2». Система не может найти указанный файл
Мой инф-файл:
[code];-------------------------------------------------------------------------
; companyName.INF -- NDIS LightWeight Filter Driver
;
; TODO: Search for comments marked "TODO:", and follow their instructions to
; customize this INF for your driver.  Then delete the "TODO:" comments.
;-------------------------------------------------------------------------

[version]
; Do not change these values "NetService"
Signature       = "$Windows NT$"
Class           = NetService
ClassGUID       = {4D36E974-E325-11CE-BFC1-08002BE10318}
; TODO: Customize this string for your company name
Provider        = %Msft%
DriverVer       =
CatalogFile     = companyName.cat

; TODO: Include each architecture for which your driver package contains a
; compiled binary.  If you do not supply a driver compiled for ia64, delete the
; NTia64 section.
[Manufacturer]
%Msft%=MSFT,NTx86,NTia64,NTamd64,NTarm,NTarm64

; MS_companyName can be used with netcfg.exe to install/uninstall the driver.
[MSFT.NTx86]
%companyName_Desc%=Install, MS_companyName

[MSFT.NTia64]
%companyName_Desc%=Install, MS_companyName

[MSFT.NTamd64]
%companyName_Desc%=Install, MS_companyName

[MSFT.NTarm]
%companyName_Desc%=Install, MS_companyName

[MSFT.NTarm64]
%companyName_Desc%=Install, MS_companyName

;-------------------------------------------------------------------------
; Installation Section
;-------------------------------------------------------------------------
[Install]
AddReg=Inst_Ndi
; All LWFs must include the 0x40000 bit (NCF_LW_FILTER). Unlike miniports, you
; don't usually need to customize this value.
Characteristics=0x40000

; This must be a random, unique value.
; FILTER_UNIQUE_NAME in filter.h must match this GUID identically.
; Both should have {curly braces}.
NetCfgInstanceId="{33e89230-1de5-44cf-959b-bba7ed0e72d1}"

Copyfiles = companyName.copyfiles.sys

[SourceDisksNames]
1=%companyName_Desc%,"",,

[SourceDisksFiles]
; TODO: Include any related files that should be installed with your driver.
companyName.sys=1

[DestinationDirs]
DefaultDestDir=12
companyName.copyfiles.sys=12

[companyName.copyfiles.sys]
companyName.sys,,,2

;-------------------------------------------------------------------------
; Ndi installation support
;-------------------------------------------------------------------------
[Inst_Ndi]
HKR, Ndi,Service,,"companyName"
HKR, Ndi,CoServices,0x00010000,"companyName"
HKR, Ndi,HelpText,,%companyName_HelpText%
; TODO: Set the FilterClass here.  The FilterClass controls the order in which
; filters are bound to the underlying miniport.  Possible options include:
;     Custom, Diagnostic, Failover, Loadbalance, Vpn, Compression, Encryption, Scheduler
; See MSDN for a description of each.
HKR, Ndi,FilterClass,, compression
; TODO: Specify whether you have a Modifying or Monitoring filter.
; For a Monitoring filter, use this:
;     HKR, Ndi,FilterType,0x00010001, 1 ; Monitoring filter
; For a Modifying filter, use this:
;     HKR, Ndi,FilterType,0x00010001, 2 ; Modifying filter
HKR, Ndi,FilterType,0x00010001,2
; Do not change these values
HKR, Ndi\Interfaces,UpperRange,,"noupper"
HKR, Ndi\Interfaces,LowerRange,,"nolower"
; TODO: Ensure that the list of media types below is correct.  Typically,
; filters include "ethernet".   Filters may also include "ppip" to include
; native WWAN stacks, but you must be prepared to handle the packet framing.
; Possible values are listed on MSDN, but common values include:
;     ethernet, wan, ppip, wlan
HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, wan, ppip"
; TODO: Specify whether you have a Mandatory or Optional filter.
; For a Mandatory filter, use this:
;     HKR, Ndi,FilterRunType,0x00010001, 1 ; Mandatory filter
; For an Optional filter, use this:
;     HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
HKR, Ndi,FilterRunType,0x00010001, 1 ; Mandatory filter

