Code: Select all
HookAPI('kernel32.dll', 'CreateProcessW', @CreateProcessWCallback, @CreateProcessWNext);
HookAPI('kernel32.dll', 'CreateProcessA', @CreateProcessACallback, @CreateProcessANext);
HookAPI('kernel32.dll', 'WinExec', @WinExecCallback, @WinExecNext );
HookAPI('advapi32.dll', 'CreateProcessAsUserW', @CreateProcessAsUserWCallback, @CreateProcessAsUserWNext);
HookAPI('advapi32.dll', 'CreateProcessAsUserA', @CreateProcessAsUserACallback, @CreateProcessAsUserANext);
HookAPI('advapi32.dll', 'CreateProcessWithLogonW', @CreateProcessWithLogonWCallback, @CreateProcessWithLogonWNext);
HookAPI('advapi32.dll', 'CreateProcessWithLogonA', @CreateProcessWithLogonACallback, @CreateProcessWithLogonANext);
HookAPI('advapi32.dll', 'CreateProcessWithTokenW', @CreateProcessWithTokenWCallback, @CreateProcessWithTokenWNext);
HookAPI('ntdll.dll','RtlCreateUserProcess',@RtlCreateUserProcessCallback,@RtlCreateUserProcessNext);
HookAPI('ntdll.dll','RtlCreateProcessParameters',@RtlCreateProcessParametersCallback,@RtlCreateProcessParametersNext);
HookAPI('ntdll.dll','NtCreateProcess',@NtCreateProcessCallback,@NtCreateProcessNext);
HookAPI('ntdll.dll','NtCreateProcessEx',@NtCreateProcessExCallback,@NtCreateProcessExNext);
Does anybody know how Seven creates new processes?