Quote:
|
Originally Posted by amigo
Of course, Omidgl, I can explain what I'm doing.
It write some kind of universal antiviral protection.
I add my code to some procs (CreateProcess, CreateService etc)
My code check the name of starting process/service and its properties (size, checksum) with the list. When the starting process is not present on the list, the messagebox appears :" Do you want to start CIH.exe, image size..., created .... ?".
If answer is not, it writes 0 as a first byte of path, so the system message 'can't find the file' appears  .
Ye, I know, it's a little lame.....
Regards
amigo |
For this kind of global hooks you'd be better using ntdll/ntoskrnl and native api interception... Any program not using win32 functions would escape your protection.