{"id":19199564,"url":"https://github.com/subconsciouscompute/poc-windows-rust-filter","last_synced_at":"2025-04-20T11:30:45.272Z","repository":{"id":164673959,"uuid":"612143656","full_name":"SubconsciousCompute/poc-windows-rust-filter","owner":"SubconsciousCompute","description":"Windows Minifilter Driver in pure Rust","archived":false,"fork":false,"pushed_at":"2023-11-17T09:17:53.000Z","size":5999,"stargazers_count":28,"open_issues_count":1,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2023-11-17T10:34:15.592Z","etag":null,"topics":["ffi","ffi-bindings","filesystem","kernel","minifilter","minifilter-driver","rust","windows"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SubconsciousCompute.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-03-10T09:43:14.000Z","updated_at":"2023-11-16T13:53:32.000Z","dependencies_parsed_at":"2023-11-17T10:44:27.931Z","dependency_job_id":null,"html_url":"https://github.com/SubconsciousCompute/poc-windows-rust-filter","commit_stats":null,"previous_names":[],"tags_count":0,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SubconsciousCompute%2Fpoc-windows-rust-filter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SubconsciousCompute%2Fpoc-windows-rust-filter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SubconsciousCompute%2Fpoc-windows-rust-filter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SubconsciousCompute%2Fpoc-windows-rust-filter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SubconsciousCompute","download_url":"https://codeload.github.com/SubconsciousCompute/poc-windows-rust-filter/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223826532,"owners_count":17209583,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ffi","ffi-bindings","filesystem","kernel","minifilter","minifilter-driver","rust","windows"],"created_at":"2024-11-09T12:27:50.682Z","updated_at":"2024-11-09T12:27:51.215Z","avatar_url":"https://github.com/SubconsciousCompute.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Rust Minifilter POC\n\nA simple minifilter that informs about currently open files in Rust\n\n**Also see [fsfilter-rs](https://github.com/SubconsciousCompute/fsfilter-rs) that has minifilter interacting with\nuserspace Rust application**\n\n## Prerequisites\n\n- [Rust](https://www.rust-lang.org/)\n- [Microsoft Visual Studio](https://visualstudio.microsoft.com/)\n- [Windows SDK](https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/)\n- [Windows Driver Kit](https://learn.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk)\n- [LLVM and Clang (for bindgen)](https://releases.llvm.org/download.html)\n- [Cargo Make](https://github.com/sagiegurari/cargo-make)\n\nIt is best if you\nfollow [Codentium - Windows Drivers in Rust: Prerequisites](https://codentium.com/guides/windows-dev/windows-drivers-in-rust-prerequisites/).\n\nYou can set up a VM for testing by following [DEBUG](DEBUG.md).\n\n## Building\n\nFrom inside [windows-rust-minifilter](windows-rust-minifilter), run:\n\n`cargo make --profile production all`\n\n**Note: You might need to run `cargo clean` before rebuilding again.**\n\n## Loading and Running\n\nYou can use [OsrLoader](https://www.osronline.com/article.cfm%5Earticle=157.htm) to load the Minifilter (Ideally I\nshould make an `.inf` file but lazy thimes)\n\n- Set type to `minifilter`\n- Load Group to `FSFilter Activity Monitor`\n- Altitude to `37777`\n\nYou should be able to see the list of open files in the Debugger (You will need to remove comments\nin [`G_CALLBACKS`](windows-rust-minifilter/src/lib.rs) global array).\n\n![osrloader](readme_resources/osrloader.png)\n\nYou can also communicate with user space application by using [windows-rust-application](windows-rust-application).\n\n![user](readme_resources/user.png)\n\n## References\n\n- [apriorit](https://www.apriorit.com/dev-blog/675-driver-windows-minifilter-driver-development-tutorial)\n- [Windows Drivers in Rust](https://codentium.com/guides/windows-dev/)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsubconsciouscompute%2Fpoc-windows-rust-filter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsubconsciouscompute%2Fpoc-windows-rust-filter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsubconsciouscompute%2Fpoc-windows-rust-filter/lists"}