On Windows 2008 R2 x64 the SPLUNK Trace Kernel Mode Driver (splunkdrv-win6.sys - v6.0.6000.16386) shipped with Splunk Universal Forwarder 4.2.3 (build 105575) is listed as being built with the Windows Codename Longhorn DDK!!
Now this DDK was not meant for production driver builds and contained some major issues (which of course may not affect this driver), however when Microsoft released the supportd DDK all vendors are supposed to rebuild their drivers using this.
My question is did SPLUNK rebuild the Kernel Mode Driver with a production DDK, and if so which build of SPLUNK does it ship in and if not will you do a rebuild of this driver with a supported DDK?
... View more