Windows CreateProcess() API Hooking/Interception

Description You’ll be writing a program that intercepts all the CreateProcess() calls of a specified target EXE and does one of the following: 1) If the command-line being invoked by CreateProcess() is of interest, the following are done: a) Command being kicked-off will be modified and the modified command will be invoked b) interception of CreateProcess() is turned OFF for the modified command and subsequently its children 2) If the command being invoked by CreateProcess() is not of interest, then we start the child process without modifying the command and continue to intercept the CreateProcess() calls in the kicked-off command and its child(ren) Command-line Usage Usage on the command line: <Your program> <options> <Target EXE> Once invoked, the target EXE and its children are monitored for CreateProcess() calls. If a given CreateProcess() is about to invoke a command of interest, then provide a mechanism so that it can be modified. <options> passed in on the command-line are used in setting up the new command line. Example: Let’s say: 1. <Target EXE> invokes <[login to view URL]> and <[login to view URL]> using CreateProcess(). 2. <[login to view URL]> invokes <[login to view URL]> and <[login to view URL]>. 3. <[login to view URL]> invokes <[login to view URL]> 4. <[login to view URL]> invokes <[login to view URL]> In the above example, your program will: 1. monitor <[login to view URL]>, <[login to view URL]>, <[login to view URL]>, <[login to view URL]>, and <[login to view URL]> for CreateProcess() calls 2. stop monitoring <[login to view URL]> for CreateProcess() calls which means <[login to view URL]> will not be seen 3. Provides a mechanism for the command-line <[login to view URL]> to be replaced by some other program of my choosing. <Options> passed in on the command line must be accessible here Supported OS: Windows XP, Vista, 7, 8.x, Windows Server 2008, 2012 Coding stye: 1. The code has to be modular, readable and extensible 2. The code has to be documented thoroughly 3. The code has to use meaningful names for variables, functions, filenames etc. Deliverables: 1) I recognize that there are a few ways this can be done and I want to make sure the proposed mechanism is reliable. For this reason, I’d want to a short proposal on how this will be accomplished. 2) Final deliverables: Source code, build mechanism, Documentation I am sure I missed out on some details. Please ask questions. Thank you very much for your time.