Solved

Hooks

Posted on 2000-03-25
11
406 Views
Last Modified: 2010-04-10
Hello!
I am using a keyboard-hook with code in a DLL like this:

#define STRICT
#include <windows.h>

#pragma comment(linker, "/SECTION:.shared,RWS")
#pragma data_seg(".shared")
    HHOOK hHook = NULL;
#pragma data_seg()

HANDLE      hInstance;

BOOL WINAPI DllMain (HINSTANCE hInst, DWORD dwReason, PVOID pvReserved)
{
    if (dwReason == DLL_PROCESS_ATTACH)
        hInstance = hInst;
    return TRUE;
}

LRESULT CALLBACK KeyboardProc(int iCode, WPARAM wParam, LPARAM lParam)
{
    if (iCode >= 0 )
    {
        if ((iCode == HC_ACTION) && (! (lParam & 0x80000000) ))
             MessageBox(NULL, "MsgBox", "A key was pressed", MB_ICONINFORMATION);
    }
    return CallNextHookEx(hHook,iCode,wParam,lParam);
}

__declspec (dllexport) BOOL KeylogOff()
{      
     if (hHook)
          if (UnhookWindowsHookEx(hHook))
               hHook = NULL;
     return (!hHook);
}

__declspec (dllexport) BOOL KeylogOn()
{
     if (hHook)
         KeylogOff();
     hHook = SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC) KeyboardProc, (HINSTANCE) hInstance, 0);
     if (!hHook)
     {
         MessageBox(NULL,"Cannot set Keyboard hook","Error",MB_OK);
         return 0;
     }
     return 1;
}


This code works, but if I run another program, that uses a keyboard-hook (even another instance of my program, runned from other directory), he's in front of the hook chain, and I'm not getting messages. Is there a function, that informs me, what is my current position in hook chain? Is my KeyboardProc function passing messages to next hook right?
Another problem is in MS-DOS. If I run MS-DOS prompt in Windows, my program doesn't get keyboard messages from that window. I've tried WH_GETMESSAGE filter, but I don't know, what message I have to capture.

Thanks in advance.
0
Comment
Question by:myson
  • 6
  • 4
11 Comments
 

Expert Comment

by:balakrishnan_t
ID: 2656940
This is related with device driver,,try to post the question in some other section to get some answer
0
 

Author Comment

by:myson
ID: 2657046
I don't think so, because the code above does the same errors on 3 computers with different Windows 9x.
But thanks. Does anybody know how to solve this problem?
0
 
LVL 11

Expert Comment

by:alexo
ID: 2657061
>> Is there a function, that informs me, what is my current position in hook chain?

No.
0
 

Author Comment

by:myson
ID: 2657137
OK, if it is no such function, why don't I get messages, when my program isn't in front of the hook chain? Where's the error? And why doesn't work WH_KEYBOARD on DOS windows? So what messages receive DOS windows, when they get keyboard input?
But thanks.
0
 

Author Comment

by:myson
ID: 2657198
I have solved the DOS window problem. The message is not a message like WM_KEYDOWN, but a strange, probably undocumented, message 0x41A. Hmm. OK.
But I am still looking for a solution for that problem with hook chains. I have downloaded Microsoft's sample app, and I have copied the .exe to two different dirs and runned....and the file, that was runned first, wasn't working. Is it possible to run 2 programs that are using the, for example, WH_KEYBOARD hooks and works both?
Thanks a lot.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 11

Expert Comment

by:alexo
ID: 2658124
>> Where's the error?

My guess?  Messing up the call to CallNextHookEx().
0
 

Author Comment

by:myson
ID: 2658198
Err, I have commented out some code...Now it works. I have tested it with Microsoft's Hook Sample Application and that is the error. Sample Hook App doesn't call another hook in hook chain, but the source codes are good. Hmm.
How can I protect from these programs...If there isn't any function, that indicates my position in chain, is there any algoritm with I can find out that I am not first in hook chain or that messages are not comming to me,  although they are being produced? Then I would only reset the hook and it would be again in front of the chain.
0
 
LVL 11

Expert Comment

by:alexo
ID: 2658291
>> How can I protect from these programs...

You cannot.  Unless you want to get ugly and regularly hook and unhook just to see if your hook is the last in the chain.  Something like:

    hHook = SetWindowsHookEx(...);
    if (hHook == hSaved)
        UnhookWindowsHookEx(hHook);
    else
    {
        UnhookWindowsHookEx(hSaved);
        hSaved = hHook;
    }

Not something I'd be happy with but it may work.
0
 

Author Comment

by:myson
ID: 2658756
I have probably not understood you code above. I must create a dummy hook, hHook, and see, if it equals with my original hook, hSaved. If equals, it is in front of the chain. But hHook and hSaved are always different hooks, so "if (hHook == hSaved)" will never be true. Right? Or do you mean that I must in periodical times reset my hook? I am probably a little stupid.
Thanks.
0
 
LVL 11

Accepted Solution

by:
alexo earned 50 total points
ID: 2660622
>> Right?

Hmmm...  Let's try again:

Creade a dummy hook proc:

    LRESULT CALLBACK f(int code, WPARAM wParam, LPARAM lParam)
    {
        return 0;
    }

And a function to return an ID based on the last hook in the chain:

    DWORD GetId()
    {
        HHOOK x = SetWindowsHookEx(WH_KEYBOARD, f, NULL, 0);
        // If doesn't work, try replacing last '0' with GetCurrentThreadId()
        UnhookWindowsHookEx(x);
        return (DWORD)x;
    }

Now, to check:

    if (saved != GetId())
    {
        UnhookWindowsHookEx(hHook); // remove from chain
        hHook = SetWindowsHookEx(...); // re-hook
        saved = GetId();
    }

Effectively, we just devised a method to see if your hook is the last in the chain.

>> Or do you mean that I must in periodical times reset my hook?

That is a possibility too.

>> I am probably a little stupid.

No you're not.
0
 

Author Comment

by:myson
ID: 2665202
Yes, that's exactly what I have been looking for. It is excellent! Thanks VERY MUCH.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Introduction This article is the first in a series of articles about the C/C++ Visual Studio Express debugger.  It provides a quick start guide in using the debugger. Part 2 focuses on additional topics in breakpoints.  Lastly, Part 3 focuses on th…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now