Get a list of installed Mini Filter driver in windows

Question 1

We can use the (for example) following API functions in user-land for get a list of installed Mini-Filter driver in MS Windows :-) .

FilterFindFirst
FilterFindNext

for more in formation see this link : Minifilter User-Mode Application Functions

Question 2

The following code enumerates the items using the registry:

implementation

{$R *.dfm}

uses Registry;

procedure TForm17.Button1Click(Sender: TObject);
var
  Reg: TRegistry;
  count: integer;
  i: integer;
  Item: string;
  AllOK: boolean;
begin
  Reg:= TRegistry.Create(KEY_READ);
  try
    Reg.RootKey:= HKEY_LOCAL_MACHINE; //Note must set the base first.
    //Then open rest of the subtree underneigh.
    AllOK:= Reg.OpenKeyReadOnly('SYSTEM\CurrentControlSet\services\FltMgr\Enum');
    if (AllOK) then begin
      count:= Reg.ReadInteger('Count');
      for i:= 0 to count - 1 do begin
        Item:= Reg.ReadString(IntToStr(i));
        Memo1.Lines.Add(Item);
      end; {for}
    end else {not(AllOK)} begin
      Memo1.Lines.Add('SYSTEM\CurrentControlSet\services\FltMgr\Enum does not exist');
      exit;
    end;
  finally
    Reg.Free;
  end;
end;

The entries returned look like: Root\LEGACY_FLTMGR\0000
The Root is a reference to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root. For the above entry you can thus get all info from: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FLTMGR\0000.

This entry look like this:

enter image description here

Question 3

The best method to enumerate all mini filter drivers is via a command line of fltmc. Make sure you open CMD as Administrator and then just type 'fltmc'. Then, since you are looking for a way to do so programmatically, just use ShellExecuteEx to call this command from your program. This is shown in this article. The proper way of doing so would be:

ShellExecute( NULL, "open",
    "cmd.exe",
    "fltmc.exe",
    NULL,
    SW_SHOWNORMAL
);