I am trying to create a small file system filter filter to test / demonstrate how to track the effect of filter drivers on I / O performance using ETW in Windows Server 2008 R2. I downloaded the DDK and created some samples, but I am having problems trying to filter on a particular drive or in a specific file extension that will work for the task I'm trying to do. What I want to do is isolate the filter driver on a specific drive / volume or files with a specific extension to show how I / O performance can be affected by filter handlers. I use the passthrough sample for testing, and wherever I try to introduce latency, I get negative consequences because I cannot properly filter operations to exactly what I am trying to do.
It was never intended to be a fully functional driver. I would like for me to be able to intercept / influence the actions of IRP_MJ_WRITE on a specific volume or specific file extensions, so that I can show the effect that the filter driver has for these operations. Is there an easy way to do this that I'm simply not here? I fully understand that people make a living from these types of drivers, but I really would like to be able to create a simple filter, if possible.
Thanks!
source share