From e08d8d5777c07c549113076d16e3e28c771473c1 Mon Sep 17 00:00:00 2001
From: Souhardya Sardar <24700571+Souhardya@users.noreply.github.com>
Date: Thu, 30 Dec 2021 07:46:24 +0530
Subject: [PATCH] Add files via upload

---
 HookPorts/Dispatch_ADVAPI32.cpp               | 137 +++++++++++++++
 HookPorts/Dispatch_ADVAPI32.h                 |   3 +
 .../Dispatch_ADVAPI32_ChangeServiceConfig.cpp | 151 ++++++++++++++++
 .../Dispatch_ADVAPI32_ChangeServiceConfig.h   |  65 +++++++
 ...Dispatch_ADVAPI32_ChangeServiceConfig2.cpp | 103 +++++++++++
 .../Dispatch_ADVAPI32_ChangeServiceConfig2.h  |  33 ++++
 .../Dispatch_ADVAPI32_ControlService.cpp      |  61 +++++++
 HookPorts/Dispatch_ADVAPI32_ControlService.h  |  16 ++
 HookPorts/Dispatch_ADVAPI32_CreateService.cpp | 163 ++++++++++++++++++
 HookPorts/Dispatch_ADVAPI32_CreateService.h   |  73 ++++++++
 HookPorts/Dispatch_ADVAPI32_DeleteService.cpp |  55 ++++++
 HookPorts/Dispatch_ADVAPI32_DeleteService.h   |  12 ++
 .../Dispatch_ADVAPI32_LockServiceDatabase.cpp |  55 ++++++
 .../Dispatch_ADVAPI32_LockServiceDatabase.h   |  12 ++
 .../Dispatch_ADVAPI32_SetServiceStatus.cpp    |  58 +++++++
 .../Dispatch_ADVAPI32_SetServiceStatus.h      |  14 ++
 HookPorts/Dispatch_ADVAPI32_StartService.cpp  | 103 +++++++++++
 HookPorts/Dispatch_ADVAPI32_StartService.h    |  33 ++++
 ...ispatch_ADVAPI32_UnlockServiceDatabase.cpp |  55 ++++++
 .../Dispatch_ADVAPI32_UnlockServiceDatabase.h |  12 ++
 HookPorts/Dispatch_KERNEL32.cpp               |  49 ++++++
 HookPorts/Dispatch_KERNEL32.h                 |   3 +
 ...ispatch_KERNEL32_CreateProcessInternal.cpp | 133 ++++++++++++++
 .../Dispatch_KERNEL32_CreateProcessInternal.h |  34 ++++
 24 files changed, 1433 insertions(+)
 create mode 100644 HookPorts/Dispatch_ADVAPI32.cpp
 create mode 100644 HookPorts/Dispatch_ADVAPI32.h
 create mode 100644 HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig.cpp
 create mode 100644 HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig.h
 create mode 100644 HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig2.cpp
 create mode 100644 HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig2.h
 create mode 100644 HookPorts/Dispatch_ADVAPI32_ControlService.cpp
 create mode 100644 HookPorts/Dispatch_ADVAPI32_ControlService.h
 create mode 100644 HookPorts/Dispatch_ADVAPI32_CreateService.cpp
 create mode 100644 HookPorts/Dispatch_ADVAPI32_CreateService.h
 create mode 100644 HookPorts/Dispatch_ADVAPI32_DeleteService.cpp
 create mode 100644 HookPorts/Dispatch_ADVAPI32_DeleteService.h
 create mode 100644 HookPorts/Dispatch_ADVAPI32_LockServiceDatabase.cpp
 create mode 100644 HookPorts/Dispatch_ADVAPI32_LockServiceDatabase.h
 create mode 100644 HookPorts/Dispatch_ADVAPI32_SetServiceStatus.cpp
 create mode 100644 HookPorts/Dispatch_ADVAPI32_SetServiceStatus.h
 create mode 100644 HookPorts/Dispatch_ADVAPI32_StartService.cpp
 create mode 100644 HookPorts/Dispatch_ADVAPI32_StartService.h
 create mode 100644 HookPorts/Dispatch_ADVAPI32_UnlockServiceDatabase.cpp
 create mode 100644 HookPorts/Dispatch_ADVAPI32_UnlockServiceDatabase.h
 create mode 100644 HookPorts/Dispatch_KERNEL32.cpp
 create mode 100644 HookPorts/Dispatch_KERNEL32.h
 create mode 100644 HookPorts/Dispatch_KERNEL32_CreateProcessInternal.cpp
 create mode 100644 HookPorts/Dispatch_KERNEL32_CreateProcessInternal.h

diff --git a/HookPorts/Dispatch_ADVAPI32.cpp b/HookPorts/Dispatch_ADVAPI32.cpp
new file mode 100644
index 0000000..4cc74e3
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32.cpp
@@ -0,0 +1,137 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_ADVAPI32.h"
+#include "./InlineHook.h"
+#include "../Common/DebugLog.h"
+
+#include "./Dispatch_ADVAPI32_ChangeServiceConfig.h"
+#include "./Dispatch_ADVAPI32_ChangeServiceConfig2.h"
+#include "./Dispatch_ADVAPI32_ControlService.h"
+#include "./Dispatch_ADVAPI32_CreateService.h"
+#include "./Dispatch_ADVAPI32_DeleteService.h"
+#include "./Dispatch_ADVAPI32_LockServiceDatabase.h"
+#include "./Dispatch_ADVAPI32_SetServiceStatus.h"
+#include "./Dispatch_ADVAPI32_StartService.h"
+#include "./Dispatch_ADVAPI32_UnlockServiceDatabase.h"
+
+
+
+//
+//Global
+//
+BOOL bADVAPI32Patched = FALSE;
+
+
+
+//
+//Dispatch_ADVAPI32 Functions
+//
+int Dispatch_ADVAPI32_Start(void)
+{
+	//Return Value:
+	//-1 = error
+	//0 = patched
+	//1 = succeed
+
