e.g. hook a write file api so that every process write file must through my function's filter.
I only know a hook function SetWindowsHookEx but so sad it only hook for global key events.
Asked
Active
Viewed 725 times
0
SDJSK
- 1,292
- 17
- 24
-
2check out http://stackoverflow.com/questions/864839/monitoring-certain-system-calls-done-by-a-process-in-windows – Sharun May 03 '16 at 13:06
1 Answers
2
Not from user mode but you can in kernel mode with a file system filter driver. There's a new model, the Filter Manager Model, which reduces the complexity of developing a file system filter driver. See "Filter Manager and Minifilter Driver Architecture" in the MSDN.
Marc Sherman
- 2,303
- 14
- 22