apriorit/windows-process-monitor apriorit/windows-process-monitor

  • Stars
    star
    109
  • Rank 319,077 (Top 7 %)
  • Language
    C++
  • License
    MIT License
  • Created over 7 years ago
  • Updated over 7 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
apriorit/windows-process-monitor
github

apriorit

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A demo solution to illustrate approaches on getting information about processes and block/allow their start

Windows Process Monitoring and Management Tool

About

This project is a demonstration of a set of process monitoring and management techniques used mainly in various security applications.

It is a Windows process monitoring tool, which includes a driver to monitor process start. This driver collects and reports process details to user mode and can allow or block its start.

Project Structure

.\bin - folder with binary files

.\lib - folder with library files

.\obj - folder with object files

.\procmon - folder with source files

|-> .\Common – Common files and projects

|-> .\DrvCppLib - Kernel Library to develop driver in C++.

|-> .\ DrvSTLPort - Directory with STLPort 4.6 ported for using in windows drivers.

|-> .\ includes - Includes that are common for user and driver

|-> .\ processdll - Main DLL that has all API

|-> .\ procmon - Driver project

|-> .\ ProcMonGUI - GUI that is written using MFC

Implementation

x64/x86 architectures are supported.

Please note that the provided code only illustrates the process blocking technique and cannot be used in a commercial solution as-is.

You can find step-by-step code explanation and technology details in the [related article] (https://www.apriorit.com/dev-blog/254-monitoring-windows-processes).

License

Licensed under the MIT license. Β© Apriorit.

More Repositories

1

file-system-filter

Windows file system filter driver - illustration of the technology
C
92
star
2

SvcHostDemo

Demo service that runs in svchost.exe
C++
77
star
3

gmock-global

Provides ability to mock global functions with gmock
C++
70
star
4

custom-bootloader

A demo tutorial for low-level and kernel developers - developing a custom Windows boot loader
C++
69
star
5

SimpleLinuxDriver

C
46
star
6

antirootkit-anti-splicer

The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers
C++
34
star
7

Simple-Antirootkit-SST-Unhooker

This is a demo project to illustrate the way to verify and restore original SST in case of some malware hooks
C++
33
star
8

OS-shutdown-winapi

Utilities to handle Windows OS shutdown events
C++
29
star
9

FindIDL

CMake module for building IDL files with MIDL and generating CLR DLL using Tlbimp
CMake
26
star
10

IconOverlayHandler

Windows shell extention including shortcut menu and icon overlay handlers to add custom file type processing to Explorer
C++
26
star
11

MinimalQml

Minimal Qt Qml project built with CMake.
CMake
25
star
12

access-app-data-android

A no-root solution to access Android app private data without root access. Browser history and instant messages example
Java
24
star
13

simple-display-only-driver

C++
19
star
14

win-iocp-copying

Copying multiple files using WinAPI IOCP
C++
18
star
15

FindWiX

CMake module for building Windows Installer packages with WiX toolset
CMake
18
star
16

gmock-more-args

Extends gmock argument count up to 15
C++
13
star
17

Dummy_fullmac_linux_wifi_driver

C
12
star
18

KerberosSkeleton

This project demonstrates how to implement the Kerberos authentication via using the System API in Windows.
C++
11
star
19

backup_filter_driver_sample

C
11
star
20

Wow64Hook

C++
10
star
21

Microservices-GRPC-GraphQL

Go
10
star
22

android-process-monitoring-2017-spring

Hidden monitoring and blocking Android apps
Java
10
star
23

cuda-reduce-max-with-index

C
7
star
24

APIHookingLibraries

Samples that shows how to use API Hook libraries: Detours, Deviare, MHook, EasyHook to hide files with the "+/*.txt" file name pattern.
C++
7
star
25

shell_extension

C++
6
star
26

Simple-DLL-Injection-Protect

Simple DLL injection protect with the idea of hooking the LoadLibrary function and failing it if it is a call for an unauthorized DLL.
C#
6
star
27

pentesting

6
star
28

Screenshot_Desktop

C++
6
star
29

TcpInterceptionAndModifying

Samples for the article "Interception and modifying TCP connections from kernel on Windows and Linux systems"
C++
5
star
30

TPMSimulator

Sources of TMP simulator generated by https://github.com/stwagnr/tpm2simulator
C
5
star
31

osxcross-sdks

4
star
32

gmock-global-sample

Sample project demonstrating how gmockglobal works.
C++
4
star
33

docker-osxcross-10.11

3
star
34

diana-dasm

original sources https://svn.code.sf.net/p/diana-dasm/code/
C
3
star
35

CryptoDevice

C
3
star
36

ImageDistortionCorrection

C++
3
star
37

docker-ubuntu-16.10-x64

Docker file for Ubuntu 16.10 x64 with Qt installed
JavaScript
2
star
38

js-outlook-add-in-analyzer

Sample javascript plugin for MS Outlook accessing attachments and modifying email body
JavaScript
2
star
39

fsdriver-winter-2023

C
1
star
40

mhook-sample

A Windows API hooking library sample
1
star
41

alcohol-auction-aptos

An example of how the Aptos blockchain can be used to build a blockchain-based solution for an alcohol manufacturing company
Move
1
star
42

docker-ubuntu-14-04-x64

1
star
43

docker-ubuntu-14-04-x86

Docker file for ubuntu 14.04 x86
1
star
44

ParCyDefs

Simple script which reads header files and compare those perf addresses to those found in microcontroller dumps.
Python
1
star
45

confluence-kotlin-highlighter

JS script for kotlin syntax highlighting.
JavaScript
1
star
46

docker-ubuntu-16-04-x64

Dockerfile
1
star
47

Demo1_Marketplace

C#
1
star
48

handles

Dump all handles in a process on C#
C#
1
star
49

docker-centos7-x64

1
star
50

process-file-monitor-2022-2

C++
1
star