UefiVarMonitor
UefiVarMonitor copied to clipboard
The runtime DXE driver monitoring access to the UEFI variables by hooking the runtime service table.
UefiVarMonitor
The sample runtime DXE driver (UEFI driver) monitoring access to the UEFI variables by hooking the runtime service table in C and Rust.
This project was developed to provide a small sample of a runtime driver.
Rust implementation was made solely for author's learning.
Projects Overview
-
UefiVarMonitorDxe
The UEFI runtime driver that hooks
GetVariable
andSetVariable
runtime services, and logs the use of them into serial output. Written in less than 300 lines of C code. -
uefi-var-monitor
Nearly equivalent implementation of
UefiVarMonitorDxe
in Rust. Unsafe, unsafe everywhere. -
UefiVarMonitorExDxe
The enhanced version of
UefiVarMonitorDxe
allowing a Windows driver to register an inline callback of the above runtime services. This can also be used to alter parameters and block those calls. -
UefiVarMonitorExClient
The sample Windows driver registering a callback with
UefiVarMonitorExDxe
.
Building
-
UefiVarMonitorDxe and UefiVarMonitorExDxe
- Set up edk2 build environment
- Copy
UefiVarMonitorPkg
asedk2\UefiVarMonitorPkg
- On the edk2 build command prompt, run the below command:
Or on Linux or WSL,> edksetup.bat > build -t VS2019 -a X64 -b NOOPT -p UefiVarMonitorPkg\UefiVarMonitorPkg.dsc -D DEBUG_ON_SERIAL_PORT
$ . edksetup.sh $ build -t GCC5 -a X64 -b NOOPT -p UefiVarMonitorPkg/UefiVarMonitorPkg.dsc -D DEBUG_ON_SERIAL_PORT
-
uefi-var-monitor
- Install the nightly rust compiler. Below is an example on Linux, but it is largely the same on Windows.
$ sudo snap install rustup --classic $ rustup default nightly $ rustup component add rust-src
- Build the project.
$ cd uefi-var-monitor $ cargo build
- Install the nightly rust compiler. Below is an example on Linux, but it is largely the same on Windows.
-
UefiVarMonitorExClient
This is a standard Windows driver. VS2019 and WDK 10.0.18362 or later are required.
Credits
- Thank you @x1tan for modernalized xcargo-less build.