c - How to intercept and possibly block process creation, system-wide? -
i'm trying make applocker-like service should intercept creation of processes based on restrictions set administrator.
(for wondering why can't use microsoft's applocker, answer is available on server, enterprise , ultimate versions of windows 7 , up.)
so did research , found createprocessnotifyex routine can called before each process started/ended.
i don't have big experience writing windows kernel drivers. , i'm curious if correct approach described above? or maybe there's user-mode winapi i'm not aware of?
Comments
Post a Comment