Solved

Hooks

Posted on 2000-03-25
11
407 Views
Last Modified: 2010-04-10
Hello!
I am using a keyboard-hook with code in a DLL like this:

#define STRICT
#include <windows.h>

#pragma comment(linker, "/SECTION:.shared,RWS")
#pragma data_seg(".shared")
    HHOOK hHook = NULL;
#pragma data_seg()

HANDLE      hInstance;

BOOL WINAPI DllMain (HINSTANCE hInst, DWORD dwReason, PVOID pvReserved)
{
    if (dwReason == DLL_PROCESS_ATTACH)
        hInstance = hInst;
    return TRUE;
}

LRESULT CALLBACK KeyboardProc(int iCode, WPARAM wParam, LPARAM lParam)
{
    if (iCode >= 0 )
    {
        if ((iCode == HC_ACTION) && (! (lParam & 0x80000000) ))
             MessageBox(NULL, "MsgBox", "A key was pressed", MB_ICONINFORMATION);
    }
    return CallNextHookEx(hHook,iCode,wParam,lParam);
}

__declspec (dllexport) BOOL KeylogOff()
{      
     if (hHook)
          if (UnhookWindowsHookEx(hHook))
               hHook = NULL;
     return (!hHook);
}

__declspec (dllexport) BOOL KeylogOn()
{
     if (hHook)
         KeylogOff();
     hHook = SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC) KeyboardProc, (HINSTANCE) hInstance, 0);
     if (!hHook)
     {
         MessageBox(NULL,"Cannot set Keyboard hook","Error",MB_OK);
         return 0;
     }
     return 1;
}


This code works, but if I run another program, that uses a keyboard-hook (even another instance of my program, runned from other directory), he's in front of the hook chain, and I'm not getting messages. Is there a function, that informs me, what is my current position in hook chain? Is my KeyboardProc function passing messages to next hook right?
Another problem is in MS-DOS. If I run MS-DOS prompt in Windows, my program doesn't get keyboard messages from that window. I've tried WH_GETMESSAGE filter, but I don't know, what message I have to capture.

Thanks in advance.
0
Comment
Question by:myson
  • 6
  • 4
11 Comments
 

Expert Comment

by:balakrishnan_t
ID: 2656940
This is related with device driver,,try to post the question in some other section to get some answer
0
 

Author Comment

by:myson
ID: 2657046
I don't think so, because the code above does the same errors on 3 computers with different Windows 9x.
But thanks. Does anybody know how to solve this problem?
0
 
LVL 11

Expert Comment

by:alexo
ID: 2657061
>> Is there a function, that informs me, what is my current position in hook chain?

No.
0
 

Author Comment

by:myson
ID: 2657137
OK, if it is no such function, why don't I get messages, when my program isn't in front of the hook chain? Where's the error? And why doesn't work WH_KEYBOARD on DOS windows? So what messages receive DOS windows, when they get keyboard input?
But thanks.
0
 

Author Comment

by:myson
ID: 2657198
I have solved the DOS window problem. The message is not a message like WM_KEYDOWN, but a strange, probably undocumented, message 0x41A. Hmm. OK.
But I am still looking for a solution for that problem with hook chains. I have downloaded Microsoft's sample app, and I have copied the .exe to two different dirs and runned....and the file, that was runned first, wasn't working. Is it possible to run 2 programs that are using the, for example, WH_KEYBOARD hooks and works both?
Thanks a lot.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 11

Expert Comment

by:alexo
ID: 2658124
>> Where's the error?

My guess?  Messing up the call to CallNextHookEx().
0
 

Author Comment

by:myson
ID: 2658198
Err, I have commented out some code...Now it works. I have tested it with Microsoft's Hook Sample Application and that is the error. Sample Hook App doesn't call another hook in hook chain, but the source codes are good. Hmm.
How can I protect from these programs...If there isn't any function, that indicates my position in chain, is there any algoritm with I can find out that I am not first in hook chain or that messages are not comming to me,  although they are being produced? Then I would only reset the hook and it would be again in front of the chain.
0
 
LVL 11

Expert Comment

by:alexo
ID: 2658291
>> How can I protect from these programs...

You cannot.  Unless you want to get ugly and regularly hook and unhook just to see if your hook is the last in the chain.  Something like:

    hHook = SetWindowsHookEx(...);
    if (hHook == hSaved)
        UnhookWindowsHookEx(hHook);
    else
    {
        UnhookWindowsHookEx(hSaved);
        hSaved = hHook;
    }

Not something I'd be happy with but it may work.
0
 

Author Comment

by:myson
ID: 2658756
I have probably not understood you code above. I must create a dummy hook, hHook, and see, if it equals with my original hook, hSaved. If equals, it is in front of the chain. But hHook and hSaved are always different hooks, so "if (hHook == hSaved)" will never be true. Right? Or do you mean that I must in periodical times reset my hook? I am probably a little stupid.
Thanks.
0
 
LVL 11

Accepted Solution

by:
alexo earned 50 total points
ID: 2660622
>> Right?

Hmmm...  Let's try again:

Creade a dummy hook proc:

    LRESULT CALLBACK f(int code, WPARAM wParam, LPARAM lParam)
    {
        return 0;
    }

And a function to return an ID based on the last hook in the chain:

    DWORD GetId()
    {
        HHOOK x = SetWindowsHookEx(WH_KEYBOARD, f, NULL, 0);
        // If doesn't work, try replacing last '0' with GetCurrentThreadId()
        UnhookWindowsHookEx(x);
        return (DWORD)x;
    }

Now, to check:

    if (saved != GetId())
    {
        UnhookWindowsHookEx(hHook); // remove from chain
        hHook = SetWindowsHookEx(...); // re-hook
        saved = GetId();
    }

Effectively, we just devised a method to see if your hook is the last in the chain.

>> Or do you mean that I must in periodical times reset my hook?

That is a possibility too.

>> I am probably a little stupid.

No you're not.
0
 

Author Comment

by:myson
ID: 2665202
Yes, that's exactly what I have been looking for. It is excellent! Thanks VERY MUCH.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Errors will happen. It is a fact of life for the programmer. How and when errors are detected have a great impact on quality and cost of a product. It is better to detect errors at compile time, when possible and practical. Errors that make their wa…
Written by John Humphreys C++ Threading and the POSIX Library This article will cover the basic information that you need to know in order to make use of the POSIX threading library available for C and C++ on UNIX and most Linux systems.   [s…
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now