Jump to content

Dll Global SetWindowsHookEx


Recommended Posts

SetWindowsHookEx

http://msdn.microsoft.com/en-us/library/ms644990%28VS.85%29.aspx

Installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread.

Remarks

SetWindowsHookEx can be used to inject a DLL into another process. A 32-bit DLL cannot be injected into a 64-bit process, and a 64-bit DLL cannot be injected into a 32-bit process. If an application requires the use of hooks in other processes, it is required that a 32-bit application call SetWindowsHookEx to inject a 32-bit DLL into 32-bit processes, and a 64-bit application call SetWindowsHookEx to inject a 64-bit DLL into 64-bit processes. The 32-bit and 64-bit DLLs must have different names.

IDs that allowed by the HookExW.dll Library

$WH_CBT

$WH_DEBUG

$WH_FOREGROUNDIDLE

$WH_GETMESSAGE

$WH_KEYBOARD

$WH_MOUSE

$WH_MSGFILTER

$WH_SHELL

All project files

GlobalHookEx.zip

GlobalHookEx.au3

#Include <WinAPI.au3>
OnAutoItExitRegister("CleanupHookEx")
Global $HookExW = 0 , $iGuiHwnd = 0 ,$HOOK_GUI_MSG = 0 , $OkTestExeHwnd = 99999
Global $CBT_MSG = 0,$DEBUG_MSG = 0 ,$FOREGROUNDIDLE_MSG = 0,$GETMESSAGE_MSG = 0,$KEYBOARD_MSG = 0
Global $MOUSE_MSG = 0,$MSGFILTER_MSG = 0,$SHELL_MSG = 0
Global $HookHandleCBTProc,$HookHandleDebugProc,$HookHandleForegroundIdleProc,$HookHandleGetMsgProc, _
$HookHandleKeyboardProc,$HookHandleMouseProc,$HookHandleMessageProc,$HookHandleShellProc
Global $PROCIDA,$PROCIDB,$PROCIDC,$PROCIDD,$PROCIDE,$PROCIDF,$PROCIDG,$PROCIDH
Global $CODEA,$CODEB,$CODEC,$CODED,$CODEE,$CODEF,$CODEG,$CODEH
Global $WPARAMA,$WPARAMB,$WPARAMC,$WPARAMD,$WPARAME,$WPARAMF,$WPARAMG,$WPARAMH
Global $LPARAMA,$LPARAMB,$LPARAMC,$LPARAMD,$LPARAME,$LPARAMF,$LPARAMG,$LPARAMH

;SetWindowsHookEx
;http://msdn.microsoft.com/en-us/library/ms644990%28VS.85%29.aspx
;SetWindowsHookEx can be used to inject a DLL into another process. A 32-bit DLL cannot be injected
;into a 64-bit process, and a 64-bit DLL cannot be injected into a 32-bit process. If an application
;requires the use of hooks in other processes, it is required that a 32-bit application call
;SetWindowsHookEx to inject a 32-bit DLL into 32-bit processes, and a 64-bit application call
;SetWindowsHookEx to inject a 64-bit DLL into 64-bit processes. The 32-bit and 64-bit DLLs must
;have different names.



Func SetDllGlobalWindowsHookEx($IdHook,$GuiHwnd,$MsgFunction)
if Not IsHWnd($iGuiHwnd) Then $iGuiHwnd = $GuiHwnd
if Not $HookExW Then $HookExW = DllOpen("HookExW.dll")
if Not $HookExW Or Not IsHWnd($iGuiHwnd) Then Return SetError(1,0,0)
if Not ($HOOK_GUI_MSG) Then
Local $RT = DllCall($HookExW,"BOOL","DllGetModuleFileNameW","WSTR*","")
If @error Or Not $RT[0] Then Return SetError(0,0,0)
$MsgBuffer = $RT[1]
$HOOK_GUI_MSG = RegisterWindowMessage($MsgBuffer)
if Not $HOOK_GUI_MSG Or Not GUIRegisterMsg($HOOK_GUI_MSG,"TestExeHwnd") Then Return SetError(2,0,0)
EndIf
Switch $idHook
Case $WH_CBT
$CBT_MSG = RegisterWindowMessage("CBT_MSG")
if Not $CBT_MSG Or Not GUIRegisterMsg($CBT_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_DEBUG
$DEBUG_MSG = RegisterWindowMessage("DEBUG_MSG")
if Not $DEBUG_MSG Or Not GUIRegisterMsg($DEBUG_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_FOREGROUNDIDLE
$FOREGROUNDIDLE_MSG = RegisterWindowMessage("FOREGROUNDIDLE_MSG")
if Not $FOREGROUNDIDLE_MSG Or Not GUIRegisterMsg($FOREGROUNDIDLE_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_GETMESSAGE
$GETMESSAGE_MSG = RegisterWindowMessage("GETMESSAGE_MSG")
if Not $GETMESSAGE_MSG Or Not GUIRegisterMsg($GETMESSAGE_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_KEYBOARD
$KEYBOARD_MSG = RegisterWindowMessage("KEYBOARD_MSG")
if Not $KEYBOARD_MSG Or Not GUIRegisterMsg($KEYBOARD_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_MOUSE
$MOUSE_MSG = RegisterWindowMessage("MOUSE_MSG")
if Not $MOUSE_MSG Or Not GUIRegisterMsg($MOUSE_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_MSGFILTER
$MSGFILTER_MSG = RegisterWindowMessage("MSGFILTER_MSG")
if Not $MSGFILTER_MSG Or Not GUIRegisterMsg($MSGFILTER_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_SHELL
$SHELL_MSG = RegisterWindowMessage("SHELL_MSG")
if Not $SHELL_MSG Or Not GUIRegisterMsg($SHELL_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case Else
Return SetError(4,0,0)
EndSwitch

