Posted   by 

Windows Hook Example

  1. Windows Hook Example For Kids
  2. Windows Hook Example Free
  3. Windows Keyboard Hook Example C++
  4. Windows Hook Example For Sale
  5. Hook Examples For Essays
  6. Windows Svn Hook Examples
Active5 years, 1 month ago

If I have a function foo() that windows has implemented in kernel32.dll and it always returns true, can I have my program: 'bar.exe' hook/detour that Windows function and make it return false for all processes instead?

So, if my svchost, for example, calls foo(), it will return false instead of true. The same action should be expected for all other processes currently running.

If so, how? I guess I'm looking for a system-wide hook or something.

AstroCB
10.6k14 gold badges50 silver badges66 bronze badges

In this example, WHCBT means events related to windows (creation,activation,destructions etc). The second parameter is the name of the Hook/Filter function that shall be called back by the OS – detailed below. Code Logic: 1. Install a thread or global hook. The hook procedure post a private message(WMKEYSTROKE or WMKEYINPUT) to the main Window(CppWindowsHookDlg). And WMKEYINPUT is sent when a real key is stroked if you setup a WHKEYBOARDLL hook. Log the information when main windows receive the private message. May 05, 2011  The code sample shows how to set up a Windows Hook to hook mouse and keyboard inputs in a VC# application Windows hook demo (CSWindowsHook) sample in C# for Visual Studio 2008 Breaking news from around the world Get the Bing + MSN extension. SetWindowsHookEx passes the module handle, a pointer to the hook-procedure entry point, and 0 for the thread identifier, indicating that the hook procedure should be associated with all threads in the same desktop as the calling thread. This sequence is shown in the following example. About this one, when using SetWindowsHookEx we don’t specify a target (victim) process. This function creates a global hook held by OS. Using the example, any key pressed on keyboard inside any application will trigger the hook function, right? So, this should be considered DLL Injection? For example, a filter function might want to receive all keyboard or mouse events. For Windows to call a filter function, the filter function must be installed — that is, attached to a Windows hook (for example, to a keyboard hook). Attaching one or more filter functions to a hook is known as setting a hook.

Clark GaebelClark Gaebel
8,19314 gold badges57 silver badges84 bronze badges

5 Answers

Windows Hook Example

Take a look at Detours, it's perfect for this sort of stuff.

For system-wide hooking, read this article from MSDN.

First, create a DLL which handles hooking the functions. This example below hooks the socket send and receive functions.

Then, create a program to inject the DLL into the target application.

This should be more than enough to get you started!

xianxian
3,8494 gold badges30 silver badges38 bronze badges

Dominate's all aformentioned techniques in simpleicty, flexability and functionality.

It was not discussed previously on Hook processes either. I've read all leaf's of this thread and with absolute certanty, EASYHOOK is vastly superiour. No matter if your using C, C++, CLR, whatever.

I'll paste a bit from the codeplex homepage, to ensure sufficient omage being paid.

The following is an incomplete list of features:

  1. A so called 'Thread Deadlock Barrier' will get rid of many core problems when hooking unknown APIs; this technology is unique to EasyHook
  2. You can write managed hook handlers for unmanaged APIs
  3. You can use all the convenience managed code provides, like NET Remoting, WPF and WCF for example
  4. A documented, pure unmanaged hooking API
  5. Support for 32- and 64-bit kernel mode hooking (also check out my PatchGuard 3 bypass driver which can be found in the release list)
  6. No resource or memory leaks are left in the target
  7. Experimental stealth injection mechanism that won't raise attention of any current AV Software
  8. EasyHook32.dll and EasyHook64.dll are pure unmanaged modules and can be used without any NET framework installed!
  9. All hooks are installed and automatically removed in a stable manner
  10. Support for Windows Vista SP1 x64 and Windows Server 2008 SP1 x64 by utilizing totally undocumented APIs, to still allow hooking into any terminal session.
  11. Managed/Unmanaged module stack trace inside a hook handler
  12. Get calling managed/unmanaged module inside a hook handler
  13. Create custom stack traces inside a hook handler
  14. You will be able to write injection libraries and host processes compiled for AnyCPU, which will allow you to inject your code into 32- and 64-Bit processes from 64- and 32-Bit processes by using the very same assembly in all cases.
  15. EasyHook supports RIP-relative addressing relocation for 64-Bit targets.
  16. No unpacking/installation necessary.
  17. The Visual Studio Redistributable is not required.

