Help with writeprocessmemory
Posted: Wed Sep 15, 2004 1:31 pm
Hi all.
i've wrote a program that injects a dll to hook writeprocessmemory on a single process (explorer.exe)
the hook works fine but the problem is this:
there is im my system a process that i dont know ( i think i know, i m not sure) that calls writeprocessmemory to write something to the process im hooking... so the hook dont work, since im hooking explorer.exe and the caller of the process is another one...
1.) i dont know if im thinking the right way but do i need to hook the process that calls the writeprocess?
2.) if i hook the hole system (ALL_SESSIONS or SYSTEM_PROCESSES) is there a way to find wich process called and then dropit to protect the process?
3.) or if i hook the openprocess, changing the access right to PROCESS_VM_READ is this going to work?
thanks!!!
ps. special thanks to madshi who helped me with tips and this great tool.
i've wrote a program that injects a dll to hook writeprocessmemory on a single process (explorer.exe)
the hook works fine but the problem is this:
there is im my system a process that i dont know ( i think i know, i m not sure) that calls writeprocessmemory to write something to the process im hooking... so the hook dont work, since im hooking explorer.exe and the caller of the process is another one...
1.) i dont know if im thinking the right way but do i need to hook the process that calls the writeprocess?
2.) if i hook the hole system (ALL_SESSIONS or SYSTEM_PROCESSES) is there a way to find wich process called and then dropit to protect the process?
3.) or if i hook the openprocess, changing the access right to PROCESS_VM_READ is this going to work?
thanks!!!
ps. special thanks to madshi who helped me with tips and this great tool.