Hi All,
Is there some API that does the job of PsSetCreateProcessNotifyRoutine() so
that any application/dll could register for process creation notification
from OS.
Any information is helpful.
Thanks,
Kedar.
Hi All,
Is there some API that does the job of PsSetCreateProcessNotifyRoutine() so
that any application/dll could register for process creation notification
from OS.
Any information is helpful.
Thanks,
Kedar.
Hi, there is no such thing in user mode however you can
Regards,
Daniel Terhell
Resplendence Software Projects Sp
xxxxx@resplendence.com
http://www.resplendence.com
“kedar” wrote in message news:xxxxx@ntdev…
> Hi All,
>
> Is there some API that does the job of PsSetCreateProcessNotifyRoutine()
> so that any application/dll could register for process creation
> notification from OS.
>
> Any information is helpful.
>
> Thanks,
> Kedar.
>
>
Hi,
How to " hook the user mode create process functions for all processes in
the
system by injecting DLLs and patching entry tables
" do this, any pointers for this.
Any information is helpful.
Thanks,
Kedar.
“Daniel Terhell” wrote in message
news:xxxxx@ntdev…
> Hi, there is no such thing in user mode however you can
> - create a service or user mode app which gets notified by your kernel
> component
> - monitor window creation and destruction, which may allow you to find out
> that a certain process has started
> - hook the user mode create process functions for all processes in the
> system by injecting DLLs and patching entry tables
>
> Regards,
>
> Daniel Terhell
> Resplendence Software Projects Sp
> xxxxx@resplendence.com
> http://www.resplendence.com
>
>
>
>
>
>
>
> “kedar” wrote in message news:xxxxx@ntdev…
>> Hi All,
>>
>> Is there some API that does the job of PsSetCreateProcessNotifyRoutine()
>> so that any application/dll could register for process creation
>> notification from OS.
>>
>> Any information is helpful.
>>
>> Thanks,
>> Kedar.
>>
>>
>
>
>
You can check : http://research.microsoft.com/sn/detours/ library for API’s
hooking.
Regards,
Satish K.S
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of kedar
Sent: Tuesday, March 08, 2005 10:32 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Usermode equalent of PsSetCreateProcessNotifyRoutine
Hi,
How to " hook the user mode create process functions for all processes in
the
system by injecting DLLs and patching entry tables
" do this, any pointers for this.
Any information is helpful.
Thanks,
Kedar.
“Daniel Terhell” wrote in message
news:xxxxx@ntdev…
> Hi, there is no such thing in user mode however you can
> - create a service or user mode app which gets notified by your kernel
> component
> - monitor window creation and destruction, which may allow you to find out
> that a certain process has started
> - hook the user mode create process functions for all processes in the
> system by injecting DLLs and patching entry tables
>
> Regards,
>
> Daniel Terhell
> Resplendence Software Projects Sp
> xxxxx@resplendence.com
> http://www.resplendence.com
>
>
>
>
>
>
>
> “kedar” wrote in message news:xxxxx@ntdev…
>> Hi All,
>>
>> Is there some API that does the job of PsSetCreateProcessNotifyRoutine()
>> so that any application/dll could register for process creation
>> notification from OS.
>>
>> Any information is helpful.
>>
>> Thanks,
>> Kedar.
>>
>>
>
>
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@epiance.com
To unsubscribe send a blank email to xxxxx@lists.osr.com