Local $RT = DllCall($HookExW,"handle","DllWindowsHookExW","UINT",$IdHook)
If @error Or Not $RT[0] Then Return SetError(5,0,0)

Switch $idHook
Case $WH_CBT
$HookHandleCBTProc = $RT[0]
Case $WH_DEBUG
$HookHandleDebugProc = $RT[0]
Case $WH_FOREGROUNDIDLE
$HookHandleForegroundIdleProc = $RT[0]
Case $WH_GETMESSAGE
$HookHandleGetMsgProc = $RT[0]
Case $WH_KEYBOARD
$HookHandleKeyboardProc = $RT[0]
Case $WH_MOUSE
$HookHandleMouseProc = $RT[0]
Case $WH_MSGFILTER
$HookHandleMessageProc = $RT[0]
Case $WH_SHELL
$HookHandleShellProc = $RT[0]
EndSwitch

Return SetError(0,0,$RT[0])

EndFunc

Func TestExeHwnd($hWnd,$Msg,$wParam,$lParam)
Return $OkTestExeHwnd
EndFunc

Func RegisterWindowMessage($lpString)
$RT = DllCall("User32.dll","int","RegisterWindowMessageW","WSTR",$lpString)
if @error Then Return SetError(1,0,0)
Return SetError(_WinAPI_GetLastError(),0,$RT[0])
EndFunc

Func Read_Lparama_FromProcessMemory($Msg,$ProcessID,$LPARAMA)
Local $iSYNCHRONIZE = (0x00100000),$iSTANDARD_RIGHTS_REQUIRED = (0x000F0000)
Local $iPROCESS_ALL_ACCESS  = ($iSTANDARD_RIGHTS_REQUIRED + $iSYNCHRONIZE + 0xFFF)
Local $hProcess , $LparamaStruct , $LparamaStructPtr , $LparamaStructSize , $iRead
$hProcess = _WinAPI_OpenProcess($iPROCESS_ALL_ACCESS,False,$ProcessID)
if @error Then Return SetError(@error,1,$LparamaStruct)
Switch $Msg
Case $DEBUG_MSG
Local $tagDEBUGHOOKINFO = "DWORD idThread;DWORD idThreadInstaller;LPARAM lParam;WPARAM wParam;INT code"
$LparamaStruct = DllStructCreate($tagDEBUGHOOKINFO)
$LparamaStructSize = DllStructGetSize($LparamaStruct)
Case $GETMESSAGE_MSG
Local $tagMSG = "HWND hwnd;UINT message;WPARAM wParam;LPARAM lParam;DWORD time;INT X;INT Y"
$LparamaStruct = DllStructCreate($tagMSG)
$LparamaStructSize = DllStructGetSize($LparamaStruct)
Case $MOUSE_MSG
$tagMOUSEHOOKSTRUCT = "INT X;INT Y;HWND hwnd;UINT wHitTestCode;ULONG_PTR dwExtraInfo"
$LparamaStruct = DllStructCreate($tagMOUSEHOOKSTRUCT)
$LparamaStructSize = DllStructGetSize($LparamaStruct)
Case $MSGFILTER_MSG
Local $tagMSG = "HWND hwnd;UINT message;WPARAM wParam;LPARAM lParam;DWORD time;INT X;INT Y"
$LparamaStruct = DllStructCreate($tagMSG)
$LparamaStructSize = DllStructGetSize($LparamaStruct)
EndSwitch
$LparamaStructPtr = DllStructGetPtr($LparamaStruct)
_WinAPI_ReadProcessMemory($hProcess,$LPARAMA,$LparamaStructPtr,$LparamaStructSize,$iRead)
Return SetError(@error,2,$LparamaStruct)
EndFunc

Func CleanupHookEx()
if ($HookHandleCBTProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleCBTProc)
if ($HookHandleDebugProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleDebugProc)
if ($HookHandleForegroundIdleProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleForegroundIdleProc)
if ($HookHandleGetMsgProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleGetMsgProc)
if ($HookHandleKeyboardProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleKeyboardProc)
if ($HookHandleMouseProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleMouseProc)
if ($HookHandleMessageProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleMessageProc)
if ($HookHandleShellProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleShellProc)
EndFunc

ProcGlobalHookEx.au3

#Include "GlobalHookEx.au3"
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
HotKeySet("{ESC}", "Terminate")

$GuiHwnd = GUICreate("Form1", 601, 179, 47, 3)
$Label1 = GUICtrlCreateLabel("", 16, 8,150,150,$WS_BORDER)
$Label2 = GUICtrlCreateLabel("", 300, 8,150,150,$WS_BORDER)
GUISetState(@SW_SHOW)
$HookHandleA = SetDllGlobalWindowsHookEx($WH_MOUSE,$GuiHwnd,"MouseProc")
;$HookHandleB = SetDllGlobalWindowsHookEx($WH_GETMESSAGE,$GuiHwnd,"GetMsgProc")

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit

    EndSwitch
WEnd


Func Terminate()
    Exit 0
EndFunc


Func CBTProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDA = $Param
Return 0
Case 2
$CODEA = $Param
Return 0
Case 3
$WPARAMA = $Param
Return 0
Case 4
$LPARAMA = $Param
Case Else
Return 0
EndSwitch
Local $CODE = $CODEA ,$wParam = $WPARAMA, $lParam = $LPARAMA

Return 0
EndFunc

Func DebugProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDB = $Param
Return 0
Case 2
$CODEB = $Param
Return 0
Case 3
$WPARAMB = $Param
Return 0
Case 4
$LPARAMB = $Param
Case Else
Return 0
EndSwitch
$DEBUGHOOKINFO_Struct = Read_Lparama_FromProcessMemory($Msg,$PROCIDB,$LPARAMB)

