Hook success in injected dll but proc never called
in [Win32 API]
|
Prev: Separator line with same style as group box
Next: [acmStreamConvert] Converting files encoded with Philips CELP to PCM
From: Sanje²v on 30 Oct 2009 23:55 Hi to all, I have injected a DLL into another process and want to hook a window thread on the target process in a function in that DLL (SetWindowsHooksEx is not called in DllMain but in a constructor function in the injected dll called using CreateRemoteThread). I called 'SetWindowsHookEx(WH_MOUSE, (HOOKPROC)HookProc, NULL, GetWindowThreadProcessId(hWnd, NULL));' which successfully returns a handle but the mouse hook procedure is never called. I used Spy++ to check that the thread id is of the required window. GetLastError() is also 0. Hooking window proc also works but has the same problem. What could be causing the problem? -Sanjeev
From: Christian ASTOR on 3 Nov 2009 02:27 On 31 oct, 04:55, Sanje²v <swtb...(a)gmail.com> wrote: > Hi to all, > I have injected a DLL into another process and want to hook a window > thread on the target process in a function in that DLL > (SetWindowsHooksEx is not called in DllMain but in a constructor > function in the injected dll called using CreateRemoteThread). I > called 'SetWindowsHookEx(WH_MOUSE, (HOOKPROC)HookProc, NULL, > GetWindowThreadProcessId(hWnd, NULL));' which successfully returns a handle but the mouse hook procedure is never called. I used Spy++ to > check that the thread id is of the required window. GetLastError() is > also 0. Hooking window proc also works but has the same problem. > What could be causing the problem? You should pass GetModuleHandle("YourDLL") for the 3rd parameter of SetWindowsHookEx() You can use a WH_MOUSE_LL hook to avoid a DLL
From: Sanje²v on 3 Nov 2009 07:17
Ok I found the problem. Because the constructor function in remote dll is called using CreateRemoteThread(...), when the function terminates the remote thread also terminates. Hence, WINDOWS releases hook requested (not necessarily hook put on the same thread) by the thread. Therefore the proc was never called. It's a stupid mistake that usually occurs when you forget that a thread running your function will terminate unlike in normal applications where you call SetWindowsHookEx(...) in a thread which runs till the end of process. Another variant of this mistake is trying to create a window in DllMain. Just a pointer who may be wondering why a window made that way is not showing (; Thanks for your answer, Christian. |