#Driver-Development

3 posts

Build Your Own EDR - Part 3: More Eyes (Threads & Image Loads)
May 23, 2026 ·12 min read
In Part 2, our driver gained the ability to capture process creation and exit events, storing them in a spinlock-protected queue, while our agent pulls a packed stream over the IOCTL channel. By the end of this post, the …
#windows#kernel#driver-development#edr#tutorial#c
Build Your Own EDR - Part 2: Watching Process Creation
May 16, 2026 ·20 min read
In Part 1, we built a “hello world” driver: it creates a device, setup a dispatch table to route IRPs, and exposes an IOCTL the agent calls to pull a fixed greeting: "hello from kernel". Now, we …
#windows#kernel#driver-development#edr#tutorial#c
Build Your Own EDR - Part 1: Talking to the Kernel
May 9, 2026 ·11 min read
EDR (Endpoint Detection and Response) is a cybersecurity solution that monitors endpoints - such as desktops, laptops, and servers - and responds to threats targeting them. EDR solutions provide real-time visibility into …
#windows#kernel#driver-development#edr#tutorial#c