Sign in to follow this  
Followers 0
wolf9228

Dll Global SetWindowsHookEx

10 posts in this topic

SetWindowsHookEx

http://msdn.microsoft.com/en-us/library/ms644990%28VS.85%29.aspx

Installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread.

Remarks

SetWindowsHookEx can be used to inject a DLL into another process. A 32-bit DLL cannot be injected into a 64-bit process, and a 64-bit DLL cannot be injected into a 32-bit process. If an application requires the use of hooks in other processes, it is required that a 32-bit application call SetWindowsHookEx to inject a 32-bit DLL into 32-bit processes, and a 64-bit application call SetWindowsHookEx to inject a 64-bit DLL into 64-bit processes. The 32-bit and 64-bit DLLs must have different names.

IDs that allowed by the HookExW.dll Library

$WH_CBT

$WH_DEBUG

$WH_FOREGROUNDIDLE

$WH_GETMESSAGE

$WH_KEYBOARD

$WH_MOUSE

$WH_MSGFILTER

$WH_SHELL

All project files

GlobalHookEx.zip

GlobalHookEx.au3

#Include <WinAPI.au3>
OnAutoItExitRegister("CleanupHookEx")
Global $HookExW = 0 , $iGuiHwnd = 0 ,$HOOK_GUI_MSG = 0 , $OkTestExeHwnd = 99999
Global $CBT_MSG = 0,$DEBUG_MSG = 0 ,$FOREGROUNDIDLE_MSG = 0,$GETMESSAGE_MSG = 0,$KEYBOARD_MSG = 0
Global $MOUSE_MSG = 0,$MSGFILTER_MSG = 0,$SHELL_MSG = 0
Global $HookHandleCBTProc,$HookHandleDebugProc,$HookHandleForegroundIdleProc,$HookHandleGetMsgProc, _
$HookHandleKeyboardProc,$HookHandleMouseProc,$HookHandleMessageProc,$HookHandleShellProc
Global $PROCIDA,$PROCIDB,$PROCIDC,$PROCIDD,$PROCIDE,$PROCIDF,$PROCIDG,$PROCIDH
Global $CODEA,$CODEB,$CODEC,$CODED,$CODEE,$CODEF,$CODEG,$CODEH
Global $WPARAMA,$WPARAMB,$WPARAMC,$WPARAMD,$WPARAME,$WPARAMF,$WPARAMG,$WPARAMH
Global $LPARAMA,$LPARAMB,$LPARAMC,$LPARAMD,$LPARAME,$LPARAMF,$LPARAMG,$LPARAMH

;SetWindowsHookEx
;http://msdn.microsoft.com/en-us/library/ms644990%28VS.85%29.aspx
;SetWindowsHookEx can be used to inject a DLL into another process. A 32-bit DLL cannot be injected
;into a 64-bit process, and a 64-bit DLL cannot be injected into a 32-bit process. If an application
;requires the use of hooks in other processes, it is required that a 32-bit application call
;SetWindowsHookEx to inject a 32-bit DLL into 32-bit processes, and a 64-bit application call
;SetWindowsHookEx to inject a 64-bit DLL into 64-bit processes. The 32-bit and 64-bit DLLs must
;have different names.



Func SetDllGlobalWindowsHookEx($IdHook,$GuiHwnd,$MsgFunction)
if Not IsHWnd($iGuiHwnd) Then $iGuiHwnd = $GuiHwnd
if Not $HookExW Then $HookExW = DllOpen("HookExW.dll")
if Not $HookExW Or Not IsHWnd($iGuiHwnd) Then Return SetError(1,0,0)
if Not ($HOOK_GUI_MSG) Then
Local $RT = DllCall($HookExW,"BOOL","DllGetModuleFileNameW","WSTR*","")
If @error Or Not $RT[0] Then Return SetError(0,0,0)
$MsgBuffer = $RT[1]
$HOOK_GUI_MSG = RegisterWindowMessage($MsgBuffer)
if Not $HOOK_GUI_MSG Or Not GUIRegisterMsg($HOOK_GUI_MSG,"TestExeHwnd") Then Return SetError(2,0,0)
EndIf
Switch $idHook
Case $WH_CBT
$CBT_MSG = RegisterWindowMessage("CBT_MSG")
if Not $CBT_MSG Or Not GUIRegisterMsg($CBT_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_DEBUG
$DEBUG_MSG = RegisterWindowMessage("DEBUG_MSG")
if Not $DEBUG_MSG Or Not GUIRegisterMsg($DEBUG_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_FOREGROUNDIDLE
$FOREGROUNDIDLE_MSG = RegisterWindowMessage("FOREGROUNDIDLE_MSG")
if Not $FOREGROUNDIDLE_MSG Or Not GUIRegisterMsg($FOREGROUNDIDLE_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_GETMESSAGE
$GETMESSAGE_MSG = RegisterWindowMessage("GETMESSAGE_MSG")
if Not $GETMESSAGE_MSG Or Not GUIRegisterMsg($GETMESSAGE_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_KEYBOARD
$KEYBOARD_MSG = RegisterWindowMessage("KEYBOARD_MSG")
if Not $KEYBOARD_MSG Or Not GUIRegisterMsg($KEYBOARD_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_MOUSE
$MOUSE_MSG = RegisterWindowMessage("MOUSE_MSG")
if Not $MOUSE_MSG Or Not GUIRegisterMsg($MOUSE_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_MSGFILTER
$MSGFILTER_MSG = RegisterWindowMessage("MSGFILTER_MSG")
if Not $MSGFILTER_MSG Or Not GUIRegisterMsg($MSGFILTER_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case $WH_SHELL
$SHELL_MSG = RegisterWindowMessage("SHELL_MSG")
if Not $SHELL_MSG Or Not GUIRegisterMsg($SHELL_MSG,$MsgFunction) Then Return SetError(3,0,0)
Case Else
Return SetError(4,0,0)
EndSwitch

