Is it possible to hook ALL processes?

Jul 21, 2014 at 3:49 PM
I'm new to EasyHook so this might be a silly question...

I need to monitor file access from all processes at the same time. My use case:

We have a complex build system to compile our project, and what I want to do is figure out which parts of our gigantic toolchain is actually used during a compile process. This will allow me to trim down the required local toolchain.

However during the build process, multiple other processes are spawned (I suspect both 32-bit and 64-bit), so in order for this to work, I need to hook all processes that come and go during the build.

Can EasyHook do this?
Jul 24, 2014 at 9:24 AM
EasyHook doesn't provide a mechanism to do this automatically, but you could hook appropriate APIs so you know when processes are being spawned to then hook them.