For the first you cannot inject a 32-bit dll into a 64-process and vice versa.
content of hook.cpp:
#pragma once
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <tchar.h>
#pragma comment(lib,"User32.lib")
#define TERM_MESSAGE __TEXT("{0C3ED513-F38C-4996-8130-F9A3C93D890B}")
HANDLE __hTERM = 0;
HHOOK __ahooks[WH_MAX] = {0};
void InstallHooks(HMODULE h);
void RemoveHooks();
void __loggi(const TCHAR* t,...);
int Continue()
{
return WAIT_TIMEOUT==WaitForSingleObject(__hTERM,0);
}
void LogHookData(int c,WPARAM w,LPARAM l,const TCHAR* idHook)
{
TCHAR mod[0x400];
GetModuleFileName(0,mod,sizeof(mod)/sizeof(mod[0]));
__loggi(__TEXT("%s: %s\r\n"),idHook,mod);
__loggi(__TEXT(" c: %i; w: %08X; l: %08X\r\n"),c,(unsigned int)w,(unsigned int)l);
}
LRESULT FAR PASCAL __fnWH_SHELL(int c,WPARAM w,LPARAM l)
{
if(0>c) return CallNextHookEx(__ahooks[WH_SHELL],c,w,l);
if(!Continue()){ RemoveHooks(); return 0; }
LogHookData(c,w,l,__TEXT("WH_SHELL"));
return 0;
}
LRESULT FAR PASCAL __fnWH_CBT(int c,WPARAM w,LPARAM l)
{
if(0>c) return CallNextHookEx(__ahooks[WH_CBT],c,w,l);
if(!Continue()){ RemoveHooks(); return 0; }
LogHookData(c,w,l,__TEXT("WH_CBT"));
return 0;
}
LRESULT FAR PASCAL __fnWH_GETMESSAGE(int c,WPARAM w,LPARAM l)
{
if(0>c) return CallNextHookEx(__ahooks[WH_GETMESSAGE],c,w,l);
if(!Continue()){ RemoveHooks(); return 0; }
LogHookData(c,w,l,__TEXT("WH_GETMESSAGE"));
return 0;
}
void InstallHooks(HMODULE h)
{
unsigned int wh;
__hTERM = OpenEvent(EVENT_ALL_ACCESS,0,TERM_MESSAGE);
if(Continue())
for(wh=0;wh<(sizeof(__ahooks)/sizeof(__ahooks[0]));wh++)
{
if(__ahooks[wh]) continue;
switch(wh)
{
case WH_CBT:
__ahooks[wh] = SetWindowsHookEx(wh,__fnWH_CBT,h,0);
break;
case WH_SHELL:
break;
case WH_GETMESSAGE:
break;
}
}
}
void RemoveHooks()
{
unsigned int wh;
for(wh=0;wh<(sizeof(__ahooks)/sizeof(__ahooks[0]));wh++)
{
if(0==__ahooks[wh]) continue;
UnhookWindowsHookEx(__ahooks[wh]);
__ahooks[wh] = 0;
}
if(__hTERM) CloseHandle(__hTERM); __hTERM = 0;
}
int FAR PASCAL DllMain(HMODULE h,DWORD r,void* p)
{
switch(r)
{
case DLL_PROCESS_ATTACH: InstallHooks(h); break;
case DLL_PROCESS_DETACH: RemoveHooks(); break;
case DLL_THREAD_ATTACH : break;
case DLL_THREAD_DETACH : break;
}
return 1;
}
class llock
{
public:
llock(const TCHAR* f)
{
TCHAR fm[MAX_PATH];
unsigned int i;
_tcscpy_s(fm,sizeof(fm)/sizeof(fm[0]),_f=f);
for(i=0;fm[i];i++) fm[i]='\\'==fm[i]?'/':fm[i];
_h = CreateMutex(0,0,fm);
}
llock()
{
CloseHandle(_h);
}
operator HANDLE (){ return _h; }
operator const TCHAR* (){ return _f; }
private:
HANDLE _h;
const TCHAR* _f;
} __loggi_lock(__TEXT("c:\\temp\\hooks.txt"));
void __loggi(const TCHAR* t,...)
{
HANDLE hf;
WaitForSingleObject(__loggi_lock,INFINITE);
hf = ::CreateFile(__loggi_lock,GENERIC_WRITE,0,0,OPEN_ALWAYS,0,0);
if(INVALID_HANDLE_VALUE!=hf)
{
unsigned long w = 0;
va_list val;
TCHAR f[0x1000];
int l;
va_start(val,t);
l = _vsntprintf_s(f,sizeof(f)/sizeof(f[0]),_TRUNCATE,t,val);
va_end(val);
if(0==SetFilePointer(hf,0,0,FILE_END))
{
if(sizeof(short)==sizeof(TCHAR))
{
unsigned short unicode = 0xFeFF;
WriteFile(hf,(void*)&unicode,2,&w,0);
}
}
WriteFile(hf,(void*)f,l*sizeof(TCHAR),&w,0);
CloseHandle(hf);
}
ReleaseMutex(__loggi_lock);
}
content of main.cpp:
#pragma once
#include <windows.h>
#include <tchar.h>
#pragma comment(lib,"User32.lib")
#ifdef _WIN64
#define ON64(C,E) C
#else
#define ON64(C,E) E
#endif
#ifdef _DEBUG
#include <crtdbg.h>
#define START() { _CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF|_CRTDBG_LEAK_CHECK_DF); }
#else
#define START()
#endif
int _tmain(int argc, _TCHAR* argv[])
{
START()
HANDLE hterm = CreateEvent(0,1,0,__TEXT("{0C3ED513-F38C-4996-8130-F9A3C93D890B}"));
HINSTANCE hdll = LoadLibrary(ON64(__T("hooks64.dll"),__T("hooks32.dll")));
if((HINSTANCE)32<hdll)
{
_tprintf(__T("loaded... <key>")); _gettch();
SetEvent(hterm);
FreeLibrary(hdll);
}
CloseHandle(hterm);
return 0;
}
This example sets a global hook for CBT and logs all events in all modules.
You have to build one for 64-bit and one for 32-bit applications.
Good luck.