Local $RT = DllCall($HookExW,"handle","DllWindowsHookExW","UINT",$IdHook)
If @error Or Not $RT[0] Then Return SetError(5,0,0)

Switch $idHook
Case $WH_CBT
$HookHandleCBTProc = $RT[0]
Case $WH_DEBUG
$HookHandleDebugProc = $RT[0]
Case $WH_FOREGROUNDIDLE
$HookHandleForegroundIdleProc = $RT[0]
Case $WH_GETMESSAGE
$HookHandleGetMsgProc = $RT[0]
Case $WH_KEYBOARD
$HookHandleKeyboardProc = $RT[0]
Case $WH_MOUSE
$HookHandleMouseProc = $RT[0]
Case $WH_MSGFILTER
$HookHandleMessageProc = $RT[0]
Case $WH_SHELL
$HookHandleShellProc = $RT[0]
EndSwitch

Return SetError(0,0,$RT[0])

EndFunc

Func TestExeHwnd($hWnd,$Msg,$wParam,$lParam)
Return $OkTestExeHwnd
EndFunc

Func RegisterWindowMessage($lpString)
$RT = DllCall("User32.dll","int","RegisterWindowMessageW","WSTR",$lpString)
if @error Then Return SetError(1,0,0)
Return SetError(_WinAPI_GetLastError(),0,$RT[0])
EndFunc

Func Read_Lparama_FromProcessMemory($Msg,$ProcessID,$LPARAMA)
Local $iSYNCHRONIZE = (0x00100000),$iSTANDARD_RIGHTS_REQUIRED = (0x000F0000)
Local $iPROCESS_ALL_ACCESS  = ($iSTANDARD_RIGHTS_REQUIRED + $iSYNCHRONIZE + 0xFFF)
Local $hProcess , $LparamaStruct , $LparamaStructPtr , $LparamaStructSize , $iRead
$hProcess = _WinAPI_OpenProcess($iPROCESS_ALL_ACCESS,False,$ProcessID)
if @error Then Return SetError(@error,1,$LparamaStruct)
Switch $Msg
Case $DEBUG_MSG
Local $tagDEBUGHOOKINFO = "DWORD idThread;DWORD idThreadInstaller;LPARAM lParam;WPARAM wParam;INT code"
$LparamaStruct = DllStructCreate($tagDEBUGHOOKINFO)
$LparamaStructSize = DllStructGetSize($LparamaStruct)
Case $GETMESSAGE_MSG
Local $tagMSG = "HWND hwnd;UINT message;WPARAM wParam;LPARAM lParam;DWORD time;INT X;INT Y"
$LparamaStruct = DllStructCreate($tagMSG)
$LparamaStructSize = DllStructGetSize($LparamaStruct)
Case $MOUSE_MSG
$tagMOUSEHOOKSTRUCT = "INT X;INT Y;HWND hwnd;UINT wHitTestCode;ULONG_PTR dwExtraInfo"
$LparamaStruct = DllStructCreate($tagMOUSEHOOKSTRUCT)
$LparamaStructSize = DllStructGetSize($LparamaStruct)
Case $MSGFILTER_MSG
Local $tagMSG = "HWND hwnd;UINT message;WPARAM wParam;LPARAM lParam;DWORD time;INT X;INT Y"
$LparamaStruct = DllStructCreate($tagMSG)
$LparamaStructSize = DllStructGetSize($LparamaStruct)
EndSwitch
$LparamaStructPtr = DllStructGetPtr($LparamaStruct)
_WinAPI_ReadProcessMemory($hProcess,$LPARAMA,$LparamaStructPtr,$LparamaStructSize,$iRead)
Return SetError(@error,2,$LparamaStruct)
EndFunc

Func CleanupHookEx()
if ($HookHandleCBTProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleCBTProc)
if ($HookHandleDebugProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleDebugProc)
if ($HookHandleForegroundIdleProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleForegroundIdleProc)
if ($HookHandleGetMsgProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleGetMsgProc)
if ($HookHandleKeyboardProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleKeyboardProc)
if ($HookHandleMouseProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleMouseProc)
if ($HookHandleMessageProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleMessageProc)
if ($HookHandleShellProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleShellProc)
EndFunc

ProcGlobalHookEx.au3

#Include "GlobalHookEx.au3"
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
HotKeySet("{ESC}", "Terminate")

$GuiHwnd = GUICreate("Form1", 601, 179, 47, 3)
$Label1 = GUICtrlCreateLabel("", 16, 8,150,150,$WS_BORDER)
$Label2 = GUICtrlCreateLabel("", 300, 8,150,150,$WS_BORDER)
GUISetState(@SW_SHOW)
$HookHandleA = SetDllGlobalWindowsHookEx($WH_MOUSE,$GuiHwnd,"MouseProc")
;$HookHandleB = SetDllGlobalWindowsHookEx($WH_GETMESSAGE,$GuiHwnd,"GetMsgProc")

