In an attempt to inject a DLL into a process before it calls a specific method, I am trying to suspend a process while it is being created.
Alternatively I am trying to do a system wide hook of CreateFile, located in kernel32.dll. If that is possible it would be even better since that was the end result intended.
Old Questioin: I am looking to suspend a process as soon as it is created but before it is started. But I don't want to have to launch the process suspended manually.
I want to be able to double click any .exe, and if it has a specific process name(Or if it's metadata matches), I want to be able to suspend it before it starts.
I looked at
"Hooking the native API and controlling process creation on a system-wide basis", but it doesn't seem to work on my system, Windows 7 x64... I am terrible at C and I was hoping for a C# alternative? I don't even know if that is possible...
And a side question. If I self sign my program, will an antivirus be set off by a driver and DLL injection? (This is not for malicious intent, see
here for more information.) I am only worried about self signing and AV because most users freak out about that type of thing.