Tell me more ×

Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.

Hooking OpenProcess() or ReadVirtualMemory() in win32 userland code

up vote -1 down vote favorite

Is there anyway to hook/detour either of OpenProcess() or ReadProcessMemory() function calls to my own custom functions?

Without:

kernel driver on Zw/NtOpenProcess, requires rootkit exploit or driver signing for deployment
injecting .dll's in every process, spammy waste of resources and alerts many antivirus

I am trying to prevent other processes from getting a HANDLE or reading the memory of a vector of PIDs.

edited 21 mins ago

asked 28 mins ago

WHO EVEN CARES
3,06872045

1 Answer

active oldest votes

up vote 0 down vote

Here are some references, but it is not guaranteed to work on modern Windows operating systems - http://www.codeproject.com/Articles/37228/API-Hooking-LoadLibrary http://www.codeproject.com/Articles/20084/A-More-Complete-DLL-Injection-Solution-Using-Creat http://www.codeproject.com/Articles/2082/API-hooking-revealed

answered 4 mins ago

Superman
1,988147

Your Answer

Sign up or log in

Post as a guest

Name

Email required, but not shown

Post as a guest

Name

Email required, but not shown

discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged c++ windows winapi dll or ask your own question.

Technology			Life / Arts	Culture / Recreation	Science	Other
Stack Overflow Server Fault Super User Web Applications Ask Ubuntu Webmasters Game Development TeX - LaTeX	Programmers Unix & Linux Ask Different (Apple) WordPress Answers Geographic Information Systems Electrical Engineering Android Enthusiasts IT Security	Database Administrators Drupal Answers SharePoint User Experience Mathematica more (14)	Photography Science Fiction & Fantasy Seasoned Advice (cooking) Home Improvement more (13)	English Language & Usage Skeptics Mi Yodeya (Judaism) Travel Christianity Arqade (gaming) Bicycles Role-playing Games more (21)	Mathematics Cross Validated (stats) Theoretical Computer Science Physics more (7)	Stack Apps Meta Stack Overflow Area 51 Stack Overflow Careers

site design / logo © 2013 stack exchange inc; user contributions licensed under cc-wiki with attribution required

rev 2013.6.2.720

Stack Overflow works best with JavaScript enabled