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit

    EndSwitch
WEnd


Func Terminate()
    Exit 0
EndFunc


Func CBTProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDA = $Param
Return 0
Case 2
$CODEA = $Param
Return 0
Case 3
$WPARAMA = $Param
Return 0
Case 4
$LPARAMA = $Param
Case Else
Return 0
EndSwitch
Local $CODE = $CODEA ,$wParam = $WPARAMA, $lParam = $LPARAMA

Return 0
EndFunc

Func DebugProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDB = $Param
Return 0
Case 2
$CODEB = $Param
Return 0
Case 3
$WPARAMB = $Param
Return 0
Case 4
$LPARAMB = $Param
Case Else
Return 0
EndSwitch
$DEBUGHOOKINFO_Struct = Read_Lparama_FromProcessMemory($Msg,$PROCIDB,$LPARAMB)

Local $CODE = $CODEB ,$wParam = $WPARAMB, $lParam = $LPARAMB

Return 0
EndFunc


Func ForegroundIdleProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDC = $Param
Return 0
Case 2
$CODEC = $Param
Return 0
Case 3
$WPARAMC = $Param
Return 0
Case 4
$LPARAMC = $Param
Case Else
Return 0
EndSwitch

Local $CODE = $CODEC ,$wParam = $WPARAMC, $lParam = $LPARAMC

Return 0
EndFunc

Func GetMsgProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDD = $Param
Return 0
Case 2
$CODED = $Param
Return 0
Case 3
$WPARAMD = $Param
Return 0
Case 4
$LPARAMD = $Param
Case Else
Return 0
EndSwitch
$MSG_Struct = Read_Lparama_FromProcessMemory($Msg,$PROCIDD,$LPARAMD)

Local $CODE = $CODED,$wParam = $WPARAMD, $lParam = $LPARAMD

$Text = "GetMsgProc " & @CRLF & "hwnd " & DllStructGetData($MSG_Struct ,1) & @CRLF
$Text &= "message " & DllStructGetData($MSG_Struct ,2) & @CRLF
$Text &= "wParam " & DllStructGetData($MSG_Struct ,3) & @CRLF
$Text &= "lParam " & DllStructGetData($MSG_Struct ,4) & @CRLF
$Text &= "time " & DllStructGetData($MSG_Struct ,5) & @CRLF
$Text &= "X " & DllStructGetData($MSG_Struct ,6) & @CRLF
$Text &= "Y " & DllStructGetData($MSG_Struct ,7) & @CRLF
GUICtrlSetData($Label2,$Text)

Return 0
EndFunc

Func KeyboardProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDE = $Param
Return 0
Case 2
$CODEE = $Param
Return 0
Case 3
$WPARAME = $Param
Return 0
Case 4
$LPARAME = $Param
Case Else
Return 0
EndSwitch

Local $CODE = $PROCIDE, $wParam = $WPARAME, $lParam = $LPARAME

Return 0
EndFunc

Func MouseProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDF = $Param
Return 0
Case 2
$CODEF = $Param
Return 0
Case 3
$WPARAMF = $Param
Return 0
Case 4
$LPARAMF = $Param
Case Else
Return 0
EndSwitch
$MOUSEHOOKSTRUCT_Struct = Read_Lparama_FromProcessMemory($Msg,$PROCIDF,$LPARAMF)

Local $CODE = $PROCIDF, $wParam = $WPARAMF, $lParam = $LPARAMF

$Text = "MouseProc " & @CRLF & "X " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,1) & @CRLF
$Text &= "Y " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,2) & @CRLF
$Text &= "hwnd " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,3) & @CRLF
$Text &= "wHitTestCode " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,4) & @CRLF
$Text &= "dwExtraInfo " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,5) & @CRLF
GUICtrlSetData($Label1,$Text)


Return 0
EndFunc


Func MessageProc($hWnd,$Msg,$ParamNo,$Param)
Switch $ParamNo
Case 1
$PROCIDG = $Param
Return 0
Case 2
$CODEG = $Param
Return 0
Case 3
$WPARAMG = $Param
Return 0
Case 4
$LPARAMG = $Param
Case Else
Return 0
EndSwitch
Local $CODE = $PROCIDG, $wParam = $WPARAMG, $lParam = $LPARAMG

Return 0
EndFunc


Func ShellProc($hWnd,$Msg,$ParamNo,$Param)

Return 2
Switch $ParamNo
Case 1
$PROCIDH = $Param
Return 0
Case 2
$CODEH = $Param
Return 0
Case 3
$WPARAMH = $Param
Return 0
Case 4
$LPARAMH = $Param
Case Else
Return 0
EndSwitch

Local $CODE = $PROCIDH, $wParam = $WPARAMH, $lParam = $LPARAMH

Return 0
EndFunc

;C++ Compiler 5.5

;download

https://downloads.embarcadero.com/free/c_builder

;C++Builder Compiler (bcc compiler) free download. See the file bcb5tool.hlp in the Help

;directory for complete instructions on using the C++Builder Compiler and Command Line Tools.

