This year, for my graduation project, I'm developing a kernel agent for a Windows EDR (Endpoint Detection and Response) security solution.
I would appreciate any advice you could offer.
1. [ ALL in one(driver) ]: Is it okay to use all monitoring functions within a single kernel driver?
2. [Winsock but Kernel]: Is it permissible to use the Kernel-mode Winsock within a kernel driver?(Is it frequently used and recommend?)
3.[keep in mind]: what to keep in mind when developing the Windows kernel?