Starting developing simple EDR

Hi :slight_smile:

I am relatively new to windows driver development and i want to practice and learn more through developing a simple EDR.

I think of developing just a simple driver that register for process creation
And runs static analysis on those processes.
Also maybe dynamic analysis with some dll injections.

Any good articles, code sample etc that would help me that?

I recommend this book: Windows Kernel Programming… by Pavel Yosifovich [PDF/iPad/Kindle]

The 'sysmon' sample does most of what you are looking for - tracks process creates, image loads etc.

1 Like