Skip to content

Function_IRPMonDllDriverStopMonitoring

Jump to bottom Edit New page
Martin Drab edited this page Mar 20, 2020 · 3 revisions

IRPMonDllDriverStopMonitoring function

Summary

Stops monitoring events related to a given driver.

Definition

void cdecl IRPMonDllDriverStopMonitoring(
    System.Void* Driverhandle
   );

Parameters

Driverhandle

Handle to the hooked driver (returned by a call to the IRPMonDllHookDriver routine).

Return Value

Value Description
ERROR_SUCCESS The monitoring has been successfully stopped for the given driver.
ERROR_INVALID_HANDLE The handle supplied in the parameter is not valid.
Other An error has occurred.

Remarks

This routine does exactly the opposite of the IRPMonDllDriverStartMonitoring function.

The routine removes all hooks placed on driver's DRIVER_OBJECT structure, so no events related to the driver are detected any longer. Howerver, the driver is still remembered as being hooked; its record remains in data structures of the IRPMon driver.To remove the "hooked" label from the driver, use the IRPMonDllUnhookDriver function.

See also

Requirements
Header irpmondll.h
Library irpmondll.lib
DLL irpmondll.dll
Add a custom footer

General

For Users-Developers

Tutorial

Public API

Functions

Types

Clone this wiki locally