Problem with SetWindowsHookEx()
-
I am trying to inject a dll into all running processes so I can hook all calls to CreateProcess(). I am going to intercept all calls to CreateProcess() by modifying the IAT, I know how to do that. My problem is injecting the dll into all processes using SetWindowsHookEx(). This is my code, it runs once or twice (triggering the MessageBox function in the main program), and then if you run it again, the computer freezes (and doesn't trigger the MessageBox function in the main program, meaning it got stuck on the InjectEnable() function). If anyone knows what the problem is, that would be highly appreciated. // Main program: #include //windows header #include //stdio header #include "MyDLL.h" #pragma comment(lib,"MyDLL.lib") int WINAPI WinMain(HINSTANCE hInst, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { InjectEnable(); // Function in MyDLL.dll, enables injection MessageBox(NULL,"End Application","Notification",MB_OK); InjectDisable(); // Function in MyDLL.dll, disables injection return 0; } // DLL cpp file: #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers #include // Windows header #include "MyDLL.h" // Global variables (shared) #pragma data_seg (".shared") HHOOK g_hHook = 0; #pragma data_seg () #pragma comment(linker,"/SECTION:.shared,RWS") // Global variables (unshared) HINSTANCE hDll; BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: { hDll = (HINSTANCE)hModule; break; } case DLL_THREAD_ATTACH: { break; } case DLL_THREAD_DETACH: { break; } case DLL_PROCESS_DETACH: { break; } default: break; } return TRUE; } LRESULT HookProc ( int code, // hook code WPARAM wParam, // virtual-key code LPARAM lParam // keystroke-message information ) { return ::CallNextHookEx(g_hHook, code, wParam, lParam); } bool MYDLL_API InjectEnable() { g_hHook = SetWindowsHookEx( WH_CBT, (HOOKPROC)HookProc, hDll, NULL ); if( g_hHook == NULL ) { return false; } return true; } bool MYDLL_API InjectDisable() { UnhookWindowsHookEx( g_hHook ); g_hHook = NULL; // Send a broadcast message, this forces the hook to trigger, and thus unload SendMessage(HWND_BROADCAST,WM_NULL,0,0); return true; } // DLL header file: #ifdef MYDLL_EXPORTS #define MYDLL_API __d
-
I am trying to inject a dll into all running processes so I can hook all calls to CreateProcess(). I am going to intercept all calls to CreateProcess() by modifying the IAT, I know how to do that. My problem is injecting the dll into all processes using SetWindowsHookEx(). This is my code, it runs once or twice (triggering the MessageBox function in the main program), and then if you run it again, the computer freezes (and doesn't trigger the MessageBox function in the main program, meaning it got stuck on the InjectEnable() function). If anyone knows what the problem is, that would be highly appreciated. // Main program: #include //windows header #include //stdio header #include "MyDLL.h" #pragma comment(lib,"MyDLL.lib") int WINAPI WinMain(HINSTANCE hInst, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { InjectEnable(); // Function in MyDLL.dll, enables injection MessageBox(NULL,"End Application","Notification",MB_OK); InjectDisable(); // Function in MyDLL.dll, disables injection return 0; } // DLL cpp file: #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers #include // Windows header #include "MyDLL.h" // Global variables (shared) #pragma data_seg (".shared") HHOOK g_hHook = 0; #pragma data_seg () #pragma comment(linker,"/SECTION:.shared,RWS") // Global variables (unshared) HINSTANCE hDll; BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: { hDll = (HINSTANCE)hModule; break; } case DLL_THREAD_ATTACH: { break; } case DLL_THREAD_DETACH: { break; } case DLL_PROCESS_DETACH: { break; } default: break; } return TRUE; } LRESULT HookProc ( int code, // hook code WPARAM wParam, // virtual-key code LPARAM lParam // keystroke-message information ) { return ::CallNextHookEx(g_hHook, code, wParam, lParam); } bool MYDLL_API InjectEnable() { g_hHook = SetWindowsHookEx( WH_CBT, (HOOKPROC)HookProc, hDll, NULL ); if( g_hHook == NULL ) { return false; } return true; } bool MYDLL_API InjectDisable() { UnhookWindowsHookEx( g_hHook ); g_hHook = NULL; // Send a broadcast message, this forces the hook to trigger, and thus unload SendMessage(HWND_BROADCAST,WM_NULL,0,0); return true; } // DLL header file: #ifdef MYDLL_EXPORTS #define MYDLL_API __d
I'm not so sure why, but when I commented out the MessageBox in the main program, it did not crash. It installed and removed the hook successfully (to my knowledge). I have another problem though. With the hook installed, if I try to open another program, like Internet Explorer or some kind of software, Windows Crashes. It freezes and then all my icons dissappear and the taskbar goes away, leaving only the background and the cursor. Anyone have any idea why this would be happening? Any help is appreciated. Thanks in advance -Dev578