The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Hello everyone first of thank you for your great website, been reading stuff that were posted here for years now and it always has been very helpful to me.
I am writing a forensic tool, and for me to be able to read the disk in the presence of a rootkit, the best method i can think of (and which i heard some AVs do this as well) is to load the scsi PORT driver from disk (instead of using the already loaded one), and read the disk using the newly loaded driver instead of the original module, because the original one is infected.
the problem is i cannot find any project or blog post or anything that explains which exported functions inside the port driver i should use and how.
So any help is appreciated, how can i read the disk using the port driver? which exported functions inside of it should i use and how (meaning how should i fill up the arguments)? any blogpost/open-source project related to this?
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Writing WDF Drivers||7 Dec 2020||LIVE ONLINE|
|Internals & Software Drivers||25 Jan 2021||LIVE ONLINE|
|Developing Minifilters||8 March 2021||LIVE ONLINE|