I am new to Windows driver development and minifilters and I am trying to build the nullFilter sample using command line tools.
So I added #pragma comment(lib, "FltMgr.lib") to the .c file and issued the following commands successfully:
cl.exe /nologo /Fo../../bin\filter.obj /c filter.c /D _AMD64_
rc.exe /nologo /Fo../../bin\filter.res filter.rc
However, when I try to create the sys file:
link.exe /nologo /DRIVER:WDM /out:../../bin\filter.sys ../../bin\filter.obj ../../bin\filter.res
LINK : error LNK2001: unresolved external symbol NtProcessStartup
../../bin\filter.sys : fatal error LNK1120: 1 unresolved externals
I am using VS2012 Express and WDM8. My LIB environment variable is:
C:\Program Files (x86)\Windows Kits\8.0\Lib\win8\um\x64;C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\lib\amd64;C:\Program Files (x86)\Windows Kits\8.0\Lib\win8\km\x64;
What am I doing wrong? Am I missing something?
NtProcessStartup function is to driver development what 'main' is for regular C programs. In other words, it is the program entry function that you need to provide yourself. See the article here for an introduction and explanation of this function. You can overrule the name of the startup function by using the -entry linker option. Setting '-entry:DriverEntry' is a common practice for driver development.