+	if( bADVAPI32Patched == TRUE )
+	{
+		return 0;
+	}
+
+	HINSTANCE hADVAPI32 = NULL;
+	hADVAPI32 = LoadLibrary(L"advapi32.dll");
+
+	//
+	//Patch API
+	//
+
+	//ChangeServiceConfigA
+	InlineHook(
+		(__pfnChangeServiceConfigA)GetProcAddress(hADVAPI32,"ChangeServiceConfigA"),
+		OnChangeServiceConfigA,
+		(void **)&pfnChangeServiceConfigA
+		);
+	//ChangeServiceConfigW
+	InlineHook(
+		(__pfnChangeServiceConfigW)GetProcAddress(hADVAPI32,"ChangeServiceConfigW"),
+		OnChangeServiceConfigW,
+		(void **)&pfnChangeServiceConfigW
+		);
+
+	//ChangeServiceConfig2A
+	InlineHook(
+		(__pfnChangeServiceConfig2A)GetProcAddress(hADVAPI32,"ChangeServiceConfig2A"),
+		OnChangeServiceConfig2A,
+		(void **)&pfnChangeServiceConfig2A
+		);
+	//ChangeServiceConfig2W
+	InlineHook(
+		(__pfnChangeServiceConfig2W)GetProcAddress(hADVAPI32,"ChangeServiceConfig2W"),
+		OnChangeServiceConfig2W,
+		(void **)&pfnChangeServiceConfig2W
+		);
+
+	//ControlService
+	InlineHook(
+		(__pfnControlService)GetProcAddress(hADVAPI32,"ControlService"),
+		OnControlService,
+		(void **)&pfnControlService
+		);
+
+	//CreateServiceA
+	InlineHook(
+		(__pfnCreateServiceA)GetProcAddress(hADVAPI32,"CreateServiceA"),
+		OnCreateServiceA,
+		(void **)&pfnCreateServiceA
+		);
+	//CreateServiceW
+	InlineHook(
+		(__pfnCreateServiceW)GetProcAddress(hADVAPI32,"CreateServiceW"),
+		OnCreateServiceW,
+		(void **)&pfnCreateServiceW
+		);
+
+	//DeleteService
+	InlineHook(
+		(__pfnDeleteService)GetProcAddress(hADVAPI32,"DeleteService"),
+		OnDeleteService,
+		(void **)&pfnDeleteService
+		);
+
+	//LockServiceDatabase
+	InlineHook(
+		(__pfnLockServiceDatabase)GetProcAddress(hADVAPI32,"LockServiceDatabase"),
+		OnLockServiceDatabase,
+		(void **)&pfnLockServiceDatabase
+		);
+
+	//SetServiceStatus
+	InlineHook(
+		(__pfnSetServiceStatus)GetProcAddress(hADVAPI32,"SetServiceStatus"),
+		OnSetServiceStatus,
+		(void **)&pfnSetServiceStatus
+		);
+
+	//StartServiceA
+	InlineHook(
+		(__pfnStartServiceA)GetProcAddress(hADVAPI32,"StartServiceA"),
+		OnStartServiceA,
+		(void **)&pfnStartServiceA
+		);
+	//StartServiceW
+	InlineHook(
+		(__pfnStartServiceW)GetProcAddress(hADVAPI32,"StartServiceW"),
+		OnStartServiceW,
+		(void **)&pfnStartServiceW
+		);
+
+	//UnlockServiceDatabase
+	InlineHook(
+		(__pfnUnlockServiceDatabase)GetProcAddress(hADVAPI32,"UnlockServiceDatabase"),
+		OnUnlockServiceDatabase,
+		(void **)&pfnUnlockServiceDatabase
+		);
+
+	return 1;
+}
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32.h b/HookPorts/Dispatch_ADVAPI32.h
new file mode 100644
index 0000000..0e7341f
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32.h
@@ -0,0 +1,3 @@
+#pragma once
+
+int Dispatch_ADVAPI32_Start(void);
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig.cpp b/HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig.cpp
new file mode 100644
index 0000000..7d8d008
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig.cpp
@@ -0,0 +1,151 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_ADVAPI32_ChangeServiceConfig.h"
+#include "../Common/DebugLog.h"
+#include "./HookHelp.h"
+#include "./Main.h"
+#include "./GetProcAddressEx.h"
+
+
+
+//
+//Global
+//
+__pfnChangeServiceConfigA pfnChangeServiceConfigA = NULL;
+__pfnChangeServiceConfigW pfnChangeServiceConfigW = NULL;
+
+
+
+//
+//Dispatch_ADVAPI32_ChangeServiceConfig Functions
+//
+BOOL
+WINAPI
+OnChangeServiceConfigA(
+	SC_HANDLE    hService,
+	DWORD        dwServiceType,
+	DWORD        dwStartType,
+	DWORD        dwErrorControl,
+	LPCSTR     lpBinaryPathName,
+	LPCSTR     lpLoadOrderGroup,
+	LPDWORD      lpdwTagId,
+	LPCSTR     lpDependencies,
+	LPCSTR     lpServiceStartName,
+	LPCSTR     lpPassword,
+	LPCSTR     lpDisplayName)
+{
+	BOOL bRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		bRet = pfnChangeServiceConfigA(
+			hService,
+			dwServiceType,
+			dwStartType,
+			dwErrorControl,
+			lpBinaryPathName,
+			lpLoadOrderGroup,
+			lpdwTagId,
+			lpDependencies,
+			lpServiceStartName,
+			lpPassword,
+			lpDisplayName
+			);
+
+		return bRet;
+	}
+
+	//bRet = pfnChangeServiceConfigA(
+	//	hService,
+	//	dwServiceType,
+	//	dwStartType,
+	//	dwErrorControl,
+	//	lpBinaryPathName,
+	//	lpLoadOrderGroup,
+	//	lpdwTagId,
+	//	lpDependencies,
+	//	lpServiceStartName,
+	//	lpPassword,
+	//	lpDisplayName
+	//	);
+
+	//return bRet;
+
+	//