;Windows English 8.5MB

Compiler.au3

#include <Constants.au3>
#Include <WinAPI.au3>

;C++ Compiler 5.5
;download
;https://downloads.embarcadero.com/free/c_builder
;C++Builder Compiler (bcc compiler) free download. See the file bcb5tool.hlp in the Help
;directory for complete instructions on using the C++Builder Compiler and Command Line Tools.
;Windows  English   8.5MB

;C:\Borland\BCC55\Bin\bcc32.exe
$var1 = FileOpenDialog("Choose bcc32.exe","C:\Borland\BCC55\Bin", "(*.Exe)", 1 + 4 ,"bcc32.exe")
if @error Then Exit
$var2 = FileOpenDialog("Choose HookExW.cpp",@MyDocumentsDir, "(*.cpp)", 1 + 4 ,"HookExW.cpp")
if @error Then Exit
$var3 = FileSelectFolder("Choose Out File folder.", @MyDocumentsDir)
if @error Then Exit

Dim $iPatch1 = "" , $iPatch2 = $var2 , $iPatch3 = $var3 , $foo , $line = ""
$Patch1 = StringSplit($var1,"\")
For $i = 1 To $Patch1[0] - 2
$iPatch1 &= $Patch1[$i] & "\"
Next
$iPatch1 = StringTrimRight($iPatch1,1)
FileChangeDir($iPatch1 & "\Bin\")
$Command = "bcc32.exe " & _
"-I" & $iPatch1 & "\Include " & _
"-L" & $iPatch1 & "\Lib " & _
"-e" & $iPatch3 & "\HookExW.dll " & _
"-tWD " & $iPatch2
$foo = Run($Command,"", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)
While 1
    $line = StdoutRead($foo)
    If @error Then ExitLoop
    MsgBox(0, "STDOUT", $line)
Wend

C ++ 6

HookExW.cpp

#include <shlobj.h>
#include <windows.h>
#include <stdio.h>
static int OkTestExeHwnd = 99999;
static HINSTANCE ihinstDLL = 0;
static HWND ExeHwnd = 0;
static UINT CBT_MSG,DEBUG_MSG,FOREGROUNDIDLE_MSG,GETMESSAGE_MSG,KEYBOARD_MSG,MOUSE_MSG,
MSGFILTER_MSG,SHELL_MSG,HOOK_GUI_MSG;
static HHOOK HHOOKA,HHOOKB,HHOOKC,HHOOKD,HHOOKE,HHOOKF,HHOOKG,HHOOKH;

LRESULT CALLBACK WINAPI CBTProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI DebugProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI ForegroundIdleProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI MouseProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI MessageProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI ShellProc(int nCode,WPARAM wParam,LPARAM lParam);

HWND GetExeHwnd();
void AtExitHookExW(void);

#ifdef __cplusplus
extern "C"
{
#endif
__declspec(dllexport) HHOOK WINAPI DllWindowsHookExW(UINT idHook);
__declspec(dllexport) BOOL WINAPI DllGetModuleFileNameW(LPWSTR &iMsgBuffer);
#ifdef __cplusplus
}
#endif

extern "C"
BOOL WINAPI DllMain(HANDLE hinstDLL,DWORD dwReason, LPVOID lpvReserved)
{

if (dwReason == DLL_PROCESS_ATTACH)
{

ihinstDLL = (HINSTANCE) hinstDLL;
WCHAR MsgBuffer[600];
GetModuleFileNameW((HMODULE) hinstDLL,MsgBuffer,sizeof(MsgBuffer));
HOOK_GUI_MSG = RegisterWindowMessageW(MsgBuffer);
CBT_MSG = RegisterWindowMessageW(L"CBT_MSG");
DEBUG_MSG = RegisterWindowMessageW(L"DEBUG_MSG");
FOREGROUNDIDLE_MSG = RegisterWindowMessageW(L"FOREGROUNDIDLE_MSG");
GETMESSAGE_MSG = RegisterWindowMessageW(L"GETMESSAGE_MSG");
KEYBOARD_MSG = RegisterWindowMessageW(L"KEYBOARD_MSG");
MOUSE_MSG = RegisterWindowMessageW(L"MOUSE_MSG");
MSGFILTER_MSG = RegisterWindowMessageW(L"MSGFILTER_MSG");
SHELL_MSG = RegisterWindowMessageW(L"SHELL_MSG");
atexit(AtExitHookExW);

}

return 1;
}


HHOOK WINAPI DllWindowsHookExW(UINT idHook)
{

switch( idHook )
{
case WH_CBT:
if (HHOOKA) return 0;
HHOOKA = SetWindowsHookExW(idHook,CBTProc,ihinstDLL,0);
if (HHOOKA) return HHOOKA;
break;
case WH_DEBUG:
if (HHOOKB) return 0;
HHOOKB = SetWindowsHookExW(idHook,DebugProc,ihinstDLL,0);
if (HHOOKB) return HHOOKB;
break;
case WH_FOREGROUNDIDLE:
if (HHOOKC) return 0;
HHOOKC = SetWindowsHookExW(idHook,ForegroundIdleProc,ihinstDLL,0);
if (HHOOKC) return HHOOKC;
break;
case WH_GETMESSAGE:
if (HHOOKD) return 0;
HHOOKD = SetWindowsHookExW(idHook,GetMsgProc,ihinstDLL,0);
if (HHOOKD) return HHOOKD;
break;
case WH_KEYBOARD:
if (HHOOKE) return 0;
HHOOKE = SetWindowsHookExW(idHook,KeyboardProc,ihinstDLL,0);
if (HHOOKE) return HHOOKE;
break;
case WH_MOUSE:
if (HHOOKF) return 0;
HHOOKF = SetWindowsHookExW(idHook,MouseProc,ihinstDLL,0);
if (HHOOKF) return HHOOKF;
break;
case WH_MSGFILTER:
if (HHOOKG) return 0;
HHOOKG = SetWindowsHookExW(idHook,MessageProc,ihinstDLL,0);
if (HHOOKG) return HHOOKG;
break;
case WH_SHELL:
if (HHOOKH) return 0;
HHOOKH = SetWindowsHookExW(idHook,ShellProc,ihinstDLL,0);
if (HHOOKH) return HHOOKH;
break;
default:
return 0;
break;
}

return 0;

