After hours of spending on installing drivers, I began looking at minispy driver:
Windows-driver-samples/filesys/miniFilter/minispy/
I am trying to catch all the calls of user to open files. I was trying to do it with all the parameters it prints (like Opr, Major Operation...) but I can't filter it in exact way.
How can I filter only the user calls (open file)?? How can I determinate within the code if the user called the transaction?
Thank you very much for your help.
look for
FLT_CALLBACK_DATA.RequestorMode- if you use minifilter.