hi guys,
writing my first driver that uses “ObRegisterCallbacks” to intercept handle creation attempts to my process.
but when my process is created the creator also “creates” (it did call CreateProcess ) a handle to my process which triggers a false alert.
is there any-way to detect that the handle creation is from the “parent” process so i can make my alerting code ignore it?
thanks in advance