One of my mates has asked me if he could put a "counter" on one of his programs, to record the time and date that it has been run. Is there a way to make a hook on "progman" to check when an exe is being execed. If its the exe we want, just write a line to a text file. When its closed, write another line to the text file. All other EXE's will be ignored. Thats it :)
Note: At best, i would like it to be event based so i dont burn system resources. Also, will this be a global or thread based hook? As if its just hooking to the executor (progman), it doesnt need to be global, does it? Excuse my ignorance.
Thanx mates! :alright:
Posted on 2003-10-27 22:50:40 by Snoopy2K
Just create a little program which counts it's own executions, writes them to registry or whatever and spawns the target program using ShellExecute. Rename it to the target program's name and even use it's Icon. There you go. No Hook needed!
Posted on 2003-10-28 06:41:31 by JimmyClif
Write a little DLL and use the dll initialisation code section - it gets called by the NTLoader and not you, its privileged and you can do all kinds of things you should maybe not do - same for the SCM in respect to services..

(careful how you word your veiled questions around here - they tolerate me because I don't spell it out...)
Posted on 2003-10-28 06:46:45 by Homer
Or you could place a hook on CreateProcessA (and W). Under Windows 9x, hooking a system DLL (DLL that is mapped at a high address) is much easier than hooking an user DLL. I think Windows NT does copy on write, which could make things difficult since you may have to keep track of multiple versions of the page you're modifying.
Posted on 2003-10-28 14:07:02 by Sephiroth3
It needs to work with Win9x systems, and perhaps Win NT. I think he is on 98SE, so that will suffice for now. But if not i need it to be able to work on whatever his OS is, without having to reengineer the code. I like the idea of just making a dummy app :), but someone could just find and run the original app so my program would fail. How would i use the CreateProcess hook?
Posted on 2003-10-28 16:51:27 by Snoopy2K
Just adding, i think the app is standalone. I dont think it has any external programs it links to (DLL's or OCX's or the like), so yea. He didnt really give me the details, so im not really sure what needs to be done. If you need me to get specific information, tell me what you'll need to know, and i will ask. Thanx again, cheers!
Posted on 2003-10-28 16:53:28 by Snoopy2K