Can I assume that I have PROCESS_ALL_ACCESS rights to the process?redllar wrote:The whole library would need to have "inject dll into a process" capabilities, api-hooking/unhooking capabilities, and a way to recover and pass on the module handle for the api caller.
Can you explain? What code are you going to disassemble?redllar wrote:The dll injector and api hooker would need access to a generic pc-cpu code dis-assembler to ensure that the "stepped on" code was complete.
Implicitely - no problem. Explicitely - a bit more work, but can be done.redllar wrote:The api hooker would need to hook implicitly loaded, delay loaded, and explicitly loaded library functions.
I don't know how does delayed loading work, but I have an idea...
For functions in delay and explicitely loaded dlls, I could call LoadLibrary() on setting a hook. It could slightly slow application initialization down, but should work. Is it acceptable?
I guess you're going to pass me dll and function names and the library is supposed to find it?
Never did it before, but sounds easy.redllar wrote:It would also need to capture the handle of the module making the api call so that it could later be retrieved and used by JPE for its module inclusion/exclusion list processing.
You ask for a very generic thing, it requires too much work. But I think we can significantly simplify it. I.e. When do you set hooks? If you do it just after CreateProcess(CREATE_SUSPENDED) it would be much easier.
Let's better continue the discussion via email. I'll PM you my address.