Hello,
I downloaded the FS mini filter driver from Microsoft as a test and compiled it using VS (Visual Studio).
Link: “https://github.com/microsoft/Windows-driver-samples/tree/main/filesys/miniFilter/avscan”
I need this AVscan mini-filter driver to track and analyze filesystem transactions live for my app. I am planning to develop a lightweight open-source security application.
Now I have two questions about this:
- I can't load the driver. When I install the .sys file, I get the following error message: “There is no signature in the applicant”
What do I have to configure in the VS compiler to be able to load the driver?
Is it possibly because I need a certificate for the driver and because I have compiled in debug mode?
- How can I communicate with my mini filter driver in userland? I simply want to receive all the information from the driver at user level (user mode / kernel mode) and then evaluate it. For this purpose, an API will be implemented. However, I need to know in advance which communication medium should be implemented on the driver side. Can I do this using the IOCTL interface? So how do I get the data that is processed by the driver?
Can someone please help me clarify my questions so that I am able to move forward with my project?