+	//Refuse directly
+	//
+	return FALSE;
+}
+
+BOOL
+WINAPI
+OnChangeServiceConfigW(
+	SC_HANDLE    hService,
+	DWORD        dwServiceType,
+	DWORD        dwStartType,
+	DWORD        dwErrorControl,
+	LPCWSTR     lpBinaryPathName,
+	LPCWSTR     lpLoadOrderGroup,
+	LPDWORD      lpdwTagId,
+	LPCWSTR     lpDependencies,
+	LPCWSTR     lpServiceStartName,
+	LPCWSTR     lpPassword,
+	LPCWSTR     lpDisplayName)
+{
+	BOOL bRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		bRet = pfnChangeServiceConfigW(
+			hService,
+			dwServiceType,
+			dwStartType,
+			dwErrorControl,
+			lpBinaryPathName,
+			lpLoadOrderGroup,
+			lpdwTagId,
+			lpDependencies,
+			lpServiceStartName,
+			lpPassword,
+			lpDisplayName
+			);
+
+		return bRet;
+	}
+
+	//bRet = pfnChangeServiceConfigW(
+	//	hService,
+	//	dwServiceType,
+	//	dwStartType,
+	//	dwErrorControl,
+	//	lpBinaryPathName,
+	//	lpLoadOrderGroup,
+	//	lpdwTagId,
+	//	lpDependencies,
+	//	lpServiceStartName,
+	//	lpPassword,
+	//	lpDisplayName
+	//	);
+
+	//return bRet;
+
+	//
+	//Refuse directly
+	//
+	return FALSE;
+}
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig.h b/HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig.h
new file mode 100644
index 0000000..ad2f212
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig.h
@@ -0,0 +1,65 @@
+#pragma once
+
+typedef BOOL (WINAPI * __pfnChangeServiceConfigA)
+(
+	SC_HANDLE    hService,
+	DWORD        dwServiceType,
+	DWORD        dwStartType,
+	DWORD        dwErrorControl,
+	LPCSTR     lpBinaryPathName,
+	LPCSTR     lpLoadOrderGroup,
+	LPDWORD      lpdwTagId,
+	LPCSTR     lpDependencies,
+	LPCSTR     lpServiceStartName,
+	LPCSTR     lpPassword,
+	LPCSTR     lpDisplayName);
+
+extern __pfnChangeServiceConfigA pfnChangeServiceConfigA;
+
+BOOL
+WINAPI
+OnChangeServiceConfigA(
+	SC_HANDLE    hService,
+	DWORD        dwServiceType,
+	DWORD        dwStartType,
+	DWORD        dwErrorControl,
+	LPCSTR     lpBinaryPathName,
+	LPCSTR     lpLoadOrderGroup,
+	LPDWORD      lpdwTagId,
+	LPCSTR     lpDependencies,
+	LPCSTR     lpServiceStartName,
+	LPCSTR     lpPassword,
+	LPCSTR     lpDisplayName);
+
+
+
+typedef BOOL (WINAPI * __pfnChangeServiceConfigW)
+(
+	SC_HANDLE    hService,
+	DWORD        dwServiceType,
+	DWORD        dwStartType,
+	DWORD        dwErrorControl,
+	LPCWSTR     lpBinaryPathName,
+	LPCWSTR     lpLoadOrderGroup,
+	LPDWORD      lpdwTagId,
+	LPCWSTR     lpDependencies,
+	LPCWSTR     lpServiceStartName,
+	LPCWSTR     lpPassword,
+	LPCWSTR     lpDisplayName);
+
+extern __pfnChangeServiceConfigW pfnChangeServiceConfigW;
+
+BOOL
+WINAPI
+OnChangeServiceConfigW(
+	SC_HANDLE    hService,
+	DWORD        dwServiceType,
+	DWORD        dwStartType,
+	DWORD        dwErrorControl,
+	LPCWSTR     lpBinaryPathName,
+	LPCWSTR     lpLoadOrderGroup,
+	LPDWORD      lpdwTagId,
+	LPCWSTR     lpDependencies,
+	LPCWSTR     lpServiceStartName,
+	LPCWSTR     lpPassword,
+	LPCWSTR     lpDisplayName);
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig2.cpp b/HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig2.cpp
new file mode 100644
index 0000000..b33fdba
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig2.cpp
@@ -0,0 +1,103 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_ADVAPI32_ChangeServiceConfig2.h"
+#include "../Common/DebugLog.h"
+#include "./HookHelp.h"
+#include "./Main.h"
+#include "./GetProcAddressEx.h"
+
+
+
+//
+//Global
+//
+__pfnChangeServiceConfig2A pfnChangeServiceConfig2A = NULL;
+__pfnChangeServiceConfig2W pfnChangeServiceConfig2W = NULL;
+
+
+
+//
+//Dispatch_ADVAPI32_ChangeServiceConfig2 Functions
+//
+BOOL
+WINAPI
+OnChangeServiceConfig2A(
+	SC_HANDLE    hService,
+	DWORD        dwInfoLevel,
+	LPVOID       lpInfo)
+{
+	BOOL bRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		bRet = pfnChangeServiceConfig2A(
+			hService,
+			dwInfoLevel,
+			lpInfo
+			);
+
+		return bRet;
+	}
+
+	//bRet = pfnChangeServiceConfig2A(
+	//	hService,
+	//	dwInfoLevel,
+	//	lpInfo
+	//	);
+
+	//return bRet;
+
+	//
+	//Refuse directly
+	//
+	return FALSE;
+}
+
+BOOL
+WINAPI
+OnChangeServiceConfig2W(
+	SC_HANDLE    hService,
+	DWORD        dwInfoLevel,
+	LPVOID       lpInfo)
+{
+	BOOL bRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		bRet = pfnChangeServiceConfig2W(
+			hService,
+			dwInfoLevel,
+			lpInfo
+			);
+
+		return bRet;
+	}
+
