Description: Code more or less turned me a little, only linked to the introduction of the function table into SetWindowHookEx and CreateRemoteThread have two ways, the process of enumeration to distinguish between the different systems are used psai and toolhelp, the other in order to obtain the creation of Process message, make a driver to register a callback function, in general, has done quite a part in the injection rod, if want to hang a variety of functions, can be combined to use detour.
To Search:
File list (Check if you may need any files):
chkosver.cpp
NetUserEnum.CPP
NetUserGetInfo.cpp
RecycleBin.CPP
ScheduledTasks.CPP
Download