|
No, I think Markus-DJM is right, you can filter in the parameter of createfile if the name of the file to open is the EXE file, then you must change this parameter to the dat file.
But when you use a system wide hook like cretatefile your system perfomance is down (it's an api very often used) and you must remember that other apps uses this hook (antivirus apps).
To launch the hook you must use a app that when finished your original app must unhooked the func. Bufff!
you can add a new section in the original app,change the entrypoint and then make an application hook to createfile and you don't need to hook ALL the processes in the system, but bufff again. :-)
I think it's less agressive using NOP patch.
If you can make a program that can add a new section in a exe and add a call to a func (with loadlibrary of course) in this section, I can make the hook for you or I can make a system wide hook with a app to test how it's affect system perfomance.
Bye
|