Skip to content
/ delprotect-rs Public

Delprotect minifilter based on an example from the book "Windows Kernel Programming".

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

radkum/delprotect-rs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
common
common
 
 
delprotect-km
delprotect-km
 
 
delprotect-um
delprotect-um
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

DelProtect-rs

Rust minifilter based on https://github.com/zodiacon/windowskernelprogrammingbook/tree/master/chapter09/SysMon

###Directory hierarchy delprotect-km - minifilter project which gather allows to block particular deletes

delprotect-um - user mode program to configure minifilter

common - shared info between driver and client, like ioctl codes

How to use

Installing (with admin rights):

Click right mouse button on DelProtect.inf and choose install or type

RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\VsExclude\kernel\delprotect\delprotect.inf

Start:

fltmc load minifilter

Setup minifilter:

To block deletes from cmd.exe

delprotect-client.exe add cmd.exe

To clear list of prevented deletes

delprotect-client.exe clear

Stop:

fltmc unload minifilter

About

Delprotect minifilter based on an example from the book "Windows Kernel Programming".

Topics

windows rust minifilter

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages