This is a simple filter that will block any attempt to access streams beginning with

i30Flt

@jonasLyk reported a REALLY interesting corruption error reported by NTFS:

https://twitter.com/jonasLyk/status/1347900440000811010

Triggering the notification only requires that you visit a particular path on an NTFS volume.

Our research indicates that the “file corrupt” error bubbles up from a network query open, so it’s sufficient to just call GetFileAttributes to see the behavior. We think the bug is in all the changes around case sensitivity...There’s a memory compare of “$i30” with “$I30” before the descent into chaos. Also if you use “$I30” in the offending command you don’t get the problem.

The directory is not really corrupt at this point and the volume is not immediately corrupted by this change. The result is ugly though and we have anecdotal evidence of a system here at OSR failing to boot after multiple attemps to chkdsk, so we though we'd mitigate the problem while we wait for the real fix to arrive.

This filter blocks any attempts to open a stream that begins with ":$i30:". This blocks more than just the intended path (e.g. ":$i30:$index_allocation") but we believe the impact of this to be minimal.

Downloads

We have signed binaries available for immediate install on x86 and x64 platforms.

Download the latest i30Flt release

Installation

Open an elevated command prompt and execute the following commands:

RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 .\i30flt.inf

wevtutil im i30flt.man

fltmc load i30flt

To uninstall the filter execute the following:

RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultUninstall 132 .\i30flt.inf

Building

The provided solution builds using the 2004 WDK.

Similar Resources

A framework for implementing block device drivers in user space

BDUS is a Linux 4.0+ framework for developing block devices in user space. More specifically, it enables you to implement block device drivers as regu

May 24, 2022

Unix pager (with very rich functionality) designed for work with tables. Designed for PostgreSQL, but MySQL is supported too. Works well with pgcli too. Can be used as CSV or TSV viewer too. It supports searching, selecting rows, columns, or block and export selected area to clipboard.

Unix pager (with very rich functionality) designed for work with tables. Designed for PostgreSQL, but MySQL is supported too. Works well with pgcli too. Can be used as CSV or TSV viewer too. It supports searching, selecting rows, columns, or block and export selected area to clipboard.

Unix pager (with very rich functionality) designed for work with tables. Designed for PostgreSQL, but MySQL is supported too. Works well with pgcli too. Can be used as CSV or TSV viewer too. It supports searching, selecting rows, columns, or block and export selected area to clipboard.

Aug 7, 2022

Generating block-structured grids for ocean domains

This is an implementation of the Paper "Automatic Generation of Load-Balancing-Aware Block-Structured Grids for Complex Ocean Domains" presented at th

Feb 10, 2022

Simple sensor filter chain nodes and nodelets

sensor_filters This package is a collection of nodes and nodelets that service a filters::FilterChain for message types from sensor_msgs package. Each

Jun 30, 2022

Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.

Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.

CosMapper Loads a signed kernel driver (signed with leaked cert) which allows you to map any driver to kernel mode without any traces of the signed /

Aug 12, 2022

Automatically load dlls into any executables without replacing any files!

Automatically loaded dll using xinput9_1_0 proxy. Please put the modified xinput9_1_0.dll in the executable's directory.

Apr 17, 2022

Create a calculator of any kind in any language, create a pr.

calculators Create a calculator of any kind in any language, create a pr. Create a calculator of any type using the programming language of your choic

Dec 1, 2021

Corsair LL Access driver abuse

CorsairLLeak Map physical addresses into userspace (RW), read/write MSRs, send/recieve data on I/O ports, and query/set bus configuration data with th

Jun 27, 2022
Comments
  • Older OSes

    Older OSes

    Looking over the internet I haven't found an official confirmation whether the bug affect or not older OSes but does this driver works on Windows XP/7/8?

  • PC slowdown

    PC slowdown

    Hi, when I was trying to install the patch, I get an error while installing one of the archives (it says something like one of the files doesn't exist) so I decide to cancel and try to uninstall and sends me a error too, I decide to delete the folder and forget about it, but now my pc have a very slow performance, even look a photo the programs freeze, stop responding and few minutes later them open, that happens with videos too, chrome, etc, I don't know if that failed patch was the origin but...

  • Suggestion: Block access to the BSOD path

    Suggestion: Block access to the BSOD path

    I'm not an user of this project but if you found a way to prevent accessing the path that marks a drive as dirty, you could probably blacklist also the path that causes a bluescreen? It's also supposed to be fixed next month as far as I know and maybe the one or other person might be interested to see this being added here. This path \\.\globalroot\device\condrv\kernelconnect basically crashing a PC if accessed.

Related tags
The purpose of these streams is to be educational and entertaining for viewers to learn about systems architecture, reverse engineering, software security, etc., and NOT to encourage nor endorse malicious game hacking.
The purpose of these streams is to be educational and entertaining for viewers to learn about systems architecture, reverse engineering, software security, etc., and NOT to encourage nor endorse malicious game hacking.

Memestream This repository holds the code that I develop during my live game "modding" ?? sessions. When I stream, I like to speedrun making a success

Jul 6, 2022
An attempt to run fcitx5 on Android

fcitx5-android-poc An attempt to run fcitx5 on Android. Project status It can build, run, and print to stdout. Build Dependencies Android SDK Platform

Aug 8, 2022
My humble attempt at getting tensorflow and the ESP32-CAM to cooperate

ESP32-Object-Recognition My humble attempt at getting tensorflow and the ESP32-CAM to cooperate (among other things) Notes: "Webcam_detection.py" isn'

Jun 21, 2022
My attempt at comparing the 5455 XDK kernel against an older build, NOT COMPILABLE CODE (Mainly psudocode with sections filled in)

xboxkrnl.exe build 5445 XDK CHK My attempt at comparing the 5455 XDK kernel an older build, NOT COMPILABLE CODE (Mainly psudocode with sections filled

Dec 4, 2021
Historical Bell Labs ratfor code. Plus an attempt to modernize it.

RATFOR --- Rational Fortran This repository tracks the history of the original C version of the Bell Labs ratfor translator written by Brian Kernighan

May 5, 2022
My attempt at writing an Operating System from scratch

Operating System Trying to write my own operating system from scratch Current Status: Compiles ✔️ Directory Structure (Will be updated as changes happ

Jan 9, 2022
CAAR is an attempt at writing a modern Lisp machine.
CAAR is an attempt at writing a modern Lisp machine.

CAAR - The modern lisp machine CAAR is an attempt at writing a modern Lisp machine. The goal of this project is to be able to run a somewhat functiona

Jun 19, 2022
Block Cipher Reverse Engineering: A Challenge by Nintendo European Research & Development
Block Cipher Reverse Engineering: A Challenge by Nintendo European Research & Development

My algorithm cracks NERD HireMe for any output within 1 Second without Brute-Force! Read more if you want to find out how this was accomplished or execute this algorithm yourself on Wandbox - Online C++ Compiler

Nov 15, 2021
Modifies the hosts file in order to block sites hosting Kant's rat

In the Minecraft cheating community, it's not uncommon for clients or client cracks/leaks to be malware. The most famous example of this would be the Autumn client "crack", released by Kant. This application attempts to blacklist known hosts of Kant's malware, in order to prevent someone from accidentally getting themselves ratted.

Aug 12, 2022