Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 614
  • Last Modified:

Can WH_DEBUG hook detect when a hook is uninstalled

I know that WH_DEBUG can detect when a hook is installed.  Does anybody know whether it can also detect when a hook is uninstalled?  If so, can you point me to a code sample which does such detection.  Thanks...
0
DanFromBoston
Asked:
DanFromBoston
  • 3
2 Solutions
 
nonubikCommented:
I don't think so. And I don't think it can detect when a hook is installed.
MSDN states :
"WH_DEBUG Hook
The system calls a WH_DEBUG hook procedure before calling hook procedures associated with any other hook in the system. You can use this hook to determine whether to allow the system to call hook procedures associated with other types of hooks."

So nothing about (un)installation of a hook.
0
 
nonubikCommented:
http://msdn.microsoft.com/library/en-us/winui/WinUI/WindowsUserInterface/Windowing/Hooks/AboutHooks.asp?frame=true#wh_debughook
I think you were missleaded by what says the MSDN for DebugProc wParam parameter (which I'm positive it's a copy-paste of the table from SetWindowsHookEx.. :)
0
 
drnickCommented:
you can do the following:

install a normal global hook
which, of course, involves that your dll is loaded in every app
your dll then, in its initialization code, replaces the normal UnhookWindowsHookEx by a
routine of the same signature which calls the "real" unhookwindowshookex proc but
also places a notification record in a shared memory section of your dll.
this record will then be read periodically by a thread in your application.

the whole thing is a little bit complicated, but it would work, maybe.
0
 
DanFromBostonAuthor Commented:
That's an interesting idea.  Are you sure that when you install a global hook that it's loaded into every app on the system?  I thought it was just loaded in the context of the thread you specify.
0
 
nonubikCommented:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/WinUI/WindowsUserInterface/Windowing/Hooks/HookReference/HookFunctions/SetWindowsHookEx.asp

dwThreadId "If this parameter is zero, the hook procedure is associated with all existing threads running in the same desktop as the calling thread."
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now