| View previous topic :: View next topic |
| Author |
Message |
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
 Posted: Sat Jun 14, 2008 1:19 pm Post subject: [RLS] CreateProcessHook Beta |
 |
|
I just started on a small project. It's called "PMon." It's going to be a usermode process monitor. It monitors a process via hooking. This is only the start. Right now, it hooks CreateProcess(A/W) and notifies you via DebugView of any new processes created.
To use: Inject into any process you wish to monitor.
If you find any bugs, just post here.
|
|
| Back to top |
|
 |
Cx
Master Cheater
 Reputation: 0
Joined: 27 Jul 2007
Posts: 367
|
| Posted: Sat Jun 14, 2008 6:16 pm Post subject: |
|
|
This is actually pretty nice.
I like your style of coding.
_________________
armed with this small butterfly net
i will face the world alone
& never be lonely. |
|
| Back to top |
|
|
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Sun Jun 15, 2008 1:02 am Post subject: |
|
|
| Code: | #include <windows.h>
#define WIN32_LEAN_AND_MEAN |
You are aware that that #define has to be before the #include for it to do anything, right?
|
|
| Back to top |
|
|
Zand
Master Cheater
![]() Reputation: 0
Joined: 21 Jul 2006
Posts: 424
|
| Posted: Sun Jun 15, 2008 1:39 am Post subject: |
|
|
| I've managed to define things after includes.
|
|
| Back to top |
|
|
Zand
Master Cheater
![]() Reputation: 0
Joined: 21 Jul 2006
Posts: 424
|
| Posted: Sun Jun 15, 2008 4:18 am Post subject: |
|
|
| Right. I'm just saying you don't have to have define before includes, except for certain things ie. lean & mean
|
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Sun Jun 15, 2008 11:50 am Post subject: |
|
|
I'm still working on it. Next version will have a way to unload the DLL and a GUI control application.
I'll look into Microsoft's Detour library.
How do I fix the problem of it not working before XP SP2? The preamble is only 3 bytes instead of the 5 on SP2.
|
|
| Back to top |
|
|
Ferocious
Advanced Cheater
 Reputation: 0
Joined: 06 Feb 2008
Posts: 54
|
| Posted: Sun Jun 15, 2008 11:55 am Post subject: |
|
|
#if (WINVER =< 400) ?
_________________
I wanna hack, but I don't know how... |
|
| Back to top |
|
|
Cx
Master Cheater
Reputation: 0
Joined: 27 Jul 2007
Posts: 367
|
| Posted: Sun Jun 15, 2008 5:18 pm Post subject: |
|
|
| rapion124 wrote: | I'm still working on it. Next version will have a way to unload the DLL and a GUI control application.
I'll look into Microsoft's Detour library.
How do I fix the problem of it not working before XP SP2? The preamble is only 3 bytes instead of the 5 on SP2. |
Compare the first 2 bytes (look for MOV EDI,EDI)?
_________________
armed with this small butterfly net
i will face the world alone
& never be lonely. |
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Sun Jun 15, 2008 6:32 pm Post subject: |
|
|
| I know there's 2 bytes less on pre-SP2, but how do I fix it? I don't wanna write a whole new routine to hook especially for pre-SP2. For example, I would have to disassemble the command(s) after mov ebp, esp and copy that to my trampoline proc.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
