The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I am working on minifilter and currently want to block some malicious downloads opening. Whenever a user downloads and tries to open the file, send the file path to user-mode, and then the user-mode scans the file content and reverts to the kernel part.
If the file is malicious then block the opening file.
I know that I can block the file open/create in IRP_MJ_CREATE but the problem is that when chrome downloads a file then it makes .tmp->.crdownload->.actualFIleExtenion -> modifies
I need to block/allow it once the file is opened just after download.
Any help will be much appreciated.
Thanks to the great community.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Kernel Debugging||30 January 2023||Live, Online|
|Developing Minifilters||20 March 2023||Live, Online|
|Writing WDF Drivers||TBD 2023||Live, Online|
|Internals & Software Drivers||17 April 2023||Live, Online|