Click or drag to resize

RemoteHookingCreateAndInject Method (String, String, Int32, InjectionOptions, String, String, Int32, Object)

Creates a new process which is started suspended until you call WakeUpProcess from within your injected library Run() method. This allows you to hook the target BEFORE any of its usual code is executed. In situations where a target has debugging and hook preventions, you will get a chance to block those mechanisms for example...

Namespace:  EasyHook
Assembly:  EasyHook (in EasyHook.dll) Version: 2.7.6684.0 (2.7.6684.0)
Syntax
public static void CreateAndInject(
	string InEXEPath,
	string InCommandLine,
	int InProcessCreationFlags,
	InjectionOptions InOptions,
	string InLibraryPath_x86,
	string InLibraryPath_x64,
	out int OutProcessId,
	params Object[] InPassThruArgs
)

Parameters

InEXEPath
Type: SystemString
A relative or absolute path to the desired executable.
InCommandLine
Type: SystemString
Optional command line parameters for process creation.
InProcessCreationFlags
Type: SystemInt32
Internally CREATE_SUSPENDED is already passed to CreateProcess(). With this parameter you can add more flags like DETACHED_PROCESS, CREATE_NEW_CONSOLE or whatever!
InOptions
Type: EasyHookInjectionOptions
A valid combination of options.
InLibraryPath_x86
Type: SystemString
A partially qualified assembly name or a relative/absolute file path of the 32-bit version of your library. For example "MyAssembly, PublicKeyToken=248973975895496" or ".\Assemblies\\MyAssembly.dll".
InLibraryPath_x64
Type: SystemString
A partially qualified assembly name or a relative/absolute file path of the 64-bit version of your library. For example "MyAssembly, PublicKeyToken=248973975895496" or ".\Assemblies\\MyAssembly.dll".
OutProcessId
Type: SystemInt32
The process ID of the newly created process.
InPassThruArgs
Type: SystemObject
A serializable list of parameters being passed to your library entry points Run() and constructor (see IEntryPoint).
Exceptions
ExceptionCondition
ArgumentException The given EXE path could not be found.
Remarks

Please note that this method might fail when injecting into managed processes, especially when the target is using the CLR hosting API and takes advantage of AppDomains. For example, the Internet Explorer won't be hookable with this method. In such a case your only options are either to hook the target with the unmanaged API or to hook it after (non-supended) creation with the usual Inject(Int32, InjectionOptions, String, String, Object) method.

See Inject(Int32, InjectionOptions, String, String, Object) for more information. The exceptions listed here are additional to the ones listed for Inject(Int32, InjectionOptions, String, String, Object).

See Also