Local $CODE = $CODEB ,$wParam = $WPARAMB, $lParam = $LPARAMB

Return 0
EndFunc


Func ForegroundIdleProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDC = $Param
Return 0
Case 2
$CODEC = $Param
Return 0
Case 3
$WPARAMC = $Param
Return 0
Case 4
$LPARAMC = $Param
Case Else
Return 0
EndSwitch

Local $CODE = $CODEC ,$wParam = $WPARAMC, $lParam = $LPARAMC

Return 0
EndFunc

Func GetMsgProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDD = $Param
Return 0
Case 2
$CODED = $Param
Return 0
Case 3
$WPARAMD = $Param
Return 0
Case 4
$LPARAMD = $Param
Case Else
Return 0
EndSwitch
$MSG_Struct = Read_Lparama_FromProcessMemory($Msg,$PROCIDD,$LPARAMD)

Local $CODE = $CODED,$wParam = $WPARAMD, $lParam = $LPARAMD

$Text = "GetMsgProc " & @CRLF & "hwnd " & DllStructGetData($MSG_Struct ,1) & @CRLF
$Text &= "message " & DllStructGetData($MSG_Struct ,2) & @CRLF
$Text &= "wParam " & DllStructGetData($MSG_Struct ,3) & @CRLF
$Text &= "lParam " & DllStructGetData($MSG_Struct ,4) & @CRLF
$Text &= "time " & DllStructGetData($MSG_Struct ,5) & @CRLF
$Text &= "X " & DllStructGetData($MSG_Struct ,6) & @CRLF
$Text &= "Y " & DllStructGetData($MSG_Struct ,7) & @CRLF
GUICtrlSetData($Label2,$Text)

Return 0
EndFunc

Func KeyboardProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDE = $Param
Return 0
Case 2
$CODEE = $Param
Return 0
Case 3
$WPARAME = $Param
Return 0
Case 4
$LPARAME = $Param
Case Else
Return 0
EndSwitch

Local $CODE = $PROCIDE, $wParam = $WPARAME, $lParam = $LPARAME

Return 0
EndFunc

Func MouseProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDF = $Param
Return 0
Case 2
$CODEF = $Param
Return 0
Case 3
$WPARAMF = $Param
Return 0
Case 4
$LPARAMF = $Param
Case Else
Return 0
EndSwitch
$MOUSEHOOKSTRUCT_Struct = Read_Lparama_FromProcessMemory($Msg,$PROCIDF,$LPARAMF)

Local $CODE = $PROCIDF, $wParam = $WPARAMF, $lParam = $LPARAMF

$Text = "MouseProc " & @CRLF & "X " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,1) & @CRLF
$Text &= "Y " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,2) & @CRLF
$Text &= "hwnd " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,3) & @CRLF
$Text &= "wHitTestCode " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,4) & @CRLF
$Text &= "dwExtraInfo " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,5) & @CRLF
GUICtrlSetData($Label1,$Text)


Return 0
EndFunc


Func MessageProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDG = $Param
Return 0
Case 2
$CODEG = $Param
Return 0
Case 3
$WPARAMG = $Param
Return 0
Case 4
$LPARAMG = $Param
Case Else
Return 0
EndSwitch
Local $CODE = $PROCIDG, $wParam = $WPARAMG, $lParam = $LPARAMG

Return 0
EndFunc


Func ShellProc($hWnd,$Msg,$ParamNo,$Param)

Return 2
Switch $ParamNo
Case 1
$PROCIDH = $Param
Return 0
Case 2
$CODEH = $Param
Return 0
Case 3
$WPARAMH = $Param
Return 0
Case 4
$LPARAMH = $Param
Case Else
Return 0
EndSwitch

Local $CODE = $PROCIDH, $wParam = $WPARAMH, $lParam = $LPARAMH

Return 0
EndFunc

;C++ Compiler 5.5

;download

https://downloads.embarcadero.com/free/c_builder

;C++Builder Compiler (bcc compiler) free download. See the file bcb5tool.hlp in the Help

;directory for complete instructions on using the C++Builder Compiler and Command Line Tools.

;Windows English 8.5MB

Compiler.au3

#include <Constants.au3>
#Include <WinAPI.au3>

;C++ Compiler 5.5
;download
;https://downloads.embarcadero.com/free/c_builder
;C++Builder Compiler (bcc compiler) free download. See the file bcb5tool.hlp in the Help
;directory for complete instructions on using the C++Builder Compiler and Command Line Tools.
;Windows  English   8.5MB

;C:\Borland\BCC55\Bin\bcc32.exe
$var1 = FileOpenDialog("Choose bcc32.exe","C:\Borland\BCC55\Bin", "(*.Exe)", 1 + 4 ,"bcc32.exe")
if @error Then Exit
$var2 = FileOpenDialog("Choose HookExW.cpp",@MyDocumentsDir, "(*.cpp)", 1 + 4 ,"HookExW.cpp")
if @error Then Exit
$var3 = FileSelectFolder("Choose Out File folder.", @MyDocumentsDir)
if @error Then Exit

Dim $iPatch1 = "" , $iPatch2 = $var2 , $iPatch3 = $var3 , $foo , $line = ""
$Patch1 = StringSplit($var1,"\")
For $i = 1 To $Patch1[0] - 2
$iPatch1 &= $Patch1[$i] & "\"
Next
$iPatch1 = StringTrimRight($iPatch1,1)
FileChangeDir($iPatch1 & "\Bin\")
$Command = "bcc32.exe " & _
"-I" & $iPatch1 & "\Include " & _
"-L" & $iPatch1 & "\Lib " & _
"-e" & $iPatch3 & "\HookExW.dll " & _
"-tWD " & $iPatch2
$foo = Run($Command,"", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)
While 1
    $line = StdoutRead($foo)
    If @error Then ExitLoop
    MsgBox(0, "STDOUT", $line)
Wend

C ++ 6

HookExW.cpp

#include <shlobj.h>
#include <windows.h>
#include <stdio.h>
static int OkTestExeHwnd = 99999;
static HINSTANCE ihinstDLL = 0;
static HWND ExeHwnd = 0;
static UINT CBT_MSG,DEBUG_MSG,FOREGROUNDIDLE_MSG,GETMESSAGE_MSG,KEYBOARD_MSG,MOUSE_MSG,
MSGFILTER_MSG,SHELL_MSG,HOOK_GUI_MSG;
static HHOOK HHOOKA,HHOOKB,HHOOKC,HHOOKD,HHOOKE,HHOOKF,HHOOKG,HHOOKH;

LRESULT CALLBACK WINAPI CBTProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI DebugProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI ForegroundIdleProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI MouseProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI MessageProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI ShellProc(int nCode,WPARAM wParam,LPARAM lParam);

HWND GetExeHwnd();
void AtExitHookExW(void);

#ifdef __cplusplus
extern "C"
{
#endif
__declspec(dllexport) HHOOK WINAPI DllWindowsHookExW(UINT idHook);
__declspec(dllexport) BOOL WINAPI DllGetModuleFileNameW(LPWSTR &iMsgBuffer);
#ifdef __cplusplus
}
#endif

extern "C"
BOOL WINAPI DllMain(HANDLE hinstDLL,DWORD dwReason, LPVOID lpvReserved)
{

if (dwReason == DLL_PROCESS_ATTACH)
{

ihinstDLL = (HINSTANCE) hinstDLL;
WCHAR MsgBuffer[600];
GetModuleFileNameW((HMODULE) hinstDLL,MsgBuffer,sizeof(MsgBuffer));
HOOK_GUI_MSG = RegisterWindowMessageW(MsgBuffer);
CBT_MSG = RegisterWindowMessageW(L"CBT_MSG");
DEBUG_MSG = RegisterWindowMessageW(L"DEBUG_MSG");
FOREGROUNDIDLE_MSG = RegisterWindowMessageW(L"FOREGROUNDIDLE_MSG");
GETMESSAGE_MSG = RegisterWindowMessageW(L"GETMESSAGE_MSG");
KEYBOARD_MSG = RegisterWindowMessageW(L"KEYBOARD_MSG");
MOUSE_MSG = RegisterWindowMessageW(L"MOUSE_MSG");
MSGFILTER_MSG = RegisterWindowMessageW(L"MSGFILTER_MSG");
SHELL_MSG = RegisterWindowMessageW(L"SHELL_MSG");
atexit(AtExitHookExW);

}

return 1;
}


HHOOK WINAPI DllWindowsHookExW(UINT idHook)
{

switch( idHook )
{
case WH_CBT:
if (HHOOKA) return 0;
HHOOKA = SetWindowsHookExW(idHook,CBTProc,ihinstDLL,0);
if (HHOOKA) return HHOOKA;
break;
case WH_DEBUG:
if (HHOOKB) return 0;
HHOOKB = SetWindowsHookExW(idHook,DebugProc,ihinstDLL,0);
if (HHOOKB) return HHOOKB;
break;
case WH_FOREGROUNDIDLE:
if (HHOOKC) return 0;
HHOOKC = SetWindowsHookExW(idHook,ForegroundIdleProc,ihinstDLL,0);
if (HHOOKC) return HHOOKC;
break;
case WH_GETMESSAGE:
if (HHOOKD) return 0;
HHOOKD = SetWindowsHookExW(idHook,GetMsgProc,ihinstDLL,0);
if (HHOOKD) return HHOOKD;
break;
case WH_KEYBOARD:
if (HHOOKE) return 0;
HHOOKE = SetWindowsHookExW(idHook,KeyboardProc,ihinstDLL,0);
if (HHOOKE) return HHOOKE;
break;
case WH_MOUSE:
if (HHOOKF) return 0;
HHOOKF = SetWindowsHookExW(idHook,MouseProc,ihinstDLL,0);
if (HHOOKF) return HHOOKF;
break;
case WH_MSGFILTER:
if (HHOOKG) return 0;
HHOOKG = SetWindowsHookExW(idHook,MessageProc,ihinstDLL,0);
if (HHOOKG) return HHOOKG;
break;
case WH_SHELL:
if (HHOOKH) return 0;
HHOOKH = SetWindowsHookExW(idHook,ShellProc,ihinstDLL,0);
if (HHOOKH) return HHOOKH;
break;
default:
return 0;
break;
}

return 0;

}

BOOL WINAPI DllGetModuleFileNameW(LPWSTR &iMsgBuffer)
{
if (GetModuleFileNameW((HMODULE) ihinstDLL,iMsgBuffer,600) != 0) return 1;
return 0;
}

LRESULT CALLBACK WINAPI CBTProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKA,nCode,wParam,lParam);

SendMessage(ExeHwnd,CBT_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,CBT_MSG,2,nCode);
SendMessage(ExeHwnd,CBT_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,CBT_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKA,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI DebugProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKB,nCode,wParam,lParam);

SendMessage(ExeHwnd,DEBUG_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,DEBUG_MSG,2,nCode);
SendMessage(ExeHwnd,DEBUG_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,DEBUG_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKB,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI ForegroundIdleProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKC,nCode,wParam,lParam);

SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,2,nCode);
SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKC,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKD,nCode,wParam,lParam);

SendMessage(ExeHwnd,GETMESSAGE_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,GETMESSAGE_MSG,2,nCode);
SendMessage(ExeHwnd,GETMESSAGE_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,GETMESSAGE_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKD,nCode,wParam,lParam);
}
}


LRESULT CALLBACK WINAPI KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKE,nCode,wParam,lParam);

SendMessage(ExeHwnd,KEYBOARD_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,KEYBOARD_MSG,2,nCode);
SendMessage(ExeHwnd,KEYBOARD_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,KEYBOARD_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKE,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI MouseProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKF,nCode,wParam,lParam);

SendMessage(ExeHwnd,MOUSE_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,MOUSE_MSG,2,nCode);
SendMessage(ExeHwnd,MOUSE_MSG,3,wParam);
INT RT = SendMessage(ExeHwnd,MOUSE_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKF,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI MessageProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKG,nCode,wParam,lParam);

SendMessage(ExeHwnd,MSGFILTER_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,MSGFILTER_MSG,2,nCode);
SendMessage(ExeHwnd,MSGFILTER_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,MSGFILTER_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKG,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI ShellProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKH,nCode,wParam,lParam);

SendMessage(ExeHwnd,SHELL_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,SHELL_MSG,2,nCode);
SendMessage(ExeHwnd,SHELL_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,SHELL_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKH,nCode,wParam,lParam);
}

}


HWND GetExeHwnd()
{

HWND hwnd = NULL;
do
{
hwnd = FindWindowEx(NULL,hwnd,NULL,NULL);
if ((int) SendMessage(hwnd,HOOK_GUI_MSG,0,0) == OkTestExeHwnd) return hwnd;
}
while (hwnd != NULL);

return 0;

}

void AtExitHookExW()
{
if (HHOOKA) UnhookWindowsHookEx(HHOOKA);
if (HHOOKB) UnhookWindowsHookEx(HHOOKB);
if (HHOOKC) UnhookWindowsHookEx(HHOOKC);
if (HHOOKD) UnhookWindowsHookEx(HHOOKD);
if (HHOOKE) UnhookWindowsHookEx(HHOOKE);
if (HHOOKF) UnhookWindowsHookEx(HHOOKF);
if (HHOOKG) UnhookWindowsHookEx(HHOOKG);
if (HHOOKH) UnhookWindowsHookEx(HHOOKH);
}

صرح السماء كان هنا

 

Link to post
Share on other sites

I would like to see implementation of other hook procedures. Possible?

Also maybe porting more code from script to dll.

Btw, I can't help noticing relatively big size of your dll. I recommend adjusting the compiler not to include unnecessary run time code. Switching to some other compiler maybe.

For example I compiled your code with VS 2010 Express (which is free) and the result is 32 bit dll in size of 4.5 kB and 64 bit of 5.5 kB.

♡♡♡

.

eMyvnE

Link to post
Share on other sites

I would like to see implementation of other hook procedures. Possible?

Also maybe porting more code from script to dll.

Btw, I can't help noticing relatively big size of your dll. I recommend adjusting the compiler not to include unnecessary run time code. Switching to some other compiler maybe.

For example I compiled your code with VS 2010 Express (which is free) and the result is 32 bit dll in size of 4.5 kB and 64 bit of 5.5 kB.

#include <stdio.h>

#include <shlobj.h>

Previously I used a functions of the stdio.h and shlobj.h functions

Then I changed the project work plan

I did not know that VS 2010 Express can Compile issue six of the C + +

As I know there is a significant difference between C + + Net and C + + 6

HookExW.cpp

#include <windows.h>
static int OkTestExeHwnd = 99999;
static HINSTANCE ihinstDLL = 0;
static HWND ExeHwnd = 0;
static UINT CBT_MSG,DEBUG_MSG,FOREGROUNDIDLE_MSG,GETMESSAGE_MSG,KEYBOARD_MSG,MOUSE_MSG,
MSGFILTER_MSG,SHELL_MSG,HOOK_GUI_MSG;
static HHOOK HHOOKA,HHOOKB,HHOOKC,HHOOKD,HHOOKE,HHOOKF,HHOOKG,HHOOKH;

LRESULT CALLBACK WINAPI CBTProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI DebugProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI ForegroundIdleProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI MouseProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI MessageProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI ShellProc(int nCode,WPARAM wParam,LPARAM lParam);

HWND GetExeHwnd();
void AtExitHookExW(void);

#ifdef __cplusplus
extern "C"
{
#endif
__declspec(dllexport) HHOOK WINAPI DllWindowsHookExW(UINT idHook);
__declspec(dllexport) BOOL WINAPI DllGetModuleFileNameW(LPWSTR &iMsgBuffer);
#ifdef __cplusplus
}
#endif

extern "C"
BOOL WINAPI DllMain(HANDLE hinstDLL,DWORD dwReason, LPVOID lpvReserved)
{

if (dwReason == DLL_PROCESS_ATTACH)
{
ihinstDLL = (HINSTANCE) hinstDLL;
WCHAR MsgBuffer[600];
GetModuleFileNameW((HMODULE) hinstDLL,MsgBuffer,sizeof(MsgBuffer));
HOOK_GUI_MSG = RegisterWindowMessageW(MsgBuffer);
CBT_MSG = RegisterWindowMessageW(L"CBT_MSG");
DEBUG_MSG = RegisterWindowMessageW(L"DEBUG_MSG");
FOREGROUNDIDLE_MSG = RegisterWindowMessageW(L"FOREGROUNDIDLE_MSG");
GETMESSAGE_MSG = RegisterWindowMessageW(L"GETMESSAGE_MSG");
KEYBOARD_MSG = RegisterWindowMessageW(L"KEYBOARD_MSG");
MOUSE_MSG = RegisterWindowMessageW(L"MOUSE_MSG");
MSGFILTER_MSG = RegisterWindowMessageW(L"MSGFILTER_MSG");
SHELL_MSG = RegisterWindowMessageW(L"SHELL_MSG");
atexit(AtExitHookExW);

}

return 1;
}


HHOOK WINAPI DllWindowsHookExW(UINT idHook)
{

switch( idHook )
{
case WH_CBT:
if (HHOOKA) return 0;
HHOOKA = SetWindowsHookExW(idHook,CBTProc,ihinstDLL,0);
if (HHOOKA) return HHOOKA;
break;
case WH_DEBUG:
if (HHOOKB) return 0;
HHOOKB = SetWindowsHookExW(idHook,DebugProc,ihinstDLL,0);
if (HHOOKB) return HHOOKB;
break;
case WH_FOREGROUNDIDLE:
if (HHOOKC) return 0;
HHOOKC = SetWindowsHookExW(idHook,ForegroundIdleProc,ihinstDLL,0);
if (HHOOKC) return HHOOKC;
break;
case WH_GETMESSAGE:
if (HHOOKD) return 0;
HHOOKD = SetWindowsHookExW(idHook,GetMsgProc,ihinstDLL,0);
if (HHOOKD) return HHOOKD;
break;
case WH_KEYBOARD:
if (HHOOKE) return 0;
HHOOKE = SetWindowsHookExW(idHook,KeyboardProc,ihinstDLL,0);
if (HHOOKE) return HHOOKE;
break;
case WH_MOUSE:
if (HHOOKF) return 0;
HHOOKF = SetWindowsHookExW(idHook,MouseProc,ihinstDLL,0);
if (HHOOKF) return HHOOKF;
break;
case WH_MSGFILTER:
if (HHOOKG) return 0;
HHOOKG = SetWindowsHookExW(idHook,MessageProc,ihinstDLL,0);
if (HHOOKG) return HHOOKG;
break;
case WH_SHELL:
if (HHOOKH) return 0;
HHOOKH = SetWindowsHookExW(idHook,ShellProc,ihinstDLL,0);
if (HHOOKH) return HHOOKH;
break;
default:
return 0;
break;
}

return 0;

}

BOOL WINAPI DllGetModuleFileNameW(LPWSTR &iMsgBuffer)
{
if (GetModuleFileNameW((HMODULE) ihinstDLL,iMsgBuffer,600) != 0) return 1;
return 0;
}

LRESULT CALLBACK WINAPI CBTProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKA,nCode,wParam,lParam);

SendMessage(ExeHwnd,CBT_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,CBT_MSG,2,nCode);
SendMessage(ExeHwnd,CBT_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,CBT_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKA,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI DebugProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKB,nCode,wParam,lParam);

SendMessage(ExeHwnd,DEBUG_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,DEBUG_MSG,2,nCode);
SendMessage(ExeHwnd,DEBUG_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,DEBUG_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKB,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI ForegroundIdleProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKC,nCode,wParam,lParam);

SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,2,nCode);
SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKC,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKD,nCode,wParam,lParam);

SendMessage(ExeHwnd,GETMESSAGE_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,GETMESSAGE_MSG,2,nCode);
SendMessage(ExeHwnd,GETMESSAGE_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,GETMESSAGE_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKD,nCode,wParam,lParam);
}
}


LRESULT CALLBACK WINAPI KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKE,nCode,wParam,lParam);

SendMessage(ExeHwnd,KEYBOARD_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,KEYBOARD_MSG,2,nCode);
SendMessage(ExeHwnd,KEYBOARD_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,KEYBOARD_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKE,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI MouseProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKF,nCode,wParam,lParam);

SendMessage(ExeHwnd,MOUSE_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,MOUSE_MSG,2,nCode);
SendMessage(ExeHwnd,MOUSE_MSG,3,wParam);
INT RT = SendMessage(ExeHwnd,MOUSE_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKF,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI MessageProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKG,nCode,wParam,lParam);

SendMessage(ExeHwnd,MSGFILTER_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,MSGFILTER_MSG,2,nCode);
SendMessage(ExeHwnd,MSGFILTER_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,MSGFILTER_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKG,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI ShellProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKH,nCode,wParam,lParam);

SendMessage(ExeHwnd,SHELL_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,SHELL_MSG,2,nCode);
SendMessage(ExeHwnd,SHELL_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,SHELL_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKH,nCode,wParam,lParam);
}

}


HWND GetExeHwnd()
{

HWND hwnd = NULL;
do
{
hwnd = FindWindowEx(NULL,hwnd,NULL,NULL);
if ((int) SendMessage(hwnd,HOOK_GUI_MSG,0,0) == OkTestExeHwnd) return hwnd;
}
while (hwnd != NULL);

return 0;

}

void AtExitHookExW()
{
if (HHOOKA) UnhookWindowsHookEx(HHOOKA);
if (HHOOKB) UnhookWindowsHookEx(HHOOKB);
if (HHOOKC) UnhookWindowsHookEx(HHOOKC);
if (HHOOKD) UnhookWindowsHookEx(HHOOKD);
if (HHOOKE) UnhookWindowsHookEx(HHOOKE);
if (HHOOKF) UnhookWindowsHookEx(HHOOKF);
if (HHOOKG) UnhookWindowsHookEx(HHOOKG);
if (HHOOKH) UnhookWindowsHookEx(HHOOKH);
}
Edited by wolf9228

صرح السماء كان هنا

 

Link to post
Share on other sites

From the first glance this really looks great :unsure: and definitely needs deeper exploration ;). How about adding some more examples, so people do realize it's usefulness? 5 Stars from me :> ...

Edit:

Could you also provide a compiled 64bit dll?

Edited by KaFu
Link to post
Share on other sites

You know what? I think we both don't know what you are talking about

For example I compiled your code with VS 2010 Express (which is free) and the result is 32 bit dll in size of 4.5 kB and 64 bit of 5.5 kB.

