Minifilter Driver which detects malware file signature during file IO
- VisualStudio 2015 (2017 ?)
- WDK 10(build toolset WindowsKernelModeDriver10.0)
Build in visual studio using mwdriver.sln
- mwscan.cer
- mwscan.pdb
- mwscan.sys
place the provided 'install.inf' file into build output, and run the 'install' action
- sc query mwscan
- sc start mwscan
- sc stop mwscan
- sc delete mwscan
-
windbg -kl
-
ed nt!Kd_DEFAULT_Mask 0xf