Rust Minifilter POC
A simple minifilter that informs about currently open files in Rust
Also see fsfilter-rs that has minifilter interacting with userspace Rust application
Prerequisites
It is best if you follow Codentium - Windows Drivers in Rust: Prerequisites.
You can set up a VM for testing by following DEBUG.
Building
From inside windows-rust-minifilter, run:
cargo make --profile production all
Note: You might need to run cargo clean before rebuilding again.
Loading and Running
You can use OsrLoader to load the Minifilter (Ideally I
should make an .inf file but lazy thimes)
- Set type to
minifilter - Load Group to
FSFilter Activity Monitor - Altitude to
37777
You should be able to see the list of open files in the Debugger (You will need to remove comments
in G_CALLBACKS global array).
You can also communicate with user space application by using windows-rust-application.
