Question : how does capemon behave with new processes and threads?

[3ntr0phy]

Hello, sorry for bothering again. I was wondering if capemon gets initialized from scratch for every process/thread which is forked from the initial one. I am creating an inner structure for taking track of some info and it seems it gets initialized once the new process is spawned. Thank you :)

[kevoreilly]

Yes it should - search capemon source for 'ProcessMessage' to see the API hooks where the call creates a new process - at this point the monitor dll needs to be injected into a process before it starts running...