+	//bRet = pfnChangeServiceConfig2W(
+	//	hService,
+	//	dwInfoLevel,
+	//	lpInfo
+	//	);
+
+	//return bRet;
+
+	//
+	//Refuse directly
+	//
+	return FALSE;
+}
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig2.h b/HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig2.h
new file mode 100644
index 0000000..013cc1e
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_ChangeServiceConfig2.h
@@ -0,0 +1,33 @@
+#pragma once
+
+typedef BOOL (WINAPI * __pfnChangeServiceConfig2A)
+(
+	SC_HANDLE    hService,
+	DWORD        dwInfoLevel,
+	LPVOID       lpInfo);
+
+extern __pfnChangeServiceConfig2A pfnChangeServiceConfig2A;
+
+BOOL
+WINAPI
+OnChangeServiceConfig2A(
+	SC_HANDLE    hService,
+	DWORD        dwInfoLevel,
+	LPVOID       lpInfo);
+
+
+
+typedef BOOL (WINAPI * __pfnChangeServiceConfig2W)
+(
+	SC_HANDLE    hService,
+	DWORD        dwInfoLevel,
+	LPVOID       lpInfo);
+
+extern __pfnChangeServiceConfig2W pfnChangeServiceConfig2W;
+
+BOOL
+WINAPI
+OnChangeServiceConfig2W(
+	SC_HANDLE    hService,
+	DWORD        dwInfoLevel,
+	LPVOID       lpInfo);
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_ControlService.cpp b/HookPorts/Dispatch_ADVAPI32_ControlService.cpp
new file mode 100644
index 0000000..325441e
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_ControlService.cpp
@@ -0,0 +1,61 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_ADVAPI32_ControlService.h"
+#include "../Common/DebugLog.h"
+#include "./HookHelp.h"
+#include "./Main.h"
+#include "./GetProcAddressEx.h"
+
+
+
+//
+//Global
+//
+__pfnControlService pfnControlService = NULL;
+
+
+
+//
+//Dispatch_ADVAPI32_ControlService Functions
+//
+BOOL
+WINAPI
+OnControlService(
+	SC_HANDLE           hService,
+	DWORD               dwControl,
+	LPSERVICE_STATUS    lpServiceStatus)
+{
+	BOOL bRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		bRet = pfnControlService(
+			hService,
+			dwControl,
+			lpServiceStatus
+			);
+
+		return bRet;
+	}
+
+	//bRet = pfnControlService(
+	//	hService,
+	//	dwControl,
+	//	lpServiceStatus
+	//	);
+
+	//return bRet;
+
+	//
+	//Refuse directly
+	//
+	return FALSE;
+}
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_ControlService.h b/HookPorts/Dispatch_ADVAPI32_ControlService.h
new file mode 100644
index 0000000..6ff84a8
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_ControlService.h
@@ -0,0 +1,16 @@
+#pragma once
+
+typedef BOOL (WINAPI * __pfnControlService)
+(
+	SC_HANDLE           hService,
+	DWORD               dwControl,
+	LPSERVICE_STATUS    lpServiceStatus);
+
+extern __pfnControlService pfnControlService;
+
+BOOL
+WINAPI
+OnControlService(
+	SC_HANDLE           hService,
+	DWORD               dwControl,
+	LPSERVICE_STATUS    lpServiceStatus);
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_CreateService.cpp b/HookPorts/Dispatch_ADVAPI32_CreateService.cpp
new file mode 100644
index 0000000..a83d288
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_CreateService.cpp
@@ -0,0 +1,163 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_ADVAPI32_CreateService.h"
+#include "../Common/DebugLog.h"
+#include "./HookHelp.h"
+#include "./Main.h"
+#include "./GetProcAddressEx.h"
+
+
+
+//
+//Global
+//
+__pfnCreateServiceA pfnCreateServiceA = NULL;
+__pfnCreateServiceW pfnCreateServiceW = NULL;
+
+
+
+//
+//Dispatch_ADVAPI32_CreateService Functions
+//
+SC_HANDLE
+WINAPI
+OnCreateServiceA(
+	SC_HANDLE    hSCManager,
+	LPCSTR     lpServiceName,
+	LPCSTR     lpDisplayName,
+	DWORD        dwDesiredAccess,
+	DWORD        dwServiceType,
+	DWORD        dwStartType,
+	DWORD        dwErrorControl,
+	LPCSTR     lpBinaryPathName,
+	LPCSTR     lpLoadOrderGroup,
+	LPDWORD      lpdwTagId,
+	LPCSTR     lpDependencies,
+	LPCSTR     lpServiceStartName,
+	LPCSTR     lpPassword)
+{
+	SC_HANDLE scRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		scRet = pfnCreateServiceA(
+			hSCManager,
+			lpServiceName,
+			lpDisplayName,
+			dwDesiredAccess,
+			dwServiceType,
+			dwStartType,
+			dwErrorControl,
+			lpBinaryPathName,
+			lpLoadOrderGroup,
+			lpdwTagId,
+			lpDependencies,
+			lpServiceStartName,
+			lpPassword
+			);
+
+		return scRet;
+	}
+
+	//scRet = pfnCreateServiceA(
+	//	hSCManager,
+	//	lpServiceName,
+	//	lpDisplayName,
+	//	dwDesiredAccess,
+	//	dwServiceType,
+	//	dwStartType,
+	//	dwErrorControl,
+	//	lpBinaryPathName,
