tandasat / UefiVarMonitor

The runtime DXE driver monitoring access to the UEFI variables by hooking the runtime service table.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

UefiVarMonitor

The sample runtime DXE driver (UEFI driver) monitoring access to the UEFI variables by hooking the runtime service table in C and Rust.

This project was developed to provide a small sample of a runtime driver.

UefiVarMonitor uefi-var-monitor

Rust implementation was made solely for author's learning.

Projects Overview

  • UefiVarMonitorDxe

    The UEFI runtime driver that hooks GetVariable and SetVariable runtime services, and logs the use of them into serial output. Written in less than 300 lines of C code.

  • uefi-var-monitor

    Nearly equivalent implementation of UefiVarMonitorDxe in Rust. Unsafe, unsafe everywhere.

  • UefiVarMonitorExDxe

    The enhanced version of UefiVarMonitorDxe allowing a Windows driver to register an inline callback of the above runtime services. This can also be used to alter parameters and block those calls.

  • UefiVarMonitorExClient

    The sample Windows driver registering a callback with UefiVarMonitorExDxe.

Building

  • UefiVarMonitorDxe and UefiVarMonitorExDxe

    1. Set up edk2 build environment
    2. Copy UefiVarMonitorPkg as edk2\UefiVarMonitorPkg
    3. On the edk2 build command prompt, run the below command:
      > edksetup.bat
      > build -t VS2019 -a X64 -b NOOPT -p UefiVarMonitorPkg\UefiVarMonitorPkg.dsc -D DEBUG_ON_SERIAL_PORT
      
      Or on Linux or WSL,
      $ . edksetup.sh
      $ build -t GCC5 -a X64 -b NOOPT -p UefiVarMonitorPkg/UefiVarMonitorPkg.dsc -D DEBUG_ON_SERIAL_PORT
      
  • uefi-var-monitor

    1. Install the nightly rust compiler. Below is an example on Linux, but it is largely the same on Windows.
      $ sudo snap install rustup --classic
      $ rustup default nightly
      $ rustup component add rust-src
      
    2. Build the project.
      $ cd uefi-var-monitor
      $ cargo build
      
  • UefiVarMonitorExClient

    This is a standard Windows driver. VS2019 and WDK 10.0.18362 or later are required.

Credits

  • Thank you @x1tan for modernalized xcargo-less build.

About

The runtime DXE driver monitoring access to the UEFI variables by hooking the runtime service table.

License:MIT License


Languages

Language:C 83.5%Language:Rust 15.5%Language:Batchfile 1.0%