I have a list of a few windows API I would like to monitor on both 32 and 64 bit versions of Windows.
Now, there are two basic approaches to this -
- Kernel based system wide hook driver - which won't work on Win 7 64 bit. And I'd like to refrain from using kernel drivers where possible in any OS.
- DLL Injection into specific processes. Again, I'd like to avoid this, if possible, so as to not be intrusive on many applications.
Now, the "if possible" part is the actual question here. Is it at all possible to get the affect of the Kernel driver based hook (wherein when each of the hooked APIs is called, I get the required info passively) in a "friendlier" user mode?
My target in Win 7 (64 bit and 32 bit). Other OSs are of lesser priority.