Skip to content

Function_IRPMonDllDriverStopMonitoring

Jump to bottom Edit New page
Martin Drab edited this page Mar 17, 2020 · 3 revisions

IRPMonDllDriverStopMonitoring function

Summary

Stops monitoring events related to a given driver.

Definition

void cdecl IRPMonDllDriverStopMonitoring(
    const long System.Void* Driverhandle
   );

Parameters

Driverhandle

Handle to the hooked driver (returned by a call to the IRPMonDllHookDriver routine).

Return Value

| | Description ||---|---| | ERROR_SUCCESS | The monitoring has been successfully stopped for the given driver. | | ERROR_INVALID_HANDLE | The handle supplied in the parameter is not valid. | | Other | An error has occurred. |

Remarks

This routine does exactly the opposite of the IRPMonDllDriverStartMonitoring function.

The routine removes all hooks placed on driver's DRIVER_OBJECT structure, so no events related to the driver are detected any longer. Howerver, the driver is still remembered as being hooked; its record remains in data structures of the IRPMon driver.To remove the "hooked" label from the driver, use the IRPMonDllUnhookDriver function.

See also

Add a custom footer

General

For Users-Developers

Tutorial

Public API

Functions

Types

Clone this wiki locally