[R00tKit]

hi
i hook open process and deny any open from my program UI except PROCESS_QUERY_INFORMATION

it work very well in windows Xp but in windows seven my program UI themes dont work ( it get in classic mode )

i detect "Themes" service in svchost is responsible for themeing , it work with open our process by Write privilege

how know if this service in svchost call OpenProcess for allow it and deny other service

any suggestion

regard

[GamingMasteR]

Hi,

You can get the PID associated to the service with help of function QueryServiceStatusEx
The service name is Themes and the Service DLL loaded by it is shsvcs.dll

[R00tKit]

I can see that current process is "svchost.exe". Now I need to know which service inside svchost is calling the hooked function, especially, I want to know when Themes services is calling my hooked function.

[redp]

I can see that current process is "svchost.exe". Now I need to know which service inside svchost is calling the hooked function, especially, I want to know when Themes services is calling my hooked function.

TEB.SubProcessTag ? Check this

[GamingMasteR]

Thanks redp :)

[R00tKit]

very thanks ;)