Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 843
  • Last Modified:

Hooking applications that a remote desktop instantiated...

I've have built a service that hooks applications using SetWindowsHookEx()
Is there any way for this hooking method to also recognize applications that have been started from a remote destop (or a citrix environment.)
Wny does this hooking mechanism only recognize applications started on the PC itself?
0
shark351
Asked:
shark351
  • 6
  • 2
  • 2
  • +2
1 Solution
 
shark351Author Commented:
Here is how i'm calling the hook function.
::SetWindowsHookEx(WH_CALLWNDPROC, HookProc, hInstance, 0);
0
 
cookreCommented:
The OS only knows about what's going on locally.  When you start an application on a remote desktop, that application is running on that remote box, not your local box.
0
 
MsShadowCommented:
Cookre, I think you misread the question. His service is running on the remote box. And if someone connects via rd or citrix he would like to use SetWindowsHookEx.

I'm personally wondering why you would want to capture key events from a Remote Desktop. Seems a lot like keysniffing to me.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
shark351Author Commented:
MsShadow is interpreting the question correctly.
I am running the service on the server(Win 2003)
The task manager on the server shows the applications and the users who opened them.
So that's exactly what I need.
I'm not keysniffing. Just looking for open connections.
This works fine if I open an application on the server, but if a remote user opens internet explorer, for example, the hooking mechanism does not recognize the application (although it shows up as an active process in the task manager).
Hope this helps clarify.

0
 
shark351Author Commented:
Also, I realize that there are other ways to enumerate through the open connections.
That's not what I'm looking for and that will not work for this application.
I only need to know if there's a hooking mechanism that will allow me to also trap the applications that were started on the server by a remote client. (ie. citrix or remote desktop)
0
 
cookreCommented:
That being the case, see if this applies:

http://support.citrix.com/article/CTX107825 


0
 
shark351Author Commented:
the mentioned article does not address this problem.
I don't think this is a citrix specific issue.
The same thing occurs via remote desktop.
0
 
everlaastCommented:
Dont use service, put something in each users startup so that it monitors users actions for your needs...
0
 
shark351Author Commented:
We are moving away from a solution that requires each workstation to run such an application.
Since the user's applications are running on the server anyway (remote desktop or Citrix) - we specifically require that this piece of software be installed only on the server.

Please only address why it is that a hooking application cannot detect these applications being run on the server.
0
 
everlaastCommented:
I mean the users startup script on the server - when the user opens terminal connecton a
sesson is started on the server, then start necessary program..
0
 
shark351Author Commented:
To the moderator:
Found a solution by using a kenel level driver to detect processes.
Please delete the question.
0
 
GranModCommented:
Closed, 500 points refunded.
GranMod
The Experts Exchange
Community Support Moderator of all Ages
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 6
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now