问题
After hours of spending on installing drivers, I began looking at minispy driver:
Windows-driver-samples/filesys/miniFilter/minispy/
I am trying to catch all the calls of user to open files. I was trying to do it with all the parameters it prints (like Opr, Major Operation...) but I can't filter it in exact way.
How can I filter only the user calls (open file)?? How can I determinate within the code if the user called the transaction?
Thank you very much for your help.
回答1:
look for FLT_CALLBACK_DATA.RequestorMode - if you use minifilter.
来源:https://stackoverflow.com/questions/41292697/minispy-driver-user-mode-call