EaseFilterSDK/mini-filter-driver-framework external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

EaseFilterSDK/mini-filter-driver-framework

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/EaseFilterSDK/mini-filter-driver-framework)

Close

EaseFilterSDK / mini-filter-driver-frameworkView on GitHubMore

• External links
• Readme badge

A mini filter driver development framework allows you to develop minit filter driver with different features.

☆69Jan 25, 2026Updated last month

Alternatives and similar repositories for mini-filter-driver-framework

Users that are interested in mini-filter-driver-framework are comparing it to the libraries listed below

• 7eRoM / elam

  View on GitHub
  A Practical example of ELAM (Early Launch Anti-Malware)
  ☆36Nov 12, 2021Updated 4 years ago
• BlackOfWorld / NtCreateUserProcess

  View on GitHub
  A small NtCreateUserProcess PoC that spawns a Command prompt.
  ☆102Aug 25, 2022Updated 3 years ago
• Ingan121 / dwm-screen-shot

  View on GitHub
  DWM hooking-based screenshot tool
  ☆33Sep 13, 2025Updated 5 months ago
• klezVirus / ThreadPoolExecChain

  View on GitHub
  A simple POC to show how to chain multiple callbacks via tail calls to artificially construct a call stack
  ☆99Dec 22, 2025Updated 2 months ago
• mihaly044 / pedigest

  View on GitHub
  Helper functions for calculating the authenticode digest for a portable executable file
  ☆21Apr 30, 2020Updated 5 years ago
• CyberSecurityUP / ProcessKiller-BYOVD

  View on GitHub
  BYOVD Technique Example using viragt64 driver
  ☆73Jul 25, 2024Updated last year
• Artem-Malyi / windbg-cheat-sheet

  View on GitHub
  WinDbg cheat sheet
  ☆16May 10, 2023Updated 2 years ago
• jonny-jhnson / ProcCallback

  View on GitHub
  An example of how a driver can register a handle creation callback.
  ☆16Jun 12, 2023Updated 2 years ago
• shaygitub / ProtectionSolution

  View on GitHub
  This is the AV ("protection solution") used for my windows 10 rootkit main project. this includes the installer stager program, a service…
  ☆13May 2, 2024Updated last year
• sensepost / bloatware-pwn

  View on GitHub
  LPE / RCE Exploits for various vulnerable "Bloatware" products
  ☆86Aug 5, 2025Updated 7 months ago
• petikvx / MSIL-Ransom-Part-01

  View on GitHub
  Source Code of MSIL Ransom
  ☆14Feb 11, 2023Updated 3 years ago
• arsium / BypassGetModuleBaseAddressAndGetExportAddress

  View on GitHub
  A proof of concept of real custom GetProcAddress and GetModuleBaseAddress
  ☆21Jul 9, 2022Updated 3 years ago
• tomergill / Malware_Classification_Final_Project

  View on GitHub
  Yossi Mandil & Tomer Gill's Bachelor Degree Final Project under the BIU Cyber Center - Malware & Benign File Classification using Machin…
  ☆10Jun 24, 2018Updated 7 years ago
• Youssef1313 / DotNetSyntaxTreeVisualizer

  View on GitHub
  .NET Syntax Tree Visualizer powered by Roslyn APIs
  ☆16Feb 13, 2026Updated 3 weeks ago
• connormcgarr / Vtl1Mon

  View on GitHub
  Virtual Trust Level (VTL 1) secure call tracing
  ☆102Feb 12, 2026Updated 3 weeks ago
• Real-Cryillic / Sarla

  View on GitHub
  It's what all the kids are talking about
  ☆12Apr 25, 2023Updated 2 years ago
• 0xced / ChiseledSqlClient

  View on GitHub
  Trimming down unnecessary bits out of Microsoft.Data.SqlClient
  ☆17Jun 18, 2025Updated 8 months ago
• amdf / reparselib

  View on GitHub
  A library for working with NTFS Reparse Points
  ☆23Sep 6, 2019Updated 6 years ago
• s4dbrd / ETWReader

  View on GitHub
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆18Jun 29, 2024Updated last year
• 0mWindyBug / MinifilterHook

  View on GitHub
  silence file system monitoring components by hooking their minifilters
  ☆60Jan 31, 2024Updated 2 years ago
• jdu2600 / EtwTi-FluctuationMonitor

  View on GitHub
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆169May 17, 2023Updated 2 years ago
• EaseFilterSDK / File-Security-SDK

  View on GitHub
  File security filter driver SDK, implemented with a Windows file system filter driver framework. It allows you to implement file audit, …
  ☆18Jan 25, 2026Updated last month
• DavidXanatos / SysPrep

  View on GitHub
  A collection of useful scripts to prepare a new windows installation for use
  ☆20Jun 18, 2024Updated last year
• corbamico / masm64_simple_example

  View on GitHub
  very simple masm64 example to demonstrate how to compile MASM 64 bit using NMake/CMake
  ☆14Aug 23, 2022Updated 3 years ago
• rkzofficial / Horizon

  View on GitHub
  Remote Administration Tool, Server Written in C# and Client Written in C++
  ☆15Dec 8, 2022Updated 3 years ago
• kkent030315 / CiGetCertPublisherName

  View on GitHub
  An example code of CiGetCertPublisherName
  ☆16Mar 24, 2022Updated 3 years ago
• Idov31 / NovaHypervisor

  View on GitHub
  NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (eithe…
  ☆253Feb 19, 2026Updated 2 weeks ago
• paranoidninja / Process-Instrumentation-Syscall-Hook

  View on GitHub
  A simple program to hook the current process to identify the manual syscall executions on windows
  ☆265Nov 18, 2022Updated 3 years ago
• AArnott / DotNetRepoTools

  View on GitHub
  A CLI tool with commands to help maintain .NET codebases
  ☆22Updated this week
• MeeSong / Reverse-Engineering

  View on GitHub
  Reverse Engineering
  ☆13Jun 22, 2017Updated 8 years ago
• PiotrTrawinski / MyLinker

  View on GitHub
  Limited Windows PE linker (creating .exe from .obj and .dll files for x86 architecture)
  ☆16Jun 15, 2019Updated 6 years ago
• M0n7y5 / Shellby

  View on GitHub
  Small handy tool for crafting shellcodes by hand.
  ☆18Apr 20, 2022Updated 3 years ago
• microsoft / krabsetw

  View on GitHub
  KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
  ☆753Dec 15, 2025Updated 2 months ago
• EaseFilter / FilterDriver

  View on GitHub
  A File System Filter Driver for file I/O monitors, file access control, transparent file encryption.
  ☆41Jan 25, 2026Updated last month
• JaredWright / WFPStarterKit

  View on GitHub
  An example driver for Windows that shows how to set-up some basic components of the Windows Filtering Platform
  ☆205Jul 6, 2022Updated 3 years ago
• ViperXSecurity / lib-nosa

  View on GitHub
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆122Sep 8, 2024Updated last year
• therealdreg / cgaty

  View on GitHub
  Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)
  ☆73Aug 11, 2023Updated 2 years ago
• NetSPI / BOF-PE

  View on GitHub
  An example reference design for a proposed BOF PE
  ☆201Jan 23, 2026Updated last month
• pruno7 / nEkko

  View on GitHub
  A nim port of C5pider's Ekko project.
  ☆17Oct 1, 2022Updated 3 years ago