This is the source code associated with my blog post on exploiting the probmon.sys Minifilter driver in order to create a process killer.
Link https://antonioparata.blogspot.com/2024/02/exploiting-vulnerable-minifilter-driver.html
Demo video (in italian) https://www.youtube.com/watch?v=I4joF2sQWHU where MsMpEng.exe is terminated (at 20:40)