Hook CreateProcess in order to monitor everything from the beginning of process execution?

Dec 3, 2010 at 7:24 PM

Hello everyone.  I am brand new to EasyHook, and I am fairly new to C# as well, so please bear with me.  I would like to be able to spawn a process from within my C# application, and receive every notification for which I'm registering from the very beginning of the execution of that process.  Getting the pid after the process starts will obviously result in potentially missing n-number of events at the beginning of the process, so that won't work.  I searched these discussions, and it appears that hooking CreateProcess would be the way to do this.  Am I on the right track?  For those of you who have experience with this, do you have any tips or pointers for me as I get started with EasyHook to do this?

Apr 1, 2011 at 3:33 PM

Create process in suspended state, inject library to it, hook functions inside it in that library.