|
There's a possibility that some Anti-Virus software blocked the use of "CreateRemoteThread"
How to solve this problem?
|
|
|
|
|
hi,
I have written one application which runs in background and hooking BitBlt API of all processes to be created using HookAPI dll, , its working fine.. but when i try to open task manager/ help its giving me following error,
"The instruction at "0x732e7800" referenced memory at "0x732e7800". The
memory could not be "read"."
And after this if I try to run any application , its getting crashed giving the same memory error.
I have checked HOOKAPI source code, as CreareProcessW is getting hooked, but while creating process for task manager its giving error. Error code is 2
I am not able to understand why this is happening for task manager or say for some of the applications??
Can you please help me out solving this....??
Thanks,
Gauri
|
|
|
|
|
Look the last comments here about a bug on NT system
|
|
|
|
|
Monitorize mouse global events in WINDOWS-CE;
Hello,
I'm working in VISUAL C++ embedded 3.0. with Windows CE. My goal is to monitorize mouse global events.
By the moment I'm working with a WH_JOURNALRECORD global hook that catches all input global events of the
operating system, basically keyboard and mouse events. But when I catch a mouse event, it only gives me
information about the application that receives this event, and the position (x,y) where the user pushes
in the PDA's screen. I want to know, for example, if the user clicks one option in a menu, so what option
the user clicks, or if it clicks a desktop icon, so i want to know icon's name, and so on.
I want to make a program for windows CE mobile devices, like Smartphones and PocketPCs, and the goal of the
program will be monitorize all mouse global events in order to help the user in his navegation in the system. I
want to make a program like "Narrator.exe" of Windows XP, that processes all mouse events and after a speech
voice synthetizer says the option that the user clicks. Is this possible in Windows CE? Microsoft says that NO,
because in windows ce isn't support COM Architecture due to the specific capabilities of the hardware in the
mobile devices because we are speaking of embedded systems.
So, someone can help me, please?
Thank you very much,
SIncerely,
javitobcn
hola
|
|
|
|
|
I appreciate you present this sdk.
I am programming about on-the-fly encrypt files. I hooked the functions like that - CreateFile, ReadFile, CreateFileMapping, MapViewOfFile, and so on.
It works on many program. IE, notepad, acrobat reader and so on.
but MSWORD, POWERPOINT .. doesn't work not yet.
need I hook some more functions?
|
|
|
|
|
|
Hello ykish!
I read your message and I'm looking for exactly the same think. Have you a program which works because it's not the case for mine...
Thanks
|
|
|
|
|
Hi everybody,
I use hook to spy SHFileOperationA, SHFileOperationW and prevent copying file. It is good in win2000 server, but it not good in winXP. When I start IIS manager or computer management, sometimes it failed and show message: "Snap-in failed to initialize" with title:"Microsoft management console"
Could you tell me how to fix this bug?
|
|
|
|
|
Perhaps you should check, save, restore the error code returned by the API, like this:
DWORD myapi(...)
{
...
DWORD ret=api(...)
DWORD err=GetLastError();
.... your code...
SetLastError(err);
return ret;
}
|
|
|
|
|
Now I show you more detail about this bugs.
I get mistake in winxp and win2000 professional when it hook into new process by "InjectLib(HANDLE hProcess, char *lib_name)" function. when CreateRemoteThread(hProcess, NULL, 0, pfnRemote, premote_mem, 0, NULL) is called to make new thread in hooked process it show message: "the instruction at 0x732e7800 referenced memory at 0x732e7800"
Coul you give me your idea about this mistake?
|
|
|
|
|
I want to hook "OpenProcess" function.
I use you code , make change in mydll.dll , add myOpenProcess function.
I hook "explorer.exe" with HookOneProcess.
Anything is ok. but when i open "taskmgr.exe" , something is wrong.
The error prompt is "0x782f7800 memmory can't be read".
So I remove the added function "OpenProcess",rebuild.
When I execute it , error ocured like before.
Can you help me to correct it?
|
|
|
|
|
I don't kown if it can hook OpenProcess because API OpenProcess is used for many times in HookAPI.
And, you changed injdll.cpp for the bug in the last comment?
|
|
|
|
|
Hi! You can upload source code? I also need source code hook openprocess API. Thanks
|
|
|
|
|
first of all, it doesnt compile for 9x.
i modified main.cpp, line 81
#ifdef WINNT
InjectLib(g_pid, fname);
#endif
now it compiles for 9x, but when I run hookapi on 98se or ME, program crashes.
