Is it possible to access the process creation flags in the PsSetCreateProcessNotifyRoutine callback ? Specifically, I want to determine whenever any parent process creates a child process with CREATE_SUSPENDED flag. I am looking for a solution which works on XP and later OS.
that’s a flag for threads not process.
Never mind… Just Kidding, sorry 