andronoob/FsFilter1.sys

Last active July 18, 2018 06:58

Star 0 You must be signed in to star a gist
Fork 0 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/andronoob/d5882c5e6d21f3dea534a68434abe040.js"></script>
Save andronoob/d5882c5e6d21f3dea534a68434abe040 to your computer and use it in GitHub Desktop.

Download ZIP

Stupid NTFS FSD Hook Driver

Raw

FsFilter1.sys

View raw

adeelmunir commented Jul 10, 2018

Thanks for you response, I used FsFilter1.inf file, by right clicking inf file and install it after that used following command.
sc start FsFilter1
I am attaching two snapshots one for case with patchguard enable and other case by using Fyyre tool to disable patch guard.

For patch guard disabled case, please check snapshot driver starts and shows some messages on cmd screen like service name, type and state etc, but I cant see any kernel debug messages on default dbgview, while the link you provided me is broken so I can download patched dbgview, so I am not sure what is happening using your driver code, not even sure about patchguard status.
For patch gurad enable case, please check snapshot in this case driver service does not start and gives StartService failed 577: message related to digital signatures.

I only want to know about patchguard status using your driver code, please let know what to do further.

Thanks

adeelmunir commented Jul 18, 2018

Hi Andronoob,

Can you tell me further for confirmation of your driver? I can't see it's working behavior

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment