Solved

Hooks Urgent Problem.

Posted on 1999-01-11
9
465 Views
Last Modified: 2013-12-03
I am trying to install a system hook that catchs WM_CREATE messages in the system, don't let any application to start running and to allow for only one specific application to start running. For some reason all application are not started meaning i have some problem with the strcmp statment that in the CBTProc() function . What is the problem ? I have even tried to put message dialogs with in the code in order to debug this code cause i didn't find any other way to debug this code.

///////////////////////////////////////////////////////////////////filestart/
//
// FILE: HOOKPROC.CPP
//
// DESCRIPTION:
//
// REVISION:
//
// DATE       AUTHOR                 CHANGE DESCRIPTION
// 8/5/98    Ilan Moshe        Creation
//
// NOTES:
//
/////////////////////////////////////////////////////////////////////fileend/


#include <windows.h>
#include <stdio.h>
#include <process.h>
#include <fstream.h>

#pragma data_seg("shared")
HHOOK hhook = 0;

#pragma data_seg()
#pragma comment(linker,"/section:shared,rws")

extern HINSTANCE hinstDLL = 0;

///////////////////////////////////////////////////////////////functionstart/
//
// DESCRIPTION:
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/




LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam)
{  

      switch(nCode)
      {
      case HCBT_CREATEWND:
            {
                  LPCREATESTRUCT pCs = ((LPCBT_CREATEWND)lParam)->lpcs;
                  if (!lstrcmpi(pCs->lpszName,"OpenWin"))
                  {
                        return 0;
                  }
                  else
                        return 1;                        }
            break;
      default:
            {
            return CallNextHookEx(hhook,nCode,wParam,lParam);;
            }
      }
}


///////////////////////////////////////////////////////////////functionstart/
//
// DESCRIPTION:
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/


void SetHook(void)
{
            int local = 0;

            hhook = SetWindowsHookEx( WH_CBT, CBTProc , hinstDLL , 0 );
            local =  GetLastError();
            printf("%d",local);
            //            return (hhook != NULL );
}


///////////////////////////////////////////////////////////////functionstart/
//
// DESCRIPTION:
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/


void UnSetHook(void)
{
      UnhookWindowsHookEx(hhook);
      CloseHandle(hhook);
}


///////////////////////////////////////////////////////////////functionstart/
//
// DESCRIPTION:
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/
void SetMod(HINSTANCE hMod)
{
      hinstDLL = hMod;
}



/////////////////////////////////////////////////////////////////functionend/
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved)
//
// DESCRIPTION: DllMain - Windows DLL entry and exit point.Initialize and shut down
//              UTL_Error so that the error strings are available immediately
//              an error occurs.
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/
{

    switch(dwReason)
      {
            case DLL_PROCESS_ATTACH:
            {
                  SetMod(hinstDLL);
                  DisableThreadLibraryCalls(hinstDLL);
                  break;
            }
      }
      return TRUE;  
}


And the program that sets the hook and checks this program is :

#include <windows.h>
#include <conio.h>

__declspec( dllimport ) LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam);
__declspec( dllimport ) void SetHook(void);
__declspec( dllimport ) void UnSetHook(void);

void main()
{

HINSTANCE hinstDLL;
int ch;
DWORD errorNumber;

      hinstDLL = LoadLibrary((LPCTSTR)"HookDll.dll");
      if ( hinstDLL == NULL )
      {
            errorNumber = GetLastError();
      }

      SetHook();
      if (ch = _getch())
      {
            UnSetHook();
            exit(0);
      }


I realy need a fast answer on this problem.
0
Comment
Question by:sector
9 Comments
 
LVL 22

Expert Comment

by:nietod
ID: 1418490
First I would check to see if the problem really is in testing the window name or if the problem is somewhere else ihn your hook.  In the HCBT_CREATEWND case, make the code always return 0, thus the hook should allow windows to open.  Does it?  if so the problem is in the strcmp(), if not, the problem is elsewhere.

0
 

Author Comment

by:sector
ID: 1418491
I have already checked this. If i write return 0;  the windows will open as if there was no hook . So i know there is a problem with the strcmp . What can be the problem ???
0
 

Author Comment

by:sector
ID: 1418492
Edited text of question
0
 

Author Comment

by:sector
ID: 1418493
I have gread problem with debuging this DLL so i try sending information with the MessageBox function but ofcourse this is a problem because this allso is a WM_CREATE message.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:sector
ID: 1418494
Why i print values of the pCs->lpszName with the MessageBox function i and changing the return value to 0 for the windows to appear , I see some values the don't make sense like kernel32 etc...  

Is this the right way to do this ????
0
 
LVL 22

Expert Comment

by:nietod
ID: 1418495
Those names, like Kernal32, might be the names of windows created by the operating system.  Preventing the creation of those windows could have drastic negative side effects.  That could be the cause of this problem, or it could cause other problems you haven't even encountered yet.
0
 
LVL 86

Expert Comment

by:jkr
ID: 1418496
Debugging system wide hooks is not easy, but it works if you manually issue a breakpoint in the app that set the hook, e.g.
#pragma data_seg("shared")
HHOOK hhook = 0;
DWORD g_dwPID2Break = 0;
#pragma data_seg()

void SetHook(void)
{
 g_dwPID2Break = GetCurrentProcessId();
//...
}

LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam)
{  

 if ( g_dwPID2Break == GetCurrentProcessId())
 {
   // issue a hard breakpoint if this is the app that set the hook
   __asm { int 3};
 }

Hope you got the idea. At least, this works for me ;-)
0
 
LVL 11

Expert Comment

by:alexo
ID: 1418497
Using duplicate accounts is against the EE customer agreement, ilanmoshe.
0
 
LVL 1

Accepted Solution

by:
Cov earned 60 total points
ID: 1418498
Your hook is keeping necessary os windows from opening.  The os has to open up a few windows just to start... figure out which ones they are, or maybe instead just deny the creation of any application after your app opens...
Cov
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

zlib is a free compression library (a DLL) on which the popular gzip utility is built.  In this article, we'll see how to use the zlib functions to compress and decompress data in memory; that is, without needing to use a temporary file.  We'll be c…
As more and more people are shifting to the latest .Net frameworks, the windows presentation framework is gaining importance by the day. Many people are now turning to WPF controls to provide a rich user experience. I have been using WPF controls fo…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now