Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Prevent Process from Starting
0 views
Skip to first unread message
Craig Peacock
Mar 11, 2002, 3:58:14 AM3/11/02
to
Is there a way to prevent a process from starting. I can register
PsSetCreateProcessNotifyRoutine(); or PsSetLoadImageNotifyRoutine();
then terminate the process once it has started, however it doesn't
cleanly exit.
PsSetCreateProcessNotifyRoutine(); or PsSetLoadImageNotifyRoutine();
then terminate the process once it has started, however it doesn't
cleanly exit.
Given that PsSetLoadImageNotifyRoutine(); is called after a image is
loaded, is there a way to prevent the image from starting execution at
all?
Regards,
Craig Peacock
Juliet
Mar 11, 2002, 2:19:16 PM3/11/02
to
Craig Peacock ha scritto:
> Is there a way to prevent a process from starting.
[...]
system call redefinition. See Mark Russinovich's filemon and regmon for
two examples on how it should be done, respectively for IO and registry
calls. ZwCreateProcess is system call 0x29
--
< http://www.reactos.com/ > Open source clone of Windows NT. Current
Don't stand, REACT! version 0.0.19. C, C++ and ASM developers
and beta testers are welcome!
Maxim S. Shatskih
Mar 11, 2002, 3:50:24 PM3/11/02
to
> Is there a way to prevent a process from starting. I can register
If you want to prevent EXE from starting, you can hook NtCreateSection with SEC_IMAGE flag and fail it, this seems to be the best
way.
Max
0 new messages