Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Hooks Urgent Problem.

Posted on 1999-01-11
9
Medium Priority
?
497 Views
Last Modified: 2013-12-03
I am trying to install a system hook that catchs WM_CREATE messages in the system, don't let any application to start running and to allow for only one specific application to start running. For some reason all application are not started meaning i have some problem with the strcmp statment that in the CBTProc() function . What is the problem ? I have even tried to put message dialogs with in the code in order to debug this code cause i didn't find any other way to debug this code.

///////////////////////////////////////////////////////////////////filestart/
//
// FILE: HOOKPROC.CPP
//
// DESCRIPTION:
//
// REVISION:
//
// DATE       AUTHOR                 CHANGE DESCRIPTION
// 8/5/98    Ilan Moshe        Creation
//
// NOTES:
//
/////////////////////////////////////////////////////////////////////fileend/


#include <windows.h>
#include <stdio.h>
#include <process.h>
#include <fstream.h>

#pragma data_seg("shared")
HHOOK hhook = 0;

#pragma data_seg()
#pragma comment(linker,"/section:shared,rws")

extern HINSTANCE hinstDLL = 0;

///////////////////////////////////////////////////////////////functionstart/
//
// DESCRIPTION:
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/




LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam)
{  

      switch(nCode)
      {
      case HCBT_CREATEWND:
            {
                  LPCREATESTRUCT pCs = ((LPCBT_CREATEWND)lParam)->lpcs;
                  if (!lstrcmpi(pCs->lpszName,"OpenWin"))
                  {
                        return 0;
                  }
                  else
                        return 1;                        }
            break;
      default:
            {
            return CallNextHookEx(hhook,nCode,wParam,lParam);;
            }
      }
}


///////////////////////////////////////////////////////////////functionstart/
//
// DESCRIPTION:
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/


void SetHook(void)
{
            int local = 0;

            hhook = SetWindowsHookEx( WH_CBT, CBTProc , hinstDLL , 0 );
            local =  GetLastError();
            printf("%d",local);
            //            return (hhook != NULL );
}


///////////////////////////////////////////////////////////////functionstart/
//
// DESCRIPTION:
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/


void UnSetHook(void)
{
      UnhookWindowsHookEx(hhook);
      CloseHandle(hhook);
}


///////////////////////////////////////////////////////////////functionstart/
//
// DESCRIPTION:
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/
void SetMod(HINSTANCE hMod)
{
      hinstDLL = hMod;
}



/////////////////////////////////////////////////////////////////functionend/
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved)
//
// DESCRIPTION: DllMain - Windows DLL entry and exit point.Initialize and shut down
//              UTL_Error so that the error strings are available immediately
//              an error occurs.
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/
{

    switch(dwReason)
      {
            case DLL_PROCESS_ATTACH:
            {
                  SetMod(hinstDLL);
                  DisableThreadLibraryCalls(hinstDLL);
                  break;
            }
      }
      return TRUE;  
}


And the program that sets the hook and checks this program is :

#include <windows.h>
#include <conio.h>

__declspec( dllimport ) LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam);
__declspec( dllimport ) void SetHook(void);
__declspec( dllimport ) void UnSetHook(void);

void main()
{

HINSTANCE hinstDLL;
int ch;
DWORD errorNumber;

      hinstDLL = LoadLibrary((LPCTSTR)"HookDll.dll");
      if ( hinstDLL == NULL )
      {
            errorNumber = GetLastError();
      }

      SetHook();
      if (ch = _getch())
      {
            UnSetHook();
            exit(0);
      }


I realy need a fast answer on this problem.
0
Comment
Question by:sector
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 22

Expert Comment

by:nietod
ID: 1418490
First I would check to see if the problem really is in testing the window name or if the problem is somewhere else ihn your hook.  In the HCBT_CREATEWND case, make the code always return 0, thus the hook should allow windows to open.  Does it?  if so the problem is in the strcmp(), if not, the problem is elsewhere.

0
 

Author Comment

by:sector
ID: 1418491
I have already checked this. If i write return 0;  the windows will open as if there was no hook . So i know there is a problem with the strcmp . What can be the problem ???
0
 

Author Comment

by:sector
ID: 1418492
Edited text of question
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:sector
ID: 1418493
I have gread problem with debuging this DLL so i try sending information with the MessageBox function but ofcourse this is a problem because this allso is a WM_CREATE message.
0
 

Author Comment

by:sector
ID: 1418494
Why i print values of the pCs->lpszName with the MessageBox function i and changing the return value to 0 for the windows to appear , I see some values the don't make sense like kernel32 etc...  

Is this the right way to do this ????
0
 
LVL 22

Expert Comment

by:nietod
ID: 1418495
Those names, like Kernal32, might be the names of windows created by the operating system.  Preventing the creation of those windows could have drastic negative side effects.  That could be the cause of this problem, or it could cause other problems you haven't even encountered yet.
0
 
LVL 86

Expert Comment

by:jkr
ID: 1418496
Debugging system wide hooks is not easy, but it works if you manually issue a breakpoint in the app that set the hook, e.g.
#pragma data_seg("shared")
HHOOK hhook = 0;
DWORD g_dwPID2Break = 0;
#pragma data_seg()

void SetHook(void)
{
 g_dwPID2Break = GetCurrentProcessId();
//...
}

LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam)
{  

 if ( g_dwPID2Break == GetCurrentProcessId())
 {
   // issue a hard breakpoint if this is the app that set the hook
   __asm { int 3};
 }

Hope you got the idea. At least, this works for me ;-)
0
 
LVL 11

Expert Comment

by:alexo
ID: 1418497
Using duplicate accounts is against the EE customer agreement, ilanmoshe.
0
 
LVL 1

Accepted Solution

by:
Cov earned 120 total points
ID: 1418498
Your hook is keeping necessary os windows from opening.  The os has to open up a few windows just to start... figure out which ones they are, or maybe instead just deny the creation of any application after your app opens...
Cov
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to add a user-defined command button to the Windows 7 Explorer toolbar.  In the previous article (http://www.experts-exchange.com/A_2172.html), we saw how to put the Delete button back there where it belongs.  "Delete" is …
If you have ever found yourself doing a repetitive action with the mouse and keyboard, and if you have even a little programming experience, there is a good chance that you can use a text editor to whip together a sort of macro to automate the proce…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question