Actually i had a simple question releated to Setting Hooks In Windows

Why does the code have to be resident in a dll (i am using system-wide hooks)

Is it because my dll code is injected in all processes or any other reason?

Also will the processes(applications) running before my process is executed also be hooked?
:stupid:

Thankyou for reading :grin:
Posted on 2004-05-26 04:45:04 by telophase
Hi telophase !

You are very curious about windows internals :grin:
But this is good.

There are actualy 2 great projects called Wine and Reactos.
Wine is a OpenSource implementation of the Windows API
and Reactos is a OpenSource implementation of the Windows
NT Kernel.

Take a look into the source codes, there are a complete
implementation of the hook functions in there.
I believe that the original Windows source code is very
closer to this implementation, IMO.
Remember that the important code of the hook procedures
are implemented in the win32k.sys of windows 2000 and XP.

But, answer to your question:
Yes, your dll are mapped to all processes.

http://www.reactos.com/
http://www.winehq.com/

Use the source, Luke :tongue:
Posted on 2004-05-26 06:26:24 by Opcode
But if i have a hook installed on WH_GETMESSAGE then only those applications

which message post messages to a message queue will have the shared copy of my DLL :confused:

So all processes will not contain my dll's shared copy :rolleyes:

But i want to know what will happen if i install hook on WH_MOUSE then wil all the processes will be injected

with my dll code :confused:

Thankx for replying back :alright:
Posted on 2004-05-26 07:36:34 by telophase
One more thing:

Suppose i have installed a mouse hook and cursor is on a window. Now i can retrive the handle of the

window easily but the problem is that i dont know how tio find out the program which created the

window:confused:

I want to get the name of the program(.exe) which had created the window. Which API's should be used?
:stupid:
Posted on 2004-05-26 07:49:13 by telophase
Appears that you are trying to copy the
mouse messages of a specific program.

And I don't see any good reason to do this.

Please tell us the true reason to make this.
Posted on 2004-05-26 08:20:45 by Opcode
hi telophase
not sure if this is what your looking for but anyway,
try getting the process id of the window with GetWindowThreadProcessId()
and then getting the info of the process which should contain the filename or filepath (depending on OS) i think you use these apis:
CreateToolhelp32Snapshot()
Process32First()
Process32Next()
Posted on 2004-05-26 08:38:11 by someone
Actually i was trying to create a modified version of MouseHook tutorial which also shows in which processes

window the mouse cursor is present :grin:
Posted on 2004-05-26 11:19:37 by telophase
Also found a API in the MSDN but dont know whether it will support win9x
Need more help on this one :confused:

GetWindowModuleFileName


Retrieves the full path and file name of the module associated with the given window handle.

UINT WINAPI GetWindowModuleFileName(
HWND hwnd,
LPTSTR lpszFileName,
UINT cchFileNameMax
);

Parameters
hwnd
Handle to the window whose module file name will be retrieved.
lpszFileName
Address of a string variable that will contain the executable file's path and file name.
cchFileNameMax
Value specifying the maximum number of characters to copy into the buffer at lpszFileName.
Return Values
Returns a value representing the total number of characters copied into the buffer.
Posted on 2004-05-26 11:53:12 by telophase

Actually i had a simple question releated to Setting Hooks In Windows

Why does the code have to be resident in a dll (i am using system-wide hooks)

Is it because my dll code is injected in all processes or any other reason?

Also will the processes(applications) running before my process is executed also be hooked?
:stupid:

Thankyou for reading :grin:

Hi :) I'll try to answer your questions:

1 & 2) For system-wide hooks (and in general any hook to a process other than your own) works by injecting the dll in the target process space.

It's the only way to do it for most hooks except the low level mouse and keyboard ones (that AFAIK only work on NT and 2K). The latter don't need a hook library because they work using a context switch instead, so the hook code executes in the context of your process (it's more secure that way).

Hooks on your own process don't need a dll at all, they can be located anywhere.

3) Yes. Actually when you call SetWindowsHookEx to set up a global hook the system will look for existing processes with at least one thread that has created a message queue (hooks can't work without one). Also while the hook is installed, as new processes create message queues they will be hooked as well. A process whose threads don't have any message queues can't be hooked at all.

As for GetModuleFilename, it simply won't work for foreign processes. Only for the current process, and DLL libraries. That behaviour is by design, some kind of security feature I guess.

MSDN should say (usually at the bottom of the document) which OSs support that function. (I'm too lazy to check it out right now, do it yourself :grin: ). MSDN is your friend, things are so well documented there you don't need to browse through some emulator's source code... :rolleyes:

Hope that helps. :)
Posted on 2004-05-26 17:24:11 by QvasiModo
Thankx a lot for the help
Posted on 2004-05-26 22:19:47 by telophase
I was installing a global keyboard hook is there anyway to check which window is the keyboard

request coming from or which window is the keyboard data going to ?:confused:
Posted on 2004-06-01 08:58:56 by telophase
Maybe GetFocus or GetForegroundWindow? Doesn't seem to be very accurate though...
Posted on 2004-06-04 09:34:52 by QvasiModo