The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Recently a security researcher sent us a CVE in our code where we are trying to use windows DeleteFileW and MoveFileW APIS and the researcher claims that they have scripts/code which can hijack the path sent to these APIs and replace them with symbolic links to windows system32 files or other sensitive files causing us to delete or move them. Our code runs as a privileged service and hence we need to prevent this kind of attack.
Since we are using Win32 APIs what is the best way forward? Our service needs to work on Win7 and above.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Developing Minifilters||24 May 2021||Live, Online|
|Writing WDF Drivers||14 June 2021||Live, Online|
|Internals & Software Drivers||27 September 2021||Live, Online|
|Kernel Debugging||15 November 2021||Live, Online|