I'm happy that my hooker's still know a few tricks in comparison that makes me keep them around. But to be sure, when you need a HOOK, 99 times of 100, EASYHOOK'r will get you there faster. And it's quite actively maintained.

Windows
Community
RandomNickName42RandomNickName42
5,4081 gold badge30 silver badges33 bronze badges

Please give more details of the function you want to hook! There are several ways to get your own code called in such a case, for instance:

  • You can build a fake DLL with the same name as the DLL that contains the function you want to hook (and copy it in the folder of foo.exe). This library would expose exactly the same functions as the original DLL. Each exposed function just bypasses the call to the original DLL, with the exception of the function you want to hook.

  • You can change the function pointer table during run-time, for instance with the (commercial) Detour package that has been mentioned by 'kitchen'. However, doing such hooking can be done easily by your own, see this article to learn how.

  • You can find out where the specific function is called in foo.exe and just replace the assembly code that calls the function with a code that 'returns true'. Basically, you're patching 'foo.exe'..

  • For specific functions, Windows offers automatic hooking, e.g. for keys and mouse events. Check the function SetWindowsHook for this.

beef2kbeef2k
2,0302 gold badges17 silver badges18 bronze badges

This depends somewhat on the version of Windows you're wanting to target. Nonetheless, if you're playing on Pre-Vista, you can simply use SetWindowsHookEx to inject your DLL into every running process. Your DLL would then need to hook the appropriate function using Detours or similar.

mrduclawmrduclaw
2,6804 gold badges28 silver badges36 bronze badges

If you are writing your hook in assembly and not using Detours (for whatever reason), then you need some key information about returing FALSE:

  • Win32, set EAX to 0
  • Win64, set RAX to 0

You need to set EAX or RAX (depending upon platform) to zero as the last thing the function you are hooking does. That will result in the calling code receiving 0 as the return value (assuming they are returning an int or pointer type value).

Stephen KellettStephen Kellett
2,2851 gold badge15 silver badges23 bronze badges

Windows Hook Example For Kids

Not the answer you're looking for? Browse other questions tagged c++cwindowshook or ask your own question.

24 Sep 2010CPOL
A single component that contains various Windows hooks

Introduction

The WindowsHookLib is a single library to hook the mouse, keyboard and the clipboard system wide. WindowsHookLib library has been rewritten in C# and therefore it uses Common Language Runtime (CLR). This means that the library can be referenced from various projects in .NET. The mouse and keyboard hooks are low level so you can use the Handled property of the MouseEventArgs or the KeyboardEventArgs to prevent the windows messages being passed to the other applications. Note you need to use the DLL file, not the classes in your projects; otherwise they might not work correctly.

Windows Hook Example Free

  • Clipboard hook
  • Keyboard hook
  • Mouse hook

This component differs from what I have seen in other similar articles, by providing two more things:

  1. Preventing a message to be passed to other windows
  2. Raising the MouseClick and MouseDoubleClick events (I have never seen implementation of this in other low level hooks!)

Mouse Hook

The MouseHook class of the 'WindowsHookLib' library is designed to hook the mouse globally and raise some useful events. Since this hook is low level and low level mouse hooks don't get the MouseClick and MouseDoubleClick messages, it simulates these events. In order to use these events, the class object variable should be declared with the WithEvents keyword.

The MouseDown, MouseUp, MouseWheel, and MouseMove event handlers have a WindowsHookLib.MouseEventArgs class object which provides all the relevant information about the mouse as does the System.Windows.Forms.MouseEventArgs, and two additional properties, Handled and Control. You can set the Handled property to True to prevent the message from being passed to the other windows. The Control property provides the handle of the control under the mouse pointer. If you decide to set the Handled property in the MouseUp event, then it is recommended to set it in the MouseDown event as well for application performance. Conversely, if you decide to set the Handled property in the MouseDown event, then it is recommended to set it in the MouseUp event.

Note: If you set the Handled property in the mentioned events unconditionally, then you might not be able to use the mouse. To condition (block the mouse message to be passed to other windows or controls), you should compare the Control property's value against allowed control handle(s). If the allowed controls' handle list doesn't contain the Control property value, then you can set the Handled property to True; otherwise, don't set it. You can check the demo project's examples to see how you can condition the mouse handled process.

Note: Before you exit your application, you must call the hook object's Dispose method to uninstall the hook and free the class variables.

Windows Keyboard Hook Example C++

Keyboard Hook

The KeyboardHook class of the 'WindowsHookLib' library can be used to hook the keyboard globally. The class provides three events whose KeyDown and KeyUp event handlers contain a WindowsHookLib.KeyEventArgs object that has all the relevant information about the key as the System.Windows.Forms.KeyEventArgs. As with the mouse hook, you can set the Handled property to True in the KeyDown and KeyUp event handlers to prevent the message from being passed to other windows.

Window hooks for curtains

Clipboard Hook

The ClipboardHook class of the 'WindowsHookLib' library can be used to hook a window to the clipboard chain. The class provides two events, ClipbordChanged and StateChanged. The ClipboardChanged event handler contains a WindowsHookLib.ClipboardEventArgs object that has all the relevant information about the event.

Using the Code

Note: You need to use the DLL file by referencing it in your project, not the classes; otherwise, they might not work correctly. If you need the method descriptions, then you need to copy the 'WindowsHookLib.xml' file into your project folder.

For more examples, check out the source code and demo files.

Background

In the core of this component lies the API methods. All hooks use some API methods to hook and monitor for Windows messages. The following list is the API methods that have been used:

  • SetWindowsHookEx
  • UnhookWindowsHookEx
  • CallNextHookEx
  • WindowFromPoint
  • SendInput
  • SetClipboardViewer
  • ChangeClipboardChain

Windows Hook Example For Sale

Points of Interest

I learned many things from this project like how to make a DLL file component that can be used in various projects (VB.NET, C#, C++, J#) in the .NET environment. Also, how to apply attributes to classes or methods that will make a component professional.

Since low level mouse hooks don't get the MouseClick and MouseDoubleClick event messages (which I believe are generated by a window that gets the MouseDown and MouseUp messages), I tried to simulate these events such that they are generated in the same pattern as the Windows MouseClick and MouseDoubleClick events.

WindowsHookLib Information

  • Author: Arman Ghazanchyan
  • Current assembly version: 1.1.1.2
  • Current file version: 1.0.0.6

History

Hook Examples For Essays

  • Updated assembly version 1.1.0.1. This update addresses all hooks.
    • The WindowsHookLib assembly is signed.
    • A clipboard hook is added - New
  • Updated assembly version 1.1.0.2. This update addresses the Keyboard hook.
    • Small change in the KeyEventArgs class
  • Updated assembly version 1.1.0.5. This update addresses to all hooks.
    • Small changes and fixes
  • Updated assembly version 1.1.1.0. This update addresses to all hooks.
    • Some changes and fixes
  • Updated assembly version 1.1.1.2. This update addresses to all hooks, the update is highly recommended.
    • The library is rewritten in C# language.
    • There are many fixes and optimizations to the library.
    • Clipboard Hook bug fix. The hook was not implementing correctly in the previous versions which would lead to breaking up the windows clipboard chain. This version fixes the problem.
    • This version of the library is smaller in size than the previous versions.

Windows Svn Hook Examples