Skip to content

Latest commit

 

History

History
119 lines (98 loc) · 7.01 KB

README.md

File metadata and controls

119 lines (98 loc) · 7.01 KB

Note 10/10/2022: I'll be updating this driver for vs2022 and win11. ETA 1mo.

This minifilter driver (MSDN) intercepts operations on the special reparse point files (MSDN). If such file is opened for the first time, driver downloads its content from the remote location.

It's similar to the Git Virtual File System project from Microsoft. And lacks official support.

Content can be downloaded from:

  • Local storage.
  • Network share. If driver cannot open the file, it asks user-mode service to open that file, and then downloads its content.
  • URI. Driver asks the user-mode service to download that file.

You can easily extend the user-mode service to support more types.

Short demo

img

Prerequisites

  1. Windows 7+
  2. Visual Studio 2015 & WDK 10
  3. WiX toolset

Folder structure

  • Driver
    • LazyCopyDriver - Minifilter driver.
    • LazyCopyDriverInstall - Generates driver installation package.
    • DriverClientLibrary - C# library allows interacting with drivers via the communication ports (MSDN).
    • LazyCopyDriverClient - LazyCopy C# driver client based on the DriverClientLibrary.
  • ToolsAndLibraries
    • Utilities - Contains shared helper classes.
    • EventTracing - Allows collecting and decoding of the ETW (MSDN) events generated by the driver.
    • SampleClient - A basic console C# application that can create files that are understood by the driver.
  • Service\LazyCopySvc - A user-mode system service that manages the lifetime and configuration of the driver. It can also open files on behalf of the currently logged in user, or download them per driver request.
  • Setup - WiX installation package to install driver, service and the client applications.

Compilation

  1. Make sure you have the latest WDK installed.
  2. Open the LazyCopyDriver project properties, and make sure the General > Target Platform Version value corresponds to the WDK version you installed.
  3. (Optionally) Configure driver test signing in the Properties > Driver Signing > General.
  4. Make sure the solution is compiled for your architecture (Main menu > Build > Configuration Manager).

Driver signing

  • Get a code signing certificate: MSDN
  • Get the cross-certificate for it (MSDN). You may want to use the VeriSign Cross-Certificate.
  • Sign the driver and, optionally, other binaries. If you purchased a VeriSign certificate, you can use the following command to sign the driver in the post-build step:
signtool sign /v /s my /n "<YOUR_NAME>" /sha1 "<YOUR_CERT_THUMBNAIL>" /ac "<PATH_TO_CROSS_CERT>" /t http://timestamp.verisign.com/scripts/timestamp.dll "$(TargetPath)\LazyCopyDriver.sys"
&
signtool sign /v /s my /n "<YOUR_NAME>" /sha1 "<YOUR_CERT_THUMBNAIL>" /ac "<PATH_TO_CROSS_CERT>" /t http://timestamp.verisign.com/scripts/timestamp.dll "$(TargetPath)\LazyCopyDriver.cat"

For example:

signtool sign /v /s my /n "Contoso Org" /sha1 "CAFEBEBE0123456701BE7F9D3BBDFBB230233386" /ac "c:\temp\VeriSign_Cross_Sign.cer" /t http://timestamp.verisign.com/scripts/timestamp.dll "$(TargetPath)\LazyCopyDriver.sys"

Installation

  • Allow Windows to load drivers signed with the test certificates:
    1. Open CMD as Admin and type (MSDN): bcdedit -set TESTSIGNING ON
    2. Reboot.
  • Compile the entire solution in the Visual Studio for your architecture. Make sure to choose the valid Target Platform Version in the LazyCopyDriver project settings.
  • You can manually install the driver by right clicking on the .inf file and choosing Install.
  • Check that LazyCopyDriver appeared in the fltmc command output (MSDN).
    From the Admin CMD:
> fltmc
Filter Name                     Num Instances    Altitude    Frame
------------------------------  -------------  ------------  -----
LazyCopyDriver                          7        180610        0
FileInfo                                8        45000         0

Depending on the load type specified in the .inf file, it might not be automatically loaded. You can do it manually:

> fltmc load lazycopydriver
  • Install and start the LazyCopySvc. It is optional and needed, if you want to have a custom download logic (for example, being able to download files via HTTP) or share the stub files over the network.
> sc create LazyCopySvc binPath="<Absolute_path_to_LazyCopySvc.exe>" DisplayName="LazyCopySvc"
> sc start LazyCopySvc

Trying it out

Create an empty file that will be fetched on the first access (admin permissions are required):

bin\SampleClient\CreateLcFile.exe < original file >  < new empty file >

.\CreateLcFile.exe "\\build\latest\contoso.dll"  "c:\temp\contoso.dll"
.\CreateLcFile.exe "http://www.contoso.org/"     "c:\temp\index.html"
.\CreateLcFile.exe "d:\data\file_with_data.txt"  "c:\temp\yet_empty_file.txt"

Want to reuse project files?

  • Change the name (MSDN) of the driver and rename binaries.
  • Generate (MSDN) a new GUID for the ETW provider and re-create header:
mc.exe -z LazyCopyEtw -n -km LazyCopyEtw.mc