private bool CreateProcessACallback(string lpApplicationName, string lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, IntPtr lpStartupInfo, out ProcessInformation lpProcessInformation)
{
// Start the process suspended
var result = UnsafeNativeMethods.CreateProcessA(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags | UnsafeNativeMethods.CreateSuspended, lpEnvironment, lpCurrentDirectory, lpStartupInfo, out lpProcessInformation);
// Inject the hooking DLL (and resume the process)
RemoteHooking.Inject(lpProcessInformation.dwProcessId, EntryPoint.AssemblyStrongName, EntryPoint.AssemblyStrongName,
// Custom arguments
_implementationDir, _registryFilter, _relaunchControl);
return result;
}
public static extern bool CreateProcessA(string lpApplicationName, string lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, IntPtr lpStartupInfo, out ProcessInformation lpProcessInformation);