Share via

Solution build compiled without error but no .sys file created

Beast 0 Reputation points
2025-01-18T18:18:26.8033333+00:00

I am currently working on a file system mini-filter driver in Windows. I've set up my development environment with the following:

Development Tools:

Visual Studio (latest version) Windows Driver Kit (WDK) Windows SDK Setup Details:

I configured the Include and Lib paths in the project properties to point to the WDK directories. My project builds without errors. However, despite a successful build, the .sys file is not being generated in the output directory. Below is the code I am using:

C Code :-

#include <fltKernel.h>
#include <dontuse.h>
#include <suppress.h>
PFLT_FILTER FilterHandle = NULL;
// Function declarations
NTSTATUS MiniUnload(FLT_FILTER_UNLOAD_FLAGS Flags);
FLT_POSTOP_CALLBACK_STATUS MiniPostCreate(
    PFLT_CALLBACK_DATA Data, 
    PCFLT_RELATED_OBJECTS FltObjects, 
    PVOID* CompletionContext, 
    FLT_POST_OPERATION_FLAGS Flags
);
FLT_PREOP_CALLBACK_STATUS MiniPreCreate(
    PFLT_CALLBACK_DATA Data, 
    PCFLT_RELATED_OBJECTS FltObjects, 
    PVOID* CompletionContext
);
FLT_PREOP_CALLBACK_STATUS MiniPreWrite(
    PFLT_CALLBACK_DATA Data, 
    PCFLT_RELATED_OBJECTS FltObjects, 
    PVOID* CompletionContext
);
// Callback structure
const FLT_OPERATION_REGISTRATION Callbacks[] = {
    { IRP_MJ_CREATE, 0, MiniPreCreate, MiniPostCreate },
    { IRP_MJ_WRITE, 0, MiniPreWrite, NULL },
    { IRP_MJ_OPERATION_END }
};
// Filter registration structure
const FLT_REGISTRATION FilterRegistration = {
    sizeof(FLT_REGISTRATION),             // Size
    FLT_REGISTRATION_VERSION,             // Version
    0,                                    // Flags
    NULL,                                 // Context registration
    Callbacks,                            // Operation callbacks
    MiniUnload,                           // Unload routine
    NULL,                                 // Instance setup
    NULL,                                 // Instance query teardown
    NULL,                                 // Instance teardown start
    NULL,                                 // Instance teardown complete
    NULL,                                 // Generate file name
    NULL,                                 // Normalize name component
    NULL,                                 // Normalize context cleanup
    NULL                                  // Transaction notification
};
// Unload routine
NTSTATUS MiniUnload(FLT_FILTER_UNLOAD_FLAGS Flags)
{
    KdPrint(("Driver unloaded \r\n"));
    FltUnregisterFilter(FilterHandle);
    return STATUS_SUCCESS;
}
// Post-create callback
FLT_POSTOP_CALLBACK_STATUS MiniPostCreate(
    PFLT_CALLBACK_DATA Data, 
    PCFLT_RELATED_OBJECTS FltObjects, 
    PVOID* CompletionContext, 
    FLT_POST_OPERATION_FLAGS Flags
)
{
    KdPrint(("Post create is running \r\n"));
    return FLT_POSTOP_FINISHED_PROCESSING;
}
// Pre-create callback
FLT_PREOP_CALLBACK_STATUS MiniPreCreate(
    PFLT_CALLBACK_DATA Data, 
    PCFLT_RELATED_OBJECTS FltObjects, 
    PVOID* CompletionContext
)
{
    PFLT_FILE_NAME_INFORMATION FileNameInfo;
    NTSTATUS status;
    WCHAR Name[200] = { 0 };
    status = FltGetFileNameInformation(
        Data, 
        FLT_FILE_NAME_NORMALIZED | FLT_FILE_NAME_QUERY_DEFAULT, 
        &FileNameInfo
    );
    if (NT_SUCCESS(status))
    {
        status = FltParseFileNameInformation(FileNameInfo);
        if (NT_SUCCESS(status))
        {
            if (FileNameInfo->Name.MaximumLength < 260)
            {
                RtlCopyMemory(Name, FileNameInfo->Name.Buffer, FileNameInfo->Name.MaximumLength);
                KdPrint(("Create file: %ws \r\n", Name));
            }
        }
        FltReleaseFileNameInformation(FileNameInfo);
    }
    return FLT_PREOP_SUCCESS_WITH_CALLBACK;
}
// Pre-write callback
FLT_PREOP_CALLBACK_STATUS MiniPreWrite(
    PFLT_CALLBACK_DATA Data, 
    PCFLT_RELATED_OBJECTS FltObjects, 
    PVOID* CompletionContext
)
{
    PFLT_FILE_NAME_INFORMATION FileNameInfo;
    NTSTATUS status;
    WCHAR Name[200] = { 0 };
    status = FltGetFileNameInformation(
        Data, 
        FLT_FILE_NAME_NORMALIZED | FLT_FILE_NAME_QUERY_DEFAULT, 
        &FileNameInfo
    );
    if (NT_SUCCESS(status))
    {
        status = FltParseFileNameInformation(FileNameInfo);
        if (NT_SUCCESS(status))
        {
            if (FileNameInfo->Name.MaximumLength < 260)
            {
                RtlCopyMemory(Name, FileNameInfo->Name.Buffer, FileNameInfo->Name.MaximumLength);
                _wcsupr(Name); // Convert name to uppercase
                if (wcsstr(Name, L"OPENME.TXT") != NULL)
                {
                    KdPrint(("Write file: %ws blocked \r\n", Name));
                    Data->IoStatus.Status = STATUS_INVALID_PARAMETER;
                    Data->IoStatus.Information = 0;
                    FltReleaseFileNameInformation(FileNameInfo);
                    return FLT_PREOP_COMPLETE;
                }
                KdPrint(("Create file: %ws \r\n", Name));
            }
        }
        FltReleaseFileNameInformation(FileNameInfo);
    }
    return FLT_PREOP_SUCCESS_NO_CALLBACK;
}
// Driver entry point
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
{
    NTSTATUS status;
    status = FltRegisterFilter(DriverObject, &FilterRegistration, &FilterHandle);
    if (NT_SUCCESS(status))
    {
        status = FltStartFiltering(FilterHandle);
        if (!NT_SUCCESS(status))
        {
            FltUnregisterFilter(FilterHandle);
        }
    }
    return status;
}