+	//	lpLoadOrderGroup,
+	//	lpdwTagId,
+	//	lpDependencies,
+	//	lpServiceStartName,
+	//	lpPassword
+	//	);
+
+	//return scRet;
+
+	//
+	//Refuse directly
+	//
+	return NULL;
+}
+
+SC_HANDLE
+WINAPI
+OnCreateServiceW(
+	SC_HANDLE    hSCManager,
+	LPCWSTR     lpServiceName,
+	LPCWSTR     lpDisplayName,
+	DWORD        dwDesiredAccess,
+	DWORD        dwServiceType,
+	DWORD        dwStartType,
+	DWORD        dwErrorControl,
+	LPCWSTR     lpBinaryPathName,
+	LPCWSTR     lpLoadOrderGroup,
+	LPDWORD      lpdwTagId,
+	LPCWSTR     lpDependencies,
+	LPCWSTR     lpServiceStartName,
+	LPCWSTR     lpPassword)
+{
+	SC_HANDLE scRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		scRet = pfnCreateServiceW(
+			hSCManager,
+			lpServiceName,
+			lpDisplayName,
+			dwDesiredAccess,
+			dwServiceType,
+			dwStartType,
+			dwErrorControl,
+			lpBinaryPathName,
+			lpLoadOrderGroup,
+			lpdwTagId,
+			lpDependencies,
+			lpServiceStartName,
+			lpPassword
+			);
+
+		return scRet;
+	}
+
+	//scRet = pfnCreateServiceW(
+	//	hSCManager,
+	//	lpServiceName,
+	//	lpDisplayName,
+	//	dwDesiredAccess,
+	//	dwServiceType,
+	//	dwStartType,
+	//	dwErrorControl,
+	//	lpBinaryPathName,
+	//	lpLoadOrderGroup,
+	//	lpdwTagId,
+	//	lpDependencies,
+	//	lpServiceStartName,
+	//	lpPassword
+	//	);
+
+	//return scRet;
+
+	//
+	//Refuse directly
+	//
+	return NULL;
+}
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_CreateService.h b/HookPorts/Dispatch_ADVAPI32_CreateService.h
new file mode 100644
index 0000000..1b6d608
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_CreateService.h
@@ -0,0 +1,73 @@
+#pragma once
+
+typedef SC_HANDLE (WINAPI * __pfnCreateServiceA)
+(
+	SC_HANDLE    hSCManager,
+	LPCSTR     lpServiceName,
+	LPCSTR     lpDisplayName,
+	DWORD        dwDesiredAccess,
+	DWORD        dwServiceType,
+	DWORD        dwStartType,
+	DWORD        dwErrorControl,
+	LPCSTR     lpBinaryPathName,
+	LPCSTR     lpLoadOrderGroup,
+	LPDWORD      lpdwTagId,
+	LPCSTR     lpDependencies,
+	LPCSTR     lpServiceStartName,
+	LPCSTR     lpPassword);
+
+extern __pfnCreateServiceA pfnCreateServiceA;
+
+SC_HANDLE
+WINAPI
+OnCreateServiceA(
+	SC_HANDLE    hSCManager,
+	LPCSTR     lpServiceName,
+	LPCSTR     lpDisplayName,
+	DWORD        dwDesiredAccess,
+	DWORD        dwServiceType,
+	DWORD        dwStartType,
+	DWORD        dwErrorControl,
+	LPCSTR     lpBinaryPathName,
+	LPCSTR     lpLoadOrderGroup,
+	LPDWORD      lpdwTagId,
+	LPCSTR     lpDependencies,
+	LPCSTR     lpServiceStartName,
+	LPCSTR     lpPassword);
+
+
+
+typedef SC_HANDLE (WINAPI * __pfnCreateServiceW)
+(
+	SC_HANDLE    hSCManager,
+	LPCWSTR     lpServiceName,
+	LPCWSTR     lpDisplayName,
+	DWORD        dwDesiredAccess,
+	DWORD        dwServiceType,
+	DWORD        dwStartType,
+	DWORD        dwErrorControl,
+	LPCWSTR     lpBinaryPathName,
+	LPCWSTR     lpLoadOrderGroup,
+	LPDWORD      lpdwTagId,
+	LPCWSTR     lpDependencies,
+	LPCWSTR     lpServiceStartName,
+	LPCWSTR     lpPassword);
+
+extern __pfnCreateServiceW pfnCreateServiceW;
+
+SC_HANDLE
+WINAPI
+OnCreateServiceW(
+	SC_HANDLE    hSCManager,
+	LPCWSTR     lpServiceName,
+	LPCWSTR     lpDisplayName,
+	DWORD        dwDesiredAccess,
+	DWORD        dwServiceType,
+	DWORD        dwStartType,
+	DWORD        dwErrorControl,
+	LPCWSTR     lpBinaryPathName,
+	LPCWSTR     lpLoadOrderGroup,
+	LPDWORD      lpdwTagId,
+	LPCWSTR     lpDependencies,
+	LPCWSTR     lpServiceStartName,
+	LPCWSTR     lpPassword);
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_DeleteService.cpp b/HookPorts/Dispatch_ADVAPI32_DeleteService.cpp
new file mode 100644
index 0000000..97c376b
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_DeleteService.cpp
@@ -0,0 +1,55 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_ADVAPI32_DeleteService.h"
+#include "../Common/DebugLog.h"
+#include "./HookHelp.h"
+#include "./Main.h"
+#include "./GetProcAddressEx.h"
+
+
+
+//
+//Global
+//
+__pfnDeleteService pfnDeleteService = NULL;
+
+
+
+//
+//Dispatch_ADVAPI32_DeleteService Functions
+//
+BOOL
+WINAPI
+OnDeleteService(
+	SC_HANDLE   hService)
+{
+	BOOL bRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		bRet = pfnDeleteService(
+			hService
+			);
+
+		return bRet;
+	}
+
+	//bRet = pfnDeleteService(
+	//	hService
+	//	);
+
+	//return bRet;
+
+	//
+	//Refuse directly
+	//
+	return FALSE;
+}
