Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Shell

Rust

Lua

Emacs Lisp

Kotlin

CoffeeScript

Solidity

Go

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Rust

Racket

C++

C

PowerShell

MATLAB

Perl

Kotlin

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇸🇷 Suriname

🇸🇲 San Marino

🇨🇦 Canada

🇬🇾 Guyana

🇷🇼 Rwanda

🇪🇭 Western Sahara

🇲🇻 Maldives

🇨🇺 Cuba

All Countries Compare Countries

apriorit/windows-process-monitor

Stars
109
Rank 317,237 (Top 7 %)
Language
C++
License
MIT License
Created over 7 years ago
Updated over 7 years ago

apriorit/windows-process-monitor

apriorit

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A demo solution to illustrate approaches on getting information about processes and block/allow their start

Windows Process Monitoring and Management Tool

About

This project is a demonstration of a set of process monitoring and management techniques used mainly in various security applications.

It is a Windows process monitoring tool, which includes a driver to monitor process start. This driver collects and reports process details to user mode and can allow or block its start.

Project Structure

.\bin - folder with binary files

.\lib - folder with library files

.\obj - folder with object files

.\procmon - folder with source files

|-> .\Common – Common files and projects

|-> .\DrvCppLib - Kernel Library to develop driver in C++.

|-> .\ DrvSTLPort - Directory with STLPort 4.6 ported for using in windows drivers.

|-> .\ includes - Includes that are common for user and driver

|-> .\ processdll - Main DLL that has all API

|-> .\ procmon - Driver project

|-> .\ ProcMonGUI - GUI that is written using MFC

Implementation

x64/x86 architectures are supported.

Please note that the provided code only illustrates the process blocking technique and cannot be used in a commercial solution as-is.

You can find step-by-step code explanation and technology details in the [related article] (https://www.apriorit.com/dev-blog/254-monitoring-windows-processes).

License

Licensed under the MIT license. © Apriorit.

file-system-filter

Windows file system filter driver - illustration of the technology

SvcHostDemo

Demo service that runs in svchost.exe

gmock-global

Provides ability to mock global functions with gmock

custom-bootloader

A demo tutorial for low-level and kernel developers - developing a custom Windows boot loader

SimpleLinuxDriver

antirootkit-anti-splicer

The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers

Simple-Antirootkit-SST-Unhooker

This is a demo project to illustrate the way to verify and restore original SST in case of some malware hooks

OS-shutdown-winapi

Utilities to handle Windows OS shutdown events

FindIDL

CMake module for building IDL files with MIDL and generating CLR DLL using Tlbimp

IconOverlayHandler

Windows shell extention including shortcut menu and icon overlay handlers to add custom file type processing to Explorer

MinimalQml

Minimal Qt Qml project built with CMake.

access-app-data-android

A no-root solution to access Android app private data without root access. Browser history and instant messages example

simple-display-only-driver

win-iocp-copying

Copying multiple files using WinAPI IOCP

FindWiX

CMake module for building Windows Installer packages with WiX toolset

gmock-more-args

Extends gmock argument count up to 15

Dummy_fullmac_linux_wifi_driver

KerberosSkeleton

This project demonstrates how to implement the Kerberos authentication via using the System API in Windows.

backup_filter_driver_sample

Wow64Hook

Microservices-GRPC-GraphQL

android-process-monitoring-2017-spring

Hidden monitoring and blocking Android apps

cuda-reduce-max-with-index

APIHookingLibraries

Samples that shows how to use API Hook libraries: Detours, Deviare, MHook, EasyHook to hide files with the "+/*.txt" file name pattern.

shell_extension

Simple-DLL-Injection-Protect

Simple DLL injection protect with the idea of hooking the LoadLibrary function and failing it if it is a call for an unauthorized DLL.

pentesting

Screenshot_Desktop

TcpInterceptionAndModifying

Samples for the article "Interception and modifying TCP connections from kernel on Windows and Linux systems"

TPMSimulator

Sources of TMP simulator generated by https://github.com/stwagnr/tpm2simulator

osxcross-sdks

gmock-global-sample

Sample project demonstrating how gmockglobal works.

docker-osxcross-10.11

diana-dasm

original sources https://svn.code.sf.net/p/diana-dasm/code/

CryptoDevice

ImageDistortionCorrection

docker-ubuntu-16.10-x64

Docker file for Ubuntu 16.10 x64 with Qt installed

js-outlook-add-in-analyzer

Sample javascript plugin for MS Outlook accessing attachments and modifying email body

fsdriver-winter-2023

mhook-sample

A Windows API hooking library sample

alcohol-auction-aptos

An example of how the Aptos blockchain can be used to build a blockchain-based solution for an alcohol manufacturing company

docker-ubuntu-14-04-x64

docker-ubuntu-14-04-x86

Docker file for ubuntu 14.04 x86

ParCyDefs

Simple script which reads header files and compare those perf addresses to those found in microcontroller dumps.

confluence-kotlin-highlighter

JS script for kotlin syntax highlighting.

docker-ubuntu-16-04-x64

Demo1_Marketplace

handles

Dump all handles in a process on C#

docker-centos7-x64

process-file-monitor-2022-2