阅读:1257回复:6
应用程序执行保护的方案
我想要实现根据用户验证来判断一个应用程序是否被执行,初步的想法是同过file system filter来判断,大家觉得可行吗?有没有好的思路或者方案?
|
|
沙发#
发布于:2004-10-15 13:45
直接枚举进程不可以吗?
|
|
|
板凳#
发布于:2004-10-15 13:46
直接枚举进程不就可以了吗?不能满足要求?
|
|
|
地板#
发布于:2004-10-15 13:57
直接枚举进程?能说得具体点吗?多谢了!我是想阻止创建没有通过认证的进程。
|
|
地下室#
发布于:2004-10-18 08:28
拦截native api,然后处理,比较简单的
|
|
5楼#
发布于:2004-10-18 09:08
PsSetCreateProcessNotifyRoutine adds a driver-supplied callback routine to, or removes it from, a list of routines to be called whenever a process is created or deleted.
PsSetCreateThreadNotifyRoutine registers a driver-supplied callback that is subsequently notified when a new thread is created and when such a thread is deleted. PsSetLoadImageNotifyRoutine registers a driver-supplied callback that is subsequently notified whenever an image is loaded for execution. 自己看着办吧,嘿嘿..... |
|
|
6楼#
发布于:2004-10-18 10:04
多谢指点,我研究一下 :cool:
|
|