HOOKAPI caused an invalid page fault in
module HOOKAPI9X.DLL at 0167:82d99476.
Registers:
EAX=ffc07050 CS=0167 EIP=82d99476 EFLGS=00010203
EBX=82d98000 SS=016f ESP=0063f774 EBP=0063f77c
ECX=bff76da8 DS=016f ESI=bff76da8 FS=0dbf
EDX=00000004 ES=016f EDI=82da4f88 GS=0000
Bytes at CS:EIP:
ff 5d f8 fb 89 45 08 a1 b4 f4 de 82 33 d2 89 10
Stack dump:
00000000 bffc0053 bff777d0 82d994a1 82d993a0 bff76da8 00000004 82da071e bff76da8 00000000 00000000 829310a0 bff776d0 82931060 bff76da8 00000002
it happens always with different mydll_9x.dll
"there is 2 bugs in version 1.62, one is on win9x, one is on win2000. If you want to fix it, you should buy support(email:netcom@163.net)"
i suppose one bug is to set variable g_pfnRemote which saves real address of "LoadLibraryA". correct or not?
what is other bug for 9x?
people here want to learn source code which is hard to understand sometimes.
thanks.
ivan donga.
|
|
|
|
|
Compiled it by vc6 and set config to WIN9x release
|
|
|
|
|
I have VC6 SP5 with latest platform sdk.
---
DLL Compilation:
--------------------Configuration: HookAPI - Win32 Windows 9x Release--------------------
Compiling...
ApiInfo.cpp
HookAPI.cpp
injlib.cpp
main.cpp
P:\Paladin_demo(1)\HookAPI1.62\DLL\main.cpp(81) : error C2065: 'InjectLib' : undeclared identifier
ProcessModule.cpp
ProcessToHook.cpp
Ring0.cpp
util.cpp
Error executing cl.exe.
HookAPI9x.dll - 1 error(s), 0 warning(s)
ok, commented InjectLib() or defined #WINNT and compiled successfully.
---
HookInet DLL Compilation (linking with wininet.lib):
--------------------Configuration: mydll - Win32 Win32 Release for Win95--------------------
Linking...
Creating library mydll___Win32_Win32_Release_for_Win95/mydll_9x.lib and object mydll___Win32_Win32_Release_for_Win95/mydll_9x.exp
LINK : warning LNK4089: all references to "USER32.dll" discarded by /OPT:REF
LINK : warning LNK4092: shared section "_INIT" contains relocations; image may not run correctly
LINK : warning LNK4092: shared section ".text" contains relocations; image may not run correctly
LINK : warning LNK4092: shared section ".rdata" contains relocations; image may not run correctly
LINK : warning LNK4092: shared section ".data" contains relocations; image may not run correctly
mydll_9x.dll - 0 error(s), 5 warning(s)
BOOM!
HOOKAPI caused an invalid page fault in
module HOOKAPI9X.DLL at 0167:82d45446.
Registers:
EAX=ffc07544 CS=0167 EIP=82d45446 EFLGS=00010206
EBX=82d44000 SS=016f ESP=0063f774 EBP=0063f77c
ECX=75fa1145 DS=016f ESI=75fa1145 FS=1a9f
EDX=00000004 ES=016f EDI=82d4df30 GS=0000
Bytes at CS:EIP:
ff 5d f8 fb 89 45 08 a1 54 83 d9 82 33 d2 89 10
Stack dump:
00000000 bffc004b bff777d0 82d45471 82d45370 75fa1145 00000004 82d4b68e 75fa1145 00000000 00000000 8294106c 75fa1145 82941030 bff76da8 00000000
What am I doing wrong?
Oh, I forgot to say that I use VMWare (virtual OS-emulator) to test program on clean installed WIN98SE ENG and WINME ENG.
Thank you. Ivan Donga.
|
|
|
|
|
There is comment "There is 2 bugs ...buy support." in this package?
try to Compiled it with disable optimizations. I hadn't used it on win9x for many years, and I did not compiled it on win95 when I changed it on win2000 yet.
|
|
|
|
|
WH_KEYBOARD_LL not capture all key events
I have a problem. I'm using a WH_KEYBOARD_LL hook in order to capture all system keyboard events.
