https://github.com/nukem9/bindfltapi

Undocumented BindFlt user mode API.
https://github.com/nukem9/bindfltapi

containers filter-driver reverse-engineering windows

Last synced: 7 months ago
JSON representation

Undocumented BindFlt user mode API.

• Host: GitHub
• URL: https://github.com/nukem9/bindfltapi
• Owner: Nukem9
• License: mit
• Created: 2024-01-28T15:59:50.000Z (about 2 years ago)
• Default Branch: master
• Last Pushed: 2025-03-07T03:00:53.000Z (about 1 year ago)
• Last Synced: 2025-08-20T12:58:08.470Z (7 months ago)
• Topics: containers, filter-driver, reverse-engineering, windows
• Language: C++
• Homepage:
• Size: 10.7 KB
• Stars: 8
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

          
# bindfltapi

Undocumented BindFlt user mode API otherwise known as `bindfltapi.dll`, `bindflt.dll`, or `bindlink.dll`.

Information has been sourced from [BuildXL](https://github.com/microsoft/BuildXL), [hcsshim](https://github.com/microsoft/hcsshim), and [go-winio](https://github.com/microsoft/go-winio). BindFlt's public successor, [Bindlink](https://learn.microsoft.com/en-us/windows/win32/api/bindlink/), was introduced roughly a year ago but still hasn't been released at the time of writing.

This header expects machines to be running **Windows 10 RS6 or newer**. Older editions have minor API changes and aren't guaranteed to work.

## Building [the example](example/source/main.cpp)

- CMake and vcpkg are expected to be set up beforehand. Visual Studio 2022 is recommended.

- Open the directory in Visual Studio and select the `Debug x64` or `Release x64` preset.

- Build.

- Run `BindfltAPIDemo.exe`.

## License

- [MIT](LICENSE.md)