CreateProcess read PROCESS_INFORMATION

poohpooh (122)
Hi I'm hooking a function an trying to read the PROCESS_INFORMATION after CreateProcess is called with asm
The processId does not match the process id in taskmanager

CALL EAX is calling CreatProcessW

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
    PROCESS_INFORMATION ProcessInformation;
    __asm
    {
        PUSH EDX // 52
        PUSH EBP // 55
        PUSH 0 // 6A 00
        PUSH 5 // 6A 05
        PUSH 0 // 6A 00
        PUSH 0 // 6A 00
        PUSH 0 // 6A 00
        PUSH ECX // 51
        PUSH ESI // 56
        CALL EAX // FF D0

        PUSHAD; // push all general registers
        PUSHFD; // push all flags

        MOV ProcessInformation, EDX;
    }

    Log("ProcessId : %i \n", ProcessInformation.dwProcessId);


The log function is like printf but logs it to a text file
Last edited on
poohpooh (122)
no one?
Topic archived. No new replies allowed.