We can use the (for example) following API functions in user-land for get a list of installed Mini-Filter driver in MS Windows :-) .
FilterFindFirst
FilterFindNext
for more in formation see this link : Minifilter User-Mode Application Functions
题
I want to get a list of installed Mini-Filter driver in MS Windows but I don't know how I can do it.
My programming language is Delphi (I can also use C or C++) can any one help me to do this ?
解决方案 3
We can use the (for example) following API functions in user-land for get a list of installed Mini-Filter driver in MS Windows :-) .
FilterFindFirst
FilterFindNext
for more in formation see this link : Minifilter User-Mode Application Functions
其他提示
The following code enumerates the items using the registry:
implementation
{$R *.dfm}
uses Registry;
procedure TForm17.Button1Click(Sender: TObject);
var
Reg: TRegistry;
count: integer;
i: integer;
Item: string;
AllOK: boolean;
begin
Reg:= TRegistry.Create(KEY_READ);
try
Reg.RootKey:= HKEY_LOCAL_MACHINE; //Note must set the base first.
//Then open rest of the subtree underneigh.
AllOK:= Reg.OpenKeyReadOnly('SYSTEM\CurrentControlSet\services\FltMgr\Enum');
if (AllOK) then begin
count:= Reg.ReadInteger('Count');
for i:= 0 to count - 1 do begin
Item:= Reg.ReadString(IntToStr(i));
Memo1.Lines.Add(Item);
end; {for}
end else {not(AllOK)} begin
Memo1.Lines.Add('SYSTEM\CurrentControlSet\services\FltMgr\Enum does not exist');
exit;
end;
finally
Reg.Free;
end;
end;
The entries returned look like: Root\LEGACY_FLTMGR\0000
The Root
is a reference to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
.
For the above entry you can thus get all info from: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FLTMGR\0000
.
This entry look like this:
The best method to enumerate all mini filter drivers is via a command line of fltmc. Make sure you open CMD as Administrator and then just type 'fltmc'. Then, since you are looking for a way to do so programmatically, just use ShellExecuteEx to call this command from your program. This is shown in this article. The proper way of doing so would be:
ShellExecute( NULL, "open",
"cmd.exe",
"fltmc.exe",
NULL,
SW_SHOWNORMAL
);