CreateProcessEx not working for me

Incanus · Post by **Incanus** » Tue Mar 15, 2005 8:56 pm

I can't get CreateProcessEx to work properly for me. The following code gives me the message that the API is hooked. But when I try to terminate the application it terminates although it shouldn't.
Strangley enough when I tested my hook dll with InjectLibrary it worked as expected.
I hope someone can tell me how to do this right

System:
Win2000 SP4
Delphi 2005
Admin Privs
madCollection 2.1.7.0

Code: Select all

//Injector
procedure TForm1.Button1Click(Sender: TObject);
begin
  RunProcess('E:\Spiele\Ultima Online 2D\client.exe');
end;

function TForm1.RunProcess(FileName: string): Longword;
var
  StartupInfo: TStartupInfo;
  ProcessInfo: TProcessInformation;
  dllPath: string;
begin
  dllPath := ExtractFilePath(Application.ExeName) + 'hookUO.dll';
  ZeroMemory(@StartupInfo, SizeOf(TStartupInfo));
  ZeroMemory(@ProcessInfo, SizeOf(TProcessInformation));
  StartupInfo.dwFlags := STARTF_USESHOWWINDOW;
  StartupInfo.wShowWindow := SW_SHOW;
  CreateProcessEx(PChar(Filename),
    nil,
    nil,
    nil,
    False,
    0,
    nil,
    nil,
    StartupInfo,
    ProcessInfo,
    PChar(dllPath))
end;

Code: Select all

//dll
library hookUO;

uses
  Windows,
  madCodeHook;

var
  TerminateProcessNext : function (processHandle, exitCode: dword) : bool; stdcall;

function TerminateProcessCallback(processHandle, exitCode: dword) : bool; stdcall;
begin
  MessageBox(0, 'terminating', 'Hooking...', MB_ICONINFORMATION);
  result := false;
end;

begin
  if HookAPI('kernel32.dll', 'TerminateProcess', @TerminateProcessCallback, @TerminateProcessNext) then
    MessageBox(0, 'Hooking succeeded', 'Hooking...', MB_ICONINFORMATION)
  else
    MessageBox(0, 'Hooking failed', 'Hooking...', MB_ICONINFORMATION);
end.

Thanks in advance for your help

Post by **madshi** » Wed Mar 16, 2005 8:09 am

The big question is: Which process is calling TerminateProcess? If you use CreateProcessEx your dll is only injected into the newly created process, but not into any other process. So TerminateProcess is in that case also only hooked inside of the newly created process.

Incanus · Post by **Incanus** » Wed Mar 16, 2005 4:21 pm

Thanks for pointing me the right direction :)