请教sfilter.exe的生成等问题

向大侠请教：
    我是新手，问几个可笑的问题，请大侠给予帮助！我不希望您告诉：“你去看ORC！”类似的回答，我希望真正的大侠给点真实的帮助，我会祝福您的！
    1 请教sfilter.exe的生成：
我将sfilter.c与sfilter.rc加到vc++6.0的工程中，也加了ntifs.h的包含路径，在vc 环境下进行编译，有一个错误：
d:\\winddk\\3790\\inc\\ifs\\wnet\\ntifs.h(23) : fatal error C1189: #error :  Compiler version not supported by Windows DDK。请问应该如何进行，才能得到sfolter.exe？
    2 在ifskit的checked编译下得到sfilter.sys，可以用sfilter.inf安装；而在sfilter里的sfilterInstall.cmd又是干什么的？是将sfolter.exe安装到注册表里吗？
    3 过去看了一点设备驱动资料，那里好象没有.exe；文件系统里
sfilter.sys与sfilter.exe应如何使用？各起什么作用？
    4 sfilterUninstall.cmd能将sfilter.inf安装的东西从注册表和system32\\drivers里卸出吗？
    5 5 在filespy里的文档说明usrGuide.htm：
Filter Driver Install Program
FileSpy now comes with an INF that will install the filter driver and the user mode control program. To install, do the following:
 Make sure确定 that filespy.exe, filespy.sys and filespy.inf are all in the same相同的 directory.目录
 Right-click on the filespy.inf through Explorer.
 Select the Install option.
This will make the necessary registry updates to register the FileSpy service, place放置 filespy.sys in the %SystemRoot%\\system32\\drivers directory, place filespy.exe in %SystemRoot%\\filespy directory and add the following registry entries条目:[这里的%SystemRoot%\\filespy ：对于2000 操作系统是winnt\\filespy？这是自动加的还是手动加的？]
[HKEY_LOCAL_MACHINE]\\System\\CurrentControlSet\\Services\\FileSpy
MaxRecords DWORD The maximum number of log records to have outstanding at any one time. Default=500.
MaxNames DWORD The maximum number of name buffers to have outstanding at any one time. Default=500.
AttachMode DWORD Specify how you want FileSpy to attach to volumes.
1. Attach on demand.
2. Attach to ALL volumes when the filter loads. This does not mean that volumes are being logged, that happens when a user explicitly requests it. This is used to control attachment order with other filters.
Default=2
Filter Driver Uninstall
To uninstall the kernel-mode driver for FileSpy, you need to run “sc delete filespy”. This will remove the service from the system. After running this program, you will need to reboot the machine to complete the removal of FileSpy.

6  我看了网友1月份的“filespy目录下filter下提供的VC编译环境修改” ，提供了几个.dsp；是否把这些.dsp加到filespy里，用vc编译就能够产生filespy.exe；然后再用我这里的问题5刚刚找到的安装说明去做安装；filespy究竟如何使用？需要把filespy.exe在注册表的software里的run下添加：让它开机后就永远运行吗？
请谅解！问题提的太多！
谢谢！












[编辑 -  4/21/05 by  lgh41]