[Carlbyte]

Hello,

I'm trying to use the functions of fltkernel.h but this error occurring when I try to start the driver "StartService FAILED 127: The specified procedure could not be found". I added headers "fltkernel.h" and "fltmgr.lib" and the visual studio compiles the driver normally but the error always happens. Actually this error happens whenever I try to use a function that is not in ntoskrnl lib, but I do not know what I should configure the compiler to resolve the problem. anyone have any tips?

[Vrtule]

Hello,

which functions from Fltmgr are you using? On which Windows version are you trying to load your driver?

[Carlbyte]

I will create versions of the driver for all versions of Windows starting from XP. The current system is XP. Functions are several ...

status = FltRegisterFilter(DriverObject, &FilterRegistration, &fileMonitor.Filter);
status = FltBuildDefaultSecurityDescriptor( &sd, FLT_PORT_ALL_ACCESS );
...

Opening the driver with dependency walker, it reports that Fltmgr.sys is not found, but if I put the file in the same directory then it works.

[Carlbyte]

The Fltmgr.sys file exists in the system and is loaded on boot. trying to load the driver in the same directory Fltmgr.sys also does not work.

[Carlbyte]

The solution in this case was to install the driver using inf file and set inside this inf the dependence of FltMgr service.

[Vrtule]

If you need to load the driver without installing it via its INF file, look to driver's service registry key. You should see some special entries (keys and values). If you create them manually, Windows will load the driver too.