Skip to content
This repository has been archived by the owner on Aug 10, 2024. It is now read-only.
/ poc-windows-rust-filter Public archive

A PoC Windows Minifilter Driver in pure Rust (Don't use it in production)

License

MIT license
48 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SubconsciousCompute/poc-windows-rust-filter

BranchesTags

Repository files navigation

Rust Minifilter POC

A simple minifilter that informs about currently open files in Rust

Also see fsfilter-rs that has minifilter interacting with userspace Rust application

Prerequisites

It is best if you follow Codentium - Windows Drivers in Rust: Prerequisites.

You can set up a VM for testing by following DEBUG.

Building

From inside windows-rust-minifilter, run:

cargo make --profile production all

Note: You might need to run cargo clean before rebuilding again.

Loading and Running

You can use OsrLoader to load the Minifilter (Ideally I should make an .inf file but lazy thimes)

  • Set type to minifilter
  • Load Group to FSFilter Activity Monitor
  • Altitude to 37777

You should be able to see the list of open files in the Debugger (You will need to remove comments in G_CALLBACKS global array).

osrloader

You can also communicate with user space application by using windows-rust-application.

user

References

About

A PoC Windows Minifilter Driver in pure Rust (Don't use it in production)

Topics

windows rust kernel filesystem ffi minifilter-driver ffi-bindings minifilter

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

48 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Contributors 2

Languages