The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I'm working on intercepting IRPs IRP_MJ_CREATE to filter some file access. I realized that Shadow Copy on Windows does not trigger any IRP when backing up my files. I'm a bit curious; How can Shadow Copy access my files without triggering this IRP ? Is there a way to catch the file interactions of Shadow Copy from a minifilter driver ?
Thanks for your help !
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Developing Minifilters||24 May 2021||Live, Online|
|Writing WDF Drivers||14 June 2021||Live, Online|
|Internals & Software Drivers||2 August 2021||Live, Online|
|Kernel Debugging||27 Sept 2021||Live, Online|