| View previous topic :: View next topic |
| Author |
Message |
bhpianist
Cheater
 Reputation: 1
Joined: 17 Apr 2010
Posts: 38
|
 Posted: Tue Jun 01, 2010 6:23 pm Post subject: Hooking process creation |
 |
|
My quick search told me I have the following options:
(1) Write a driver which hooks NtCreateSection()
I don't want to write a driver, it's too messy for the simple thing that I want to accomplish.
(2) Use the AppInit_DLLs registry value
I don't want to use this method, it's kind of lame..
(3) Use EnumProcesses() in a loop and detect new & destroyed processes
I refuse to believe that this the most efficient way for this problem, and I'm always scared of hogging resources.
Anyone know a good method?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Tue Jun 01, 2010 6:46 pm Post subject: |
|
|
only good and 'official' method is 1, but don't hook NtCreateSection, Just call PsSetCreateProcessNotifyRoutine
alternatively, perhaps you could do something with WMI ( http://msdn.microsoft.com/en-us/library/aa390425%28VS.85%29.aspx )
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
bhpianist
Cheater
Reputation: 1
Joined: 17 Apr 2010
Posts: 38
|
| Posted: Wed Jun 02, 2010 11:35 am Post subject: |
|
|
Drivers are too messy though.. there isn't another way to run a system-wide hook?
WMI is messy too...
|
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Thu Jun 03, 2010 2:14 am Post subject: |
|
|
| You could use SetWindowsHookEx to inject a dll into every process. The dll could report back to the main application to notify when it has been injected into a new process. However this will not be at the point the process is created but only once it is completely loaded (and running) I think.
|
|
| Back to top |
|
|
bhpianist
Cheater
Reputation: 1
Joined: 17 Apr 2010
Posts: 38
|
| Posted: Fri Jun 04, 2010 10:17 pm Post subject: |
|
|
| tombana wrote: | | You could use SetWindowsHookEx to inject a dll into every process. The dll could report back to the main application to notify when it has been injected into a new process. However this will not be at the point the process is created but only once it is completely loaded (and running) I think. |
Holy shit, that'll about do it. Thanks.
Any idea when the DLL is injected?
|
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Sat Jun 05, 2010 5:29 am Post subject: |
|
|
| bhpianist wrote: | Holy shit, that'll about do it. Thanks.
Any idea when the DLL is injected? |
As soon as you call SetWindowsHookEx (with the appropriate parameters for global injection into áll processes) it will inject the dll into the already running processes. For new processes, I think the dll is loaded somewhere before the entry-point of the main exe is executed.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Sat Jun 05, 2010 5:49 am Post subject: |
|
|
Note that it won't load into processes that have no gui
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
