Hooking on Win2003
in [Win32 Kernel]
|
Prev: ANN: user- and kernel mode unit testing framework cfix 1.1 released
Next: 64-bit directory creation
From: Sonic.. on 14 Jul 2008 11:15 Hello, I have been trying to write an application that intercepts process creation at kernel level and blocks a certain blacklisted processes if executed. For this, i hooked NtCreateProcess and NtCreateProcessEx. Now i have been successfull in doing so on Win2000 and WinXP but on Win 2003 server as soon as i call my hooked function, I receive a BSOD. Could anyone let me know why such happens?
From: daniel on 14 Jul 2008 13:07 We do have lots of telepatihic qualities but those are not enough. Post your code. //Daniel "Sonic.." <abhishek.bansal1982(a)gmail.com> wrote in message news:513ee9f9-190c-410f-8206-9b19dda58ea0(a)s50g2000hsb.googlegroups.com... > Hello, > > I have been trying to write an application that intercepts process > creation at kernel level and blocks a certain blacklisted processes if > executed. For this, i hooked NtCreateProcess and NtCreateProcessEx. > > Now i have been successfull in doing so on Win2000 and WinXP but on > Win 2003 server as soon as i call my hooked function, I receive a > BSOD. > > Could anyone let me know why such happens?
From: Kerem Gümrükcü on 14 Jul 2008 15:27 >We do have lots of telepatihic qualities but those are not enough. Post >your code. Yes, at least post the BugChecks Code,... Regards Kerem -- ----------------------- Beste Gr�sse / Best regards / Votre bien devoue Kerem G�mr�kc� Latest Project: http://www.codeplex.com/restarts Latest Open-Source Projects: http://entwicklung.junetz.de ----------------------- "This reply is provided as is, without warranty express or implied." <daniel(a)resplendence.com> schrieb im Newsbeitrag news:1630ABE6-8A7E-4DF4-9B4E-EB2181F91DC8(a)microsoft.com... > We do have lots of telepatihic qualities but those are not enough. Post > your code. > > //Daniel > > > "Sonic.." <abhishek.bansal1982(a)gmail.com> wrote in message > news:513ee9f9-190c-410f-8206-9b19dda58ea0(a)s50g2000hsb.googlegroups.com... >> Hello, >> >> I have been trying to write an application that intercepts process >> creation at kernel level and blocks a certain blacklisted processes if >> executed. For this, i hooked NtCreateProcess and NtCreateProcessEx. >> >> Now i have been successfull in doing so on Win2000 and WinXP but on >> Win 2003 server as soon as i call my hooked function, I receive a >> BSOD. >> >> Could anyone let me know why such happens? >
From: Volodymyr M. Shcherbyna on 15 Jul 2008 05:03 Please avoid undocumented solutions. Hooking is illegal. What I can suggest to do for you is to use legal functions to track process creation / termination: PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine -- Volodymyr, blog: http://www.shcherbyna.com/ (This posting is provided "AS IS" with no warranties, and confers no rights) "Sonic.." <abhishek.bansal1982(a)gmail.com> wrote in message news:513ee9f9-190c-410f-8206-9b19dda58ea0(a)s50g2000hsb.googlegroups.com... > Hello, > > I have been trying to write an application that intercepts process > creation at kernel level and blocks a certain blacklisted processes if > executed. For this, i hooked NtCreateProcess and NtCreateProcessEx. > > Now i have been successfull in doing so on Win2000 and WinXP but on > Win 2003 server as soon as i call my hooked function, I receive a > BSOD. > > Could anyone let me know why such happens?
|
Pages: 1 Prev: ANN: user- and kernel mode unit testing framework cfix 1.1 released Next: 64-bit directory creation |