Pardon me for not announcing the pre-release availability of Fibratus here on the blog. It was a pretty busy month for me.
Anyway, I feel very excited about Fibratus. At the moment of writing, it has 205 stars and 23 forks on Github. I didn’t expect much acceptance during these 3 weeks since I pushed the code to the repository! The production ready release should be out shortly. There are some minor issues to fix.
I’m figuring out on how to avoid blocking the main thread when calling the
NtQueryObject function on a synchronous kernel object. Since Windows doesn’t provide any facility to get the I/O status of an object opened for synchronous access, the famous work-around consists on calling the
NtQueryObject in a new thread and terminating it if the timeout is reached. The support for Windows 10 and a whole new set of filaments is also on the roadmap.