PSCREATEPROCESSNOTIFYTYPE enumeration (ntddk.h)

Indicates the type of process notification. This enumeration is used in PsSetCreateProcessNotifyRoutineEx2 to register callback notifications.

Syntax

typedef enum _PSCREATEPROCESSNOTIFYTYPE {
  PsCreateProcessNotifySubsystems
} PSCREATEPROCESSNOTIFYTYPE;

Constants

Name Description
PsCreateProcessNotifySubsystems Indicates that the driver-registered callback is invoked for processes of all subsystems, including the Win32 subsystem. Drivers can call NtQueryInformationProcess to determine the underlying subsystem. The query retrieves a SUBSYSTEM_INFORMATION_TYPE value.

Requirements

   
Minimum supported client Windows 10, version 1703
Minimum supported server Windows Server 2016
Header ntddk.h (include Ntddk.h)

See also

NtQueryInformationProcess

PsSetCreateProcessNotifyRoutineEx2

SUBSYSTEM_INFORMATION_TYPE