;-------------------------------------------------------------------------
; Service installation support
;-------------------------------------------------------------------------
[Install.Services]
; TODO: You may want to add the SPSVCINST_STARTSERVICE flag, like this:
;     AddService=companyName,0x800,companyName_Service_Inst ; SPSVCINST_STARTSERVICE
AddService=companyName,,companyName_Service_Inst

[companyName_Service_Inst]
DisplayName     = %companyName_Desc%
ServiceType     = 1 ;SERVICE_KERNEL_DRIVER
; Typically you will want your filter driver to start with SERVICE_SYSTEM_START.
; If it is an Optional filter, you may also use 3;SERVICE_DEMAND_START.
StartType       = 1 ;SERVICE_SYSTEM_START
ErrorControl    = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary   = %12%\companyName.sys
LoadOrderGroup  = companyName
Description     = %companyName_Desc%
AddReg          = Common.Params.reg, NdisImPlatformBindingOptions.reg

[Install.Remove.Services]
; The SPSVCINST_STOPSERVICE flag instructs SCM to stop the NT service
; before uninstalling the driver.
DelService=companyName,0x200 ; SPSVCINST_STOPSERVICE

[Common.Params.reg]
; TODO: You can add any sort of NDIS parameters here.  Filter drivers
; don't always need NDIS parameters, so it's okay to have nothing here.

; TODO: Remove the sample parameters below.

; Sample 1: "DriverParam" is a per-driver parameter.
HKR, FilterDriverParams\DriverParam,     ParamDesc,   , "Driverparam for lwf"
HKR, FilterDriverParams\DriverParam,     default,     , "5"
HKR, FilterDriverParams\DriverParam,     type,        , "int"

; Sample 2: "AdapterParam" is a per-module parameter.
HKR, FilterAdapterParams\AdapterParam,   ParamDesc,   , "Adapterparam for lwf"
HKR, FilterAdapterParams\AdapterParam,   default,     , "10"
HKR, FilterAdapterParams\AdapterParam,   type,        , "int"

[NdisImPlatformBindingOptions.reg]
; By default, when an LBFO team or Bridge is created, all filters will be
; unbound from the underlying members and bound to the TNic(s). This keyword
; allows a component to opt out of the default behavior
; To prevent binding this filter to the TNic(s):
;   HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,1 ; Do not bind to TNic
; To prevent unbinding this filter from underlying members:
;   HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,2 ; Do not unbind from Members
; To prevent both binding to TNic and unbinding from members:
;   HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,3 ; Do not bind to TNic or unbind from Members
HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,0 ; Subscribe to default behavior

[Strings]
; TODO: Customize these strings.
Msft = "companyName" ;TODO: Replace with your manufacturer name
companyName_Desc = "companyName Driver Test"
companyName_HelpText = "companyName Driver Test"
[/code]
Код C++:
[code]/*++

Copyright (c) 1999 - 2002  Microsoft Corporation

Module Name:

SwapBuffers.c

Abstract:

This is a sample filter which demonstrates proper access of data buffer
and a general guideline of how to swap buffers.
For now it only swaps buffers for:

IRP_MJ_READ
IRP_MJ_WRITE
IRP_MJ_DIRECTORY_CONTROL

By default this filter attaches to all volumes it is notified about.   It
does support having multiple instances on a given volume.

Environment:

Kernel mode

--*/

#include 
#include 
#include 

PFLT_FILTER FilterHandle = NULL;
NTSTATUS MiniUnload(FLT_FILTER_UNLOAD_FLAGS Flags);
FLT_POSTOP_CALLBACK_STATUS MiniPostCreate(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext, FLT_POST_OPERATION_FLAGS flags);
FLT_PREOP_CALLBACK_STATUS MiniPreCreate(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext);
FLT_PREOP_CALLBACK_STATUS MiniPreWrite(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext);

