I'm building a Minifilter Kernel Driver for Antivirus purposes that whanever a filesystem operation (open | write | read) happens it retrieves the filename and process ID involved in the operation. I was wondering myself if it's possible to make the Driver send the data (file name and PID) to a user-mode Python application, for example using FltSendMessage ?
What you are trying to achieve is possible, however, it won't be without any hack. First of all, there aren't any libraries/wrappers to interact with a minifilter driver other than the one in C++ provided by Microsoft. Based on that, you could: