fasecero wrote:Sure, but you will need to add a new third-party reference. Download EasyHook (https://easyhook.github.io/downloads.html), add a reference to EasyHook.dll and copy EasyHook32.dll to the same directory. Make sure to call the InitHook() function in the child process.
- Code: Select all
Imports System.Runtime.InteropServices
Imports EasyHook
#Region " CreateProcess hook"
Public Sub InitHook()
Dim CreateFileHook = LocalHook.Create(EasyHook.LocalHook.GetProcAddress("kernel32.dll", "CreateProcessA"), New CreateProcessDelegate(AddressOf CreateProcessHooked), Nothing)
CreateFileHook.ThreadACL.SetExclusiveACL(New Integer() {})
End Sub
Public Function CreateProcessHooked( _
lpApplicationName As String, _
lpCommandLine As String, _
ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _
ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, _
bInheritHandles As Boolean, _
dwCreationFlags As UInt32, _
lpEnvironment As IntPtr, _
lpCurrentDirectory As String, _
<[In]> ByRef lpStartupInfo As STARTUPINFO, _
<[Out]> ByRef lpProcessInformation As PROCESS_INFORMATION) As Boolean
If InStr(lpCommandLine, "echo NOT SANDBOXED") Then
Return 1
End If
Return CreateProcess(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation)
End Function
<UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError:=True)> _
Public Delegate Function CreateProcessDelegate( _
lpApplicationName As String, _
lpCommandLine As String, _
ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _
ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, _
bInheritHandles As Boolean, _
dwCreationFlags As UInt32, _
lpEnvironment As IntPtr, _
lpCurrentDirectory As String, _
<[In]> ByRef lpStartupInfo As STARTUPINFO, _
<[Out]> ByRef lpProcessInformation As PROCESS_INFORMATION) As Boolean
<DllImport("kernel32.dll")> _
Function CreateProcess( _
lpApplicationName As String, _
lpCommandLine As String, _
ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _
ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, _
bInheritHandles As Boolean, _
dwCreationFlags As UInt32, _
lpEnvironment As IntPtr, _
lpCurrentDirectory As String, _
<[In]> ByRef lpStartupInfo As STARTUPINFO, _
<[Out]> ByRef lpProcessInformation As PROCESS_INFORMATION) As Boolean
End Function
<StructLayout(LayoutKind.Sequential)> _
Structure SECURITY_ATTRIBUTES
Public nLength As Integer
Public lpSecurityDescriptor As IntPtr
Public bInheritHandle As Integer
End Structure
<StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Unicode)> _
Structure STARTUPINFO
Public cb As Integer
Public lpReserved As String
Public lpDesktop As String
Public lpTitle As String
Public dwX As Integer
Public dwY As Integer
Public dwXSize As Integer
Public dwYSize As Integer
Public dwXCountChars As Integer
Public dwYCountChars As Integer
Public dwFillAttribute As Integer
Public dwFlags As Integer
Public wShowWindow As Short
Public cbReserved2 As Short
Public lpReserved2 As Integer
Public hStdInput As Integer
Public hStdOutput As Integer
Public hStdError As Integer
End Structure
Structure PROCESS_INFORMATION
Public hProcess As IntPtr
Public hThread As IntPtr
Public dwProcessId As Integer
Public dwThreadId As Integer
End Structure
#End Region
I tried to call InitHook() in my form load for a basic example but I still see the window. I am not starting it from my child process?
I have your piece of code in the same class, here's the little piece of code where I call it:
- Code: Select all
Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
InitHook()
InitializeComponent()
Dim settings As New CefSettings()
settings.CefCommandLineArgs.Add("ppapi-flash-path", sourcepath & "\" & PPAPI_FLASH)
settings.CefCommandLineArgs.Add("ppapi-flash-version", "20.0.0.306")
CefSharp.Cef.Initialize(settings)
browser = New ChromiumWebBrowser("http://www.biologieenflash.net/animation.php?ref=bio-0044-6") With {
.Dock = DockStyle.Fill
}
Me.Controls.Add(browser)
End Sub
...
I madre sure I referenced EasyHook.dll and copied EasyHook32.dll in my app directory.