CodePlexProject Hosting for Open Source Software
I wanted to know does dll ijnection misses the first few calls to an API when a new process starts up.
It is happening in my case
Any help will be appreciated.
It does happen. The call to RtlCreateSuspendedProcess create a suspended target process (with a suspended main thread. I call it 1st thread) and wait for the host to create the hooking thread (I call it 2nd thread) by
CreateRemoteThread. It happens that some application do has a 3rd (or 4th...) thread running before the hooking thread (2nd thread) start. One example is cl.exe from Visual Studio. I don't know about its mechanism. Anyone
Are you sure you want to delete this post? You will not be able to recover it later.
Are you sure you want to delete this thread? You will not be able to recover it later.