We are looking for someone that can develop a kernel mode driver that implements SSDT hooking mainly to log, block and manipulate Zw* functions in the ntoskrnl.exe. The hooks should be able to be applied on a selected set of processes, which is initially a "target process" and can be expanded, if the "target process" injects itself into other processes. In this project you will be working very closely with a developer of the company (i.e. you are not "on your own") and get a lot of help, as a similar technology (just with hooks on [url removed, login to view]) already exists for usermode. The driver is part of a malware analysis system called "VxStream Sandbox" (see [url removed, login to view]) and will be an extension. The first version does not need to be compatible with 64 bit, but 32 bit for Windows XP - Windows 8 is necessary.
If you have no idea what NTOSKRNL is or you have no experience in driver development, then this project is not for you. Knowledge on malware and injection techniques (remote thread injection, etc.) is definitely a plus. See the attached files for sample output that would be required by the system, including a (confidential!) specification of the output format. It is important that the driver can write output to simple *.csv files. The project budget can grow (and it is an ongoing project), depending on how extensive the code is. We are an IT-security startup company, so the money is relatively limited (at the beginning), but a long term partnership might evolve.
2 freelancers are bidding on average €555 for this job
Hello. I considered your requirements. I have good experiences like your project. I can do it with c++, assembly if you want. Please reply. I am ready for your project.