c++ – FltRegisterFilter referenced in Function DriverEntry in filter.obj

Basically I am trying to create a simple FileSystem MiniFilter Driver where I can modify a notepad file from writing. Following this tutorial. So I created a project in visual studio which is type Filter Driver: NDIS. here is the full code:

/*++

Module Name:

    Filter.c

Abstract:

    Sample NDIS Lightweight filter driver

--*/

#include "precomp.h"

PFLT_FILTER FilterHandle = NULL;
NTSTATUS MiniUnload(FLT_FILTER_UNLOAD_FLAGS Flags);
FLT_POSTOP_CALLBACK_STATUS MiniPostCreate(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext, FLT_POST_OPERATION_FLAGS flags);
FLT_PREOP_CALLBACK_STATUS MiniPreCreate(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext);
FLT_PREOP_CALLBACK_STATUS MiniPreWrite(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext);


const FLT_OPERATION_REGISTRATION Callbacks[] = {
    {IRP_MJ_CREATE,0,MiniPreCreate,MiniPostCreate},
    {IRP_MJ_WRITE,0,MiniPreCreate,NULL},
    {IRP_MJ_OPERATION_END}
};
const FLT_REGISTRATION FilterRegistration = {
    sizeof(FLT_REGISTRATION),
    FLT_REGISTRATION_VERSION,
    0,
    NULL,
    Callbacks,
    MiniUnload,
    NULL,
    NULL,
    NULL,
    NULL,
    NULL,
    NULL,
    NULL,
    NULL
};
NTSTATUS MiniUnload(FLT_FILTER_UNLOAD_FLAGS Flags) {
    KdPrint(("driver unload rn"));
    FltUnregisterFilter(FilterHandle);
    return STATUS_SUCCESS;
}
FLT_POSTOP_CALLBACK_STATUS MiniPostCreate(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext, FLT_POST_OPERATION_FLAGS flags) {
    KdPrint(("Post Create is running rn"));
    return FLT_POSTOP_FINISHED_PROCESSING;
}
FLT_PREOP_CALLBACK_STATUS MiniPreCreate(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext) {
    PFLT_FILE_NAME_INFORMATION FileNameInfo;
    NTSTATUS status;
    WCHAR Name[300] = { 0 };

    status = FltGetFileNameInformation(Data, FLT_FILE_NAME_NORMALIZED | FLT_FILE_NAME_QUERY_DEFAULT, &FileNameInfo);
    if (NT_SUCCESS(status)) {
        status = FltParseFileNameInformation(FileNameInfo);
        if (NT_SUCCESS(status)) {
            if (FileNameInfo->Name.MaximumLength < 260) {
                RtlCopyMemory(Name, FileNameInfo->Name.Buffer, FileNameInfo->Name.MaximumLength);
                KdPrint(("CreateFile: %ws rn", Name));
            }
        }
        FltReleaseFileNameInformation(FileNameInfo);
    }

    return FLT_PREOP_SUCCESS_WITH_CALLBACK;
}

FLT_PREOP_CALLBACK_STATUS MiniPreWrite(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID* CompletionContext) {
    PFLT_FILE_NAME_INFORMATION FileNameInfo;
    NTSTATUS status;
    WCHAR Name[300] = { 0 };

    status = FltGetFileNameInformation(Data, FLT_FILE_NAME_NORMALIZED | FLT_FILE_NAME_QUERY_DEFAULT, &FileNameInfo);
    if (NT_SUCCESS(status)) {
        status = FltParseFileNameInformation(FileNameInfo);
        if (NT_SUCCESS(status)) {
            if (FileNameInfo->Name.MaximumLength < 260) {
                RtlCopyMemory(Name, FileNameInfo->Name.Buffer, FileNameInfo->Name.MaximumLength);
                _wcsupr(Name);
                if (wcsstr(Name, L"OPENME.TXT") != NULL) {
                    KdPrint(("Write File: %ws Blocked rn", Name));
                    Data->IoStatus.Status = STATUS_INVALID_PARAMETER;
                    Data->IoStatus.Information = 0;
                    FltReleaseFileNameInformation(FileNameInfo);
                    return FLT_PREOP_COMPLETE;
                }
                KdPrint(("CreateFile: %ws rn", Name));
            }
        }
        FltReleaseFileNameInformation(FileNameInfo);
    }

    return FLT_PREOP_SUCCESS_WITH_CALLBACK;
}


NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
    NTSTATUS status;

    status = FltRegisterFilter(DriverObject, &FilterRegistration, &FilterHandle);
    if (NT_SUCCESS(status)) {
        status = FltStartFiltering(FilterHandle);
        if (!NT_SUCCESS(status)) {
            FltUnregisterFilter(FilterHandle);
        }
    }
    return status;
}

The header files have been to precomp.h as below:

#pragma warning(disable:4201)  //nonstandard extension used : nameless struct/union
#pragma warning(disable:4100)
#include <fltKernel.h>
#include <dontuse.h>
#include <suppress.h>
#include <ndis.h>
#include <filteruser.h>
#include <ntddk.h>
#include "flt_dbg.h"
#include "filter.h"

Everything else is default.

Project configuration is Active(x64) under properties.

With all of that I am getting below errors:

Severity    Code    Description Project File    Line    Suppression State
Error   LNK2019 unresolved external symbol FltGetFileNameInformation referenced in function MiniPreCreate   default C:UsersAbdulsourcereposdefaultdefaultfilter.obj  1   
Warning 1324    [Version] section should specify PnpLockdown=1 to prevent external apps from modifying installed driver files.  default C:UsersAbdulsourcereposdefaultdefaultdefault.inf 8   
Error   LNK2019 unresolved external symbol FltRegisterFilter referenced in function DriverEntry default C:UsersAbdulsourcereposdefaultdefaultfilter.obj  1   
Error   LNK2019 unresolved external symbol FltUnregisterFilter referenced in function MiniUnload    default C:UsersAbdulsourcereposdefaultdefaultfilter.obj  1   
Error   LNK2019 unresolved external symbol FltStartFiltering referenced in function DriverEntry default C:UsersAbdulsourcereposdefaultdefaultfilter.obj  1   
Error   LNK2019 unresolved external symbol FltReleaseFileNameInformation referenced in function MiniPreCreate   default C:UsersAbdulsourcereposdefaultdefaultfilter.obj  1   
Error   LNK2019 unresolved external symbol FltParseFileNameInformation referenced in function MiniPreCreate default C:UsersAbdulsourcereposdefaultdefaultfilter.obj  1   
Error   LNK2001 unresolved external symbol FilterDriverHandle   default C:UsersAbdulsourcereposdefaultdefaultdevice.obj  1   
Error   LNK2001 unresolved external symbol FilterDriverObject   default C:UsersAbdulsourcereposdefaultdefaultdevice.obj  1   
Error   LNK2001 unresolved external symbol NdisFilterDeviceHandle   default C:UsersAbdulsourcereposdefaultdefaultdevice.obj  1   
Error   LNK2001 unresolved external symbol NdisDeviceObject default C:UsersAbdulsourcereposdefaultdefaultdevice.obj  1   
Error   LNK2001 unresolved external symbol FilterListLock   default C:UsersAbdulsourcereposdefaultdefaultdevice.obj  1   
Error   LNK2001 unresolved external symbol FilterModuleList default C:UsersAbdulsourcereposdefaultdefaultdevice.obj  1   
Error   LNK1120 12 unresolved externals default C:UsersAbdulsourcereposdefaultx64Debugdefault.sys   1   

Can Anyone guide on what am I doing wrong?

Leave a Comment