{"id":13798226,"url":"https://github.com/tandasat/UefiVarMonitor","last_synced_at":"2025-05-13T05:31:53.055Z","repository":{"id":73942072,"uuid":"259111829","full_name":"tandasat/UefiVarMonitor","owner":"tandasat","description":"The runtime DXE driver monitoring access to the UEFI variables by hooking the runtime service table.","archived":false,"fork":false,"pushed_at":"2020-10-09T04:42:45.000Z","size":2374,"stargazers_count":138,"open_issues_count":0,"forks_count":18,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-04-08T10:27:11.508Z","etag":null,"topics":["dxe-driver","rust","uefi"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tandasat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-04-26T19:08:45.000Z","updated_at":"2025-01-10T21:07:42.000Z","dependencies_parsed_at":null,"dependency_job_id":"8b2ed649-4ccd-4d1e-b6ba-c0f51c8627e6","html_url":"https://github.com/tandasat/UefiVarMonitor","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tandasat%2FUefiVarMonitor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tandasat%2FUefiVarMonitor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tandasat%2FUefiVarMonitor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tandasat%2FUefiVarMonitor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tandasat","download_url":"https://codeload.github.com/tandasat/UefiVarMonitor/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253883119,"owners_count":21978611,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dxe-driver","rust","uefi"],"created_at":"2024-08-04T00:00:40.637Z","updated_at":"2025-05-13T05:31:50.987Z","avatar_url":"https://github.com/tandasat.png","language":"C","funding_links":[],"categories":["Tools :hammer:","***EDK2***"],"sub_categories":["***PoCs***"],"readme":"UefiVarMonitor\r\n===============\r\n\r\nThe sample runtime DXE driver (UEFI driver) monitoring access to the UEFI variables by hooking the runtime service table in C and Rust.\r\n\r\nThis project was developed to provide a small sample of a runtime driver.\r\n\r\n![UefiVarMonitor](Resources/UefiVarMonitor.png)\r\n![uefi-var-monitor](Resources/uefi-var-monitor-on-linux.png)\r\n\r\nRust implementation was made solely for author's learning.\r\n\r\nProjects Overview\r\n------------------\r\n\r\n* UefiVarMonitorDxe\r\n\r\n    The UEFI runtime driver that hooks `GetVariable` and `SetVariable` runtime services, and logs the use of them into serial output. Written in less than 300 lines of C code.\r\n\r\n* uefi-var-monitor\r\n\r\n    Nearly equivalent implementation of `UefiVarMonitorDxe` in Rust. Unsafe, unsafe everywhere.\r\n\r\n* UefiVarMonitorExDxe\r\n\r\n    The enhanced version of `UefiVarMonitorDxe` allowing a Windows driver to register an inline callback of the above runtime services. This can also be used to alter parameters and block those calls.\r\n\r\n* UefiVarMonitorExClient\r\n\r\n    The sample Windows driver registering a callback with `UefiVarMonitorExDxe`.\r\n\r\nBuilding\r\n---------\r\n\r\n* UefiVarMonitorDxe and UefiVarMonitorExDxe\r\n\r\n    1. Set up edk2 build environment\r\n    2. Copy `UefiVarMonitorPkg` as `edk2\\UefiVarMonitorPkg`\r\n    3. On the edk2 build command prompt, run the below command:\r\n        ```\r\n        \u003e edksetup.bat\r\n        \u003e build -t VS2019 -a X64 -b NOOPT -p UefiVarMonitorPkg\\UefiVarMonitorPkg.dsc -D DEBUG_ON_SERIAL_PORT\r\n        ```\r\n       Or on Linux or WSL,\r\n        ```\r\n        $ . edksetup.sh\r\n        $ build -t GCC5 -a X64 -b NOOPT -p UefiVarMonitorPkg/UefiVarMonitorPkg.dsc -D DEBUG_ON_SERIAL_PORT\r\n        ```\r\n\r\n* uefi-var-monitor\r\n\r\n    1. Install the nightly rust compiler. Below is an example on Linux, but it is largely the same on Windows.\r\n        ```\r\n        $ sudo snap install rustup --classic\r\n        $ rustup default nightly\r\n        $ rustup component add rust-src\r\n        ```\r\n    2. Build the project.\r\n        ```\r\n        $ cd uefi-var-monitor\r\n        $ cargo build\r\n        ```\r\n\r\n* UefiVarMonitorExClient\r\n\r\n    This is a standard Windows driver. VS2019 and WDK 10.0.18362 or later are required.\r\n\r\nCredits\r\n---------\r\n\r\n- Thank you [@x1tan](https://twitter.com/x1tan) for modernalized xcargo-less build. \r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftandasat%2FUefiVarMonitor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftandasat%2FUefiVarMonitor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftandasat%2FUefiVarMonitor/lists"}