This driver code is from a security application I wrote that profiles process launches.
This code:
- Monitors for process launches from kernel.
- Queues new process information.
- Notifies the user mode client of launch by a shared kernel / user event.
- Waits on a processing complete event or timeout.
- Processes client's response via IOCTL.
- Only the Kernel Process Manager code is provided.