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_DeleteService.h b/HookPorts/Dispatch_ADVAPI32_DeleteService.h
new file mode 100644
index 0000000..dd5007d
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_DeleteService.h
@@ -0,0 +1,12 @@
+#pragma once
+
+typedef BOOL (WINAPI * __pfnDeleteService)
+(
+	SC_HANDLE   hService);
+
+extern __pfnDeleteService pfnDeleteService;
+
+BOOL
+WINAPI
+OnDeleteService(
+	SC_HANDLE   hService);
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_LockServiceDatabase.cpp b/HookPorts/Dispatch_ADVAPI32_LockServiceDatabase.cpp
new file mode 100644
index 0000000..adbc353
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_LockServiceDatabase.cpp
@@ -0,0 +1,55 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_ADVAPI32_LockServiceDatabase.h"
+#include "../Common/DebugLog.h"
+#include "./HookHelp.h"
+#include "./Main.h"
+#include "./GetProcAddressEx.h"
+
+
+
+//
+//Global
+//
+__pfnLockServiceDatabase pfnLockServiceDatabase = NULL;
+
+
+
+//
+//Dispatch_ADVAPI32_LockServiceDatabase Functions
+//
+SC_LOCK
+WINAPI
+OnLockServiceDatabase(
+	SC_HANDLE hSCManager)
+{
+	SC_LOCK scRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		scRet = pfnLockServiceDatabase(
+			hSCManager
+			);
+
+		return scRet;
+	}
+
+	//scRet = pfnLockServiceDatabase(
+	//	hSCManager
+	//	);
+
+	//return scRet;
+
+	//
+	//Refuse directly
+	//
+	return NULL;
+}
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_LockServiceDatabase.h b/HookPorts/Dispatch_ADVAPI32_LockServiceDatabase.h
new file mode 100644
index 0000000..e575d6b
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_LockServiceDatabase.h
@@ -0,0 +1,12 @@
+#pragma once
+
+typedef SC_LOCK (WINAPI * __pfnLockServiceDatabase)
+(
+	SC_HANDLE hSCManager);
+
+extern __pfnLockServiceDatabase pfnLockServiceDatabase;
+
+SC_LOCK
+WINAPI
+OnLockServiceDatabase(
+	SC_HANDLE hSCManager);
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_SetServiceStatus.cpp b/HookPorts/Dispatch_ADVAPI32_SetServiceStatus.cpp
new file mode 100644
index 0000000..7ef9868
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_SetServiceStatus.cpp
@@ -0,0 +1,58 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_ADVAPI32_SetServiceStatus.h"
+#include "../Common/DebugLog.h"
+#include "./HookHelp.h"
+#include "./Main.h"
+#include "./GetProcAddressEx.h"
+
+
+
+//
+//Global
+//
+__pfnSetServiceStatus pfnSetServiceStatus = NULL;
+
+
+
+//
+//Dispatch_ADVAPI32_SetServiceStatus Functions
+//
+BOOL
+WINAPI
+OnSetServiceStatus(
+	SERVICE_STATUS_HANDLE hServiceStatus,
+	LPSERVICE_STATUS lpServiceStatus)
+{
+	BOOL bRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		bRet = pfnSetServiceStatus(
+			hServiceStatus,
+			lpServiceStatus
+			);
+
+		return bRet;
+	}
+
+	//bRet = pfnSetServiceStatus(
+	//	hServiceStatus,
+	//	lpServiceStatus
+	//	);
+
+	//return bRet;
+
+	//
+	//Refuse directly
+	//
+	return FALSE;
+}
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_SetServiceStatus.h b/HookPorts/Dispatch_ADVAPI32_SetServiceStatus.h
new file mode 100644
index 0000000..0bdfe4f
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_SetServiceStatus.h
@@ -0,0 +1,14 @@
+#pragma once
+
+typedef BOOL (WINAPI * __pfnSetServiceStatus)
+(
+	SERVICE_STATUS_HANDLE hServiceStatus,
+	LPSERVICE_STATUS lpServiceStatus);
+
+extern __pfnSetServiceStatus pfnSetServiceStatus;
+
+BOOL
+WINAPI
+OnSetServiceStatus(
+	SERVICE_STATUS_HANDLE hServiceStatus,
+	LPSERVICE_STATUS lpServiceStatus);
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_StartService.cpp b/HookPorts/Dispatch_ADVAPI32_StartService.cpp
new file mode 100644
index 0000000..7652924
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_StartService.cpp
@@ -0,0 +1,103 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_ADVAPI32_StartService.h"
+#include "../Common/DebugLog.h"
+#include "./HookHelp.h"
+#include "./Main.h"
+#include "./GetProcAddressEx.h"
+
+
+
+//
+//Global
+//
+__pfnStartServiceA pfnStartServiceA = NULL;
+__pfnStartServiceW pfnStartServiceW = NULL;
+
+
+
+//
+//Dispatch_ADVAPI32_StartService Functions
+//
+BOOL
+WINAPI
+OnStartServiceA(
+	SC_HANDLE            hService,
+	DWORD                dwNumServiceArgs,
+	LPCSTR             *lpServiceArgVectors)
+{
+	BOOL bRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		bRet = pfnStartServiceA(
+			hService,
