quote:
Originally posted by shlomifr
Why not using a hook or CreateRemoteThread to get the code injected into the process?
because with that method you need another thread to call CreateRemoteThread from
![:p](images/smilies/msn_tongue.gif)
e.g., another process running in the background constantly that must start before messenger starts, etc.
however, it may be fairly reliable if such a binary started itself before messenger using the same trick Process Explorer uses to start itself before taskmgr... (that is, setting itself as taskmgr's Debugger in Image File Execution Options... although i don't know the details of how this works or if it would even work at all)