Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/yasindce1998/kernel-program-sample

Sample Windows kernel program
https://github.com/yasindce1998/kernel-program-sample

Last synced: about 1 month ago
JSON representation

Sample Windows kernel program

Awesome Lists containing this project

README 

        
# IOCTL Communication from Kernel to User Mode (C/C++):

To send a message from the Windows kernel to a user-mode C++ program, you can use Input/Output Control (IOCTL) communication. Here's a high-level overview:



## In the Kernel (C/C++):

1. Create a kernel-mode driver.

2. Define a custom IOCTL code that corresponds to your operation.

3. Handle the IOCTL request in the driver and send the message to the user mode.



## In User Mode (C++):

1. Create a user-mode application.

2. Open a handle to the kernel driver.

3. Send an IOCTL request to the driver.

4. Receive and process the message in your user-mode application.

Note: Refer to the Windows Driver Kit (WDK) documentation and examples for detailed information on creating kernel drivers and IOCTL communication.



# Minifilter for File Access Monitoring (C/C++):

To create a minifilter for monitoring file access and printing filenames or sending them to a user-mode program, you can follow these steps:



## In the Kernel (C/C++):

1. Create a minifilter driver using the Windows Driver Kit (WDK).

2. Implement the necessary callback routines in your minifilter driver, such as FltPreOperationCallback or FltPostOperationCallback.

3. In the callback routine, you can access the file information (including the filename) and log it using DbgPrint or send it to user mode.



## In User Mode (C++):

1. Create a user-mode application.

2. Use a communication mechanism like IOCTL or shared memory to receive file information from the minifilter driver.