Hook CreateProcess
6种比较常用的运行(执行)程序的方法:
包括WinExec、ShellExecute、CreateProcess、CreateProcessAsUser、CreateProcessWithLogonW、CreateProcessWithTokenW
要在r3层hook程序的运行,需要用到上述api
CreateProcessAsUser
win7用
CreateProcessAsUser,C#写的windows服务弹框提示消息或者启动子进程
CreateProcessWithLogonW
CreateProcessAsUser和CreateProcessWithLogonW的简单案列
经测试
用easyhook在win7 64下hook CreateProcessW BaseThreadInitThunk OpenProcess CreateProcessInternalW 都会导致explorer崩溃
