Exetools  

Go Back   Exetools > General > x64 OS

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-09-2018, 01:41
biorpg biorpg is offline
Friend
 
Join Date: May 2018
Posts: 2
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 4
Thanks Rcvd at 5 Times in 2 Posts
biorpg Reputation: 0
FSFilter drivers in Windows 10

@TechLord Hoping to continue the discussion from windows+cleaned here..

Not going to ask for an ISO, but rather for some information about the method used to "mercilessly truncate" the filter drivers from the Windows 10(let's say 14393) install image.

I'd imagine you didn't remove all of the filter drivers, correct? Some core functionality relies on them. If you could share which filters were left in place, if any, that would be a great starting point.

And, as for actually removing them; was this accomplished by removing references in the registry, by modifying the drivers themselves, or by overriding them with a custom filter at a higher altitude?

I'd be extremely grateful for your(or anyone's) help! Thanks.
Reply With Quote
The Following 2 Users Say Thank You to biorpg For This Useful Post:
an0rma1 (07-11-2018), Indigo (07-19-2019)
  #2  
Old 07-09-2018, 08:49
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 786
Rept. Given: 389
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 806
Thanks Rcvd at 2,055 Times in 596 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
...
BOTTOM LINE : I AM NOT CONTINUING THE DISCUSSION HERE IN PUBLIC WHERE EVERYONE CAN VIEW IT AT THIS TIME.

Thank you all

Last edited by TechLord; 07-10-2018 at 21:48. Reason: Have cooled down :D - Removed the rather hasrsh comments
Reply With Quote
The Following User Says Thank You to TechLord For This Useful Post:
Indigo (07-19-2019)
  #3  
Old 07-10-2018, 08:02
biorpg biorpg is offline
Friend
 
Join Date: May 2018
Posts: 2
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 4
Thanks Rcvd at 5 Times in 2 Posts
biorpg Reputation: 0
My apologies, I saw that you said you didn't want to discuss in public over in the general forum; I suppose I should have logged out to see that this is one is also public. *EDIT: Just realized it's under "General", doh!

But from the sound of it, you're saying the creation of a similar custom installation is not something I'm going to accomplish on my own in my free time. Bummer!

As an aside, I don't understand why people question or ridicule someone's methods when they create something superior and unique..
Reply With Quote
The Following 3 Users Say Thank You to biorpg For This Useful Post:
an0rma1 (07-11-2018), Indigo (07-19-2019), TechLord (07-10-2018)
  #4  
Old 03-19-2019, 01:21
Avalon Avalon is offline
Friend
 
Join Date: Jul 2018
Posts: 7
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 9 Times in 7 Posts
Avalon Reputation: 0
During my Windows research/RE work over the years. I have seen telemetry code located in DLL's (never took much notice of it), but they could easily be removed from the system and I presume the programs would continue to execute fine.

I've seen it in kernel code too - the drivers/func names etc are all quite obvious typically with the word "telemetry" in it, functions calls to other locations, but again not took much notice.
Reply With Quote
The Following User Says Thank You to Avalon For This Useful Post:
Indigo (07-19-2019)
  #5  
Old 04-04-2019, 18:57
chants chants is offline
Family
 
Join Date: Jul 2016
Posts: 419
Rept. Given: 0
Rept. Rcvd 25 Times in 16 Posts
Thanks Given: 331
Thanks Rcvd at 633 Times in 311 Posts
chants Reputation: 25
Any specific filter driver that anyone know of which can be removed from Windows 10? As far as I know this can be done quite simply purely through DISM and is not so difficult...
Reply With Quote
The Following User Says Thank You to chants For This Useful Post:
Indigo (07-19-2019)
Reply

Tags
driver, windows 10

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DriverBuddy:IDA plugin to assist with reverse engineering Windows kernel drivers sh3dow Source Code 0 11-24-2016 02:49
Windows Drivers (.sys) packing/protection pp2 General Discussion 8 04-15-2005 11:49


All times are GMT +8. The time now is 17:35.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX