RemoteHookingCreateAndInject Method (String, String, Int32, String, String, Int32, Object)

Creates a new process which is started suspended until you call WakeUpProcess from within your injected library Run() method. This allows you to hook the target BEFORE any of its usual code is executed. In situations where a target has debugging and hook preventions, you will get a chance to block those mechanisms for example...

Namespace: EasyHook
Assembly: EasyHook (in EasyHook.dll) Version: 2.7.6684.0 (2.7.6684.0)

Syntax

C++

Copy

public static void CreateAndInject(
	string InEXEPath,
	string InCommandLine,
	int InProcessCreationFlags,
	string InLibraryPath_x86,
	string InLibraryPath_x64,
	out int OutProcessId,
	params Object[] InPassThruArgs
)

Public Shared Sub CreateAndInject ( 
	InEXEPath As String,
	InCommandLine As String,
	InProcessCreationFlags As Integer,
	InLibraryPath_x86 As String,
	InLibraryPath_x64 As String,
	<OutAttribute> ByRef OutProcessId As Integer,
	ParamArray InPassThruArgs As Object()
)

public:
static void CreateAndInject(
	String^ InEXEPath, 
	String^ InCommandLine, 
	int InProcessCreationFlags, 
	String^ InLibraryPath_x86, 
	String^ InLibraryPath_x64, 
	[OutAttribute] int% OutProcessId, 
	... array<Object^>^ InPassThruArgs
)

static member CreateAndInject : 
        InEXEPath : string * 
        InCommandLine : string * 
        InProcessCreationFlags : int * 
        InLibraryPath_x86 : string * 
        InLibraryPath_x64 : string * 
        OutProcessId : int byref * 
        InPassThruArgs : Object[] -> unit

Parameters

InEXEPath: Type: SystemString
A relative or absolute path to the desired executable.
InCommandLine: Type: SystemString
Optional command line parameters for process creation.
InProcessCreationFlags: Type: SystemInt32
Internally CREATE_SUSPENDED is already passed to CreateProcess(). With this parameter you can add more flags like DETACHED_PROCESS, CREATE_NEW_CONSOLE or whatever!
InLibraryPath_x86: Type: SystemString
A partially qualified assembly name or a relative/absolute file path of the 32-bit version of your library. For example "MyAssembly, PublicKeyToken=248973975895496" or ".\Assemblies\\MyAssembly.dll".
InLibraryPath_x64: Type: SystemString
A partially qualified assembly name or a relative/absolute file path of the 64-bit version of your library. For example "MyAssembly, PublicKeyToken=248973975895496" or ".\Assemblies\\MyAssembly.dll".
OutProcessId: Type: SystemInt32
The process ID of the newly created process.
InPassThruArgs: Type: SystemObject
A serializable list of parameters being passed to your library entry points Run() and constructor (see IEntryPoint).

Exceptions

Exception	Condition
ArgumentException	The given EXE path could not be found.

Remarks

Please note that this method might fail when injecting into managed processes, especially when the target is using the CLR hosting API and takes advantage of AppDomains. For example, the Internet Explorer won't be hookable with this method. In such a case your only options are either to hook the target with the unmanaged API or to hook it after (non-supended) creation with the usual Inject(Int32, InjectionOptions, String, String, Object) method.

See Inject(Int32, InjectionOptions, String, String, Object) for more information. The exceptions listed here are additional to the ones listed for Inject(Int32, InjectionOptions, String, String, Object).

Reference

RemoteHooking Class

CreateAndInject Overload

EasyHook Namespace