I create the hook without problems, but when I want to delete it, the function unhookWindowsHookEx()
returns a FALSE (that wants to say error in the function), but the hook is correctly deleted,
because if after I create another WK_KEYBOARD_LL hook, it will be created correctly.
But my main problem is that in the LowLevelKeyboardProc (the hook process), I cannot detect
all keyboard events of all the applications of my pda pocket pc. I only detect the message
WM_KEYDOWN in a few number of keys such as: caps lock, shift, esc, and so on. And I want to detect
all keyboard events. What do you think that could be the problem?
I ask for your help, please. It's very important for me.
Here you have the declaration of the LowLevelKeyboardProc:
__declspec(dllexport) LRESULT CALLBACK LowLevelKeyboardProc (int code, WPARAM wParam, LPARAM lParam)
Create the hook:
m_hHkKeyboard = m_pfSetWindowsHook(WH_KEYBOARD_LL, LowLevelKeyboardProc, aInstance, (DWORD)NULL);
where: m_pfSetWindowsHook is a pointer to the SetWindowsHookExW function;
and delete the hook:
m_pfUnhookWindowsHook(m_hHkKeyboard)
where: m_pfUnhookWindowsHook is a pointer to the UnHookWindowsHookEx function;
I'm waiting for your answers. Thank you very much.
Sincerely,
javitobcn,
hola
|
|
|
|
|
I don't kown, perhaps you should detect WM_CHAR message.
--pudn.com
|
|
|
|
|
Hi there!
Is there a documentation in english for this code? I'm having trouble to understand what is going on in some parts of the code. Especially the assembler code-blocks I do not understand..
If there is a doc for this, please let me know!
THX,
BigMomma
|
|
|
|
|
Sorry, there is no english document for the code for my pool english.
The assembler code is to construct a parameter call and a DWORD return. because PrcessCall() is a void parameter and void return function, it called by hooked application that put in some parameters and get a DWORD return value like when call "int socket(int,int,int), so we should simulate the way of the old api called.
--pudn.com
|
|
|
|
|
WH_JOURNALRECORD Windows CE Global Hook is blocked!
Hello,
how are you?
You can help me? I'm working in a WINDOWS CE 3.0 project with Microsoft Visual Studio C++ Embedded
3.0, and I'm using a WH_JOURNALRECORD Windows CE global hook.
I create the hook:
m_hHkJournalRec = m_pfSetWindowsJournalHook(WH_JOURNALRECORD, JournalRecordProc, aInstance, 0);
m_pfSetWindowsJournalHook is a pointer to the QASetWindowsJournalHook function, that's in the
coredll.dll library.
I have a JournalRecordProc process, and finally I want to delete the global hook:
m_pfUnhookWindowsJournalHook(m_hHkJournalRec)
where m_pfUnhookWindowsJournalHook is a pointer to the QAUnhookWindowsJournalHook function, that's in
the coredll.dll library.
And my problem, is that this function returns false, instead of true, and that wants to say that
the global hook isn't deleted correctly, and the system resources are not free. In addition, when
my application finishes in the Pocket PC, the PDA becomes blocked, and it doesn't detect any other
keyboard or mouse event, and I have to do a software reset.
There is a function, called GetLastError(), that gives you the last error that happens in the
system, but this function returns 0, that wants to say, "all is correct". Someone can help me, and
knows how delete this global hook correctly?
HINSTANCE aInstance = GetModuleHandle(NULL); --> aInstance makes reference to real module, not
to a dll, it's not necessary! (it can be also an EXE file);
What do you think about it?
Thanks,
Sincerely,
javitobcn (barcelona SPAIN).
hola
|
|
|
|
|
Sorry, I can not help you because I did not learn Windows CE. Perhaps you should delete/free some object/resources first before delete the hook?
--pudn.com
|
|
|
|
|
hy,
I have problem in that i cant pass all the parameter of the message to my application using hooking as dll.
i have tried by puting particular message and its two parameter to Message queue by using PostMessage and sending
USER+101 message to my application about this message...
i hooked system message creating separate dll and my application is use that dll`s library function to hook and
Unhook.
Now how problem is that how can i pass all the parameter to
PostMessage Api fun. OR there is any other function is available that will transfer a MSG structure to my application??????????
|
|
|
|
|
Use share memory or a file to share your struct data between two applications.
|
|
|
|
|