To get the notification of the new process creation, enable the flag “PROCESS_CREATION_NOTIFICATION”, if you want to get the notification of the process termination, enable the flag “PROCESS_TERMINATION_NOTIFICATION”, if you want to get the notification of the process handle was created or duplicated, enable the flag “PROCESS_HANDLE_OP_NOTIFICATION”, if you want to get the notification of the new thread creation, enable the flag “THREAD_CREATION_NOTIFICATION”, if you want to get the notification of the thread termination, enable the flag “THREAD_TERMINIATION_NOTIFICATION”, if you want to get the notification of the thread handle was created or duplicated, enable the flag “THREAD_HANDLE_OP_NOTIFICATION”. It also enables your application to get the callback notification for the process/thread creation or termination, from the new process information you can get the parent process Id and thread Id of the new created process, you also can get the exact file name that is used to open the executable file and the command line that is used to execute the process if it is available. With the EaseFilter Process Filter Driver, it enables your application to prevent the untrusted executable binaries ( malwares) from being launched, protect your data being damaged by the untrusted processes. A file system watcher listens to change notifications generated by the operating system and invokes a given function if the file change matches several filter criteria like the directory, the file name or the type of the change. Easefilter Process Filter Driver SDK is a kernel-mode driver that filters process/thread creation and termination, it provides you an easy way to develop Windows application for the Windows process monitoring and protection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |