开发者

Monitor Windows API withOUT drivers or injection - Can it be done?

I have a list of a few Windows APIs I would like to monitor on both 32 and 64 bit versions of Windows.

Now, there are two basic approaches to this:

  • Kernel based system wide hook driver - which won't work on Win 7 64 bit. And I'd like to refrain from using kernel drivers where possible in any OS.
  • DLL Injection into specific processes. Again, I'd like to avoid this, if possible, so as to not be intrusive on many applications.

Now, the "if possible" part is the actual question here. Is it at all possible to get the affect of the Kernel driver based hook (wherein when each of the hooked APIs is called, I get开发者_开发问答 the required info passively) in a "friendlier" user mode?

My target in Win 7 (64 bit and 32 bit). Other OSs are of lesser priority.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