Solved

Hooks Urgent Problem.

Posted on 1999-01-11
9
475 Views
Last Modified: 2013-12-03
I am trying to install a system hook that catchs WM_CREATE messages in the system, don't let any application to start running and to allow for only one specific application to start running. For some reason all application are not started meaning i have some problem with the strcmp statment that in the CBTProc() function . What is the problem ? I have even tried to put message dialogs with in the code in order to debug this code cause i didn't find any other way to debug this code.

///////////////////////////////////////////////////////////////////filestart/
//
// FILE: HOOKPROC.CPP
//
// DESCRIPTION:
//
// REVISION:
//
// DATE       AUTHOR                 CHANGE DESCRIPTION
// 8/5/98    Ilan Moshe        Creation
//
// NOTES:
//
/////////////////////////////////////////////////////////////////////fileend/


#include <windows.h>
#include <stdio.h>
#include <process.h>
#include <fstream.h>

#pragma data_seg("shared")
HHOOK hhook = 0;

#pragma data_seg()
#pragma comment(linker,"/section:shared,rws")

extern HINSTANCE hinstDLL = 0;

///////////////////////////////////////////////////////////////functionstart/
//
// DESCRIPTION:
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/




LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam)
{  

      switch(nCode)
      {
      case HCBT_CREATEWND:
            {
                  LPCREATESTRUCT pCs = ((LPCBT_CREATEWND)lParam)->lpcs;
                  if (!lstrcmpi(pCs->lpszName,"OpenWin"))
                  {
                        return 0;
                  }
                  else
                        return 1;                        }
            break;
      default:
            {
            return CallNextHookEx(hhook,nCode,wParam,lParam);;
            }
      }
}


///////////////////////////////////////////////////////////////functionstart/
//
// DESCRIPTION:
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/


void SetHook(void)
{
            int local = 0;

            hhook = SetWindowsHookEx( WH_CBT, CBTProc , hinstDLL , 0 );
            local =  GetLastError();
            printf("%d",local);
            //            return (hhook != NULL );
}


///////////////////////////////////////////////////////////////functionstart/
//
// DESCRIPTION:
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/


void UnSetHook(void)
{
      UnhookWindowsHookEx(hhook);
      CloseHandle(hhook);
}


///////////////////////////////////////////////////////////////functionstart/
//
// DESCRIPTION:
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/
void SetMod(HINSTANCE hMod)
{
      hinstDLL = hMod;
}



/////////////////////////////////////////////////////////////////functionend/
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved)
//
// DESCRIPTION: DllMain - Windows DLL entry and exit point.Initialize and shut down
//              UTL_Error so that the error strings are available immediately
//              an error occurs.
//
// WARNINGS:
//
// ERRORS:
//
/////////////////////////////////////////////////////////////////functionend/
{

    switch(dwReason)
      {
            case DLL_PROCESS_ATTACH:
            {
                  SetMod(hinstDLL);
                  DisableThreadLibraryCalls(hinstDLL);
                  break;
            }
      }
      return TRUE;  
}


And the program that sets the hook and checks this program is :

#include <windows.h>
#include <conio.h>

__declspec( dllimport ) LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam);
__declspec( dllimport ) void SetHook(void);
__declspec( dllimport ) void UnSetHook(void);

void main()
{

HINSTANCE hinstDLL;
int ch;
DWORD errorNumber;

      hinstDLL = LoadLibrary((LPCTSTR)"HookDll.dll");
      if ( hinstDLL == NULL )
      {
            errorNumber = GetLastError();
      }

      SetHook();
      if (ch = _getch())
      {
            UnSetHook();
            exit(0);
      }


I realy need a fast answer on this problem.
0
Comment
Question by:sector
9 Comments
 
LVL 22

Expert Comment

by:nietod
ID: 1418490
First I would check to see if the problem really is in testing the window name or if the problem is somewhere else ihn your hook.  In the HCBT_CREATEWND case, make the code always return 0, thus the hook should allow windows to open.  Does it?  if so the problem is in the strcmp(), if not, the problem is elsewhere.

0
 

Author Comment

by:sector
ID: 1418491
I have already checked this. If i write return 0;  the windows will open as if there was no hook . So i know there is a problem with the strcmp . What can be the problem ???
0
 

Author Comment

by:sector
ID: 1418492
Edited text of question
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:sector
ID: 1418493
I have gread problem with debuging this DLL so i try sending information with the MessageBox function but ofcourse this is a problem because this allso is a WM_CREATE message.
0
 

Author Comment

by:sector
ID: 1418494
Why i print values of the pCs->lpszName with the MessageBox function i and changing the return value to 0 for the windows to appear , I see some values the don't make sense like kernel32 etc...  

Is this the right way to do this ????
0
 
LVL 22

Expert Comment

by:nietod
ID: 1418495
Those names, like Kernal32, might be the names of windows created by the operating system.  Preventing the creation of those windows could have drastic negative side effects.  That could be the cause of this problem, or it could cause other problems you haven't even encountered yet.
0
 
LVL 86

Expert Comment

by:jkr
ID: 1418496
Debugging system wide hooks is not easy, but it works if you manually issue a breakpoint in the app that set the hook, e.g.
#pragma data_seg("shared")
HHOOK hhook = 0;
DWORD g_dwPID2Break = 0;
#pragma data_seg()

void SetHook(void)
{
 g_dwPID2Break = GetCurrentProcessId();
//...
}

LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam)
{  

 if ( g_dwPID2Break == GetCurrentProcessId())
 {
   // issue a hard breakpoint if this is the app that set the hook
   __asm { int 3};
 }

Hope you got the idea. At least, this works for me ;-)
0
 
LVL 11

Expert Comment

by:alexo
ID: 1418497
Using duplicate accounts is against the EE customer agreement, ilanmoshe.
0
 
LVL 1

Accepted Solution

by:
Cov earned 60 total points
ID: 1418498
Your hook is keeping necessary os windows from opening.  The os has to open up a few windows just to start... figure out which ones they are, or maybe instead just deny the creation of any application after your app opens...
Cov
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Event ID 10010 3 59
How to update List item Managed Metadata Column with JSOM 2 169
GUI: DIalog Stacking and Popping in MS C++ 4 75
dialer.exe 4 60
This article describes a technique for converting RTF (Rich Text Format) data to HTML and provides C++ source that does it all in just a few lines of code. Although RTF is coming to be considered a "legacy" format, it is still in common use... po…
This article surveys and compares options for encoding and decoding base64 data.  It includes source code in C++ as well as examples of how to use standard Windows API functions for these tasks. We'll look at the algorithms — how encoding and decodi…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question