The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracker but has several enhancements. It supports 64-bit versions of Windows (no inline hooks are used, only moodifications to driver object structures are performed) and monitors IRP, FastIo, AddDevice, DriverUnload and StartIo requests.
See the IRPMon v1.0 RC milestone for quite an incomplete list of fixes and enhancements.
What is new:
Since this is a pre-release/beta, I did not update the documentation yet, however, there was not much of GUI changes, so the application may still look familiar to you. I would greatly appreciate any bug reports and other feedback.
Drivers are digitally signed by my latest certificate, so IRPMon should run correctly on all PCs expect those with Secure Boot enabled.
This is the first release with the signed driver. The driver, however, did not go through the attestation signing, so you may experience problems when using IRPMon on freshly installed post-Anniversary Update versions of Windows 10 booted with Secure Boot.
The irpmnconsole program is not part of the release, since it starts being deprecated by now. The GUI application and the documentation may change quite a bit during the future releases. I hope not to touch the driver too much until post-1.0 release.
The first beta version of the project. Binaries are not signed, documentation is included. The release contains only the GUI application and the driver, not the console one, since that is now quite obsolete.