Owlyshield icon indicating copy to clipboard operation
Owlyshield copied to clipboard

Published 20 hours ago verified publisher icon SitinCloud

stabality and performance improvements in minifilter

Open sn99 opened this issue 2 years ago • 2 comments

  • Fix issue of floating point operations in kernel driver
  • Performance improvements
  • Upgrade C standard to C11
  • General stability improvements around IRQL, DriverEntry, etc
  • Replace ZwClose with FltClose in minifilter to solve potential memory leak
  • Refactor code to be more readable and conscience
  • Upgrade to c++20 standard for minifilter
  • Improve performance of minifilter by using -O2 and -LTO alongside release build
  • Stop using debug libraries for minifilter
  • Use ExAllocatePool2 instead of ExAllocatePoolWithTag

I was able to build it in Visual Studio (I only checked for 64bit systems both debug and release)

sn99 avatar Jan 10 '23 06:01 sn99

use PCWSTR instead of PWSTR for ComPortName

This would require a change in driver_comm.rs, I will submit a pull

sn99 avatar Jan 10 '23 06:01 sn99

I still have a doubt about irql though https://github.com/RafWu/RansomWatch/issues/6

sn99 avatar Jan 10 '23 06:01 sn99