}

BOOL WINAPI DllGetModuleFileNameW(LPWSTR &iMsgBuffer)
{
if (GetModuleFileNameW((HMODULE) ihinstDLL,iMsgBuffer,600) != 0) return 1;
return 0;
}

LRESULT CALLBACK WINAPI CBTProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKA,nCode,wParam,lParam);

SendMessage(ExeHwnd,CBT_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,CBT_MSG,2,nCode);
SendMessage(ExeHwnd,CBT_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,CBT_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKA,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI DebugProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKB,nCode,wParam,lParam);

SendMessage(ExeHwnd,DEBUG_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,DEBUG_MSG,2,nCode);
SendMessage(ExeHwnd,DEBUG_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,DEBUG_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKB,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI ForegroundIdleProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKC,nCode,wParam,lParam);

SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,2,nCode);
SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKC,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKD,nCode,wParam,lParam);

SendMessage(ExeHwnd,GETMESSAGE_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,GETMESSAGE_MSG,2,nCode);
SendMessage(ExeHwnd,GETMESSAGE_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,GETMESSAGE_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKD,nCode,wParam,lParam);
}
}


LRESULT CALLBACK WINAPI KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKE,nCode,wParam,lParam);

SendMessage(ExeHwnd,KEYBOARD_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,KEYBOARD_MSG,2,nCode);
SendMessage(ExeHwnd,KEYBOARD_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,KEYBOARD_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKE,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI MouseProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKF,nCode,wParam,lParam);

SendMessage(ExeHwnd,MOUSE_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,MOUSE_MSG,2,nCode);
SendMessage(ExeHwnd,MOUSE_MSG,3,wParam);
INT RT = SendMessage(ExeHwnd,MOUSE_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKF,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI MessageProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKG,nCode,wParam,lParam);

SendMessage(ExeHwnd,MSGFILTER_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,MSGFILTER_MSG,2,nCode);
SendMessage(ExeHwnd,MSGFILTER_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,MSGFILTER_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKG,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI ShellProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKH,nCode,wParam,lParam);

SendMessage(ExeHwnd,SHELL_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,SHELL_MSG,2,nCode);
SendMessage(ExeHwnd,SHELL_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,SHELL_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKH,nCode,wParam,lParam);
}

}


HWND GetExeHwnd()
{

HWND hwnd = NULL;
do
{
hwnd = FindWindowEx(NULL,hwnd,NULL,NULL);
if ((int) SendMessage(hwnd,HOOK_GUI_MSG,0,0) == OkTestExeHwnd) return hwnd;
}
while (hwnd != NULL);

return 0;

}

void AtExitHookExW()
{
if (HHOOKA) UnhookWindowsHookEx(HHOOKA);
if (HHOOKB) UnhookWindowsHookEx(HHOOKB);
if (HHOOKC) UnhookWindowsHookEx(HHOOKC);
if (HHOOKD) UnhookWindowsHookEx(HHOOKD);
if (HHOOKE) UnhookWindowsHookEx(HHOOKE);
if (HHOOKF) UnhookWindowsHookEx(HHOOKF);
if (HHOOKG) UnhookWindowsHookEx(HHOOKG);
if (HHOOKH) UnhookWindowsHookEx(HHOOKH);
}

صرح السماء كان هنا

 

Share this post


Link to post
Share on other sites



I would like to see implementation of other hook procedures. Possible?

Also maybe porting more code from script to dll.

Btw, I can't help noticing relatively big size of your dll. I recommend adjusting the compiler not to include unnecessary run time code. Switching to some other compiler maybe.

For example I compiled your code with VS 2010 Express (which is free) and the result is 32 bit dll in size of 4.5 kB and 64 bit of 5.5 kB.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

I would like to see implementation of other hook procedures. Possible?

Also maybe porting more code from script to dll.

Btw, I can't help noticing relatively big size of your dll. I recommend adjusting the compiler not to include unnecessary run time code. Switching to some other compiler maybe.

For example I compiled your code with VS 2010 Express (which is free) and the result is 32 bit dll in size of 4.5 kB and 64 bit of 5.5 kB.

#include <stdio.h>

#include <shlobj.h>

Previously I used a functions of the stdio.h and shlobj.h functions

Then I changed the project work plan

I did not know that VS 2010 Express can Compile issue six of the C + +

As I know there is a significant difference between C + + Net and C + + 6

HookExW.cpp

#include <windows.h>
static int OkTestExeHwnd = 99999;
static HINSTANCE ihinstDLL = 0;
static HWND ExeHwnd = 0;
static UINT CBT_MSG,DEBUG_MSG,FOREGROUNDIDLE_MSG,GETMESSAGE_MSG,KEYBOARD_MSG,MOUSE_MSG,
MSGFILTER_MSG,SHELL_MSG,HOOK_GUI_MSG;
static HHOOK HHOOKA,HHOOKB,HHOOKC,HHOOKD,HHOOKE,HHOOKF,HHOOKG,HHOOKH;

LRESULT CALLBACK WINAPI CBTProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI DebugProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI ForegroundIdleProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI MouseProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI MessageProc(int nCode,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WINAPI ShellProc(int nCode,WPARAM wParam,LPARAM lParam);

HWND GetExeHwnd();
void AtExitHookExW(void);

