Quote (AbDuCt @ Jul 15 2016 05:58am)
That's nice explain how I am wrong. Seeing how I have used this method before for similar circumstances this will be interesting.
Also to add to my before mentioned post ld_preload on linux can simulate the same dynamic loadable concept as code caving in Windows without the need to manually inject your code.
He asked how to respond to process creation, you just told him a way to inject code into a running process. What he really needs is, for example, a DLL (two if he wants 64 and 32 bit support) to "pop his dialog", and a method to automatically inject that into new processes (a global hook with SetWindowsHookEx for example).
This is cleaner, more reliable, and actually satisfies his stated requirement.