Skip to content

NtRaiseHardError/Providence

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
Providence
Providence
 
 
README.md
README.md
 
 

Repository files navigation

Providence

Kernel-mode file scanner.

Based heavily on https://github.com/Microsoft/Windows-driver-samples/tree/ba25139ebc243c1a79dcd6168cc95563a467b7ef/filesys/miniFilter/scanner.

Detects file creation in a kernel-mode driver and then sends the file path to the user-mode application for signature scanning. Also prevents file deletion of its own files.

TODO

  1. Remove hard-coded file path of own critical files and place into registry to be used by RegistryPath in DriverEntry.
  2. Integrate YARA C library.
  3. Add driver loading into the user-mode application.
  4. Change user-mode application into DLL.
  5. Complete C# GUI to be used with the user-mode DLL.

About

Kernel-mode file scanner

Resources

Readme
Activity

Stars

18 stars

Watchers

4 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages