Tilted Forum Project Discussion Community - View Single Post

n0nsensical · 02-23-2004, 08:28 PM

I've screwed around with it trying to inject code into another process on Windows 9x (on NT you can just use VirtualAllocEx and CreateRemoteThread but the latter isn't implemented on 9x), but I couldn't get it working and stopped bothering because I figure everyone should be using 2000 or XP by now anyway. ;-) It is kind of confusing and I'm not sure why I couldn't do it before but some code I just wrote seems to work.

Basically you need a
LRESULT CALLBACK HookProc(int, WPARAM, LPARAM),
called by Windows when the thread(s) you are monitoring get whatever type of message, and then you have to call SetWindowsHookEx with a pointer to that function, the handle to the DLL the function is in if necessary, the type of hook, and which threads. If you want the hook on another process you have to put the callback function in a DLL.

First the driver program, as simple as it gets:

Code:

#include <windows.h>

extern "C" void startKeyMonitoring();
extern "C" void stopKeyMonitoring();

int main()
{
	startKeyMonitoring();
	Sleep(10000);
	stopKeyMonitoring();
	return 0;
}

And now the DLL. The .lib file needs to be linked with the driver program for the start and stop functions. It then loads itself at runtime with the LoadLibrary API because you need the handle for SetWindowsHookEx. For some reason Visual Studio is making me use a .def file even though I have dllexport; if anyone knows why please enlighten me. Passing 0 for the dwThreadId parameter of SetWindowsHookEx monitors all threads in the same desktop.

Code:

#include <windows.h>
#include <sstream>

BOOL __stdcall DllMain(HANDLE, DWORD, LPVOID)
{
	return TRUE;
}

HHOOK g_hhk;

extern "C" __declspec(dllexport)
void startKeyMonitoring()
{
	HMODULE hLib = LoadLibrary("hooklib.dll");
	HOOKPROC proc = (HOOKPROC)GetProcAddress(hLib, "KeyProc");
	g_hhk = SetWindowsHookEx(WH_KEYBOARD, proc, hLib, 0);
}

extern "C" __declspec(dllexport)
void stopKeyMonitoring()
{
	UnhookWindowsHookEx(g_hhk);
}

extern "C" __declspec(dllexport)
LRESULT CALLBACK KeyProc(int nCode, WPARAM wParam, LPARAM lParam)
{
	std::ostringstream oss;
	oss << "Here I am in process " << GetCurrentProcessId() << " with a message for you.";
	MessageBox(NULL, oss.str().c_str(), "Hello", MB_OK);
	return CallNextHookEx(g_hhk, nCode, wParam, lParam);
}

And there you go, you get some message boxes with the PID of whatever process received the keyboard messages.

02-23-2004, 08:28 PM	#4 (permalink)
n0nsensical Junkie Location: San Francisco	I've screwed around with it trying to inject code into another process on Windows 9x (on NT you can just use VirtualAllocEx and CreateRemoteThread but the latter isn't implemented on 9x), but I couldn't get it working and stopped bothering because I figure everyone should be using 2000 or XP by now anyway. ;-) It is kind of confusing and I'm not sure why I couldn't do it before but some code I just wrote seems to work. Basically you need a LRESULT CALLBACK HookProc(int, WPARAM, LPARAM), called by Windows when the thread(s) you are monitoring get whatever type of message, and then you have to call SetWindowsHookEx with a pointer to that function, the handle to the DLL the function is in if necessary, the type of hook, and which threads. If you want the hook on another process you have to put the callback function in a DLL. First the driver program, as simple as it gets: Code: #include <windows.h> extern "C" void startKeyMonitoring(); extern "C" void stopKeyMonitoring(); int main() { startKeyMonitoring(); Sleep(10000); stopKeyMonitoring(); return 0; } And now the DLL. The .lib file needs to be linked with the driver program for the start and stop functions. It then loads itself at runtime with the LoadLibrary API because you need the handle for SetWindowsHookEx. For some reason Visual Studio is making me use a .def file even though I have dllexport; if anyone knows why please enlighten me. Passing 0 for the dwThreadId parameter of SetWindowsHookEx monitors all threads in the same desktop. Code: #include <windows.h> #include <sstream> BOOL __stdcall DllMain(HANDLE, DWORD, LPVOID) { return TRUE; } HHOOK g_hhk; extern "C" __declspec(dllexport) void startKeyMonitoring() { HMODULE hLib = LoadLibrary("hooklib.dll"); HOOKPROC proc = (HOOKPROC)GetProcAddress(hLib, "KeyProc"); g_hhk = SetWindowsHookEx(WH_KEYBOARD, proc, hLib, 0); } extern "C" __declspec(dllexport) void stopKeyMonitoring() { UnhookWindowsHookEx(g_hhk); } extern "C" __declspec(dllexport) LRESULT CALLBACK KeyProc(int nCode, WPARAM wParam, LPARAM lParam) { std::ostringstream oss; oss << "Here I am in process " << GetCurrentProcessId() << " with a message for you."; MessageBox(NULL, oss.str().c_str(), "Hello", MB_OK); return CallNextHookEx(g_hhk, nCode, wParam, lParam); } And there you go, you get some message boxes with the PID of whatever process received the keyboard messages. Last edited by n0nsensical; 02-23-2004 at 08:32 PM..