Jump to content
  • Advertisement
Sign in to follow this  
Wavarian

Windows hooks

This topic is 3984 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hey guys, I need to get the command line parameters of a process already running, and have been using the CreateRemoteThread method with great success. However, this type of code injection is not supported by Windows 9x, and I have resorted to using windows hooking functions to do the job instead. Everything works as it should, but there is one thing which is bothering me. When I call SetWindowsHookEx, Windows XP maps my DLL into the target process and gets its command line parameters.. So far so good. Afterwards I call UnhookWindowsHookEx which is (to my knowledge) supposed to unmap my DLL from the target process. This isn't happening, and my DLL remains mapped within the target process (which means I can't rebuild the DLL until the target process is terminated). Is this supposed to happen? Or am I forgetting something? I haven't posted any code since I'm just looking to see if anyone has come across any articles which mention this happening in XP (I have yet to try it in Windows 98). Cheers.

Share this post


Link to post
Share on other sites
Advertisement
What type of hook are you using? I've been playing with API hooking recently, there's a bunch of stuff in My Journal, and I'll be putting a final version up there in a few hours (Test application, library and fully working x86 / x64 code).

The way I do it is to hook a specific DLL import (For example, GetMessage()), so that instead of calling the real function, it loads a DLL I specify, calls a function in it, and then unloads the DLL. As far as I know, it should work on Windows 98 (Although I haven't really looked - it only really uses ReadProcessMemory() and WriteProcessMemory()).

Is there a reason you want to support Windows 98 though?

Share this post


Link to post
Share on other sites
Thanks for replying so quick!

I'm actually installing a WH_CBT hook, and sending a WM_SYSCOMMAND message to the target window to execute the GetLineParameters function. I need for the program to run on my other computer for which I only have a legal copy of Windows 98.

I'll take a squizz at your journal though, see if there's anything I've missed. It's just annoying to have my DLL still in use by the target process even after I've uninstalled the hook.

Share this post


Link to post
Share on other sites
UPDATE:

For those interested, UnhookWindowsHookEx does not unmap the HookProc-containing DLL from the target process (reason being that FreeLibrary can only be called by the target process itself). Good news is that once the target process has been terminated, the DLL is released (this is my understanding).

I'm going to investigate some possible alternatives, one being to call GetCommandLine in DllMain and have it return FALSE to indicate that the DLL failed to load (thus causing windows to immediately unmap the DLL).

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

Participate in the game development conversation and more when you create an account on GameDev.net!

Sign me up!