I'm building a Minifilter Kernel Driver for Antivirus purposes that whanever a filesystem operation (open | write | read) happens it retrieves the filename and process ID involved in the operation. I was wondering myself if it's possible to make the Driver send the data (file name and PID) to a user-mode Python application, for example using FltSendMessage ?
Is possible to send data from a minifilter kernel driver to a Python Application?
153 Views Asked by Leonardo Poloni At
1
There are 1 best solutions below
Related Questions in PYTHON
- How to store a date/time in sqlite (or something similar to a date)
- Instagrapi recently showing HTTPError and UnknownError
- How to Retrieve Data from an MySQL Database and Display it in a GUI?
- How to create a regular expression to partition a string that terminates in either ": 45" or ",", without the ": "
- Python Geopandas unable to convert latitude longitude to points
- Influence of Unused FFN on Model Accuracy in PyTorch
- Seeking Python Libraries for Removing Extraneous Characters and Spaces in Text
- Writes to child subprocess.Popen.stdin don't work from within process group?
- Conda has two different python binarys (python and python3) with the same version for a single environment. Why?
- Problem with add new attribute in table with BOTO3 on python
- Can't install packages in python conda environment
- Setting diagonal of a matrix to zero
- List of numbers converted to list of strings to iterate over it. But receiving TypeError messages
- Basic Python Question: Shortening If Statements
- Python and regex, can't understand why some words are left out of the match
Related Questions in DRIVER
- How to setup SLI on two GTX 560Ti's
- How can I set an uncommon screen resolution on GNU/Linux with an Arc 380 GPU and X11?
- Bluetooth Driver file corrupt or replaced
- Simba Driver Upgrade on Windows
- OpcUA The user identity token is not valid
- RPi Linux Audio driver for 8 channels Codec
- ORA-61754: Using JSON type collections on Oracle Database release 23c or later requires a SODA driver for Oracle Database release 23c or later
- create_ap wlan0: Could not connect to kernel driver
- How to fix Linux CMA on x86 with internal graphic card i915/hda_intel ioremap error?
- How to enable Swap APO in SYSVAD sample driver without enhancement tab in windows 11?
- RT linux isr routine
- I sent a bundle of data by using bulkTransfer, but received data in pieces
- Trying to do sudo make for linux driver
- Erreur "java.lang.ClassNotFoundException: org.postgresql.Driver"
- In Windows 10/11 is there a way to script a device to use a specific driver, even if its not marked as compatible?
Related Questions in ANTIVIRUS
- USB is not recognized
- TotalVirus API v3: Scan URL returning "HTTP 400 Bad Request"
- Unable to observe CLAMAV antivirus logs at Log Explorer in GCP
- Maintaining an artifical file lock to prevent virus scanning software accessing file
- “McAfee Antivirus Detects C Executable as Virus (False Positive)
- How to use AMSI_UAC_REQUEST_TYPE?
- Does defender link in to client-server connections?
- How to deal with Windows Defender false positives?
- Windows Unkillable Executable file (.exe)
- Use Windows Defender API to scan data without writing it to disk?
- How do I get scan summary results of ClamAV without string manipulation?
- Autoupdater is falsely detected as virus
- Run powershell script or whitelist installation directory before installing in inno setup
- Unable to uninstall the Nucleon EDR Agent
- Mrt.exe launch in python
Related Questions in MINIFILTER
- Why .inf file in visuals studio 2022 is different
- Is it possible to create docker image from windows ISO?
- How can I get file mime type in kernel mode
- Windows Minifilter Driver: Error Faced - fltmc load failed with error: 0x8007007f the specified procedure could not be found
- Distinguish file creation from file open
- Can we monitor windows network information in realtime using minifilters?
- C1189 "No target architecture" when building a driver
- Open file from minifilter during the instance_setup
- Is possible to send data from a minifilter kernel driver to a Python Application?
- Visual Studio 2022 unable to find FS minifilter driver project template
- using RtlCompareString to compare user data crashes OS
- FltRegisterFilter referenced in Function DriverEntry in filter.obj
- syntax error identifier 'FilterHandle' minifilter
- Filesystem Mini-Filter driver project template doesn't exist in Visual Studio 2019/2022
- Block access to specific path with minifilters
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
What you are trying to achieve is possible, however, it won't be without any hack. First of all, there aren't any libraries/wrappers to interact with a minifilter driver other than the one in C++ provided by Microsoft. Based on that, you could: