Hi Dw.

I'm developing a software but now due to some complexity of the program I had to do some engine with C++ and I want to be able to call and receive the events from a service. Here's the C++ code that receives calls when an application tries to execute the code is for listening to these events at an OS level so I want to be able to receive events from this file I think I will make it as a DLL file and a VB.NET program will receive these events or show these events (pass it from dll to VB.NET form)

 NTSTATUS.PsSetCreateProcessNotifyRoutine Ex(
    _In_   PCREATE_PROCESS_NOTIFY_ROUTINE_EX.     NotifyRoutine,
   _In_ BOOLEAN                           Remove
 );

PsSetCreateProcessNotifyRoutineEx is a kernel mode callback that you would use in a KM driver. Are you developing a driver?

If you're in kernel mode (driver level) then this will register a method that will be executed when a new process on the machine starts.

If you want to do the same thing in C# you can use WMI. Use the ManagementEventWatcher, execute a query against Win32_ProcessStartTrace and register a method to be called when a new process is detected.

I wouldn't recommend doing this at the driver level; you will need to get it MS (WHQL) certified or it won't work on 64bit systems (without the user putting the OS in debug mode)

@Null well the article that I came across when doing this research did mention something about driver but I didn't understand that part of driver but I think you have some information on this because the article suggested that I create the driver first then this engine and other engines that I will be using within my project.

The problem is that I'm new to C language so that's why I want to do this project in VB.NET but VB.NET lack most of the powerful features which C++ provide within this project so what I thought was to make the engines in C++ then the whole project be in VB.NET and VB.NET will receive data from the engines and will also send data/commands to the engines as well.

Do you @Null have any guide, tutorial, or anything that may help me in developing this driver in C++?

@Ketsuk Yes the engine is in Kernel Mode.

This article has been dead for over six months. Start a new discussion instead.