#ifdef __cplusplus
extern "C"
{
#endif
__declspec(dllexport) HHOOK WINAPI DllWindowsHookExW(UINT idHook);
__declspec(dllexport) BOOL WINAPI DllGetModuleFileNameW(LPWSTR &iMsgBuffer);
#ifdef __cplusplus
}
#endif

extern "C"
BOOL WINAPI DllMain(HANDLE hinstDLL,DWORD dwReason, LPVOID lpvReserved)
{

if (dwReason == DLL_PROCESS_ATTACH)
{
ihinstDLL = (HINSTANCE) hinstDLL;
WCHAR MsgBuffer[600];
GetModuleFileNameW((HMODULE) hinstDLL,MsgBuffer,sizeof(MsgBuffer));
HOOK_GUI_MSG = RegisterWindowMessageW(MsgBuffer);
CBT_MSG = RegisterWindowMessageW(L"CBT_MSG");
DEBUG_MSG = RegisterWindowMessageW(L"DEBUG_MSG");
FOREGROUNDIDLE_MSG = RegisterWindowMessageW(L"FOREGROUNDIDLE_MSG");
GETMESSAGE_MSG = RegisterWindowMessageW(L"GETMESSAGE_MSG");
KEYBOARD_MSG = RegisterWindowMessageW(L"KEYBOARD_MSG");
MOUSE_MSG = RegisterWindowMessageW(L"MOUSE_MSG");
MSGFILTER_MSG = RegisterWindowMessageW(L"MSGFILTER_MSG");
SHELL_MSG = RegisterWindowMessageW(L"SHELL_MSG");
atexit(AtExitHookExW);

}

return 1;
}


HHOOK WINAPI DllWindowsHookExW(UINT idHook)
{

switch( idHook )
{
case WH_CBT:
if (HHOOKA) return 0;
HHOOKA = SetWindowsHookExW(idHook,CBTProc,ihinstDLL,0);
if (HHOOKA) return HHOOKA;
break;
case WH_DEBUG:
if (HHOOKB) return 0;
HHOOKB = SetWindowsHookExW(idHook,DebugProc,ihinstDLL,0);
if (HHOOKB) return HHOOKB;
break;
case WH_FOREGROUNDIDLE:
if (HHOOKC) return 0;
HHOOKC = SetWindowsHookExW(idHook,ForegroundIdleProc,ihinstDLL,0);
if (HHOOKC) return HHOOKC;
break;
case WH_GETMESSAGE:
if (HHOOKD) return 0;
HHOOKD = SetWindowsHookExW(idHook,GetMsgProc,ihinstDLL,0);
if (HHOOKD) return HHOOKD;
break;
case WH_KEYBOARD:
if (HHOOKE) return 0;
HHOOKE = SetWindowsHookExW(idHook,KeyboardProc,ihinstDLL,0);
if (HHOOKE) return HHOOKE;
break;
case WH_MOUSE:
if (HHOOKF) return 0;
HHOOKF = SetWindowsHookExW(idHook,MouseProc,ihinstDLL,0);
if (HHOOKF) return HHOOKF;
break;
case WH_MSGFILTER:
if (HHOOKG) return 0;
HHOOKG = SetWindowsHookExW(idHook,MessageProc,ihinstDLL,0);
if (HHOOKG) return HHOOKG;
break;
case WH_SHELL:
if (HHOOKH) return 0;
HHOOKH = SetWindowsHookExW(idHook,ShellProc,ihinstDLL,0);
if (HHOOKH) return HHOOKH;
break;
default:
return 0;
break;
}

return 0;

}

BOOL WINAPI DllGetModuleFileNameW(LPWSTR &iMsgBuffer)
{
if (GetModuleFileNameW((HMODULE) ihinstDLL,iMsgBuffer,600) != 0) return 1;
return 0;
}

LRESULT CALLBACK WINAPI CBTProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKA,nCode,wParam,lParam);

SendMessage(ExeHwnd,CBT_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,CBT_MSG,2,nCode);
SendMessage(ExeHwnd,CBT_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,CBT_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKA,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI DebugProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKB,nCode,wParam,lParam);

SendMessage(ExeHwnd,DEBUG_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,DEBUG_MSG,2,nCode);
SendMessage(ExeHwnd,DEBUG_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,DEBUG_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKB,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI ForegroundIdleProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKC,nCode,wParam,lParam);

SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,2,nCode);
SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKC,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKD,nCode,wParam,lParam);

SendMessage(ExeHwnd,GETMESSAGE_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,GETMESSAGE_MSG,2,nCode);
SendMessage(ExeHwnd,GETMESSAGE_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,GETMESSAGE_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKD,nCode,wParam,lParam);
}
}


LRESULT CALLBACK WINAPI KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKE,nCode,wParam,lParam);

SendMessage(ExeHwnd,KEYBOARD_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,KEYBOARD_MSG,2,nCode);
SendMessage(ExeHwnd,KEYBOARD_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,KEYBOARD_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKE,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI MouseProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKF,nCode,wParam,lParam);

SendMessage(ExeHwnd,MOUSE_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,MOUSE_MSG,2,nCode);
SendMessage(ExeHwnd,MOUSE_MSG,3,wParam);
INT RT = SendMessage(ExeHwnd,MOUSE_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKF,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI MessageProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKG,nCode,wParam,lParam);

SendMessage(ExeHwnd,MSGFILTER_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,MSGFILTER_MSG,2,nCode);
SendMessage(ExeHwnd,MSGFILTER_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,MSGFILTER_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKG,nCode,wParam,lParam);
}