INF File

[Version]
Signature   = "$Windows NT$"
Class       = "ActivityMonitor"
ClassGuid   = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}
Provider    = "HelloWorld Corporation"
DriverVer   = 
CatalogFile = HelloWorld.cat

[DestinationDirs]
DefaultDestDir          = 12
MiniFilter.DriverFiles  = 12            ; %windir%\system32\drivers

[DefaultInstall]
OptionDesc          = %ServiceDescription%
CopyFiles           = MiniFilter.DriverFiles

[DefaultInstall.Services]
AddService          = %ServiceName%,,MiniFilter.Service

[DefaultUninstall]
DelFiles   = MiniFilter.DriverFiles

[DefaultUninstall.Services]
DelService = %ServiceName%,0x200

[MiniFilter.Service]
DisplayName      = "HelloWorld Service"
Description      = "HelloWorld Mini-Filter Driver"
ServiceBinary    = %12%\HelloWorld.sys
Dependencies     = "FltMgr"
ServiceType      = 2
StartType        = 3
ErrorControl     = 1
LoadOrderGroup   = "FSFilter Activity Monitor"
AddReg           = MiniFilter.AddRegistry

[MiniFilter.AddRegistry]
HKR,,"DebugFlags",0x00010001,0x0
HKR,,"SupportedFeatures",0x00010001,0x3
HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%

[MiniFilter.DriverFiles]
HelloWorld.sys

[SourceDisksFiles]
HelloWorld.sys = 1,,

[SourceDisksNames]
1 = %DiskId1%,,,

[Strings]
ManufacturerName        = "HelloWorld Corporation"
ServiceDescription      = "HelloWorld Mini-Filter Driver"
ServiceName             = "HelloWorld"
DriverName              = "HelloWorld"
DiskId1                 = "HelloWorld Device Installation Disk"

DefaultInstance         = "HelloWorld Instance"
Instance1.Name          = "HelloWorld Instance"
Instance1.Altitude      = "371000"
Instance1.Flags         = 0x0

What I've Tried:

  1. Ensured the Driver type is selected in the project properties under Configuration Properties > Driver Settings.
  2. Verified the Target Platform is set to Desktop under Configuration Properties > General.

Problem: Even though the build completes without errors, the .sys file does not appear in the $(OutDir) folder. I suspect it might be a configuration issue or an oversight in the project setup.

What could be the cause of this issue, and how can I ensure the .sys file is generated?

C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,844 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,647 questions
Windows Driver Kit (WDK)
Windows Driver Kit (WDK)
A set of Microsoft tools that are used to develop, test, and deploy Windows drivers.
155 questions

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.