Page 1 of 1

what is File System Filter Drivers

PostPosted: Thu Sep 26, 2013 9:38 pm
by admin
File System Filter drivers allow windows driver developers to extend the functionality of an existing file system, often enhancing functionality or improving security. There are two main driver models for file system filters - the legacy driver model, or the new minifilter driver model. The new minifilter model address many of the brain-spinning complexities that were left for the driver developer to deal with in the legacy model. However, a solid understanding of the legacy file system filter driver model is very helpful when developing and especially debugging issues with minifilter file system filters.

Typical applications for file system filter drivers include

Encryption file system filter drivers
Compression file system filter drivers
Secuirty and augmented access control file system filter drivers
Executable whitelisting file system filter drivers
Anti-virus and anti-malware file system filter drivers
Monitoring and callout file system filter drivers

An excellent book on the Windows file system filter drivers, and Windows internals in general is Rajeev Nagar's Windows NT File System Internals book. Though a quite old, much of it is still applicable to todays windows driver developer, and file system driver developer. There is a ton of information on the windows internal operation on both the cache manager and memory manager that is difficult to find anywhere else. Highly recommended.