CBFS® Process

Monitor and Control Process and Thread Creation and Termination in Your Windows Applications

Use CBFS Process to track process and thread creation and termination on-the-fly. Your user-mode application receives a notification (callbacks) when process or thread-related operations are performed. CBFS Process also enables your application to protect the process or thread from being launched, terminated, suspended, or resumed.

Track Process Creation

Generate a notification when a Windows application is started and prevent the process launch operation if necessary.

Protect Processes from Intrusion

In many cases, you need your application to work in background no matter what. CBFS Process supports this by protecting the process from being terminated or suspended.

Audit Process Launch and Termination

When processes and threads are created or terminated, CBFS Process notifies your application and logs the information.

Inspect the Command Line Passed to Programs

The Windows API doesn't have an easy way to log what parameters are passed to the application being started by the user or by other applications. Using CBFS Process, you can capture the command line during application start.

CBFS Process is a software development kit for Windows applications that tracks process and thread creation and termination on-the-fly. Your user-mode application receives a notification (callback) when a process- or thread-related operation is performed. Besides simple notifications, CBFS Process allows your application to protect the process or thread from being launched, terminated, suspended, or resumed.

The CBFS Process driver intercepts various process- and thread-related requests. If the originator application is in the list of applications whose requests are filtered, the driver calls the callback/event handler. Your callback can decline, allow, or handle the request.

The user-mode API is simple and introduces functions specific to driver management operations. The API also includes several callback functions (events) which your application can handle to receive notifications about different types of thread or process requests. The API is used to activate the driver and to set the callbacks.

Windows

  • Windows Vista, 7, 8, 8.1, 10
  • Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016

Microsoft .NET Framework

  • 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.6, 4.7.x

.NET API

  • Visual Studio 2008, 2010, 2012, 2013, 2015, 2017

C++ API

  • Visual Studio 2008, 2010, 2012, 2013, 2015, 2017

´╗┐VCL API (no need for external DLLs)

  • Embarcadero RAD Studio 2010, XE, XE2, XE3, XE4, XE5, XE6, XE7, XE8, 10 Seattle, 10.1 Berlin
  • CodeGear RAD Studio 2007, 2009
  • Delphi 7, 2005, 2006, 2007, 2009, 2010, XE, XE2, XE3, XE4, XE5, XE6, XE7, XE8, 10 Seattle, 10.1 Berlin
  • C++ Builder XE, XE2, XE3, XE4, XE5, XE6, XE7, XE8, 10 Seattle, 10.1 Berlin

Download a Free Trial

Download a fully-functional trial complete with documentation, samples, and support.

Download Now v2017.0.2 | 10/16/2017

Request a Quote

Please tell us about your project and interests and we will respond as quickly as we can.

Request a Quote