Prev: Message Compiler (MC.EXE) auto-generates "broken" code
Next: Help, NDIS BSOD
From: Hexello on 13 Jan 2010 16:11
I am going to use PsSetCreateProcessNotifyRoutine to catch the process
creation events and decide if it's allowed to run the process. Will it be ok
to terminate the process via ZwTerminateProcess() from the callback, or there
is another way to block process start?
From: Don Burn on 13 Jan 2010 16:25
It won't work, the process is not fully formed ant ZwTerminateProcess will
error.


--
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply



"Hexello" <Hexello(a)discussions.microsoft.com> wrote in message
news:C88334B6-F25D-4776-8E72-7C0C9689E69D(a)microsoft.com...
>I am going to use PsSetCreateProcessNotifyRoutine to catch the process
> creation events and decide if it's allowed to run the process. Will it be
> ok
> to terminate the process via ZwTerminateProcess() from the callback, or
> there
> is another way to block process start?
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 4768 (20100113) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>



__________ Information from ESET NOD32 Antivirus, version of virus signature database 4768 (20100113) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




 | 
Pages: 1
Prev: Message Compiler (MC.EXE) auto-generates "broken" code
Next: Help, NDIS BSOD