+			dwNumServiceArgs,
+			lpServiceArgVectors
+			);
+
+		return bRet;
+	}
+
+	//bRet = pfnStartServiceA(
+	//	hService,
+	//	dwNumServiceArgs,
+	//	lpServiceArgVectors
+	//	);
+
+	//return bRet;
+
+	//
+	//Refuse directly
+	//
+	return FALSE;
+}
+
+BOOL
+WINAPI
+OnStartServiceW(
+    SC_HANDLE            hService,
+    DWORD                dwNumServiceArgs,
+    LPCWSTR             *lpServiceArgVectors)
+{
+	BOOL bRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		bRet = pfnStartServiceW(
+			hService,
+			dwNumServiceArgs,
+			lpServiceArgVectors
+			);
+
+		return bRet;
+	}
+
+	//bRet = pfnStartServiceW(
+	//	hService,
+	//	dwNumServiceArgs,
+	//	lpServiceArgVectors
+	//	);
+
+	//return bRet;
+
+	//
+	//Refuse directly
+	//
+	return FALSE;
+}
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_StartService.h b/HookPorts/Dispatch_ADVAPI32_StartService.h
new file mode 100644
index 0000000..a02f346
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_StartService.h
@@ -0,0 +1,33 @@
+#pragma once
+
+typedef BOOL (WINAPI * __pfnStartServiceA)
+(
+	SC_HANDLE            hService,
+	DWORD                dwNumServiceArgs,
+	LPCSTR             *lpServiceArgVectors);
+
+extern __pfnStartServiceA pfnStartServiceA;
+
+BOOL
+WINAPI
+OnStartServiceA(
+	SC_HANDLE            hService,
+	DWORD                dwNumServiceArgs,
+	LPCSTR             *lpServiceArgVectors);
+
+
+
+typedef BOOL (WINAPI * __pfnStartServiceW)
+(
+    SC_HANDLE            hService,
+    DWORD                dwNumServiceArgs,
+    LPCWSTR             *lpServiceArgVectors);
+
+extern __pfnStartServiceW pfnStartServiceW;
+
+BOOL
+WINAPI
+OnStartServiceW(
+    SC_HANDLE            hService,
+    DWORD                dwNumServiceArgs,
+    LPCWSTR             *lpServiceArgVectors);
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_UnlockServiceDatabase.cpp b/HookPorts/Dispatch_ADVAPI32_UnlockServiceDatabase.cpp
new file mode 100644
index 0000000..8c178bf
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_UnlockServiceDatabase.cpp
@@ -0,0 +1,55 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_ADVAPI32_UnlockServiceDatabase.h"
+#include "../Common/DebugLog.h"
+#include "./HookHelp.h"
+#include "./Main.h"
+#include "./GetProcAddressEx.h"
+
+
+
+//
+//Global
+//
+__pfnUnlockServiceDatabase pfnUnlockServiceDatabase = NULL;
+
+
+
+//
+//Dispatch_ADVAPI32_UnlockServiceDatabase Functions
+//
+BOOL
+WINAPI
+OnUnlockServiceDatabase(
+	SC_LOCK ScLock)
+{
+	BOOL bRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		bRet = pfnUnlockServiceDatabase(
+			ScLock
+			);
+
+		return bRet;
+	}
+
+	//bRet = pfnUnlockServiceDatabase(
+	//	ScLock
+	//	);
+
+	//return bRet;
+
+	//
+	//Refuse directly
+	//
+	return FALSE;
+}
\ No newline at end of file
diff --git a/HookPorts/Dispatch_ADVAPI32_UnlockServiceDatabase.h b/HookPorts/Dispatch_ADVAPI32_UnlockServiceDatabase.h
new file mode 100644
index 0000000..3197a3c
--- /dev/null
+++ b/HookPorts/Dispatch_ADVAPI32_UnlockServiceDatabase.h
@@ -0,0 +1,12 @@
+#pragma once
+
+typedef BOOL (WINAPI * __pfnUnlockServiceDatabase)
+(
+	SC_LOCK ScLock);
+
+extern __pfnUnlockServiceDatabase pfnUnlockServiceDatabase;
+
+BOOL
+WINAPI
+OnUnlockServiceDatabase(
+	SC_LOCK ScLock);
\ No newline at end of file
diff --git a/HookPorts/Dispatch_KERNEL32.cpp b/HookPorts/Dispatch_KERNEL32.cpp
new file mode 100644
index 0000000..8ab7e22
--- /dev/null
+++ b/HookPorts/Dispatch_KERNEL32.cpp
@@ -0,0 +1,49 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_KERNEL32.h"
+#include "./InlineHook.h"
+#include "../Common/DebugLog.h"
+
+#include "./Dispatch_KERNEL32_CreateProcessInternal.h"
+
+
+
+//
+//Global
+//
+BOOL bKERNEL32Patched = FALSE;
+
+
+
+//
+//Dispatch_KERNEL32 Functions
+//
+int Dispatch_KERNEL32_Start(void)
+{
+	//Return Value:
+	//-1 = error
+	//0 = patched
+	//1 = succeed
+
+	if( bKERNEL32Patched == TRUE )
+	{
+		return 0;
+	}
+
+	HINSTANCE hKERNEL32 = NULL;
+	hKERNEL32 = LoadLibrary(L"kernel32.dll");
+
+	//
+	//Patch API
+	//
+
+	//CreateProcessInternalW
+	InlineHook(
+		(__pfnCreateProcessInternalW)GetProcAddress(hKERNEL32,"CreateProcessInternalW"),
+		OnCreateProcessInternalW,
+		(void **)&pfnCreateProcessInternalW
+		);
+
+	return 1;
+}
\ No newline at end of file
diff --git a/HookPorts/Dispatch_KERNEL32.h b/HookPorts/Dispatch_KERNEL32.h
new file mode 100644
