suggestion regarding Filter driver

iam creating a filter driver to block malware application, currently iam able to block malware application but windows is showing message like this
i don’t want to show such messages, i want to do it silently plz help
this is my code

VOID
OnCreateProcessEx(PEPROCESS pEProcess,
HANDLE hProcessId,
PPS_CREATE_NOTIFY_INFO pCreateInfo)
{

if (pCreateInfo)
{
	UNICODE_STRING  usBlockingApp;

	.
	RtlInitUnicodeString(&usBlockingApp,
		L"\\??\\C:\\Windows\\System32\\calculator.exe");

	//Comparing the image of the process that has just been created
        // with the path I used above.
	if (RtlEqualUnicodeString(&usBlockingApp,
		pCreateInfo->ImageFileName,
		TRUE))
	{
		
		DbgPrint("[Process] Action = Blocking\n"
			"                 Process Id = 0x%x\n"
			"                 Parent Id = 0x%x\n"
			"                 Image name = %wZ\n\n",
			hProcessId,
			pCreateInfo->ParentProcessId,
			pCreateInfo->ImageFileName);
		
		//Changes the status of the process creation to stop.			
		pCreateInfo->CreationStatus = STATUS_ACCESS_DENIED;
	}
	else
	{
		
		DbgPrint("[Process ] Action = Starting\n"
			"                 Process Id = 0x%x\n"
			"                 Parent Id = 0x%x\n"
			"                 Image name = %wZ\n\n",
			hProcessId,
			pCreateInfo->ParentProcessId,
			pCreateInfo->ImageFileName);
	}
}
else
{
	
	DbgPrint("[Process Tracer] Action = Finishing\n"
		"                 Process Id = 0x%x\n\n",
		hProcessId);
}

}
plz help

so you want the user to get no response whatsoever when they try to run somthing. then they try again three or five times and then start cursing.

@MBond2 said:
so you want the user to get no response whatsoever when they try to run somthing. then they try again three or five times and then start cursing.

Actually i want to hide ugly windows message and show my custom message :slight_smile:

The problem is… the error dialog that’s displayed is going to be entirely dependent on the application displaying it (back in user-mode). If somebody double-clicks an app in Explorer then it’s up to Explorer. If somebody launches the app some other way, well… then the failure is going to be reported back to the user in some other way.

Think about it: An app invokes FRED.EXE – You block access to FRED.EXE by returning some error during the open processing. The app that invokes FRED.EXE gets back an error code. It is thus entirely up to that app what to do next.

There’s not a driver solution to this issue.

Peter