}

LRESULT CALLBACK WINAPI ShellProc(int nCode,WPARAM wParam,LPARAM lParam)
{

if (!(ExeHwnd)) ExeHwnd = GetExeHwnd();
if (!(ExeHwnd)) return CallNextHookEx(HHOOKH,nCode,wParam,lParam);

SendMessage(ExeHwnd,SHELL_MSG,1,GetCurrentProcessId());
SendMessage(ExeHwnd,SHELL_MSG,2,nCode);
SendMessage(ExeHwnd,SHELL_MSG,3,wParam);

INT RT = SendMessage(ExeHwnd,SHELL_MSG,4,lParam);
if (RT)
{
return RT;
} else {
return CallNextHookEx(HHOOKH,nCode,wParam,lParam);
}

}


HWND GetExeHwnd()
{

HWND hwnd = NULL;
do
{
hwnd = FindWindowEx(NULL,hwnd,NULL,NULL);
if ((int) SendMessage(hwnd,HOOK_GUI_MSG,0,0) == OkTestExeHwnd) return hwnd;
}
while (hwnd != NULL);

return 0;

}

void AtExitHookExW()
{
if (HHOOKA) UnhookWindowsHookEx(HHOOKA);
if (HHOOKB) UnhookWindowsHookEx(HHOOKB);
if (HHOOKC) UnhookWindowsHookEx(HHOOKC);
if (HHOOKD) UnhookWindowsHookEx(HHOOKD);
if (HHOOKE) UnhookWindowsHookEx(HHOOKE);
if (HHOOKF) UnhookWindowsHookEx(HHOOKF);
if (HHOOKG) UnhookWindowsHookEx(HHOOKG);
if (HHOOKH) UnhookWindowsHookEx(HHOOKH);
}
Edited by wolf9228

صرح السماء كان هنا

 

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

From the first glance this really looks great :unsure: and definitely needs deeper exploration ;). How about adding some more examples, so people do realize it's usefulness? 5 Stars from me :> ...

Edit:

Could you also provide a compiled 64bit dll?

Edited by KaFu

Share this post


Link to post
Share on other sites

I did not know that VS 2010 Express can Compile issue six of the C + +

As I know there is a significant difference between C + + Net and C + + 6

You know what? I think we both don't know what you are talking about. :unsure:

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

You know what? I think we both don't know what you are talking about

For example I compiled your code with VS 2010 Express (which is free) and the result is 32 bit dll in size of 4.5 kB and 64 bit of 5.5 kB.

Can not compile the project code with the VS 2010 Express

Because it concerned the C ++ 6 language

If you mean that you wrote the code again using the C ++ Net, and you compile it

with VS 2010 Express Let's see what the new code to take advantage


صرح السماء كان هنا

 

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Can not compile the project code with the VS 2010 Express

Because it concerned the C ++ 6 language

If you mean that you wrote the code again using the C ++ Net, and you compile it

with VS 2010 Express Let's see what the new code to take advantage

There is no new code. The only difference is that I removed/replaced atexit() with DLL_PROCESS_DETACH handling inside your DllMain and adjusted compiler/linker switches.

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
{
    switch (fdwReason)
    {
    case DLL_PROCESS_ATTACH:
        ihinstDLL = hinstDLL;
        WCHAR MsgBuffer[32767];
        GetModuleFileNameW((HMODULE) hinstDLL,MsgBuffer,sizeof(MsgBuffer));
        HOOK_GUI_MSG = RegisterWindowMessageW(MsgBuffer);
        CBT_MSG = RegisterWindowMessageW(L"CBT_MSG");
        DEBUG_MSG = RegisterWindowMessageW(L"DEBUG_MSG");
        FOREGROUNDIDLE_MSG = RegisterWindowMessageW(L"FOREGROUNDIDLE_MSG");
        GETMESSAGE_MSG = RegisterWindowMessageW(L"GETMESSAGE_MSG");
        KEYBOARD_MSG = RegisterWindowMessageW(L"KEYBOARD_MSG");
        MOUSE_MSG = RegisterWindowMessageW(L"MOUSE_MSG");
        MSGFILTER_MSG = RegisterWindowMessageW(L"MSGFILTER_MSG");
        SHELL_MSG = RegisterWindowMessageW(L"SHELL_MSG");
        break;
    case DLL_PROCESS_DETACH:
        if (HHOOKA) UnhookWindowsHookEx(HHOOKA);
        if (HHOOKB) UnhookWindowsHookEx(HHOOKB);
        if (HHOOKC) UnhookWindowsHookEx(HHOOKC);
        if (HHOOKD) UnhookWindowsHookEx(HHOOKD);
        if (HHOOKE) UnhookWindowsHookEx(HHOOKE);
        if (HHOOKF) UnhookWindowsHookEx(HHOOKF);
        if (HHOOKG) UnhookWindowsHookEx(HHOOKG);
        if (HHOOKH) UnhookWindowsHookEx(HHOOKH);
        break;
    case DLL_THREAD_ATTACH:
        break;
    case DLL_THREAD_DETACH:
        break;
    }
    return TRUE;
}

You can find resulting dlls here.

What net? Spider's?

Edited by trancexx

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

There is no new code. The only difference is that I removed/replaced atexit() with DLL_PROCESS_DETACH handling inside your DllMain and adjusted compiler/linker switches.

