Hook CreateProcess so that short-lived processes are dumped on close

glmcdona / Process-Dump

Windows tool for dumping malware PE files from memory back to disk for analysis.

http://split-code.com/processdump.html

MIT License

1.63k stars 261 forks source link

Hook CreateProcess so that short-lived processes are dumped on close #8

Open glmcdona opened 7 years ago

glmcdona commented 7 years ago

Sometimes a process starts and closes before process dump and dump it. Add a hook or something to CreateProcess to add a delay before resuming on start.