Hook CreateProcess

well , I think what you are looking for is maghis madhook components :)
http://www.madshi.net/madCodeHookDescription.htm
you will also have some examples there, and you can find a lot of examples on the net.

I cannot use madCodeHook :(
can you give me working examples like i said in question ?

I'll have to ask this so that I don't waste time doing stuff you don't need:
you can't use madcodehook because you don't know how, or because there are some restrictions? if there are some restrictions, what are they?

I can't use madcodehook because I don't know how

ok then. I'll dig you up a small demo from somewhere in a few minute. until then, if you haven't already done so, install the madshi components

so, you download the demos from madhis site (http://madshi.net/MCHDemos.zip)
in  system wide\HookProcessTermination you have an example of what you want to do: not createprocess, but terminateprocess. you should be able to easily adopt that to createprocess.

let me know if you can do that, if not, I'll find some time later on today to do it

Very thanks for your interest but i cannot adopt it :(

ok. I will make the necessary changes for you sometime tomorrow.

btw, you are aware that createprocess is not the only function that can be used to lunch an application, right? I remember a discussion on this issue here on EE. I did a small search but couldn't find the discussion but found somthing you might look into until tomorrow when I get a chance to make the project:

https://www.experts-exchange.com/questions/10338608/Sample-code-for-IShellExecuteHook.html?query=hook+createprocess&topics=85

sorry for the outage. I got some issues on my head and were not able to modify my dev environemnt for a while.
I just installed madshi components and will get back to you with a demo in the next 24 hours.

sorry for this delay

I did the hook for createprocess api function but for some reaason injecting the hook did not work. so I looked over madhi's site and found a simle example that hooks winexec:
file://localhost/C:/Program%20Files/madCollection/madBasic/help/data/ProcessApi.htm
as you notice this is from the local installation folder ;)
also, it will only work for that process.

I am working to see why the injection fails and post the projects as soon as I fix the issue.(I will go over it tomorrow)

Thanks ciuly. I wait no prob :)
thanks

a small update. I found the issue. pretty stupid from my part, but that's what happens when someone doesn't use madcodehook too often.
the issue was that madchook.dll must be present before injecting the dll.

now that I fixed that, I am getting a lot of craches in the injecting processes. I am guessing that is might be eitehr because the ipcqueue used, or because this injects in all system processes and some system processes don't like createprocess being hooked.

I'll do some more testing next week (I am flying home this weekend :) and won't have a pc handy for the next 48-56 hours)

cheers