Open GoogleCodeExporter opened 9 years ago
accessch sample, contain two folders: drv (source code for driver) and usr
(sample utility wich interact with driver).
drv implement file interceptor, filtering system and some interface for
communcation with subscriber.
current version stable for usage in any OS Windows (XP sp2 or higher)...
ps. If You have any question about fltmgr or writing minifiler it is better to
e-mail me (i will answer much faster) :)
Original comment by Andrey.S...@gmail.com
on 20 Sep 2010 at 4:24
Original comment by Andrey.S...@gmail.com
on 20 Sep 2010 at 4:34
So filtering in drv means file operations are intercepted, right?
Then next question follows: is the project's goal to do something active with
those ops (eg. deny access to some file) or just to indicate they had happened?
Also can you briefly compare your project to ClamRT also?
S.
PS: thanks, when it's time, I will keep you in my questions queue. Currently I
was investigating how does Wine project behaves with Windows drivers it loads.
Original comment by sauli...@gmail.com
on 20 Sep 2010 at 4:36
Yes, You absolutly right - drv intercept file events and provide some interface
that allow deny access by criterials (access mask\mode\SID\PID\TID\LUID... via
filtering system in driver ) or by content.
For example, i attach AV engine from Kaspersky to make private antivirus. My
collegues used accessch driver + devctrl (another project) as base for some DLP
solution (as demo for venture fond :))
ps. I started this projects especialy by theirs petition.
ClamRT is legacy driver, the same target - provide IO mechanism for AV checks.
Original comment by Andrey.S...@gmail.com
on 21 Sep 2010 at 7:50
Original issue reported on code.google.com by
sauli...@gmail.com
on 1 Sep 2010 at 2:34