UefiVarMonitor
The sample runtime DXE driver (UEFI driver) monitoring access to the UEFI variables by hooking the runtime service table in C and Rust.
This project was developed to provide a small sample of a runtime driver.
Rust implementation was made solely for author's learning.
Projects Overview
-
UefiVarMonitorDxe
The UEFI runtime driver that hooks
GetVariableandSetVariableruntime services, and logs the use of them into serial output. Written in less than 300 lines of C code. -
uefi-var-monitor
Nearly equivalent implementation of
UefiVarMonitorDxein Rust. Unsafe, unsafe everywhere. -
UefiVarMonitorExDxe
The enhanced version of
UefiVarMonitorDxeallowing a Windows driver to register an inline callback of the above runtime services. This can also be used to alter parameters and block those calls. -
UefiVarMonitorExClient
The sample Windows driver registering a callback with
UefiVarMonitorExDxe.
Building
-
UefiVarMonitorDxe and UefiVarMonitorExDxe
- Set up edk2 build environment
- Copy
UefiVarMonitorPkgasedk2\UefiVarMonitorPkg - On the edk2 build command prompt, run the below command:
Or on Linux or WSL,
> edksetup.bat > build -t VS2019 -a X64 -b NOOPT -p UefiVarMonitorPkg\UefiVarMonitorPkg.dsc -D DEBUG_ON_SERIAL_PORT$ . edksetup.sh $ build -t GCC5 -a X64 -b NOOPT -p UefiVarMonitorPkg/UefiVarMonitorPkg.dsc -D DEBUG_ON_SERIAL_PORT
-
uefi-var-monitor
- Install the nightly rust compiler. Below is an example on Linux, but it is largely the same on Windows.
$ sudo snap install rustup --classic $ rustup default nightly $ rustup component add rust-src - Build the project.
$ cd uefi-var-monitor $ cargo build
- Install the nightly rust compiler. Below is an example on Linux, but it is largely the same on Windows.
-
UefiVarMonitorExClient
This is a standard Windows driver. VS2019 and WDK 10.0.18362 or later are required.
Credits
- Thank you @x1tan for modernalized xcargo-less build.