Preventing Processes From Spawning Using .NET Code

I remember coming across an article on I think CodeProject quite some time ago regarding an antivirus or antimalware some guy was writing where he hooked into the Windows API to be able to catch whenever a new process was started and was prompting he user before allowing the process to start.

I can no longer find the article, and would actually like to be able to implement something like this. Currently, we have a custom browser built on Gecko that we've integrated access restrictions to sites based on our internal employee security levels, etc. We prevent any other browser from running with a timer and a call to Process.GetProcessesByName() from a list of the browsers we don't allow.

What we want to accomplish is, instead of just blocking these browsers, where there is a small delay between the other browser starting and it being killed by our service, we'd like to be able to display a dialog instead of the process launching at all, explaining that the program isn't in the allowed list. This way, we can generate a list of "allowed" processes and just block everything else (we haven't yet had a problem with outside apps being installed, but you can never be too careful).

Unfortunately, we don't do much Windows API programming from C#, so I'm not sure where to begin looking for what calls we need to hook.

Even just a starting point of what to read up on would be helpful.

Answers


I guess you mean this article: Hooking the native API and controlling process creation on a system-wide basis


Need Your Help

execute git blame command in java

java linux git github

I'm trying to use the following Java syntax to execute a Git blame command:

Migrating from ClearCase to TFS - Out Of Memory Exception

tfs migration out-of-memory clearcase tfs-migration

I'm trying to migrate a large ClearCase stream (it has a large history set too) to TFS 2010 using "TFS Integration Tools".