This is a simple filter that will block any attempt to access streams beginning with

Related tags

Miscellaneous i30Flt
Overview

i30Flt

@jonasLyk reported a REALLY interesting corruption error reported by NTFS:

https://twitter.com/jonasLyk/status/1347900440000811010

Triggering the notification only requires that you visit a particular path on an NTFS volume.

Our research indicates that the “file corrupt” error bubbles up from a network query open, so it’s sufficient to just call GetFileAttributes to see the behavior. We think the bug is in all the changes around case sensitivity...There’s a memory compare of “$i30” with “$I30” before the descent into chaos. Also if you use “$I30” in the offending command you don’t get the problem.

The directory is not really corrupt at this point and the volume is not immediately corrupted by this change. The result is ugly though and we have anecdotal evidence of a system here at OSR failing to boot after multiple attemps to chkdsk, so we though we'd mitigate the problem while we wait for the real fix to arrive.

This filter blocks any attempts to open a stream that begins with ":$i30:". This blocks more than just the intended path (e.g. ":$i30:$index_allocation") but we believe the impact of this to be minimal.

Downloads

We have signed binaries available for immediate install on x86 and x64 platforms.

Download the latest i30Flt release

Installation

Open an elevated command prompt and execute the following commands:

RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 .\i30flt.inf

wevtutil im i30flt.man

fltmc load i30flt

To uninstall the filter execute the following:

RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultUninstall 132 .\i30flt.inf

Building

The provided solution builds using the 2004 WDK.

You might also like...
Automatically load dlls into any executables without replacing any files!

Automatically loaded dll using xinput9_1_0 proxy. Please put the modified xinput9_1_0.dll in the executable's directory.

null 14 Dec 24, 2022
Create a calculator of any kind in any language, create a pr.

calculators Create a calculator of any kind in any language, create a pr. Create a calculator of any type using the programming language of your choic

Akshay Gautam 2 Oct 21, 2022
Block Cipher Reverse Engineering: A Challenge by Nintendo European Research & Development
Block Cipher Reverse Engineering: A Challenge by Nintendo European Research & Development

My algorithm cracks NERD HireMe for any output within 1 Second without Brute-Force! Read more if you want to find out how this was accomplished or execute this algorithm yourself on Wandbox - Online C++ Compiler

Alexander Töpfer 58 Nov 15, 2021
Modifies the hosts file in order to block sites hosting Kant's rat

In the Minecraft cheating community, it's not uncommon for clients or client cracks/leaks to be malware. The most famous example of this would be the Autumn client "crack", released by Kant. This application attempts to blacklist known hosts of Kant's malware, in order to prevent someone from accidentally getting themselves ratted.

Gardening_Tool 62 Dec 13, 2022
A framework for implementing block device drivers in user space

BDUS is a Linux 4.0+ framework for developing block devices in user space. More specifically, it enables you to implement block device drivers as regu

Alberto Faria 26 Dec 13, 2022
Unix pager (with very rich functionality) designed for work with tables. Designed for PostgreSQL, but MySQL is supported too. Works well with pgcli too. Can be used as CSV or TSV viewer too. It supports searching, selecting rows, columns, or block and export selected area to clipboard.
Unix pager (with very rich functionality) designed for work with tables. Designed for PostgreSQL, but MySQL is supported too. Works well with pgcli too. Can be used as CSV or TSV viewer too. It supports searching, selecting rows, columns, or block and export selected area to clipboard.

Unix pager (with very rich functionality) designed for work with tables. Designed for PostgreSQL, but MySQL is supported too. Works well with pgcli too. Can be used as CSV or TSV viewer too. It supports searching, selecting rows, columns, or block and export selected area to clipboard.

