on_process_creation Event

Fires when a process is being created.

Syntax

class CBProcessProcessCreationEventParams(object):
  @property
  def process_id() -> int: ...
  @property
  def parent_process_id() -> int: ...
  @property
  def creating_process_id() -> int: ...
  @property
  def creating_thread_id() -> int: ...
  @property
  def process_name() -> str: ...
  @property
  def image_file_name() -> str: ...
  @property
  def file_open_name_available() -> bool: ...
  @property
  def command_line() -> str: ...
  @property
  def result_code() -> int: ...
  @result_code.setter
  def result_code(value) -> None: ...

# In class CBProcess:
@property
def on_process_creation() -> Callable[[CBProcessProcessCreationEventParams], None]: ...
@on_process_creation.setter
def on_process_creation(event_hook: Callable[[CBProcessProcessCreationEventParams], None]) -> None: ...

Remarks

This event fires when a process is being created, after its first thread is created but before it begins running.

Applications may use this event to cancel the process creation by returning an appropriate error code (e.g., ACCESS_DENIED) via ResultCode.

The ProcessId parameter reflects the Id of the process being created.

The ParentProcessId parameter reflects the Id of the new process's parent process, from which it may inherit certain resources (handles, shared memory, etc.).

The CreatingProcessId parameter reflects the Id of the process that created the new process (which is not always the same as its parent process).

The CreatingThreadId parameter reflects the Id of the thread that created the new process.

The ProcessName parameter reflects the name of the new process. This parameter's value is the same one that the get_process_name method would return for ProcessId.

The ImageFileName parameter reflects the name of the new process's executable file, as either a partial or a fully-qualified file path.

The FileOpenNameAvailable parameter indicates whether the ImageFileName parameter's contains a fully-qualified file path (True) or a partial one (False).

The CommandLine parameter reflects the command line used to start the new process.

Note: For this event to fire, the creating process must match the rules, added using add_filtered_process_by_id or add_filtered_process_by_name. Additionally, if the creating process is the same process that controls the instance of the class, the FilterOwnRequests configuration setting must be set to True.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource isn't available, security checks failed, etc.), set it to a non-zero value to report an appropriate error. Please refer to the Error Reporting and Handling topic for more information.

This event is fired synchronously; please refer to the Event Types topic for more information.

CBFS Filter 2020 Python Edition Website Download Support Questions / Feedback?
	on_process_creation Event Fires when a process is being created. Syntax class CBProcessProcessCreationEventParams(object): @property def process_id() -> int: ... @property def parent_process_id() -> int: ... @property def creating_process_id() -> int: ... @property def creating_thread_id() -> int: ... @property def process_name() -> str: ... @property def image_file_name() -> str: ... @property def file_open_name_available() -> bool: ... @property def command_line() -> str: ... @property def result_code() -> int: ... @result_code.setter def result_code(value) -> None: ... # In class CBProcess: @property def on_process_creation() -> Callable[[CBProcessProcessCreationEventParams], None]: ... @on_process_creation.setter def on_process_creation(event_hook: Callable[[CBProcessProcessCreationEventParams], None]) -> None: ... Remarks This event fires when a process is being created, after its first thread is created but before it begins running. Applications may use this event to cancel the process creation by returning an appropriate error code (e.g., `ACCESS_DENIED`) via `ResultCode`. The `ProcessId` parameter reflects the Id of the process being created. The `ParentProcessId` parameter reflects the Id of the new process's parent process, from which it may inherit certain resources (handles, shared memory, etc.). The `CreatingProcessId` parameter reflects the Id of the process that created the new process (which is not always the same as its parent process). The `CreatingThreadId` parameter reflects the Id of the thread that created the new process. The `ProcessName` parameter reflects the name of the new process. This parameter's value is the same one that the get_process_name method would return for `ProcessId`. The `ImageFileName` parameter reflects the name of the new process's executable file, as either a partial or a fully-qualified file path. The `FileOpenNameAvailable` parameter indicates whether the `ImageFileName` parameter's contains a fully-qualified file path (`True`) or a partial one (`False`). The `CommandLine` parameter reflects the command line used to start the new process. Note: For this event to fire, the creating process must match the rules, added using add_filtered_process_by_id or add_filtered_process_by_name. Additionally, if the creating process is the same process that controls the instance of the class, the FilterOwnRequests configuration setting must be set to `True`. The `ResultCode` parameter will always be `0` when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource isn't available, security checks failed, etc.), set it to a non-zero value to report an appropriate error. Please refer to the Error Reporting and Handling topic for more information. This event is fired synchronously; please refer to the Event Types topic for more information.
Copyright (c) 2022 Callback Technologies, Inc. - All rights reserved. CBFS Filter 2020 Python Edition - Version 20.0 [Build 8317]

CBFS Filter 2020 Python Edition

on_process_creation Event

Syntax

Remarks