ACL Wildcard

Aug 19, 2012 at 2:22 PM

I'm working with the unmanaged hooking calls.  After the dll is injected and the functions are hooked, an ACL needs to be set that will determine which threads are intercepted.  It would be nice if a wildcard could be added that will intercept all calls for a given process instead of enumerating all threads for the process in the dll entry function and then hooking the thread creation function to get the ids of all thread created in the process.

Any thoughts?

Aug 20, 2012 at 10:47 PM
Edited Aug 22, 2012 at 10:53 AM

Just pass in a thread Id of 0 to the exclusion list this will catch all threads.