I was wondering what is the Windows equivalent of Apple's Endpoint Security Framework for macOS. Is there such an api on Windows that could let me hook process execution syscalls and even deny them? Thanks
Asked
Active
Viewed 56 times
0
-
I don't know if there is an exact analog but check this out: https://learn.microsoft.com/en-us/windows/win32/security – ocean moist Jun 11 '23 at 00:02
-
I don't know about Endpoint Security Framework but of course Windows has always had hooking capability [What is the recommended way to hook Win32 APIs for a commmercial application?](https://stackoverflow.com/q/1088139/995714), https://learn.microsoft.com/en-us/windows/win32/winmsg/hooks, https://cocomelonc.github.io/tutorial/2021/11/30/basic-hooking-1.html – phuclv Jun 11 '23 at 03:38
-
"let me hook process execution syscalls and even deny them" You could try to use [SetWindowsHookExA](https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowshookexa). Install a hook procedure to monitor the system for certain types of events. – Jeaninez - MSFT Jun 12 '23 at 08:15
-
@Jeaninez-MSFT Which hook type, specifically, would you recommend to hook system calls? – IInspectable Jun 12 '23 at 13:20