const FLT_OPERATION_REGISTRATION Callbacks[] = {
{IRP_MJ_CREATE,0,MiniPreCreate,MiniPostCreate},
{IRP_MJ_WRITE,0,MiniPreCreate,NULL},
{IRP_MJ_OPERATION_END}
};
const FLT_REGISTRATION FilterRegistration = {
sizeof(FLT_REGISTRATION),
FLT_REGISTRATION_VERSION,
0,
NULL,
Callbacks,
MiniUnload,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL
};
NTSTATUS MiniUnload(FLT_FILTER_UNLOAD_FLAGS Flags) {
KdPrint(("driver unload \r\n"));
FltUnregisterFilter(FilterHandle);
return STATUS_SUCCESS;
}
FLT_POSTOP_CALLBACK_STATUS MiniPostCreate(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext, FLT_POST_OPERATION_FLAGS flags) {
KdPrint(("Post Create is running \r\n"));
return FLT_POSTOP_FINISHED_PROCESSING;
}
FLT_PREOP_CALLBACK_STATUS MiniPreCreate(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext) {
PFLT_FILE_NAME_INFORMATION FileNameInfo;
NTSTATUS status;
WCHAR Name[300] = { 0 };

status = FltGetFileNameInformation(Data, FLT_FILE_NAME_NORMALIZED | FLT_FILE_NAME_QUERY_DEFAULT, &FileNameInfo);
if (NT_SUCCESS(status)) {
status = FltParseFileNameInformation(FileNameInfo);
if (NT_SUCCESS(status)) {
if (FileNameInfo->Name.MaximumLength < 260) {
RtlCopyMemory(Name, FileNameInfo->Name.Buffer, FileNameInfo->Name.MaximumLength);
KdPrint(("CreateFile: %ws \r\n", Name));
}
}
FltReleaseFileNameInformation(FileNameInfo);
}

return FLT_PREOP_SUCCESS_WITH_CALLBACK;
}

FLT_PREOP_CALLBACK_STATUS MiniPreWrite(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext) {
PFLT_FILE_NAME_INFORMATION FileNameInfo;
NTSTATUS status;
WCHAR Name[300] = { 0 };

status = FltGetFileNameInformation(Data, FLT_FILE_NAME_NORMALIZED | FLT_FILE_NAME_QUERY_DEFAULT, &FileNameInfo);
if (NT_SUCCESS(status)) {
status = FltParseFileNameInformation(FileNameInfo);
if (NT_SUCCESS(status)) {
if (FileNameInfo->Name.MaximumLength < 260) {
RtlCopyMemory(Name, FileNameInfo->Name.Buffer, FileNameInfo->Name.MaximumLength);
_wcsupr(Name);
if (wcsstr(Name, L"OPENME.TXT") != NULL) {
KdPrint(("Write File: %ws Blocked \r\n", Name));
Data->IoStatus.Status = STATUS_INVALID_PARAMETER;
Data->IoStatus.Information = 0;
FltReleaseFileNameInformation(FileNameInfo);
return FLT_PREOP_COMPLETE;
}
KdPrint(("CreateFile: %ws \r\n", Name));
}
}
FltReleaseFileNameInformation(FileNameInfo);
}

return FLT_PREOP_SUCCESS_WITH_CALLBACK;
}

NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
NTSTATUS status;

status = FltRegisterFilter(DriverObject, &FilterRegistration, &FilterHandle);
if (NT_SUCCESS(status)) {
status = FltStartFiltering(FilterHandle);
if (!NT_SUCCESS(status)) {
FltUnregisterFilter(FilterHandle);
}
}
return status;
}
[/code]
Я попробовал множество вариантов, предложенных в Интернете, например:
[list]
[*]Использование SC Create для создания службы. >
[*]Подтверждение существования файла system32\drivers\companyName.sys
BCDedit для отключения безопасности подписи подписи или использования расширенного режима загрузки
и т.  д.
[/list]
Когда я пытаюсь бежать net start название компании Получаю:
[code]System error 2 has occurred.

The system cannot find the file specified.
[/code]
Мне не удалось найти свою службу (имя компании) в службе, но я вижу, что она существует в реестре по адресу: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\companyName
Значение ImagePath:
\??\C:\Users\Dev\Desktop\Debug\companyName.sys
Я также изменил это на C:\windows\system32\drivers\companyName.sys, но ничего не помогло.
В основном я использую OSRLoader для регистрации и загрузки драйвера, но в данном случае это тоже не помогло.< /p>
Мне интересно, что-то не так с моим INF-файлом.
Может ли кто-нибудь помочь? 

Подробнее здесь: [url]https://stackoverflow.com/questions/72523974/the-system-cannot-find-the-file-specified-mini-filter-driver[/url]