|
I was actually contemplating hooking file and registry api's using ring0 driver, under NT5+, using WDM and ring0, and though of filemon and regmon as a good base. I'm looking to write up a small "application firewall" that would allow me to permit or deny access to registry keys or files. A neat final project for an undergraduate degree no? Only problem is, I can't seem to find the regmon, filemon or apimon source code. I'd much rather hook through ring0 than anything else, but if anything I'm open to suggestions/alternatives/input/whatever. If anyone has any advice on what I should read up I'd appreciate it
|