It is possible enumerate all hooks in the system ? Ideas?
Posted on 2002-01-07 17:05:10 by elmenda
No you can't, you can only pass messages on to the next hook in the chain.
But i have to ask: what do you gain by enumerating other hooks? The only possibility i can see there is to mess with those other hooks, which you shouldn't do, you cannot predict what you will break and how unstable the system will become.
Posted on 2002-01-07 17:51:05 by sluggy
I can think of a really good idea why to iterate hooks, at least to find out what process they belong to... to catch sniffers or other trojans and spyware... not the least of which, could be the FBI sniffer we so often hear of in the news lately... and then act upon that process accordingly.

You can write a driver that starts while windows is booting and hook all the hook api calls and then keep your own log on who called them... that might help a little...



Thanks,
_Shawn
Posted on 2002-01-07 18:19:07 by _Shawn
catch sniffers or other trojans and spyware...

Good idea, but MS have not provided a mechanism for enumerating the hooks, unless it is in an undocumented dll. After looking at the doco, it appears the most you could get anyway is a function ptr, not the handle to the hook. And you cannot necessarily unload the hook; a logger would use a global hook which loads the hook dll into every process, releasing the hook only unloads the dll from the process it was unhooked in, not the other processes.
Also, think of the hook chain as a linked-list. If you delete an item from the middle of the list, you have to be able to connect up the items on either side of it. Imagine the chaos it would produce on your system if you deleted a hook from the middle of the chain, and didn't connect up the surrounding hooks properly, you would not be able to predict what would happen. Imagine the wrong process getting the wrong mouse or keyboard messages. It could lead to a nuclear meltdown :)
Posted on 2002-01-07 19:09:46 by sluggy
sluggy i think _shawn was talking about api-hooks...
i don't think you can enumerate all hooks with a simple
global hook... btw as far i know hooks can only catch
messages and hardware-input... so patching user32.dll
or writing a device-driver(?no experience with that?)
are the only methods i can think of... and ~if~ you done
that you CAN get the hook-Handle and every info you
want...
Posted on 2002-01-08 03:30:19 by mob