Can not compile the project code with the VS 2010 Express

Because it concerned the C ++ 6 language

If you mean that you wrote the code again using the C ++ Net, and you compile it

with VS 2010 Express Let's see what the new code to take advantage

صرح السماء كان هنا

 

Link to post
Share on other sites

Can not compile the project code with the VS 2010 Express

Because it concerned the C ++ 6 language

If you mean that you wrote the code again using the C ++ Net, and you compile it

with VS 2010 Express Let's see what the new code to take advantage

There is no new code. The only difference is that I removed/replaced atexit() with DLL_PROCESS_DETACH handling inside your DllMain and adjusted compiler/linker switches.

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
{
    switch (fdwReason)
    {
    case DLL_PROCESS_ATTACH:
        ihinstDLL = hinstDLL;
        WCHAR MsgBuffer[32767];
        GetModuleFileNameW((HMODULE) hinstDLL,MsgBuffer,sizeof(MsgBuffer));
        HOOK_GUI_MSG = RegisterWindowMessageW(MsgBuffer);
        CBT_MSG = RegisterWindowMessageW(L"CBT_MSG");
        DEBUG_MSG = RegisterWindowMessageW(L"DEBUG_MSG");
        FOREGROUNDIDLE_MSG = RegisterWindowMessageW(L"FOREGROUNDIDLE_MSG");
        GETMESSAGE_MSG = RegisterWindowMessageW(L"GETMESSAGE_MSG");
        KEYBOARD_MSG = RegisterWindowMessageW(L"KEYBOARD_MSG");
        MOUSE_MSG = RegisterWindowMessageW(L"MOUSE_MSG");
        MSGFILTER_MSG = RegisterWindowMessageW(L"MSGFILTER_MSG");
        SHELL_MSG = RegisterWindowMessageW(L"SHELL_MSG");
        break;
    case DLL_PROCESS_DETACH:
        if (HHOOKA) UnhookWindowsHookEx(HHOOKA);
        if (HHOOKB) UnhookWindowsHookEx(HHOOKB);
        if (HHOOKC) UnhookWindowsHookEx(HHOOKC);
        if (HHOOKD) UnhookWindowsHookEx(HHOOKD);
        if (HHOOKE) UnhookWindowsHookEx(HHOOKE);
        if (HHOOKF) UnhookWindowsHookEx(HHOOKF);
        if (HHOOKG) UnhookWindowsHookEx(HHOOKG);
        if (HHOOKH) UnhookWindowsHookEx(HHOOKH);
        break;
    case DLL_THREAD_ATTACH:
        break;
    case DLL_THREAD_DETACH:
        break;
    }
    return TRUE;
}

You can find resulting dlls here.

What net? Spider's?

Edited by trancexx

♡♡♡

.

eMyvnE

Link to post
Share on other sites

There is no new code. The only difference is that I removed/replaced atexit() with DLL_PROCESS_DETACH handling inside your DllMain and adjusted compiler/linker switches.

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
{
    switch (fdwReason)
    {
    case DLL_PROCESS_ATTACH:
        ihinstDLL = hinstDLL;
        WCHAR MsgBuffer[32767];
        GetModuleFileNameW((HMODULE) hinstDLL,MsgBuffer,sizeof(MsgBuffer));
        HOOK_GUI_MSG = RegisterWindowMessageW(MsgBuffer);
        CBT_MSG = RegisterWindowMessageW(L"CBT_MSG");
        DEBUG_MSG = RegisterWindowMessageW(L"DEBUG_MSG");
        FOREGROUNDIDLE_MSG = RegisterWindowMessageW(L"FOREGROUNDIDLE_MSG");
        GETMESSAGE_MSG = RegisterWindowMessageW(L"GETMESSAGE_MSG");
        KEYBOARD_MSG = RegisterWindowMessageW(L"KEYBOARD_MSG");
        MOUSE_MSG = RegisterWindowMessageW(L"MOUSE_MSG");
        MSGFILTER_MSG = RegisterWindowMessageW(L"MSGFILTER_MSG");
        SHELL_MSG = RegisterWindowMessageW(L"SHELL_MSG");
        break;
    case DLL_PROCESS_DETACH:
        if (HHOOKA) UnhookWindowsHookEx(HHOOKA);
        if (HHOOKB) UnhookWindowsHookEx(HHOOKB);
        if (HHOOKC) UnhookWindowsHookEx(HHOOKC);
        if (HHOOKD) UnhookWindowsHookEx(HHOOKD);
        if (HHOOKE) UnhookWindowsHookEx(HHOOKE);
        if (HHOOKF) UnhookWindowsHookEx(HHOOKF);
        if (HHOOKG) UnhookWindowsHookEx(HHOOKG);
        if (HHOOKH) UnhookWindowsHookEx(HHOOKH);
        break;
    case DLL_THREAD_ATTACH:
        break;
    case DLL_THREAD_DETACH:
        break;
    }
    return TRUE;
}

You can find resulting dlls here.

