|
Hi there!
Is there a documentation in english for this code? I'm having trouble to understand what is going on in some parts of the code. Especially the assembler code-blocks I do not understand..
If there is a doc for this, please let me know!
THX,
BigMomma
|
|
|
|
|
Sorry, there is no english document for the code for my pool english.
The assembler code is to construct a parameter call and a DWORD return. because PrcessCall() is a void parameter and void return function, it called by hooked application that put in some parameters and get a DWORD return value like when call "int socket(int,int,int), so we should simulate the way of the old api called.
--pudn.com
|
|
|
|
|
WH_JOURNALRECORD Windows CE Global Hook is blocked!
Hello,
how are you?
You can help me? I'm working in a WINDOWS CE 3.0 project with Microsoft Visual Studio C++ Embedded
3.0, and I'm using a WH_JOURNALRECORD Windows CE global hook.
I create the hook:
m_hHkJournalRec = m_pfSetWindowsJournalHook(WH_JOURNALRECORD, JournalRecordProc, aInstance, 0);
m_pfSetWindowsJournalHook is a pointer to the QASetWindowsJournalHook function, that's in the
coredll.dll library.
I have a JournalRecordProc process, and finally I want to delete the global hook:
m_pfUnhookWindowsJournalHook(m_hHkJournalRec)
where m_pfUnhookWindowsJournalHook is a pointer to the QAUnhookWindowsJournalHook function, that's in
the coredll.dll library.
And my problem, is that this function returns false, instead of true, and that wants to say that
the global hook isn't deleted correctly, and the system resources are not free. In addition, when
my application finishes in the Pocket PC, the PDA becomes blocked, and it doesn't detect any other
keyboard or mouse event, and I have to do a software reset.
There is a function, called GetLastError(), that gives you the last error that happens in the
system, but this function returns 0, that wants to say, "all is correct". Someone can help me, and
knows how delete this global hook correctly?
HINSTANCE aInstance = GetModuleHandle(NULL); --> aInstance makes reference to real module, not
to a dll, it's not necessary! (it can be also an EXE file);
What do you think about it?
Thanks,
Sincerely,
javitobcn (barcelona SPAIN).
hola
|
|
|
|
|
Sorry, I can not help you because I did not learn Windows CE. Perhaps you should delete/free some object/resources first before delete the hook?
--pudn.com
|
|
|
|
|
hy,
I have problem in that i cant pass all the parameter of the message to my application using hooking as dll.
i have tried by puting particular message and its two parameter to Message queue by using PostMessage and sending
USER+101 message to my application about this message...
i hooked system message creating separate dll and my application is use that dll`s library function to hook and
Unhook.
Now how problem is that how can i pass all the parameter to
PostMessage Api fun. OR there is any other function is available that will transfer a MSG structure to my application??????????
|
|
|
|
|
Use share memory or a file to share your struct data between two applications.
|
|
|
|
|
can u Plz tell me how shared memory is implemented or Give any link which is help ful to me to build shared memeory model.
|
|
|
|
|
Create share memory in your exe file and access it in dll file. Please don't ask me how to create and use shared memory.
-pudn.com
|
|
|
|
|
Hi mate
Try WM_COPYDATA message - this message is supposed
to be used for passing up to 256 bytes to another application (you have to do it with SendMessage()rather than PostMessage())
Anton
|
|
|
|
|
|
Hello,
how are you?
You can help me? I'm working in a WINDOWS CE project with Visual Studio 2003 .net, and I want to use a global hooks application with a project in C# for my pocket PC device under windows ce .net. I ask you if it's possible to do this? In other words, I ask you if it's possible to build an application that works under Pocket PC? Does your application works in a PDA device?
These examples that are in the other messages, work under pocket pc for global hooks???
Answer me please.
Sincerely,
javitobcn
Goodbye! Javitobcn
hola
|
|
|
|
|
I never test it on PocketPC because a PocketPC is unaffordable for me.
|
|
|
|
|
I add CopyFileA/W, MoveFileA/W, MoveFileExA/W function into HookFile Sample then I use copy and move command in CMD window to copy and move some file but I only get MoveFileExW in log file.
Could you tell me what api function for copying file in CMD?
When I hook GetProcAddress function to check what function is used, my system fails
|
|
|
|
|
Dumpbin can not tell you any detail?
|
|
|
|
|
I try to hook on a specific process with HookOneProcess2
but i get a VirtualProtect Error and the hooked process closes.
