Maintained & hardened a production‐grade kernel driver that transparently encrypts every file touch-point for Fortune 500 and government clients.
Customers needed “encrypt-everything” protection on Windows endpoints. Legacy code left executables unguarded against live tampering, and support teams were drowning in driver-related crash dumps.
I evolved the product into a hardened, self-protecting encryption platform:
| Component | Purpose | Key Tech |
|---|---|---|
| Minifilter | Hooks all file create / read / write / move events | FltMgr · C++17 |
| Crypto Engine | AES-256 encrypt/decrypt on-the-fly | Windows CNG |
| Self-Protection | Blocks debugger attach & runtime patching of LANCrypt executables | ObRegisterCallbacks API |
| Diagnostics | Auto-captures & symbols crash dumps for support | WinDbg · KD extension scripts |
How it works: Files are encrypted at rest. When they leave the machine (e-mail, copy, upload) the driver decrypts them transparently, ensuring usability without sacrificing security.
Re-architected critical driver sections; implemented self-protection via ObRegisterCallbacks; refactored legacy C into modern C++17; analysed >50 customer crash dumps down to assembly level; mentored junior devs in Windows internals.
| Challenge | Mitigation & Result |
|---|---|
| Executables could be debugged & patched live | Added kernel-level object callbacks → blocked tampering, audit passed |
| Legacy, brittle C codebase | Incremental C++17 refactor + unit tests → 20 % fewer regression bugs |
| Difficult crash-dump triage | Custom WinDbg scripts + symbol server → diagnostics < 15 min per case |