Sign in to follow this  
Metorical

Intercepting Window Messages

Recommended Posts

All, I would like to write a program which intercepts the events/messages generated on other applications. For instance if I minimise, maximise or close a window a message is sent to that application and then the application handles it. My program should see that this has hapend and do something else. Worked Example: Start Web-browser. Start My Application. Maximise Web-browser -> My Application plays a sound (for instance). Unfortunately I'm not very familiar with windows programming so any pointers in the right direction would be good. I've tried looking up windows message queue, pump etc on google but all results relate to the message pump within the application you're developing. Thanks in advance :)

Share this post


Link to post
Share on other sites
Quote:
Original post by deffer
Quote:
Original post by LessBread
Here's some C code (C99) that I wrote a couple years ago. GlobalMessageHook(13k)


Avast says there's a trojan in there (Win32:Small-BEN [Trj])
Is it normal for programs using global hooks?


Unfortunately, yes. Hooking onto the system or different programs isn't exactly viewed favourably by virus scanners. On the other hand, I wouldn't necessarily take anything anyone wrote, regardless of how trustworthy they are, and run it without a virus scan. (You can never be too careful). Too be safe, just compile the code (if he gave it, sorry, at work, and cannot try it out) yourself.

Share this post


Link to post
Share on other sites
Quote:
Original post by deffer
Quote:
Original post by LessBread
Here's some C code (C99) that I wrote a couple years ago. GlobalMessageHook(13k)


Avast says there's a trojan in there (Win32:Small-BEN [Trj])
Is it normal for programs using global hooks?


Interesting. Symantec AV oks the file. Nytegard is correct about not trusting a download. I will vouch for the intentions of the file, but there's no telling if the server got infected and so on. There's a demo exe and dll in the zip compiled from the code. Just snag the code files and adapt them to suit your purpose. There's nothing surreptious in the code files. One file is for the dll. The dll is what actually gets loaded into the other programs. This is an example of a global hook so it gets loaded into every user process currently running. The other file is for the test rig. It's a simple windows application that sets and unsets the hook and writes the data sent from the dll into a listbox. The dll code uses the memory mapped file approach to sharing data. Many other demos rely on an MSVC pragma to shared memory between processes. As I wrote before, your mileage may vary - in other words, it might not work for you straight out of the box. You might have to jiggle with it. That's how hooks are though. They take a little bit of jiggling to work. With this example, I hooked WM_PAINT message, which are low priority messages. To get the demo to operate properly, you'll need to trigger a few of them. Switching between applications (eg via Alt+Tab) or minimizing and maximizing various programs should do the trick.

Share this post


Link to post
Share on other sites
The reason why it might come up with Avast and not Norton is due to the way files are virus scanned.

This is why you may sometimes get incorrect trojan announcements in programs which use Global Hooks.

ProgramMyHook Globally Hooks into what you type.

BAM, instant trojan.

Now, how would you check for that in a virus scanner? And how do you diferentiate that to a legal and ethical keyboard logger used by your company?

Share this post


Link to post
Share on other sites
Quote:
Original post by Nytegard
And how do you diferentiate that to a legal and ethical keyboard logger used by your company?
[smile]

LessBread:
I managed to run this stuff in vs2005ee. Thanks.
I'll play with it a little to see how the things work. Hope it won't break my system.

Share this post


Link to post
Share on other sites
Quote:
Original post by deffer
Quote:
Original post by Nytegard
And how do you diferentiate that to a legal and ethical keyboard logger used by your company?
[smile]

LessBread:
I managed to run this stuff in vs2005ee. Thanks.
I'll play with it a little to see how the things work. Hope it won't break my system.


I'm glad to hear that it worked for you. I was concerned that the C++ style comments and the declare a local variable anywhere in the function bits from C99 might cause problems with MSVC.

Share this post


Link to post
Share on other sites
Actually, it was kind of strange.

At first it didn't compile as C++.
Then I switched to "Compile as C" - still nothing.
Then I switched back to "Compile as C++" - and it compiled.
Strange.

Share this post


Link to post
Share on other sites
It was written to use with lcc-win32, which implements C99 and provides some compiler extensions (which I avoid). C++ style comments are superior to C style and declaring a variable any where in a function just makes more sense to me. For example, with for loops, for(int i=0; i < limit; i++) {} just makes more sense. There are __declspec(dllexport) statements too, but iirc, that is compatible with msvc. The lcc rc files are slightly different from msvc, but not a whole lot. A good part of the lcc stuff seems adapted from msvc.

Share this post


Link to post
Share on other sites
Quote:
Original post by deffer
Quote:
Original post by LessBread
Here's some C code (C99) that I wrote a couple years ago. GlobalMessageHook(13k)


Avast says there's a trojan in there (Win32:Small-BEN [Trj])
Is it normal for programs using global hooks?


He had a user rating of 1800, and supplied the source code, it's nearly gauranteed that it's safe. Besides, you have to take risks sometimes with coding, that's how you learn! :)

Share this post


Link to post
Share on other sites
Quote:
Original post by F1N1TY
Quote:
Original post by deffer
Quote:
Original post by LessBread
Here's some C code (C99) that I wrote a couple years ago. GlobalMessageHook(13k)


Avast says there's a trojan in there (Win32:Small-BEN [Trj])
Is it normal for programs using global hooks?


He had a user rating of 1800, and supplied the source code, it's nearly gauranteed that it's safe. Besides, you have to take risks sometimes with coding, that's how you learn! :)


500 of those points come with being a moderator.

At any rate, he got me to explain the code a bit, which I might not otherwise have done.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this