Home > Others

Create/End Process callback Pssetcreateprocessnotifyroutine

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Pssetcreateprocessnotifyroutine

Pssetcreateprocessnotifyroutine Adds or removes a driver-supported callback routine (which can also be a function).

When a process is created or deleted, a sequence of routines is called. PS: the equivalent of adding a routine to a linked list, when the process is created or deleted, all routines are called (this should be the meaning)

NTSTATUS
Pssetcreateprocessnotifyroutine (
In Pcreate_process_notify_routine Notifyroutine, the entry address of the routine function,
In BOOLEAN remove false, add a routine to the linked list, TRUE, to delete the routine from the linked list
);

return value:

status_success routines are registered to the system
The Status_invalid_parameter routine has been registered, so this routine is redundant, or has reached the upper limit of the number of registrations.

Commentary:
The most advanced driver can call Pssetcreateprocessnotifyroutine to set up their process creation notification routines, declared as follows:

VOID
(*pcreate_process_notify_routine) (
In HANDLE ParentID,
In HANDLE ProcessId,
In BOOLEAN Create
);

ParentID and ProcessID used toDetermine the process, and the Create parameter indicates whether the process was created or deleted.

An IFS or superlative system-profiling driver may register a process-creation callback to track the system-wide creation and deletion process rather than the driver's internal,
For both Vista and subsequent versions, the system can create up to 64 system creation callbacks.

A driver must remove all of its registered routines before unloading, and you can remove the routine by calling pssetcreateprocessnotify (remove = TRUE).
When Create is true, the routine is called after the initialization thread of the newly created process (the ProcessID handle is specified) is created.
When Create is false, the routine is called when the last thread of the process is closed and the address space of the process is freed.

The process notification routines for a process run in IRQL = Passive_level, when a process is created and the routine runs in the thread context of the newly created process.
When a process is deleted, the routine runs in the last thread of the process (which is about to exit the process).

Create/End Process callback Pssetcreateprocessnotifyroutine

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More