This is the source code associated with my blog post on exploiting the probmon.sys
Minifilter driver in order to create a process killer.
Link https://antonioparata.blogspot.com/2024/02/exploiting-vulnerable-minifilter-driver.html
Demo video (in italian) https://www.youtube.com/watch?v=I4joF2sQWHU where MsMpEng.exe is terminated (at 20:40)
Run cargo build --release
in the root directory. The binary will be in target\release\s4killer.exe
s4killer.exe <PID or PROGRAM>
eg. s4killer.exe notepad.exe