I have a driver that is used to block certain applications. For that I have hooked NtCreateSection.
In my NtCreateSection I use last argument to get the exe file name using ObReferenceObjectByHandle, ZwQueryObject.
Here I take the decision whether to allow or or deny(by calling original NtCreateSection on a dummy file handle).
This is working fine up till Windows 7.
In Windows 8 it seems to me that when an application starts NtCreateSection is not called for that exe file.
Please help.
Thanks and Regards
Utsav
In my NtCreateSection I use last argument to get the exe file name using ObReferenceObjectByHandle, ZwQueryObject.
Here I take the decision whether to allow or or deny(by calling original NtCreateSection on a dummy file handle).
This is working fine up till Windows 7.
In Windows 8 it seems to me that when an application starts NtCreateSection is not called for that exe file.
Please help.
Thanks and Regards
Utsav
