About This File
Since malware works fast and quiet there is demand to analyze, track and block such scrap at some central point. There is nothing as central as the kernel of an operating system. This white paper describes how to monitor and protect your Windows-based system by using a minifilter driver intercepting IRP_MJ-Functions in its PreOperation-Callback. The white paper also discusses some basic analyzing and protection drivers I have written in the past. By following Microsoft's recommendation and guidelines for multiplatform compatible driver development, the resulting drivers are called kernel minifilter drivers that are reliable and compatible with all modern versions of Microsoft Windows (2000, XP, Vista, Server, 7 and including their 64 bit versions. Minifilter drivers are powerful tools to track and mitigate against many kinds of malware out there. Once you have build up your own minifilter drivers they are like a Swiss Army Knife. I highly encourage everyone in the Windows based security scene to have a deep look into the powerful stuff one can achieve with minifilter drivers.
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now