neology Posted April 24, 2009 Posted April 24, 2009 I'm working on a project to develop a program that monitor the API..CreateProcess() function (in kernel32.dll) Could somebody can compile the dll for me? The flow as below. 1.The remote program will inject this dll into all process that active. 2.Then the dll will hook those API. 3.For each API hooked, the hooked function will pass the fullpath and PID of the process file to the remote program. Then it will wait until the remote program send a feedback. The feedback is either 1 or 0. If the feedback is 0, then the real API function proceed else, terminate the process. If somebody can help me..i'll sure credit you in my program.
Richard Robertson Posted April 24, 2009 Posted April 24, 2009 That is best left for the driver level. Drivers are extremely complicated.
Valik Posted April 24, 2009 Posted April 24, 2009 I find it very unlikely that you have a legitimate use for that sort of behavior. Thread closed.
Recommended Posts