A rust library to monitor filesystem and more in windows
Prepared as part of ongoing thesis work at uni.
See MINIFILTER.md for building the minifilter or just right click install using the .inf file
provided in releases.
NOTE: By default it is built for Windows 10 and above
NOTE: Enable Loading of Test Signed Drivers by executing Bcdedit.exe -set TESTSIGNING ON in administrative cmd
Use cargo run --bin minifilter --release to run the example application. The program starts to print the IOMessage
which is defined like:
```rust
pub struct IOMessage { pub extension: [wchart; 12], pub fileidvsn: culonglong, pub fileidid: [u8; 16], pub memsizedused: culonglong, pub entropy: f64, pub pid: culong, pub irpop: cuchar, pub isentropycalc: u8, pub filechange: cuchar, pub filelocationinfo: cuchar, pub filepathstr: String, pub gid: culonglong, pub runtimefeatures: RuntimeFeatures, pub filesize: i64, } ```
The performance of the minifilter doesn't really exceed 1% of the CPU usage (I never saw it tickle even to 1% while
running scripts to make multiple temporary files). Although depending on you console if you try running
cargo run --bin minifilter you might see spikes reaching 1-3% but that is because of the console itself (comment out
the writeln! in the bin example).
This project is licensed under the terms of the MIT license.