use easyhook to hook API in kernel?

Apr 15, 2009 at 10:22 AM
I have some virus samples (exe files),and I want to hook some kernel APIs when they are running.

I think RhCreateAndInject will help me, I can hook it before it really running. But what is WCHAR* InLibraryPath_x86 (what is the Library used for?), and how to hook two or more APIs (actually, I do not know even how to hook one API by using RhCreateAndInject)?

Can you give me a example? Is there anyone tried this before?
Apr 15, 2009 at 5:27 PM
You can't hook kernel APIs with RhCreateAndInject().

BWT, most of your questions are answered in the tutorial, maybe you should read it first!

Look at the unmanaged API documentation if you want to know about easyhook's kernel mode capabilities...