Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Help on Minifilter

jay96612jay96612 Member Posts: 57

I am working on minifilter and currently want to block some malicious downloads opening. Whenever a user downloads and tries to open the file, send the file path to user-mode, and then the user-mode scans the file content and reverts to the kernel part.
If the file is malicious then block the opening file.

I know that I can block the file open/create in IRP_MJ_CREATE but the problem is that when chrome downloads a file then it makes .tmp->.crdownload->.actualFIleExtenion -> modifies

I need to block/allow it once the file is opened just after download.

Any help will be much appreciated.
Thanks to the great community.

Comments

  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,494

    Is this for work or a hobby? If it's for work I'd suggest getting some outside design help or taking a seminar. No disrespect meant, it's just that this kind of project really requires design before whacking away at code trying to get something working.

    -scott
    OSR

  • jay96612jay96612 Member Posts: 57

    @Scott_Noone_(OSR) I am making it for learning purpose. I want to scan every file after download before opening the file for security purpose. OSR seminars is really awesome but I can't afford as of now but excited to know about. For me like students how can We attend OSR seminars ?

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 12 September 2022 Live, Online
Internals & Software Drivers 23 October 2022 Live, Online
Kernel Debugging 14 November 2022 Live, Online
Developing Minifilters 5 December 2022 Live, Online