| Author | Message | Time |
|---|---|---|
| St0rm.iD | (Windows 2000/XP) Is there a way that I can _globally_ (that is, for all processes) hook the CreateProcess call? If so, could you explain it to me/direct me on my quest? | October 9, 2004, 4:12 PM |
| drivehappy | This may be of some help (under System-wide Windows Hooks): http://www.codeproject.com/system/hooksys.asp | October 9, 2004, 6:31 PM |
| Skywing | That will only work for Win32 processes. If you want to make sure user mode code can't evade your hooks, or if you want to hook non-Win32 subsystem processes, you should use a kernel driver and PsSetCreateProcessNotifyRoutine(). | October 9, 2004, 10:47 PM |
| DecA | I can explain this better to you St0rm on AIM | November 26, 2004, 10:48 AM |
| Adron | [quote author=DecA link=topic=9064.msg90071#msg90071 date=1101466129] I can explain this better to you St0rm on AIM [/quote] That'd be a shame. Then everyone else wouldn't get the chance to learn. | November 26, 2004, 2:47 PM |
| sixb0nes | Check out Phrack's great article on userland rootkits. It explains pretty much what you're asking for. http://www.phrack.org/phrack/62/p62-0x0c_Win32_Portable_Userland_Rootkit.txt | December 10, 2004, 10:23 AM |