Actually i had a simple question releated to Setting Hooks In Windows
Why does the code have to be resident in a dll (i am using system-wide hooks)
Is it because my dll code is injected in all processes or any other reason?
Also will the processes(applications) running before my process is executed also be hooked?
:stupid:
Thankyou for reading :grin:
Why does the code have to be resident in a dll (i am using system-wide hooks)
Is it because my dll code is injected in all processes or any other reason?
Also will the processes(applications) running before my process is executed also be hooked?
:stupid:
Thankyou for reading :grin:
Hi telophase !
You are very curious about windows internals :grin:
But this is good.
There are actualy 2 great projects called Wine and Reactos.
Wine is a OpenSource implementation of the Windows API
and Reactos is a OpenSource implementation of the Windows
NT Kernel.
Take a look into the source codes, there are a complete
implementation of the hook functions in there.
I believe that the original Windows source code is very
closer to this implementation, IMO.
Remember that the important code of the hook procedures
are implemented in the win32k.sys of windows 2000 and XP.
But, answer to your question:
Yes, your dll are mapped to all processes.
http://www.reactos.com/
http://www.winehq.com/
Use the source, Luke :tongue:
You are very curious about windows internals :grin:
But this is good.
There are actualy 2 great projects called Wine and Reactos.
Wine is a OpenSource implementation of the Windows API
and Reactos is a OpenSource implementation of the Windows
NT Kernel.
Take a look into the source codes, there are a complete
implementation of the hook functions in there.
I believe that the original Windows source code is very
closer to this implementation, IMO.
Remember that the important code of the hook procedures
are implemented in the win32k.sys of windows 2000 and XP.
But, answer to your question:
Yes, your dll are mapped to all processes.
http://www.reactos.com/
http://www.winehq.com/
Use the source, Luke :tongue:
But if i have a hook installed on WH_GETMESSAGE then only those applications
which message post messages to a message queue will have the shared copy of my DLL :confused:
So all processes will not contain my dll's shared copy :rolleyes:
But i want to know what will happen if i install hook on WH_MOUSE then wil all the processes will be injected
with my dll code :confused:
Thankx for replying back :alright:
which message post messages to a message queue will have the shared copy of my DLL :confused:
So all processes will not contain my dll's shared copy :rolleyes:
But i want to know what will happen if i install hook on WH_MOUSE then wil all the processes will be injected
with my dll code :confused:
Thankx for replying back :alright:
One more thing:
Suppose i have installed a mouse hook and cursor is on a window. Now i can retrive the handle of the
window easily but the problem is that i dont know how tio find out the program which created the
window:confused:
I want to get the name of the program(.exe) which had created the window. Which API's should be used?
:stupid:
Suppose i have installed a mouse hook and cursor is on a window. Now i can retrive the handle of the
window easily but the problem is that i dont know how tio find out the program which created the
window:confused:
I want to get the name of the program(.exe) which had created the window. Which API's should be used?
:stupid:
Appears that you are trying to copy the
mouse messages of a specific program.
And I don't see any good reason to do this.
Please tell us the true reason to make this.
mouse messages of a specific program.
And I don't see any good reason to do this.
Please tell us the true reason to make this.
hi telophase
not sure if this is what your looking for but anyway,
try getting the process id of the window with GetWindowThreadProcessId()
and then getting the info of the process which should contain the filename or filepath (depending on OS) i think you use these apis:
CreateToolhelp32Snapshot()
Process32First()
Process32Next()
not sure if this is what your looking for but anyway,
try getting the process id of the window with GetWindowThreadProcessId()
and then getting the info of the process which should contain the filename or filepath (depending on OS) i think you use these apis:
CreateToolhelp32Snapshot()
Process32First()
Process32Next()
Actually i was trying to create a modified version of MouseHook tutorial which also shows in which processes
window the mouse cursor is present :grin:
window the mouse cursor is present :grin:
Also found a API in the MSDN but dont know whether it will support win9x
Need more help on this one :confused:
GetWindowModuleFileName
Retrieves the full path and file name of the module associated with the given window handle.
UINT WINAPI GetWindowModuleFileName(
HWND hwnd,
LPTSTR lpszFileName,
UINT cchFileNameMax
);
Parameters
hwnd
Handle to the window whose module file name will be retrieved.
lpszFileName
Address of a string variable that will contain the executable file's path and file name.
cchFileNameMax
Value specifying the maximum number of characters to copy into the buffer at lpszFileName.
Return Values
Returns a value representing the total number of characters copied into the buffer.
Need more help on this one :confused:
GetWindowModuleFileName
Retrieves the full path and file name of the module associated with the given window handle.
UINT WINAPI GetWindowModuleFileName(
HWND hwnd,
LPTSTR lpszFileName,
UINT cchFileNameMax
);
Parameters
hwnd
Handle to the window whose module file name will be retrieved.
lpszFileName
Address of a string variable that will contain the executable file's path and file name.
cchFileNameMax
Value specifying the maximum number of characters to copy into the buffer at lpszFileName.
Return Values
Returns a value representing the total number of characters copied into the buffer.
Actually i had a simple question releated to Setting Hooks In Windows
Why does the code have to be resident in a dll (i am using system-wide hooks)
Is it because my dll code is injected in all processes or any other reason?
Also will the processes(applications) running before my process is executed also be hooked?
:stupid:
Thankyou for reading :grin:
Hi :) I'll try to answer your questions:
1 & 2) For system-wide hooks (and in general any hook to a process other than your own) works by injecting the dll in the target process space.
It's the only way to do it for most hooks except the low level mouse and keyboard ones (that AFAIK only work on NT and 2K). The latter don't need a hook library because they work using a context switch instead, so the hook code executes in the context of your process (it's more secure that way).
Hooks on your own process don't need a dll at all, they can be located anywhere.
3) Yes. Actually when you call SetWindowsHookEx to set up a global hook the system will look for existing processes with at least one thread that has created a message queue (hooks can't work without one). Also while the hook is installed, as new processes create message queues they will be hooked as well. A process whose threads don't have any message queues can't be hooked at all.
As for GetModuleFilename, it simply won't work for foreign processes. Only for the current process, and DLL libraries. That behaviour is by design, some kind of security feature I guess.
MSDN should say (usually at the bottom of the document) which OSs support that function. (I'm too lazy to check it out right now, do it yourself :grin: ). MSDN is your friend, things are so well documented there you don't need to browse through some emulator's source code... :rolleyes:
Hope that helps. :)
Thankx a lot for the help
I was installing a global keyboard hook is there anyway to check which window is the keyboard
request coming from or which window is the keyboard data going to ?:confused:
request coming from or which window is the keyboard data going to ?:confused:
Maybe GetFocus or GetForegroundWindow? Doesn't seem to be very accurate though...