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
{
    switch (fdwReason)
    {
    case DLL_PROCESS_ATTACH:
        ihinstDLL = hinstDLL;
        WCHAR MsgBuffer[32767];
        GetModuleFileNameW((HMODULE) hinstDLL,MsgBuffer,sizeof(MsgBuffer));
        HOOK_GUI_MSG = RegisterWindowMessageW(MsgBuffer);
        CBT_MSG = RegisterWindowMessageW(L"CBT_MSG");
        DEBUG_MSG = RegisterWindowMessageW(L"DEBUG_MSG");
        FOREGROUNDIDLE_MSG = RegisterWindowMessageW(L"FOREGROUNDIDLE_MSG");
        GETMESSAGE_MSG = RegisterWindowMessageW(L"GETMESSAGE_MSG");
        KEYBOARD_MSG = RegisterWindowMessageW(L"KEYBOARD_MSG");
        MOUSE_MSG = RegisterWindowMessageW(L"MOUSE_MSG");
        MSGFILTER_MSG = RegisterWindowMessageW(L"MSGFILTER_MSG");
        SHELL_MSG = RegisterWindowMessageW(L"SHELL_MSG");
        break;
    case DLL_PROCESS_DETACH:
        if (HHOOKA) UnhookWindowsHookEx(HHOOKA);
        if (HHOOKB) UnhookWindowsHookEx(HHOOKB);
        if (HHOOKC) UnhookWindowsHookEx(HHOOKC);
        if (HHOOKD) UnhookWindowsHookEx(HHOOKD);
        if (HHOOKE) UnhookWindowsHookEx(HHOOKE);
        if (HHOOKF) UnhookWindowsHookEx(HHOOKF);
        if (HHOOKG) UnhookWindowsHookEx(HHOOKG);
        if (HHOOKH) UnhookWindowsHookEx(HHOOKH);
        break;
    case DLL_THREAD_ATTACH:
        break;
    case DLL_THREAD_DETACH:
        break;
    }
    return TRUE;
}

You can find resulting dlls here.

What net? Spider's?

thanks :unsure:

صرح السماء كان هنا

 

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

C ++ UnLoadLibrary.cpp

#include <windows.h>
void AtUnLoadLibrary();
extern "C"
BOOL WINAPI DllMain(HANDLE hinstDLL,DWORD dwReason, LPVOID lpvReserved)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
atexit(AtUnLoadLibrary);
}
return 1;
}
void AtUnLoadLibrary()
{
MessageBox(0,"AtUnLoadLibrary","AtUnLoadLibrary",0);
}

UnLoadLibrary.au3

$DllOpen = DllOpen("UnLoadLibrary.dll")
DllClose($DllOpen)

While 1
    
WEnd

Compiler.au3

#include <Constants.au3>
#Include <WinAPI.au3>

;C++ Compiler 5.5
;download
;https://downloads.embarcadero.com/free/c_builder
;C++Builder Compiler (bcc compiler) free download. See the file bcb5tool.hlp in the Help
;directory for complete instructions on using the C++Builder Compiler and Command Line Tools.
;Windows  English   8.5MB

;C:\Borland\BCC55\Bin\bcc32.exe
$var1 = FileOpenDialog("Choose bcc32.exe","C:\Borland\BCC55\Bin", "(*.Exe)", 1 + 4 ,"bcc32.exe")
if @error Then Exit
$var2 = FileOpenDialog("Choose UnLoadLibrary.cpp",@MyDocumentsDir, "(*.cpp)", 1 + 4 ,"UnLoadLibrary.cpp")
if @error Then Exit
$var3 = FileSelectFolder("Choose Out File folder.", @MyDocumentsDir)
if @error Then Exit

Dim $iPatch1 = "" , $iPatch2 = $var2 , $iPatch3 = $var3 , $foo , $line = ""
$Patch1 = StringSplit($var1,"\")
For $i = 1 To $Patch1[0] - 2
$iPatch1 &= $Patch1[$i] & "\"
Next
$iPatch1 = StringTrimRight($iPatch1,1)
FileChangeDir($iPatch1 & "\Bin\")
$Command = "bcc32.exe " & _
"-I" & $iPatch1 & "\Include " & _
"-L" & $iPatch1 & "\Lib " & _
"-e" & $iPatch3 & "\HookExW.dll " & _
"-tWD " & $iPatch2
$foo = Run($Command,"", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)
While 1
    $line = StdoutRead($foo)
    If @error Then ExitLoop
    MsgBox(0, "STDOUT", $line)
Wend

DLL_PROCESS_DETACH

http://msdn.microsoft.com/en-us/library/ms682583%28VS.85%29.aspx

The DLL is being unloaded from the virtual address space of the calling process because it was loaded unsuccessfully or the reference count has reached zero (the processes has either terminated or called FreeLibrary one time for each time it called LoadLibrary).

The lpReserved parameter indicates whether the DLL is being unloaded as a result of a FreeLibrary call, a failure to load, or process termination.

The DLL can use this opportunity to call the TlsFree function to free any TLS indices allocated by using TlsAlloc and to free any thread local data.

Note that the thread that receives the DLL_PROCESS_DETACH notification is not necessarily the same thread that received the DLL_PROCESS_ATTACH notification.

#pragma unmanaged

#pragma managed

managed, unmanaged

http://msdn.microsoft.com/en-us/library/0adb9zxe%28VS.80%29.aspx

An Overview of Managed/Unmanaged Code Interoperability

http://msdn.microsoft.com/en-us/library/ms973872.aspx

Edited by wolf9228

صرح السماء كان هنا

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0