What net? Spider's?

thanks :unsure:

صرح السماء كان هنا

 

Link to post
Share on other sites

C ++ UnLoadLibrary.cpp

#include <windows.h>
void AtUnLoadLibrary();
extern "C"
BOOL WINAPI DllMain(HANDLE hinstDLL,DWORD dwReason, LPVOID lpvReserved)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
atexit(AtUnLoadLibrary);
}
return 1;
}
void AtUnLoadLibrary()
{
MessageBox(0,"AtUnLoadLibrary","AtUnLoadLibrary",0);
}

UnLoadLibrary.au3

$DllOpen = DllOpen("UnLoadLibrary.dll")
DllClose($DllOpen)

While 1
    
WEnd

Compiler.au3

#include <Constants.au3>
#Include <WinAPI.au3>

;C++ Compiler 5.5
;download
;https://downloads.embarcadero.com/free/c_builder
;C++Builder Compiler (bcc compiler) free download. See the file bcb5tool.hlp in the Help
;directory for complete instructions on using the C++Builder Compiler and Command Line Tools.
;Windows  English   8.5MB

;C:\Borland\BCC55\Bin\bcc32.exe
$var1 = FileOpenDialog("Choose bcc32.exe","C:\Borland\BCC55\Bin", "(*.Exe)", 1 + 4 ,"bcc32.exe")
if @error Then Exit
$var2 = FileOpenDialog("Choose UnLoadLibrary.cpp",@MyDocumentsDir, "(*.cpp)", 1 + 4 ,"UnLoadLibrary.cpp")
if @error Then Exit
$var3 = FileSelectFolder("Choose Out File folder.", @MyDocumentsDir)
if @error Then Exit

Dim $iPatch1 = "" , $iPatch2 = $var2 , $iPatch3 = $var3 , $foo , $line = ""
$Patch1 = StringSplit($var1,"\")
For $i = 1 To $Patch1[0] - 2
$iPatch1 &= $Patch1[$i] & "\"
Next
$iPatch1 = StringTrimRight($iPatch1,1)
FileChangeDir($iPatch1 & "\Bin\")
$Command = "bcc32.exe " & _
"-I" & $iPatch1 & "\Include " & _
"-L" & $iPatch1 & "\Lib " & _
"-e" & $iPatch3 & "\HookExW.dll " & _
"-tWD " & $iPatch2
$foo = Run($Command,"", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)
While 1
    $line = StdoutRead($foo)
    If @error Then ExitLoop
    MsgBox(0, "STDOUT", $line)
Wend

DLL_PROCESS_DETACH

http://msdn.microsoft.com/en-us/library/ms682583%28VS.85%29.aspx

The DLL is being unloaded from the virtual address space of the calling process because it was loaded unsuccessfully or the reference count has reached zero (the processes has either terminated or called FreeLibrary one time for each time it called LoadLibrary).

The lpReserved parameter indicates whether the DLL is being unloaded as a result of a FreeLibrary call, a failure to load, or process termination.

The DLL can use this opportunity to call the TlsFree function to free any TLS indices allocated by using TlsAlloc and to free any thread local data.

Note that the thread that receives the DLL_PROCESS_DETACH notification is not necessarily the same thread that received the DLL_PROCESS_ATTACH notification.

#pragma unmanaged

#pragma managed

managed, unmanaged

http://msdn.microsoft.com/en-us/library/0adb9zxe%28VS.80%29.aspx

An Overview of Managed/Unmanaged Code Interoperability

http://msdn.microsoft.com/en-us/library/ms973872.aspx

Edited by wolf9228

صرح السماء كان هنا

 

Link to post
Share on other sites
  • 6 years later...
  • 4 years later...

I was in a dire need to get certain WM_Messages. This HookExW.dll can capture lots of messages, but at the same time overwhelm the AutoIt program.

After a few days of struggle, I finally figured out that when you compile this in VisualStudio, the DLL function name got changed. They are no longer "DllGetModuleFileNameW" and "DllWindowsHookExW", but "_DllGetModuleFileNameW@4" and "_DllWindowsHookExW@4" instead, because "WINAPI" was used in the declaration.

So now finally I compiled them with 32 and 64 bit dll, and hope someone will find them useful.

I will improve this DLL more and add the message filtering. You will see. For now, it's just the two dlls.

 

( Attachment was deleted. A working one is below.)

 

Edited by philpw99
Link to post
Share on other sites
On 3/23/2022 at 11:25 PM, argumentum said:

@philpw99, the CRC32's in the ZIP are the same. Likely is the same file, but different names.

Oops, sorry !  I didn't realize that the output files are in different folders.

Anyway, I have been working in this and find out the sample program has quite some issues. The program will stop working after a short while. And if you are not careful, the whole windows will become slow.

Since the most widely use hook is CallWNDProc. This is my sample program just for it, with both 32bit and 64bit dlls.

In this sample, you can see the captured messages through the console output.

The GUI has 2 buttons, "Check" and "Rehook". Check is to find out if the hook still working. If not, you can click on the "Rehook" to make it work again.

2 global variables are important:
$nMsgFilter: Default to be 0 (all), can set to an int number to receive only certain type of message. You can set it to any WM messages.
$hHwndFilter: Default to be 0 (all), can set to a number so only monitor a process with that winhandle. Not recommend setting it  to 0.

Of course, if you want to use the original HookExW, you can just copy and paste the code to DllMain.cpp and build the DLL under Visual Studio.

One more thing, please use the free DllExportViewer to see the real functions that you can actually call, or spend days wondering why it doesn't work.

 

 ( Attachment deleted. The working one is below. )

Edited by philpw99
Link to post
Share on other sites

Now this is my program to monitor a running process called "DMMDCore3.exe". My program will monitor all WM_COPYDATA message from this process and display the string data sent by WM_COPYDATA.

It works well in receiving and displaying the data, but when sending my own WM_COPYDATA to the process, there is no response. Of course this is another totally different topic.

Also now it will display the number plus the type of WM_Message by using WM_Messages.txt.

 

NewHook2.zip

Edited by philpw99
Link to post
Share on other sites

DMMDCore3.exe is part of DesktopMMD3 from Steam. It has thousands of dancing girls/mascots you can put on the desktop. The program was abandoned for over a year, and I want to add some features to it, hence the monitoring of its WM_COPYDATA messages.

Right now I have made some progress, hopefully in the end I will be able to control the program with my own au3 scripts.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...