Hooking CreateProcess?

Bookstore

	Computer Math and Games in Pascal (preview)
	Lazarus Handbook

Recent

DbGrid, grid column check... by 1HuntnMan
[April 24, 2024, 11:13:57 pm]
Colore celle StringGrid by JuanBell
[April 24, 2024, 10:37:56 pm]
FpDebug likely bug by 440bx
[April 24, 2024, 10:12:59 pm]
Any upgrades to fpWeb pag... by verasan
[April 24, 2024, 10:11:46 pm]
Web Applications with Pas... by Handoko
[April 24, 2024, 08:56:29 pm]
AI, NLP and CAI: Text Gen... by indydev
[April 24, 2024, 08:54:00 pm]
Offical launch of the 1 B... by Gustavo 'Gus' Carreno
[April 24, 2024, 08:48:22 pm]
Multidimensional arrays a... by KodeZwerg
[April 24, 2024, 08:34:38 pm]
Ho Ho Ho IntraWeb in Laza... by Thaddy
[April 24, 2024, 08:31:29 pm]
[SOLVED] System.Now gives... by alpine
[April 24, 2024, 08:29:19 pm]
open dialog - default dir... by Nicole
[April 24, 2024, 08:02:40 pm]
Installing and using Vamp... by Odacir
[April 24, 2024, 07:58:22 pm]
Demo Scene Picture sinwav... by circular
[April 24, 2024, 07:27:02 pm]
Demo Scene Bitmap Font Sc... by KodeZwerg
[April 24, 2024, 07:21:14 pm]
what's difference between... by ASerge
[April 24, 2024, 07:09:52 pm]
splitting an image by KodeZwerg
[April 24, 2024, 07:07:21 pm]
Debugger error by bobonwhidbey
[April 24, 2024, 07:03:07 pm]
How to: create DLL file f... by paule32
[April 24, 2024, 07:02:31 pm]
Your best UI design - con... by circular
[April 24, 2024, 06:48:12 pm]
Converting a string/index... by 1HuntnMan
[April 24, 2024, 06:35:19 pm]
Drawing grid lines on a t... by KodeZwerg
[April 24, 2024, 05:42:19 pm]
Compile/Convert Delphi pr... by Martin_fr
[April 24, 2024, 05:29:03 pm]
Lazarus features in a non... by Lutz Mändle
[April 24, 2024, 05:26:34 pm]
Lazarus for Windows on aa... by msintle
[April 24, 2024, 05:03:57 pm]
Parameter passing odditie... by KodeZwerg
[April 24, 2024, 03:41:49 pm]

« previous next »

Pages: [1]

Author Topic: Hooking CreateProcess? (Read 8480 times)

Logic_Bomb

New Member
Posts: 41

Hooking CreateProcess?

« on: February 12, 2013, 06:33:49 pm »

Hey Guys,

A short(ish) question from me - I am trying to work out how to hook the windows CreateProcess routines so that I can detour through the code in my application before any new processes are created on a system. Examples of this can be seen in programs such as ZoneAlarm where you are asked to Allow or Deny a new process to run before it is actually spawned. I have played around with Suspending/Resuming the process using PsAPI and tlhelp32 (jwatlhelp32), but neither of these are responsive enough to be of any use, since using those requires me to loop through all the running processes and check for new ones. It would be a lot easier and quicker if I could simply hook the windows 7 createprocess routines and detour through my code before the process is created.

Any ideas? Suggestions? Or a better method of doing this?

Thanks and Regards,

Logic_

Logged

taazz

Hero Member
Posts: 5368

Re: Hooking CreateProcess?

« Reply #1 on: February 12, 2013, 07:13:48 pm »

Below is the most comprehensive page I could find in a short time.

http://forum.sysinternals.com/createprocess-api-hook_topic13138.html

Read the articles there to get an over view, c/c++ mainly.

http://www.internals.com/articles/apispy/apispy.htm
http://www.codeguru.com/cpp/w-p/system/misc/article.php/c5667/API-Hooking-Revealed.htm

Logged

Good judgement is the result of experience … Experience is the result of bad judgement.

OS : Windows 7 64 bit
Laz: Lazarus 1.4.4 FPC 2.6.4 i386-win32-win32/win64

Pages: [1]

« previous next »

XHTML
RSS
WAP2

Lazarus

Bookstore

Search

Recent

Author Topic: Hooking CreateProcess? (Read 8480 times)

Logic_Bomb

Hooking CreateProcess?

taazz

Re: Hooking CreateProcess?