Skip to content

Function_IRPMonDllDriverStartMonitoring

Jump to bottom Edit New page
Martin Drab edited this page Mar 20, 2020 · 3 revisions

IRPMonDllDriverStartMonitoring function

Summary

Starts monitoring of a driver.

Definition

void cdecl IRPMonDllDriverStartMonitoring(
    System.Void* Driverhandle
   );

Parameters

Driverhandle

Handle to the hooked driver, returned by a call to the IRPMonDllHookDriver function.

Return Value

Value Description
ERROR_SUCCESS The monitoring has successfully started.Events detected by the IRPMon driver are being stored into the event queue.
ERROR_INVALID_HANDLE The handle supplied in the parameter is not valid.
Other An error has occurred.

Remarks

The routine effectively hooks the driver which means it places hooks inside its DRIVER_OBJECT structure. From this time, the IRPMon driver starts receiving notifications from these hooks.

Monitoring, enabled by this routine, can be stopped by a call to the IRPMonDllDriverStopMonitoring function..

See also

Requirements
Header irpmondll.h
Library irpmondll.lib
DLL irpmondll.dll
Add a custom footer

General

For Users-Developers

Tutorial

Public API

Functions

Types

Clone this wiki locally