public bool CreateProcessHandler(string lpApplicationName, string lpCommandLine, IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment,
string lpCurrentDirectory, ref StartupInfoW lpStartupInfo, ref ProcessInformation pInfo)
{
var processHook = false;
var parameters = new object[]
{
lpApplicationName, lpCommandLine, lpProcessAttributes,
lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo,
pInfo
};
if (_t != null)
{
processHook = (bool)_t.CallMethodAndNotifyHooker(parameters);
}
else
{
processHook = (bool)RemoteHookerBase.CallMethodAndNotifyHookerStatic(parameters);
}
lpStartupInfo = (StartupInfoW)parameters[parameters.Length - 2];
pInfo = (ProcessInformation)parameters[parameters.Length - 1];
Win32Utility.ResumeThread(pInfo.HThread);
return(processHook);
}
private static void CreateProcessAHooker_ProcessCreated(object sender, HookedEventArgs e)
{
Console.WriteLine("Process ID (PID): " + e.Entries["DwProcessId"]);
Console.WriteLine("Process Handle : " + e.Entries["HProcess"]);
Console.WriteLine("Process Thread : " + e.Entries["HThread"]);
var threadHandle = (IntPtr)e.Entries["HThread"];
Win32Utility.ResumeThread(threadHandle);
}