PsSetCreateProcessNotifyRoutine() is not available on Windows 2000.
Q1: Is it going to be part of the IFS implementation on Windows 2000?
(expect no)
Q2: What’s the best alternative?
I’ve read all the notes on hooking and I know how bad it is. Would
really like to do something else… Unfortunately, really need this
functionality.
Regards,
It is available on Windows 2000, (it worked in NT 4.0).
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
“Mickey & Eileen Lane” wrote in message
news:xxxxx@ntfsd…
> PsSetCreateProcessNotifyRoutine() is not available on Windows 2000.
>
> Q1: Is it going to be part of the IFS implementation on Windows 2000?
> (expect no)
>
> Q2: What’s the best alternative?
>
> I’ve read all the notes on hooking and I know how bad it is. Would really
> like to do something else… Unfortunately, really need this
> functionality.
>
> Regards,
>
>
>
>
> PsSetCreateProcessNotifyRoutine() is not available on Windows 2000.
It’s been available since NT 4.0 (Look at export symbols from NT4’s
NTOSKRNL.EXE). It is just that MS decided to document it
in later IFS kits
L.
I stand corrected. And a little embarrassed.
After a little investigation…
All versions (2k and up) have PsSetCreateProcessNotifyRoutine() and
PsSetLoadImageNotifyRoutine(). These are so closely coupled I’ve always
treated them as a single thing. (As I’m not concerned about NT 4, I
didn’t check that…)
To undo PsSetCreateProcessNotifyRoutine() on all versions (2k and up),
you call it again with the 2nd argument FALSE.
To undo PsSetLoadImageNotifyRoutine() on versions XP and up, you call
PsRemoveLoadImageNotifyRoutine().
There is no undo for PsSetLoadImageNotifyRoutine() on W2k. The help says:
Any driver that successfully registers such a callback /must
remain loaded until the system itself is shut down/.
When my routine that manipulates these things failed to compile on W2k,
I didn’t read the err file very carefully and made an assumption…
Thanks,
Mickey.
Ladislav Zezula wrote:
> PsSetCreateProcessNotifyRoutine() is not available on Windows 2000.
It’s been available since NT 4.0 (Look at export symbols from NT4’s
NTOSKRNL.EXE). It is just that MS decided to document it
in later IFS kitsL.
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17You are currently subscribed to ntfsd as: xxxxx@earthlink.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
I remember that some of these routines were working from NT4 up.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Mickey & Eileen Lane”
To: “Windows File Systems Devs Interest List”
Sent: Tuesday, December 13, 2005 7:56 PM
Subject: [ntfsd] Process start/stop on Windows 2000
> PsSetCreateProcessNotifyRoutine() is not available on Windows 2000.
>
> Q1: Is it going to be part of the IFS implementation on Windows 2000?
> (expect no)
>
> Q2: What’s the best alternative?
>
> I’ve read all the notes on hooking and I know how bad it is. Would
> really like to do something else… Unfortunately, really need this
> functionality.
>
> Regards,
>
>
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com