This is a driver created to learn more about kernel programming, kernel callbacks and filesystem minifilters. Allows the user to hook many events and set some security policies.
The driver will intercept -
- process creation
- image load
- file system operations
- registry operations
- networking events
- thread events
- process/thread handle callbacks
This driver will block unwanted operations based on a very simple policy:
- child process blacklists
- file operations on some files
- registry operations
The driver will kill the unwanted process before the operation has been done. Also, information will be shared with the user mode side.