Help File:3 ptProcesswatcherEvent
Jump to navigation
Jump to search
ptProcesswatcherEvent
With this PluginType you will get notified when the ProcessWatcher is used and it sees a new process has been created. Your callback routine retrieves the ProcessID and the PEProcess address.
Callback Definition
typedef void ( __stdcall *CEP_PLUGINTYPE3)(ULONG processid, ULONG peprocess, BOOL Created);
Doesn't need a return value.
Pointer to structure of init you have to pass
struct PLUGINTYPE3_INIT { CEP_PLUGINTYPE3 callbackroutine; //Pointer to a callback routine of the type 3 plugin };
NOTE: This event happens in a thread that is NOT the main thread. GUI specific calls (like ShowMessage) will not work properly.
- Plugin system
- GetVersion
- DisablePlugin
- InitializePlugin
- PluginVersion
- ExportedFunctions
- sizeofExportedFunctions
- ShowMessage
- RegisterFunction
- UnregisterFunction
- OpenedProcessID
- OpenedProcessHandle
- GetMainWindowHandle
- AutoAssemble
- Assembler
- Disassembler
- ChangeRegistersAtAddress
- InjectDLL
- FreezeMem
- UnfreezeMem
- FixMem
- ProcessList
- ReloadSettings
- GetAddressFromPointer
- sym_nameToAddress
- sym_addressToName
- sym_generateAPIHookScript
- loadDBK32
- loaddbvmifneeded
- previousOpcode
- nextOpcode
- disassembleEx
- loadModule
- aa_AddExtraCommand
- aa_RemoveExtraCommand