Windows API hooking using Detours

  api-hook, c++, detours, process, windows

Windows API hooking using Detours

Can someone please provide me a C++ code that uses MS Detours to hook a CreateProcess() function only when it is called with a CREATE_SUSPENDED flag.

 CreateProcess(NULL,   // No module name (use command line)
		argv[1],        // Command line
		NULL,           // Process handle not inheritable
		NULL,           // Thread handle not inheritable
		FALSE,          // Set handle inheritance to FALSE
		CREATE_SUSPENDED, // Creating process in suspended state
		NULL,           // Use parent's environment block
		NULL,           // Use parent's starting directory 
		&si,            // Pointer to STARTUPINFO structure
		&pi)           // Pointer to PROCESS_INFORMATION structure
	);


Source: StackOverflow

LEAVE A COMMENT