Advanced testing

After making sure that the probe has worked correctly we can try to test it with real process. Lets inject the probe into explorer.exe process.

NOTE: your antivirus could block this operation.

.\bin\hdk --inject "My Process Created" --process "explorer.exe"

Try to start some processes. You should see events in the hdk console. Try to start notepad process. This operation should be blocked according to our probe.

Only probes could be injected (not scheduled probes). Also not all process are suitable for HDK inject (but most likely it will work with full agent).