-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathUserDrivenKernelAgent.inf
More file actions
77 lines (59 loc) · 2.08 KB
/
UserDrivenKernelAgent.inf
File metadata and controls
77 lines (59 loc) · 2.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
;
; UserDrivenKernelAgent.inf — Minifilter driver installation
;
[Version]
Signature = "$WINDOWS NT$"
Class = "ActivityMonitor"
ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}
Provider = %ManufacturerName%
CatalogFile = UserDrivenKernelAgent.cat
DriverVer =
PnpLockdown = 1
[DestinationDirs]
DefaultDestDir = 12 ; %windir%\System32\drivers
EdrAgent.DriverFiles = 12
[SourceDisksNames]
1 = %DiskName%,,,""
[SourceDisksFiles]
UserDrivenKernelAgent.sys = 1,,
;;; ─── Install ───
[DefaultInstall.NT$ARCH$]
OptionDesc = %ServiceDescription%
CopyFiles = EdrAgent.DriverFiles
[DefaultInstall.NT$ARCH$.Services]
AddService = %ServiceName%,,EdrAgent.Service
;;; ─── Uninstall ───
[DefaultUninstall.NT$ARCH$]
LegacyUninstall = 1
DelFiles = EdrAgent.DriverFiles
[DefaultUninstall.NT$ARCH$.Services]
DelService = %ServiceName%,0x200 ; SPSVCINST_STOPSERVICE
;;; ─── Service ───
[EdrAgent.Service]
DisplayName = %ServiceDescription%
Description = %ServiceDescription%
ServiceBinary = %12%\UserDrivenKernelAgent.sys
ServiceType = 2 ; SERVICE_FILE_SYSTEM_DRIVER
StartType = 0 ; SERVICE_BOOT_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
LoadOrderGroup = "FSFilter Activity Monitor"
AddReg = EdrAgent.AddRegistry
Dependencies = FltMgr
;;; ─── Minifilter registration ───
[EdrAgent.AddRegistry]
HKR,"Parameters\Instances","DefaultInstance",0x00000000,%DefaultInstance%
HKR,"Parameters\Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Parameters\Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
;;; ─── Files ───
[EdrAgent.DriverFiles]
UserDrivenKernelAgent.sys
;;; ─── Strings ───
[Strings]
ManufacturerName = "EDR Agent"
ServiceName = "EdrAgent"
ServiceDescription = "EDR Agent Minifilter Driver"
DiskName = "EDR Agent Installation Disk"
DefaultInstance = "EdrAgent Instance"
Instance1.Name = "EdrAgent Instance"
Instance1.Altitude = "370020"
Instance1.Flags = 0x0