Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to implement anti-hook?

Posted on 2002-07-30
8
Medium Priority
?
318 Views
Last Modified: 2013-12-03
I want to implement a feature: when my app starts up, I don't want that any other app calls SetWindowsHookEx() to inject a dll into my process space.

So, I intercept SetWindowsHookEx() and LoadLibraryA(). But I can't see any LoadLibrary() call in my process space.

Does anyone know how the OS loads the hook dll into other process? Or can I implement this feature in other way? Thanks.

Best Regards,
Fengtao
0
Comment
Question by:fengtao2000
  • 3
  • 2
8 Comments
 
LVL 20

Accepted Solution

by:
Madshi earned 800 total points
ID: 7187659
Windows will probably call some internal functions, something like "InternalLoadLibrary", which you don't know the address of.

You can of course hook SetWindowsHookEx, but you have to do it system wide, and that's not so easy.

Also, if a serious programmer wants to inject a dll into your process, he *might* use SetWindowsHookEx, but he also might use CreateRemoteThread, which is a much better technique anyway. So you will have to hook CreateRemoteThread as well, but only in winNT family, win9x doesn't export CreateRemoteThread.

Regards, Madshi.
0
 
LVL 1

Author Comment

by:fengtao2000
ID: 7189514
Hi Madshi,

Thank you for valuable comment.

I also hook the OpenProcess(), so others can not call CreateRemoteThread() to inject into my process.

Who know the "InternalLoadLibrary" or something like that?

Best Regards,
Fengtao
0
 
LVL 20

Expert Comment

by:Madshi
ID: 7189848
>> Who know the "InternalLoadLibrary" or something like that?

Why do you need this? If you hook SetWindowsHookEx, it should be good enough, should it not?

You would have to disassemble the windows system dlls, which are involved, to find out about such internal functions.

Regards, Madshi.
0
 
LVL 1

Author Comment

by:fengtao2000
ID: 7192315
I must allow other apps call SetWindowsHookEx() to inject into all processes except for me, so hook only SetWindowsHookEx() isn't enough, or there is a way I don't find out?

Best Regards,
Fengtao
0
 
LVL 20

Expert Comment

by:Madshi
ID: 7192591
Ouch, well, this will get difficult. Here are some ideas:

(1) You could try to disassemble the relevant system dlls to see what's going on in SetWindowsHookEx.
(2) How does SetWindowsHookEx enumerate the processes into which the dll is injected? Maybe by calling EnumWindows? In that case hooking EnumWindows and hiding your windows could be a solution.
(3) Perhaps SetWindowsHookEx calls some process enumeration APIs, in that case hooking those APIs might help.

It's gonna be really difficult. Sorry...

Regards, Madshi.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to make a Windows 7 gadget that accepts files dropped from the Windows Explorer.  It also illustrates how to give your gadget a non-rectangular shape and how to add some nifty visual effects to text displayed in a your gadget.…
This article describes how to programmatically preset the "Pages per Sheet" option that's available with most printer drivers.   This setting lets you do "n-Up" printing, where two, four, or more pages are printed on each sheet of paper. If your …
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Screencast - Getting to Know the Pipeline

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question