Pavel Stehule 1.9k Jan 4, 2023
Generating block-structured grids for ocean domains

This is an implementation of the Paper "Automatic Generation of Load-Balancing-Aware Block-Structured Grids for Complex Ocean Domains" presented at th

null 2 Feb 10, 2022
Simple sensor filter chain nodes and nodelets

sensor_filters This package is a collection of nodes and nodelets that service a filters::FilterChain for message types from sensor_msgs package. Each

Vision for Robotics and Autonomous Systems 16 Aug 15, 2022
Corsair LL Access driver abuse

CorsairLLeak Map physical addresses into userspace (RW), read/write MSRs, send/recieve data on I/O ports, and query/set bus configuration data with th

Arush Agarampur 21 Jun 27, 2022
Comments
  • Older OSes

    Older OSes

    Looking over the internet I haven't found an official confirmation whether the bug affect or not older OSes but does this driver works on Windows XP/7/8?

    opened by ale5000-git 0
  • PC slowdown

    PC slowdown

    Hi, when I was trying to install the patch, I get an error while installing one of the archives (it says something like one of the files doesn't exist) so I decide to cancel and try to uninstall and sends me a error too, I decide to delete the folder and forget about it, but now my pc have a very slow performance, even look a photo the programs freeze, stop responding and few minutes later them open, that happens with videos too, chrome, etc, I don't know if that failed patch was the origin but...

    opened by victordavid29 1
  • Suggestion: Block access to the BSOD path

    Suggestion: Block access to the BSOD path

    I'm not an user of this project but if you found a way to prevent accessing the path that marks a drive as dirty, you could probably blacklist also the path that causes a bluescreen? It's also supposed to be fixed next month as far as I know and maybe the one or other person might be interested to see this being added here. This path \\.\globalroot\device\condrv\kernelconnect basically crashing a PC if accessed.

    opened by Animan8000 1
Owner
OSR Open Systems Resources, Inc.
OSR Open Systems Resources, Inc.
GitHub https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/
The purpose of these streams is to be educational and entertaining for viewers to learn about systems architecture, reverse engineering, software security, etc., and NOT to encourage nor endorse malicious game hacking.

Memestream This repository holds the code that I develop during my live game "modding" ?? sessions. When I stream, I like to speedrun making a success

Stephen Tong 28 Jul 6, 2022
Utility for testing random and pseudorandom sequences, either as bytes or bit streams, reporting entropy, mean value, serial correlation, chi square, and Monte Carlo estimate of an value, serial correlation, chi square, and Monte Carlo estimate of π.

ENT — Fourmilab Random Sequence Tester The Fourmilab Random Sequence Tester, ent, applies various tests to sequences of bytes stored in files and repo

John Walker 24 Dec 15, 2022
An attempt to run fcitx5 on Android

fcitx5-android-poc An attempt to run fcitx5 on Android. Project status It can build, run, and print to stdout. Build Dependencies Android SDK Platform

null 527 Jan 8, 2023
My humble attempt at getting tensorflow and the ESP32-CAM to cooperate

ESP32-Object-Recognition My humble attempt at getting tensorflow and the ESP32-CAM to cooperate (among other things) Notes: "Webcam_detection.py" isn'

null 13 Jun 21, 2022
My attempt at comparing the 5455 XDK kernel against an older build, NOT COMPILABLE CODE (Mainly psudocode with sections filled in)

xboxkrnl.exe build 5445 XDK CHK My attempt at comparing the 5455 XDK kernel an older build, NOT COMPILABLE CODE (Mainly psudocode with sections filled

null 2 Dec 4, 2021
Historical Bell Labs ratfor code. Plus an attempt to modernize it.

RATFOR --- Rational Fortran This repository tracks the history of the original C version of the Bell Labs ratfor translator written by Brian Kernighan

Arnold Robbins 9 May 5, 2022
My attempt at writing an Operating System from scratch

Operating System Trying to write my own operating system from scratch Current Status: Compiles ✔️ Directory Structure (Will be updated as changes happ

Nofil Qasim 12 Oct 6, 2022
CAAR is an attempt at writing a modern Lisp machine.

CAAR - The modern lisp machine CAAR is an attempt at writing a modern Lisp machine. The goal of this project is to be able to run a somewhat functiona

Abbix 10 Jun 19, 2022
Static reflection for enums (to string, from string, iteration) for modern C++, work with any enum type without any macro or boilerplate code

__ __ _ ______ _____ | \/ | (_) | ____| / ____|_ _ | \ / |

Daniil Goncharov 3.3k Jan 5, 2023
Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.

CosMapper Loads a signed kernel driver (signed with leaked cert) which allows you to map any driver to kernel mode without any traces of the signed /

null 157 Jan 2, 2023