Introduction - If you have any usage issues, please Google them yourself
This is a very good kernel-level HOOK API examples, I would like to look at the effects inside the bin folder can be compiled procedures, which did not materialize to monitor the kernel, processes and registry monitoring has been completed. This code is absolutely able to successfully compile, because the code is hookzwcreateprocess in process-driven equipment, so the compiler set up the environment more complex, so in this compression bag also contains a small tutorial to teach you to build in vc 6.0 device driver development program environment, and带了个samples. Statement: This program runs under XP, in 2000 will cause a blue screen