Is there any way to bypass this error?
here is what hookapi.log writes:
<br />
X:\HookApi 1.62\HookAPI.exe:hook exe:main.exe<br />
X:\HookApi 1.62\HookAPI.exe:GetProcessID...<br />
X:\HookApi 1.62\HookAPI.exe:GetProcessID m_dwProcessCount=35...<br />
X:\HookApi 1.62\HookAPI.exe:GetProcessID...<br />
X:\HookApi 1.62\HookAPI.exe:GetProcessID m_dwProcessCount=35...<br />
X:\HookApi 1.62\HookAPI.exe:GetProcessID...<br />
X:\HookApi 1.62\HookAPI.exe:GetProcessID m_dwProcessCount=35...<br />
X:\HookApi 1.62\HookAPI.exe:GetProcessID...<br />
X:\HookApi 1.62\HookAPI.exe:GetProcessID m_dwProcessCount=35...<br />
X:\HookApi 1.62\HookAPI.exe:GetProcessID...<br />
X:\HookApi 1.62\HookAPI.exe:GetProcessID m_dwProcessCount=36...<br />
X:\HookApi 1.62\HookAPI.exe:GetProcessID...<br />
X:\HookApi 1.62\HookAPI.exe:GetProcessID m_dwProcessCount=38...<br />
X:\HookApi 1.62\HookAPI.exe:found mod_base_name main.exe<br />
X:\HookApi 1.62\HookAPI.exe:hook....<br />
G:\M\main.exe:debug: Hook one api ok:hmod=71ab0000, socket-71ab3b91(e8,7a,8b,ff), start_pos:0<br />
G:\M\main.exe:debug: Hook one api ok:hmod=71ab0000, accept-71ac1028(e8,e3,8b,ff), start_pos:0<br />
G:\M\main.exe:debug: Hook one api ok:hmod=71ab0000, connect-71ab406a(e8,a1,8b,ff), start_pos:0<br />
G:\M\main.exe:debug: Hook one api ok:hmod=71ab0000, recv-71ab615a(e8,b1,8b,ff), start_pos:0<br />
G:\M\main.exe:debug: Hook one api ok:hmod=71ab0000, send-71ab428a(e8,81,8b,ff), start_pos:0<br />
G:\M\main.exe:debug: Hook one api ok:hmod=7c800000, CreateProcessA-7c802367(e8,a4,8b,ff), start_pos:0<br />
G:\M\main.exe:debug: Hook one api ok:hmod=7c800000, CreateProcessW-7c802332(e8,d9,8b,ff), start_pos:0<br />
G:\M\main.exe:Error VirtualProtect:Access is denied.<br />
<br />
G:\M\main.exe:RemoveProtection failed! socket<br />
G:\M\main.exe:Error VirtualProtect:Access is denied.<br />
<br />
G:\M\main.exe:UnhookAPIFunction ‹U‹μ RemoveProtection failed!<br />
G:\M\main.exe:Error VirtualProtect:Access is denied.<br />
<br />
G:\M\main.exe:UnhookAPIFunction ‹U‹μ RemoveProtection failed!<br />
G:\M\main.exe:Error VirtualProtect:Access is denied.<br />
<br />
G:\M\main.exe:UnhookAPIFunction ‹U‹μ RemoveProtection failed!<br />
G:\M\main.exe:Error VirtualProtect:Access is denied.<br />
<br />
G:\M\main.exe:UnhookAPIFunction ‹U‹μ RemoveProtection failed!<br />
G:\M\main.exe:Error VirtualProtect:Access is denied.<br />
<br />
G:\M\main.exe:UnhookAPIFunction ‹U‹μ RemoveProtection failed!<br />
G:\M\main.exe:Error VirtualProtect:Access is denied.<br />
<br />
G:\M\main.exe:UnhookAPIFunction ‹U‹μ RemoveProtection failed!<br />
G:\M\main.exe:Error VirtualProtect:Access is denied.<br />
<br />
G:\M\main.exe:UnhookAPIFunction ‹U‹μ RemoveProtection failed!<br />
X:\HookApi 1.62\HookAPI.exe:EjectLib:OpenProcess 2816 failed!<br />
Thanks,
G X
|
|
|
|
|
Try to not hook CreateProcessA/W and test it again?
