I 'm writting a litle program can protect computer from malware.So,I want to hook into functions which creates process before it is loaded(before it is loaded,i want to check md5 sum).What can I do ?
Asked
Active
Viewed 341 times
1 Answers
0
In Windows Vista SP1 or higher you can use ObRegisterCallback routine ( http://msdn.microsoft.com/en-us/library/windows/hardware/ff557745(v=vs.85).aspx ). It is available in kernel mode only but I guess you are OK with that as you used the tag "driver".
glagolig
- 1,100
- 1
- 12
- 28