CallbackFilter

Instant control over file and folder operations in Windows and .NET applications

Deployment instructions

Required Permissions

By default installation and deinstallation of Callback File System files (kernel-mode drivers and Helper DLLs) can be performed from the user account which belongs to Administrators group. This is a security measure of Windows operating system. You can change this behaviour on the target system by adjusting the list of users and groups who have the right to install and uninstall the drivers. This can be done in Control Panel -> Administrative tools -> Local Security Settings -> Local Policies \ User Rights Assignment (tree branch), there you need to change "Load and Unload device drivers" item. No need to say that by default you can change the security settings if you are system administrator.

Notes for Vista and later versions of Windows

If you have UAC (User Account Control) enabled, Vista and later versions of Windows will run applications started by you with limited rights even when you are logged in as administrator or m7ember of Administrators group.

If you install or uninstall the drivers by calling the above mentioned functions in your code, you need to elevate privileges of your application so that it's started with truly administrative rights.

To elevate privilages for your application, you must start it with Run As Administrator option. In Windows Explorer this is done using Run As Administrator command in context menu for the application. Alternatively you can set the corresponding option in the Properties window shown for your executable module.

One more option is to use the manifest. The manifest file can be placed next to the executable of your application or embedded into the executable. If you decide to keep the manifest in a separate file, it must be named <EXEName_with_extension>.manifest, eg. for MyApp.exe the manifest should be called MyApp.exe.manifest.

You can use the following manifest:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
    <assemblyIdentity version="1.0.0.0"
	processorArchitecture="X86"
	name="ExeName"
	type="win32"/>
<description>elevate execution level</description>
   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
      <security>
         <requestedPrivileges>
            <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
         </requestedPrivileges>
      </security>
   </trustInfo>
</assembly>

Drivers

The driver to be deployed is cbfltfs3.sys. Note, that the drivers are different for Win32, x64 (AMD 64-bit architecture) and IA64 (Itamium 64-bit architecture) platforms.

Debug drivers are located in "<CBFlt>\Drivers\Debug\32bit" or "<CBFlt>\Drivers\Debug\64bit" folders (for Win32 and Win64 platforms).
Release drivers are located in "<CBFlt>\Drivers\Release\32bit" or "<CBFlt>\Drivers\Release\64bit" folders (for Win32 and Win64 platforms).

64-bit version of the driver is available for x64 (AMD64) processor architecture used by most modern 64-bit processors and IA64 (Itanium) processor architecture used by some Intel-produced server processors.

Installation of the drivers to the target system is described here.

User-mode API

CallbackFilter user-mode API is shipped as .NET assemblies, static library for Visual C++ and VCL units.

  • .NET API:
    When deploying the project, copy the CBFlt4Net.dll below to your application folder. Questions about when and how to install the assemblies to Global Assembly Cache are discussed in Working with Assemblies and the Global Assembly Cache and How to: Install an Assembly into the Global Assembly Cache articles.

    .NET 4.6 assemblies are different for Intel 32-bit and Intel 64-bit platforms. 64-bit .NET 4.6 assemblies are available for x64 processor architecture used by most modern 64-bit processors.
    All .NET 4.6 assemblies require Visual C++ 2015 Multithreaded Runtime DLLs (vcruntime140.dll). It's a good idea to include these DLLs into the distribution. The DLLs are located in <CBFlt>\MSVC_REDIST\NET_46 folder.
    If you place the assembly to the same folder where your application is located, these DLLs must be placed in this folder too. If you install the .NET assembly to the GAC, it's recommended that you use installable "vcredist" package instead (see below).

    .NET 4.5.1 assemblies are different for Intel 32-bit and Intel 64-bit platforms. 64-bit .NET 4.5.1 assemblies are available for x64 processor architecture used by most modern 64-bit processors.
    All .NET 4.5.1 assemblies require Visual C++ 2013 Multithreaded Runtime DLLs (msvcp120.dll and msvcr120.dll). It's a good idea to include these DLLs into the distribution. The DLLs are located in <CBFlt>\MSVC_REDIST\NET_451 folder.
    If you place the assembly to the same folder where your application is located, these DLLs must be placed in this folder too. If you install the .NET assembly to the GAC, it's recommended that you use installable "vcredist" package instead (see below).

    .NET 4.5 assemblies are different for 32-bit and 64-bit platforms. 64-bit .NET 4.5 assemblies are available for x64 processor architecture used by most modern 64-bit processors.
    All .NET 4.5 assemblies require Visual C++ 2012 Multithreaded Runtime DLLs (msvcp110.dll and msvcr110.dll). It's a good idea to include these DLLs into the distribution. The DLLs are located in <CBFlt>\MSVC_REDIST\NET_45 folder.
    If you place the assembly to the same folder where your application is located, these DLLs must be placed in this folder too. If you install the .NET assembly to the GAC, it's recommended that you use installable "vcredist" package instead (see below).

    .NET 4.0 assemblies are different for 32-bit and 64-bit platforms. 64-bit .NET 4.0 assemblies are available for x64 (AMD64) processor architecture used by most modern 64-bit processors and IA64 (Itanium) processor architecture used by some Intel-produced server processors.
    All .NET 4.0 assemblies require Visual C++ 2010 Multithreaded Runtime DLLs (msvcp100.dll and msvcr100.dll). It's a good idea to include these DLLs into the distribution. The DLLs are located in <CBFlt>\MSVC_REDIST\NET_40 folder.
    If you place the assembly to the same folder where your application is located, these DLLs must be placed in this folder too. If you install the .NET assembly to the GAC, it's recommended that you use installable "vcredist" package instead (see below).

    .NET 2.0 assemblies are different for 32-bit and 64-bit platforms. 64-bit .NET 2.0 assemblies are available for x64 (AMD64) processor architecture used by most modern 64-bit processors and IA64 (Itanium) processor architecture used by some Intel-produced server processors.
    .NET 2.0 assemblies for Win32 and x64 platforms require Visual C++ 2005 SP1 Multithreaded Runtime DLLs (msvcp80.dll and msvcr80.dll). .NET 2.0 assemblies for IA64 platform require Visual C++ 2008 Multithreaded Runtime DLLs (msvcp90.dll and msvcr90.dll). It's a good idea to include these DLLs into the distribution. The DLLs are located in <CBFlt>\MSVC_REDIST\NET_20 folder.
    If you place the assembly to the same folder where your application is located, these DLLs must be placed in this folder too. If you install the .NET assembly to the GAC, it's recommended that you also install the above DLLs to \Windows\System32 folder.

    Alternative method for deployment of MS VC++ Runtime DLLs is to download proper "vcredist" installations from Microsoft site and include them to your installation package. Do the search for "Microsoft Visual C++ Redistributable Package" on Microsoft site and choose the needed redistributable packages.

  • C++ API:
    C++ class links CallbackFilter API statically so no deployment is required.

  • VCL API:
    VCL unit for Delphi and C++Builder links CallbackFilter API statically so no deployment is required.

Back to top