Understanding Device Drivers and Filters

Status
Not open for further replies.
LookinAround

LookinAround

Posts: 6,429   +186
[center]Understanding Device Drivers and Filters

(Or my original title: "What the heck is a Windows Filter? And why you should care to know!")[/center][center][/center]
This post provides an introduction to help understand Windows drivers and filters
....> To learn how to easily view and get info about flters on your computer see [post=815752]"How to Find/View Filter Drivers on Your Computer"[/post]
....> For help to fix filter problems see [post=815753]"CD/DVD or Disk Problems? How to Fix Problems Caused by Filters"[/post]

It can be pretty darn frustrating when you have a Windows device that refuses to work
Does this sound familiar?
....> You have a hardware problem. You look in Device Manager to check devices
....> You see the problem device listed and its entry has a yellow icon. (The icon indicates a driver error. The device isn't working properly)
....> You uninstall/reinstall the driver. You Disable/Enable the device. Yet no matter what you do the driver error won't go away!

A possible (and often over-looked) cause of this problem is missing or corrupt filter drivers! (more simply called "filters")

Filters are optional driver components. They're added to augment a driver's functionality. But fact is
  • They don't always work. They can become corrupt or filter files go missing
  • Bad filters can cause driver error codes and/or simply cause the device to not work right!
  • The existence of filters is "non-obvious". Which is why filter related problems can be easily overlooked
Symptoms of Filter Driver Problems
Symptoms include:
  • Devices (such as disks and CD/DVDs) that appear in Device Manager but not in My Computer or Explorer
  • Computer can't detect a CD/DVD or can't write to writable media
  • USB devices (such as iPods and Disks) that don't seem to get detected
    > Note there are still many other reasons for undetected USB devices
    > So try fixing filters but don't get hung up on filters as "must be" the cause
  • A persistent driver error code for disks, CD/DVDs or Sound/Media cards equal to: 10, 19, 31, 32 or 39
    > To see the error code in Device Manager, rt click the device and look on the General tab
Device Driver Overview
To understand filters, we'll start with an overview and define some terminology

A device driver is software. The driver allows a Windows program to "talk" to a hardware device thus allowing the program (and you) to use and take full advantage of all the device functions
Programs <=========> Device Driver <===========> Hardware Device

Windows provides a "layered" approach to device drivers (ever since Windows 2000). While you may think of a device driver as a single "thing" (probably because you're used to seeing one single line entry per device driver in Device Manager) that single "thing" actually consists of one or more pieces (i.e. "layers")
(see figure below and continue reading)
Figure: Data Flow through a Windows Driver
> The device driver (including all its optional "layers") is in yellow
> Optional filters are represented as dashed ovals

dataflow.png
The Function Driver vs. Upper and Lower Filter Drivers
A Windows device driver consists of
  • A single (and required) function driver
    > This is the device's main driver
  • Zero or more (optional) filters
    > Filters intercept (and may modify) device I/O data Request Packets (IRPs) before and/or after the function driver processes them
    • Upper filters first intercept data requests before the function driver
      >> Upper filters typically provide added-value features for a device (examples later)
    • Lower filters first intercept data requests after the function driver
      >> Lower filters typically modify the behavior of the device hardware
      >> This may include translating proprietary communication into a standard language for the main driver
Device Name vs. Device Class
A filter can be installed for a specific device or device class. Every hardware device has a device name and belongs to a Windows device class
> The device name uniquely identifies the hardware device
> The device class indicates the type of device

Here's a few examples of pre-defined Windows device classes
Code: 
CDROM               : DVD/CD-ROM drives
DiskDrive           : Disk drives
Display             : Display adapters
Keyboard            : Keyboards
MEDIA               : Sound, video and game controllers
Mouse               : Mice and other pointing devices
Net                 : Network adapters
Device Filters vs. Class Filters
Filters can be installed and applied to a single device or applied to all devices of the same class
  • A device filter is device specific. It's applied to a single and specific device
  • While a class filter is applied to every device in the class
    > So, a single class filter for class= DiskDrive is applied to and will affect every disk on the computer!
It's the class filters that can cause device problems! as they're typically from 3rd party vendors. Example
  • You install a data backup product
  • The product MIGHT install a class filter to intercept all the I/O to all your disk drives
  • That single 3rd party class filter might not work well with one or more of your disks (and the disk's device driver)
  • You can uninstall/reinstall all your disk drivers till kingdom come!
    > For this case, the problem with your disk doesn't go away till you finally uninstall and fix the disk drive class filter!
Examples of Filters
  • Keyboard Upper Class Filter
    A keyboard upper filter may implement additional security checks and provide enhanced functionality when it intercepts, and possibly modifies the IRPs as they pass between an application or OS/module and the keyboard's function driver