index 0000000..0c44838
--- /dev/null
+++ b/HookPorts/Dispatch_KERNEL32.h
@@ -0,0 +1,3 @@
+#pragma once
+
+int Dispatch_KERNEL32_Start(void);
\ No newline at end of file
diff --git a/HookPorts/Dispatch_KERNEL32_CreateProcessInternal.cpp b/HookPorts/Dispatch_KERNEL32_CreateProcessInternal.cpp
new file mode 100644
index 0000000..5f2d52f
--- /dev/null
+++ b/HookPorts/Dispatch_KERNEL32_CreateProcessInternal.cpp
@@ -0,0 +1,133 @@
+#include <windows.h>
+#include <ntsecapi.h>
+
+#include "./Dispatch_KERNEL32_CreateProcessInternal.h"
+#include "../Common/DebugLog.h"
+#include "./HookHelp.h"
+#include "./Main.h"
+#include "./RemoteInjection.h"
+#include "./Initalization.h"
+#include "./GetProcAddressEx.h"
+
+
+
+//
+//Global
+//
+__pfnCreateProcessInternalW pfnCreateProcessInternalW = NULL;
+
+
+
+//
+//Dispatch_KERNEL32_CreateProcessInternal Functions
+//
+BOOL
+WINAPI
+OnCreateProcessInternalW(
+	HANDLE hToken,
+	LPCWSTR lpApplicationName,
+	LPWSTR lpCommandLine,
+	LPSECURITY_ATTRIBUTES lpProcessAttributes,
+	LPSECURITY_ATTRIBUTES lpThreadAttributes,
+	BOOL bInheritHandles,
+	DWORD dwCreationFlags,
+	LPVOID lpEnvironment,
+	LPCWSTR lpCurrentDirectory,
+	LPSTARTUPINFOW lpStartupInfo,
+	LPPROCESS_INFORMATION lpProcessInformation,
+	PHANDLE hNewToken)
+{
+	BOOL bRet;
+
+	DWORD dwRetAddr = 0;
+	__asm
+	{
+		mov eax, [ebp+4];
+		sub eax, 5;
+		mov dwRetAddr, eax;
+	}
+	if( IsBypassCaller(dwRetAddr) )
+	{
+		bRet = pfnCreateProcessInternalW(
+			hToken,
+			lpApplicationName,
+			lpCommandLine,
+			lpProcessAttributes,
+			lpThreadAttributes,
+			bInheritHandles,
+			dwCreationFlags,
+			lpEnvironment,
+			lpCurrentDirectory,
+			lpStartupInfo,
+			lpProcessInformation,
+			hNewToken
+			);
+
+		return bRet;
+	}
+
+	////
+	////Check if includes [CREATE_SUSPENDED] flags
+	////
+	//BOOL bSuspended = FALSE;
+
+	//if( (dwCreationFlags & CREATE_SUSPENDED ) == 0 )
+	//{
+	//	dwCreationFlags |= CREATE_SUSPENDED;
+	//	bSuspended = TRUE;
+	//}
+	//else
+	//{
+	//	bSuspended = FALSE;
+	//}
+
+	bRet = pfnCreateProcessInternalW(
+		hToken,
+		lpApplicationName,
+		lpCommandLine,
+		lpProcessAttributes,
+		lpThreadAttributes,
+		bInheritHandles,
+		dwCreationFlags,
+		lpEnvironment,
+		lpCurrentDirectory,
+		lpStartupInfo,
+		lpProcessInformation,
+		hNewToken
+		);
+
+	//if(bRet)
+	//{
+	//	//
+	//	//Inject process
+	//	//
+	//	int iInjection = 0;
+	//	OBJECTCONFIG OBJCfg;
+	//	lstrcpy(OBJCfg.szSandBoxName,g_szSandBoxName);
+	//	iInjection = InjectProcess((HMODULE)g_hinstDLL,lpProcessInformation->dwProcessId,&OBJCfg,"HookPort_Start");
+	//	if( iInjection == 1 )
+	//	{
+	//		AddProcessIdToProcTable(lpProcessInformation->dwProcessId);
+
+	//		//
+	//		//Resume thread if not includes [CREATE_SUSPENDED] flags before
+	//		//
+	//		if(bSuspended)
+	//		{
+	//			ResumeThread(lpProcessInformation->hThread);
+	//		}
+	//	}
+	//	else
+	//	{
+	//		HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, lpProcessInformation->dwProcessId);
+	//		if(hProcess == NULL)
+	//		{
+	//			bRet =  FALSE;
+	//		}
+	//		bRet = TerminateProcess(hProcess, 0);
+	//		CloseHandle(hProcess);
+	//	}
+	//}
+
+	return bRet;
+}
\ No newline at end of file
diff --git a/HookPorts/Dispatch_KERNEL32_CreateProcessInternal.h b/HookPorts/Dispatch_KERNEL32_CreateProcessInternal.h
new file mode 100644
index 0000000..4788fd0
--- /dev/null
+++ b/HookPorts/Dispatch_KERNEL32_CreateProcessInternal.h
@@ -0,0 +1,34 @@
+#pragma once
+
+typedef BOOL (WINAPI * __pfnCreateProcessInternalW)
+(
+	HANDLE hToken,
+	LPCWSTR lpApplicationName,
+	LPWSTR lpCommandLine,
+	LPSECURITY_ATTRIBUTES lpProcessAttributes,
+	LPSECURITY_ATTRIBUTES lpThreadAttributes,
+	BOOL bInheritHandles,
+	DWORD dwCreationFlags,
+	LPVOID lpEnvironment,
+	LPCWSTR lpCurrentDirectory,
+	LPSTARTUPINFOW lpStartupInfo,
+	LPPROCESS_INFORMATION lpProcessInformation,
+	PHANDLE hNewToken);
+
+extern __pfnCreateProcessInternalW pfnCreateProcessInternalW;
+
+BOOL
+WINAPI
+OnCreateProcessInternalW(
+	HANDLE hToken,
+	LPCWSTR lpApplicationName,
+	LPWSTR lpCommandLine,
+	LPSECURITY_ATTRIBUTES lpProcessAttributes,
+	LPSECURITY_ATTRIBUTES lpThreadAttributes,
+	BOOL bInheritHandles,
+	DWORD dwCreationFlags,
+	LPVOID lpEnvironment,
+	LPCWSTR lpCurrentDirectory,
+	LPSTARTUPINFOW lpStartupInfo,
+	LPPROCESS_INFORMATION lpProcessInformation,
+	PHANDLE hNewToken);
\ No newline at end of file