Windows Process / application
-
I would like to ask how to detect application/windows scripts on load. for example my program would detect if someprogram.exe is loading.. thank you.
-
I would like to ask how to detect application/windows scripts on load. for example my program would detect if someprogram.exe is loading.. thank you.
you'll have to take a snapshot of every process, every second (or a time you decide), and compare with the old snapshot to see if you find a new process. you can try hooking the api that opens the processes to watch it, but it's somehow expensive to develop... there's the oportunity to write a kernel module and watche the processes memory pages, that is more expensive yet... i don't really much more clues on how to do it, but there are books that goes deep on theese subjects such as "Windows Rootkits: Subverting the windows kernel" and such.