ProcessFilterExample Code
Brought to you by:
easefilter
Menu
▾
▴
Tree [59481c] main / History
| File | Date | Author | Commit |
|---|---|---|---|
| Bin | 2022-01-09 |
victor
|
[5793cb] version 5.1.5.2 |
| CommonObjects | 2022-01-09 |
victor
|
[5793cb] version 5.1.5.2 |
| FilterControl | 2022-01-09 |
victor
|
[5793cb] version 5.1.5.2 |
| ProcessMon | 2022-01-09 |
victor
|
[5793cb] version 5.1.5.2 |
| .gitattributes | 2021-06-11 |
victor
|
[53c4b0] Initial commit |
| CommonObjects.dll | 2022-01-09 |
victor
|
[5793cb] version 5.1.5.2 |
| FilterControl.dll | 2022-01-09 |
victor
|
[5793cb] version 5.1.5.2 |
| ProcessFilterExample.sln | 2021-06-11 |
victor
|
[53c4b0] Initial commit |
| ProcessMon.exe | 2022-01-09 |
victor
|
[5793cb] version 5.1.5.2 |
| README.md | 2022-03-02 |
victor
|
[59481c] Update README.md |
Read Me
Process Monitoring and Protection SDK
The Process Filter Driver is a kernel-mode driver that filters process/thread creation and termination, it provides you an easy way to develop Windows application for the Windows process monitoring and protection.
Monitor the process or thread activities in real time
You can register the process or thread events to monitor the process or thread activities.
- OnProcessCreation: Get the notification when the new process was created.
- NotifyProcessWasBlocked: Get the notification when the process creation was blocked.
- NotifyProcessTerminated: Get the notification when the process was terminated.
- NotifyThreadCreation: Get the notification when the new thread was created.
- NotifyThreadTerminated: Get the notification when the thread was terminated.
- NotifyProcessHandleInfo: Get the notification when the process handle operation happens.
- NotifyThreadHandleInfo: Get the notification when the thread handle operation happens.
Prevent the untrusted processes from being launched
With the Process Filter Driver, it allows you to prevent the untrusted executable binaries (malwares) from being launched, protect your data being damaged by the untrusted processes. It also enables your application to get the callback notification for the process/thread creation or termination, from the new process information you can get the parent process Id and thread Id of the new created process, you also can get the exact file name that is used to open the executable file and the command line that is used to execute the process if it is available.
A C# process monitoring and protection example.
With the process monitoring and protection example, it enables your application to prevent the untrusted executable binaries ( malwares) from being launched, protect your data being damaged by the untrusted processes. It also enables your application to get the callback notification for the process/thread creation or termination, from the new process information you can get the parent process Id and thread Id of the new created process, you also can get the exact file name that is used to open the executable file and the command line that is used to execute the process if it is available.
