Intercepting Window Messages
Author
All,
I would like to write a program which intercepts the events/messages generated on other applications. For instance if I minimise, maximise or close a window a message is sent to that application and then the application handles it. My program should see that this has hapend and do something else.
Worked Example:
Start Web-browser.
Start My Application.
Maximise Web-browser -> My Application plays a sound (for instance).
Unfortunately I'm not very familiar with windows programming so any pointers in the right direction would be good. I've tried looking up windows message queue, pump etc on google but all results relate to the message pump within the application you're developing.
Thanks in advance :)
Here's some C code (C99) that I wrote a couple years ago. GlobalMessageHook (13k) Demonstrates a global hook. A a system wide WH_GETMESSAGE hook that captures WM_PAINT messages. You can adapted it to intercept other messages. YMMV.
Quote:Original post by LessBread
Here's some C code (C99) that I wrote a couple years ago. GlobalMessageHook(13k)
Avast says there's a trojan in there (Win32:Small-BEN [Trj])
Is it normal for programs using global hooks?
Quote:Original post by defferQuote:Original post by LessBread
Here's some C code (C99) that I wrote a couple years ago. GlobalMessageHook(13k)
Avast says there's a trojan in there (Win32:Small-BEN [Trj])
Is it normal for programs using global hooks?
Unfortunately, yes. Hooking onto the system or different programs isn't exactly viewed favourably by virus scanners. On the other hand, I wouldn't necessarily take anything anyone wrote, regardless of how trustworthy they are, and run it without a virus scan. (You can never be too careful). Too be safe, just compile the code (if he gave it, sorry, at work, and cannot try it out) yourself.
Quote:Original post by defferQuote:Original post by LessBread
Here's some C code (C99) that I wrote a couple years ago. GlobalMessageHook(13k)
Avast says there's a trojan in there (Win32:Small-BEN [Trj])
Is it normal for programs using global hooks?
Interesting. Symantec AV oks the file. Nytegard is correct about not trusting a download. I will vouch for the intentions of the file, but there's no telling if the server got infected and so on. There's a demo exe and dll in the zip compiled from the code. Just snag the code files and adapt them to suit your purpose. There's nothing surreptious in the code files. One file is for the dll. The dll is what actually gets loaded into the other programs. This is an example of a global hook so it gets loaded into every user process currently running. The other file is for the test rig. It's a simple windows application that sets and unsets the hook and writes the data sent from the dll into a listbox. The dll code uses the memory mapped file approach to sharing data. Many other demos rely on an MSVC pragma to shared memory between processes. As I wrote before, your mileage may vary - in other words, it might not work for you straight out of the box. You might have to jiggle with it. That's how hooks are though. They take a little bit of jiggling to work. With this example, I hooked WM_PAINT message, which are low priority messages. To get the demo to operate properly, you'll need to trigger a few of them. Switching between applications (eg via Alt+Tab) or minimizing and maximizing various programs should do the trick.
The reason why it might come up with Avast and not Norton is due to the way files are virus scanned.
This is why you may sometimes get incorrect trojan announcements in programs which use Global Hooks.
ProgramMyHook Globally Hooks into what you type.
BAM, instant trojan.
Now, how would you check for that in a virus scanner? And how do you diferentiate that to a legal and ethical keyboard logger used by your company?
This is why you may sometimes get incorrect trojan announcements in programs which use Global Hooks.
ProgramMyHook Globally Hooks into what you type.
BAM, instant trojan.
Now, how would you check for that in a virus scanner? And how do you diferentiate that to a legal and ethical keyboard logger used by your company?
Quote:Original post by Nytegard[smile]
And how do you diferentiate that to a legal and ethical keyboard logger used by your company?
LessBread:
I managed to run this stuff in vs2005ee. Thanks.
I'll play with it a little to see how the things work. Hope it won't break my system.
Quote:Original post by defferQuote:Original post by Nytegard[smile]
And how do you diferentiate that to a legal and ethical keyboard logger used by your company?
LessBread:
I managed to run this stuff in vs2005ee. Thanks.
I'll play with it a little to see how the things work. Hope it won't break my system.
I'm glad to hear that it worked for you. I was concerned that the C++ style comments and the declare a local variable anywhere in the function bits from C99 might cause problems with MSVC.
Actually, it was kind of strange.
At first it didn't compile as C++.
Then I switched to "Compile as C" - still nothing.
Then I switched back to "Compile as C++" - and it compiled.
Strange.
At first it didn't compile as C++.
Then I switched to "Compile as C" - still nothing.
Then I switched back to "Compile as C++" - and it compiled.
Strange.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
