Title:
Real-time-process-monitoring Download
Description: Hook technology to achieve real-time monitoring of the process, is a good example of learning and hook technology
To Search:
File list (Check if you may need any files):
Hook ObCreateObject 实时监控进程创建\Bin\CreateProcessFilters.sys
....................................\...\DrvLoader.exe
....................................\CreateProcessFilters\CreateProcessFilters.sln
....................................\....................\CreateProcessFilters.suo
....................................\....................\dirver\common.h
....................................\....................\......\control.h
....................................\....................\......\dbghelp.h
....................................\....................\......\dirver.vcxproj
....................................\....................\......\dirver.vcxproj.filters
....................................\....................\......\dirver.vcxproj.user
....................................\....................\......\DirverProperty.props
....................................\....................\......\driver.c
....................................\....................\......\driver.h
....................................\....................\......\drvversion.aps
....................................\....................\......\drvversion.rc
....................................\....................\......\inlineObCreateObject.h
....................................\....................\......\makefile
....................................\....................\......\mybuild.bat
....................................\....................\......\Normal.props
....................................\....................\......\Release\driver.obj
....................................\....................\......\.......\drvversion.res
....................................\....................\......\.......\vc100.pdb
....................................\....................\......\resource.h
....................................\....................\......\sources
....................................\....................\Release\CreateProcessFilters.sys
....................................\....................\.......\DrvLoader.exe
....................................\....................\.ing3\DrvLoader\DrvLoader.cpp
....................................\....................\.....\.........\DrvLoader.dsp
....................................\....................\.....\.........\DrvLoader.dsw
....................................\....................\.....\.........\DrvLoader.opt
....................................\....................\.....\.........\DrvLoader.plg
....................................\....................\.....\.........\Instdrv.cpp
....................................\....................\.....\.........\Instdrv.h
....................................\....................\.....\.........\Release\DrvLoader.obj
....................................\....................\.....\.........\.......\Instdrv.obj
....................................\....................\.....\.........\.......\vc60.idb
....................................\....................\.....\.........\Release
....................................\....................\dirver\Release
....................................\....................\Ring3\DrvLoader
....................................\....................\dirver
....................................\....................\Release
....................................\....................\Ring3
....................................\....................\ipch
....................................\Bin
....................................\CreateProcessFilters
Hook ObCreateObject 实时监控进程创建