|
|
|
|
|
sir,
i have alrady read your artical,that is nice.
but i got error whenewer i run my program.
i have made dll that includes install,remove hook function.
by that i install WM_SHELL hook.with that i had hooked any
window created on system with by checking nCode parameter of
hook procedure with HSHELL_WINDOWCREATED key value.
that works but whenever any window is create the error message
is generated like this,
Microsoft visual c++ Debug library
debug error!
program:E:\WINNT\explorer.exe
DAMAGE:after normal vlock (#41)at 0x03421e60
press retry to debug the application
(button-->)abort Retry Ignore
i cant understood from where this error is comming from?
|
|
|
|
|
sir,
i have alrady read your artical,that is nice.
but i got error whenewer i run my program.
i have made dll that includes install,remove hook function.
by that i install WM_SHELL hook.with that i had hooked any
window created on system with by checking nCode parameter of
hook procedure with HSHELL_WINDOWCREATED key value.
that works but whenever any window is create the error message
is generated like this,
Microsoft visual c++ Debug library
debug error!
program:E:\WINNT\explorer.exe
DAMAGE:after normal vlock (#41)at 0x03421e60
press retry to debug the application
(button-->)abort Retry Ignore
i cant understood from where this error is comming from?
|
|
|
|
|
1. Did you updated the bug?:
There is a bug on NT/2000/XP system, in file injlib.cpp, changed it like this:
#ifdef WINNT
static PTHREAD_START_ROUTINE g_pfnRemote =NULL;
int WINAPI InjectLib(DWORD process_id, char *lib_name)
{
PTHREAD_START_ROUTINE pfnRemote =(PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA");
if(pfnRemote ==NULL)
{
if(g_pfnRemote ==NULL)
return -1;
else pfnRemote =g_pfnRemote;
}
else g_pfnRemote =pfnRemote;
2. And, myxxx function must be defined WINAPI type, or somewhere are not correct in your mydll.cpp?
|
|
|
|
|
If there is exception on win9x, you should compiled the HookAPI9x.dll with disable optimizations.
And do not use it on critical application, because it can only be used for single thread.
|
|
|
|
|
After compiling the DLL project that makes the HookAPINT.dll
(and even without making any changes) the EXE project will not run correctly.
MsgBox shows up with "HookAllProcess==NULL" message.
How can this be fixed?
Thanks,
G X
|
|
|
|
|
Did you compiled it by VC++6.0? I did not add a project of VC++7.0
I try to download it from here and compiled it, but I found there is no any error message.
|
|
|
|
|
no i used vc++ 7.0
i will try compiling with vc++ 6.0
thanks,
G X
|
|
|
|
|
|
That's easy. Coz the code sucks, and if you actually get everything to build it will cause Windows XP SP2 to blue screen, which is no small feat given that XP is fairly robust these days. I am using Visual Studio .NET 2003.
Here's what I did, in case you are interested. I might suggest that that you do not repeat my efforts since as I said earlier, it crashed my system - hard. This software should come with a large !!!WARNING!!!
I open the project:DLL\HookAPI and basically had to add in the .CPP files and .DEF file that was missing from the build, else the build basically failed. Once this was done, I did a "dumpbin.exe /exports" to make sure that I was exporting the necessary functions, namely:
HookOneProcess
UnhookOneProcess
HookOneProcess2
UnhookOneProcess2
HookAllProcess
UnhookAllProcess
I then built the EXE\HookAPI application and then the mydll.dll that performed socket interception (or tried to should I say). I launched the HookAPI function under the debugger and BAM! System crash.
Hence to say, the whole thing was summarily deleted from my system. Also, I checked the registry in case it had left some APPINIT settings. In fact, I eradicated every trace of this software.
I hate to write such a scathing review of something else's efforts. I really do. But in this case I felt justified in warning others that this stuff can crash your system, and secondly, I hate code that blue screens my system.
Since the documentation was written in chinese there is the chance that I may of misinterpreted the build sequence. But that still does not matter - it shouldn't blue screen.
Oh yes, there is one other thing: The Author says that someone else stole his software, but in fact, he basically leveraged the work of another individual, which he freely admits in the article, so how he can make that claim is beyond me. I took the effort to track down the other person's work and it was not too disimilar to the work presented in this article.
Good luck.
-yafan.
|
|
|
|
|