Need: Able to monitor all process that are opened in the user’s session and able to block/elevate/reduce the process functionlity without user’s intervention.
I have tried this through process hooking with dlls, but AntiVirus doesn’t allow it.
Searched the internet and found out Windows Driver is the right way to do it.
But with the driver, there are two many options
- using kernel driver
- using kernel driver to hook user mode applications.
Want to know the correct and proper way to do it. Any help is much appreciated.
Thanks.