  • Keyboard Lower Class Filter
    A Keyboard lower filter may intercept physical keystrokes to "clean-up" the key presses sent between the keyboard hardware and its function driver.
    • You may have only pressed the hardware key once, but internally, the key press may have made repeated physical electrical contact within a few milliseconds, sending more than one signal when only one was intended
    • A lower filter can recognize and clean-up the un-intended behavior, change the data stream received from the hardware and only forward 1 keystroke to the function driver
    • From the end-user's perspective, they only see a one key-press response. For the user, it looks like a simple one press per one character response

  • Notes About the Keyboard Filter Examples
    • Note how a "layered" approach to device drivers makes it easy to swap-out and change filter functionality
      > E.g. in above examples, simply change a filter to change how security is being applied or how multi-press keystrokes are handled
    • In the keyboard example, note that a simple change to upper filters can affect how security is applied to a keyboard and its standard device driver.
      > The filter change (and change in security) could be implemented without ever changing and no need to modify the keyboard function driver itself
 
[center]How to Find/View Filter Drivers on Your Computer[/center][center][/center][center]
[/center][center][/center]
This post explains methods and tools so you can find and view the filter drivers on your computer
....> For an understanding of concepts and terminology, start with [post=815751]"Tutorial: Understanding Device Drivers and Filters"[/post]
....> For help with fixing filter problems see [post=815753]"CD/DVD or Disk Problems? How to Fix Problems Caused by Filters"[/post]

>> If you're not familiar with filters or terminology below, you can first skim through [post=815751]"Tutorial: Understanding Device Drivers and Filters"[/post] <<
Below are two of several methods available to find and view the filter drivers on your computer. Each method has its pluses and minuses
Method 1- Viewing filters using Filter Driver Load Order Tool
.> Pluses: It's simple and easy to use
.> Minuses: It only displays filter info for Disks and CD/DVDs
.> Minuses: Its only good for viewing filter data. You still need Method 2 if you want to view and then remove filters

Method 2- Viewing class filters in the Windows registry
.> Pluses: It can be used to see the filters for any device class
.> Pluses: Use it to both find and then (optionally) delete filters
.> Minuses: It only shows you class filters, not device filters. But that's OK as it's mostly the class filters that create problems (and may need be removed)
Method 1- How to view filters using Filter Driver Load Order Tool
The easiest way to see Disk and CD/DVD filters is using Filter Driver Load Order tool. (For other types of devices see Method 2)
An example of using the tool shown below. Note:
  • The left pane displays all the Disks and CD/DVDs found on the computer
  • When i select the TSSTcorp DVD device in the example, we see
    • The right pane displays all the filters for the TSSTcorp device. Note these filters happen to include
      >>> Both upper and lower filters as well as class and device filters
      >>> The "Device Object". This is the main device driver (the main driver is called the function driver)
    • When i select a filter, you'll see its file Version Information is displayed
    Important note: This tool displays the registry's view of filters
    • If a filter is defined in the registry yet the filter file is missing, this can cause driver errors
    • In such a case, you'll see the Version Info->File Location missing or equal to N/A
    • Also note: It is OK if other Version Info fields equal N/A or missing BUT NOT the File Location!
    • For this case, removing the filter from the registry can help fix the problem
  • Use the Clipboard button to get a text report about all the filters. Then you can simply paste the report where ever you like
filterload.png


Method 2- How to view class filters in the Windows registry
This method displays device class data stored in the Windows registry. Note this method
> Only finds the class filters (both Upper and Lower - if they exist)
> Does not display device filters but that's OK as you really only need to check on class fiters

For this method, we'll use the Regjump tool to help you quickly navigate directly to the right registry key
  • Download Regjump. Unzip it and store its unpacked files in C:\Windows\system32
  • Open a command prompt window
    > For XP, click Start->Run, enter: cmd
    > For Vista, you must open an elevated command prompt for Regjump to work. (For instructions click here
  • Copy / paste one of the following commands after the command prompt
    > Choose the command for the device class you want to see: DiskDrive, CDROM, or MEDIA
Code: 
To check for disk class filters (for class= DISKDRIVE)
    [B]regjump HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}[/B]

To check for CD/DVD filters (for class= CDROM)
    [B]regjump HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}[/B]

To check for sound and audio class filters (for class= MEDIA)
    [B]regjump HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}[/B]

In the example below note:
> We're looking at the registry key for device class= CDROM
> You'll see both an UpperFilter and LowerFilter subkey exists for the CDROM class
> The subkey contains the names of each filter (you may find multiple names in a subkey)
> Class keys are differentiated by their GUID (Windows' Globally Unique Identifier)
> Each class GUID is pre-defined. The GUIDs are used to differentiate the classes

regfilterstrim.png

 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
You can now use your Android device as a webcam in Windows 11
Replies
3
Views
213
Cal Jeffrey
Cal Jeffrey
Daniel Sims
Google's Find My Device network could be rolling out very soon
Replies
2
Views
99
theotherdave
theotherdave
S
Restoring function to Optical scanner
Replies
1
Views
563
Sebastian42
S

Latest posts

Back