The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
We have a filter providing an HSM via reparse point but we are finding increasing use of EAs by some anti-malware products. We propose to remove the EA when we 'stub' a file (remove primary data, and add reparse point) but replace the EA if the file is accessed causing us to 'unstub' the file (restore primary data and remove reparse point). Has anyone else tried this or see major issues with this.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Kernel Debugging||16-20 October 2023||Live, Online|
|Developing Minifilters||13-17 November 2023||Live, Online|
|Internals & Software Drivers||4-8 Dec 2023||Live, Online|
|Writing WDF Drivers||10-14 July 2023||Live, Online|