I am trying to hook just a few functions in advapi32 on a child process. i'm using unmanaged c++ (but as a last resort will use managed code) I have zero experience in API hooking.
basically what i'm trying to :
1) process launched by non-administrator on win7 or win8
2) I have full control over child process creation
3) if I had to pre-install some component as administrator it would be less preferable but OK
4) initially plan to only work on 32-bit version, 64-bit later
i'm trying to create a PoC "Service Control Manager" wrapper that will run a service as user outside services.exe i.e. so an existing windows service can be launched almost like a normal process.
to do this (among other complexities) I need to hook
and replace with my own functions.
1) is this possible with easyhook?
2) Reading the unmanaged documentation could this be achieved with RhCreateAndInject? Or what methods do I need to investigate? Are there any example codes when you need to hook a few functions in a child process?