Hook CreateProcess so that short-lived processes are dumped on close

glmcdona / Process-Dump

Windows tool for dumping malware PE files from memory back to disk for analysis.

http://split-code.com/processdump.html

MIT License

1.66k stars 263 forks source link

Hook CreateProcess so that short-lived processes are dumped on close #8

Open glmcdona opened 8 years ago

glmcdona commented 8 years ago

Sometimes a process starts and closes before process dump and dump it. Add a hook or something to CreateProcess to add a delay before resuming on start.