ProcessCreation Event

Fires when a process is being created.

Syntax

// CBProcessProcessCreationEventArgs carries the CBProcess ProcessCreation event's parameters.
type CBProcessProcessCreationEventArgs struct {...}

func (args *CBProcessProcessCreationEventArgs) ProcessId() int32
func (args *CBProcessProcessCreationEventArgs) ParentProcessId() int32
func (args *CBProcessProcessCreationEventArgs) CreatingProcessId() int32
func (args *CBProcessProcessCreationEventArgs) CreatingThreadId() int32
func (args *CBProcessProcessCreationEventArgs) ProcessName() string
func (args *CBProcessProcessCreationEventArgs) ImageFileName() string
func (args *CBProcessProcessCreationEventArgs) FileOpenNameAvailable() bool
func (args *CBProcessProcessCreationEventArgs) CommandLine() string
func (args *CBProcessProcessCreationEventArgs) ResultCode() int32
func (args *CBProcessProcessCreationEventArgs) SetResultCode(value int32)

// CBProcessProcessCreationEvent defines the signature of the CBProcess ProcessCreation event's handler function.
type CBProcessProcessCreationEvent func(sender *CBProcess, args *CBProcessProcessCreationEventArgs)

func (obj *CBProcess) GetOnProcessCreationHandler() CBProcessProcessCreationEvent
func (obj *CBProcess) SetOnProcessCreationHandler(handlerFunc CBProcessProcessCreationEvent)

Remarks

This event fires when a process is being created, after its first thread is created but before it begins running.

Applications may use this event to cancel the process creation by returning an appropriate error code (e.g., ACCESS_DENIED) via ResultCode.

The ProcessId parameter reflects the Id of the process being created.

The ParentProcessId parameter reflects the Id of the new process's parent process, from which it may inherit certain resources (handles, shared memory, etc.).

The CreatingProcessId parameter reflects the Id of the process that created the new process (which is not always the same as its parent process).

The CreatingThreadId parameter reflects the Id of the thread that created the new process.

The ProcessName parameter reflects the name of the new process. This parameter's value is the same one that the GetProcessName method would return for ProcessId.

The ImageFileName parameter reflects the name of the new process's executable file, as either a partial or a fully-qualified file path.

The FileOpenNameAvailable parameter indicates whether the ImageFileName parameter's contains a fully-qualified file path (true) or a partial one (false).

The CommandLine parameter reflects the command line used to start the new process.

Note: For this event to fire, the creating process must match the rules, added using AddFilteredProcessById or AddFilteredProcessByName. Additionally, if the creating process is the same process that controls the instance of the component, the FilterOwnRequests configuration setting must be set to true.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource isn't available, security checks failed, etc.), set it to a non-zero value to report an appropriate error. Please refer to the Error Reporting and Handling topic for more information.

This event is fired synchronously; please refer to the Event Types topic for more information.

 
 
Copyright (c) 2021 Callback Technologies, Inc. - All rights reserved.
CBFS Filter 2020 Go Edition - Version 20.0 [Build 7917]