Jump to content
Tuts 4 You

Kernel-based Monitory on Windows (32-64bit)

Teddy Rogers

About This File

Since malware works fast and quiet there is demand to analyze, track and block such scrap at some central point. There is nothing as central as the kernel of an operating system. This white paper describes how to monitor and protect your Windows-based system by using a minifilter driver intercepting IRP_MJ-Functions in its PreOperation-Callback. The white paper also discusses some basic analyzing and protection drivers I have written in the past. By following Microsoft's recommendation and guidelines for multiplatform compatible driver development, the resulting drivers are called kernel minifilter drivers that are reliable and compatible with all modern versions of Microsoft Windows (2000, XP, Vista, Server, 7 and including their 64 bit versions. Minifilter drivers are powerful tools to track and mitigate against many kinds of malware out there. Once you have build up your own minifilter drivers they are like a Swiss Army Knife. I highly encourage everyone in the Windows based security scene to have a deep look into the powerful stuff one can achieve with minifilter drivers.

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...