In the modern world, users encounter many cyber threats, one of which is unauthorized access to the user's microphone for the purpose of eavesdropping. In order to realize a control of access to the microphone data on the part of processes running on the user's computer it is necessary to perform a filtration of certain requests within the operating system or obtain access to the context of the request data for identification of the processes requesting access, in order to block those processes for which access has not been authorized. In the Windows XP and older operating systems, this functionality has been resolved by intercepting traffic in the region of the “KSmixer.sys” kernel component (the Windows Kernel Streaming technology). Requests to read microphone data in the framework of the traffic being intercepted have gone through a special filter in the context of the process reading the microphone data.
With the advent of Windows Vista, a new architecture WASAPI was developed, consisting of many kernel components and a user mode where the Windows Kernel Streaming technology has remained in the “basic variant”, while all of the audio traffic has been put through private COM interfaces of new audio drivers, which are registered on the port driver “portcls.sys”. These audio drivers can be realized such that the audio traffic with the help of a Direct Access Memory (DMA) controller ends up at once in the user mode buffer, that is, without the involvement of the processor or any supplemental code. And this buffer is mapped into a protected process “audiodg.exe”, from which the data is copied by the processor into the buffer of the user process in the context of this same process “audiodg.exe”. That is, the controlling filter in the Windows Kernel Streaming technology has become absolutely unsuitable, starting with Windows Vista.
Due to the foregoing, the need arises for a method which is able to intercept audio traffic from microphones linked to the context of the processes reading the data from the microphones in order to protect transmission of audio data.