Detecting Process Creation
I need to detect process creation of a third-party .NET application. My开发者_开发技巧 goal is to inject a plugin DLL to enhance functionality of this application. I would prefer to inject this as early as possible so I can catch the application's initialization events. Is there any way to detect when this process is created and inject the DLL before Main is called?
The usual solution is to replace the targeted application image with a stub that launches the original image under controlled parameters.
There are other ways, like GFlags, but they're intended for debugging not for normal operations.
If you can't replace the original application as Remus suggested, you might want to look into using a system level hook and intercept CreateProcess() API family functions and monitor all their invocations.
See : API hooking revealed
It's a bit complicated and you might run into all sorts of problems, such as problems on vista and with other hooking libraries: http://forum.madshi.net/viewtopic.php?p=15833
Bad idea.
You might think I'm being harsh, but I've seen my process crash because some joker thought it was a bright idea to inject some random DLL into it for "enhanced functionality". You are potentially destabilizing everybody else's address spaces. Stop it. What's more, they will get blamed when your bad code screws them over.
The APIs which allow you to inject code into another process are really meant for writing a debugger. If you're not writing a debugger, please do not use them in production code. You are playing with fire.
精彩评论