I have this global mouse hook setup in a DLL that watches for mouse gestures.
Everything works perfectly but with a hook set for WH_MOUSE_LL which is a low-level hook and one that doesn't need to be in an external injectable DLL.
Once I switch - to the more suitable one would say - WH_MOUSE mouse hook, everything falls apart. Once I click outside my main application (the one that installs the hook), the hook gets corrupted - ::UnhookWindowsHookEx will fail.
I only found this guy saying at experts exchange:
"No way, at least under Windows XP +
SVP2 WH_MOUSE won't go global, you
must use WH_MOUSE_LL instead."
I setup the hooks correctly: in a DLL using a shared data section, posting and not sending messages from the hook proceduce.
Why has this changed? And why is not documented? Anyone encountered this? Thanks!
BTW: I've reverse engineered a bit the popular StrokeIt application and it uses a combination of WH_GETMESSAGE and WH_MOUSE hooks and still works on XP/Vista...
Not sure if this would go better as a comment, but here goes:
I believe according to MSDN WH_MOUSE is supported at thread level or global.
As you pointed out yourself there are a bunch of apps using it.
So my guess is your specific implementation of the global WH_MOUSE has an issue that needs to be debugged and fixed. When you say that "the hook gets corrupted", what exactly happens? Does the hooked app crash? Could you attach a debugger to the app that you expect mouse events from and check what really crashes in your hook?
It's news to me that a global WH_MOUSE hook is no longer supported, since i have a few apps that use it and they continue to work on XP, Vista, and Windows 7.
How are you setting up the hook? you should be able to do SetWindowsHookEx(WH_MOUSE, my_mouse_callback, g_hinstance, NULL).
The only thing i can think of is that the callback function is taking too long, in which case Windows might remove the hook, or it isn't properly calling CallNextHookEx.
Related
I am writing a game hack and want to run cheat engine while the game is running, the anti hack currently detects both the user mode and kernel mode components and terminates the game. I wrote a device driver to hook ZwQuerySystemInformation to hide the process. I would also like to hide the device driver since it is currently still detected.i know i could do this with DKOM but id prefer to use a SSDT hook, does anyone know what api i should hook to filter the list of services/drivers?
You can follow this article from the beginning to the start and use its supplied code and customize it to fit your own needs: http://www.codeproject.com/Articles/46670/Service-Hiding
Word of advice, if you don't know what you are doing, its best to not play with such stuff.
On a side note, they tend to over complicate their architecture and compilation process so expect some hiccups as its not going to be straightforward solution. But, this should address and solves your question and needs.
EDIT:
You would need to hook the services API that is responsible for showing you what services are running currently on your computer. An example for this is "services.exe" this is where all the data structure(s) you would need to modifiy/alter to properly hide your driver. In specific the SERVICE_RECORD structure and the following members needs to be modified as well: Prev, Next and ServiceName. Once you have found such structure inside services.exe its back to basic algorithm 101. Which is to drop the required driver that you want to hide from those doubly-linked list. The following image is courtesy of the article mentioned before.
This is the basic or general rule behind hiding the service.
The app is using my library which works using threads to do some operation; also it uses SIP VOIP library (obviously it is using threads). GUI is bound to interfaces of both libraries.
I noticed a weird behavior of my app. Usually it works just fine but sometimes after some time (3-5 minutes) it suddenly closes.
It is too irregular to debug it or diagnose.
Anyone had that kind of problem? Any idea what could be the reason for that?
I would recommend you add an application level error handler so that you can log any errors that are occuring that you might be missing. It is as simple as
Application.Current.DispatcherUnhandledException += HandleApplicationException;
Here is an MSDN article that describes it:
http://msdn.microsoft.com/en-us/library/system.windows.application.dispatcherunhandledexception.aspx
I have a WPF app that uses a non-WPF vendor library. My app does not receive any events that the library fires. I've been told that this is because I need a message pump.
In another (very similar) question, the accepted answer suggested using System.Windows.Threading.Dispatcher.Run().
When I add in that call, however, my window won't pop up-- the app is effectively backgrounded and I have to shut it down with Task Manager.
I'm really stumped here, and I'm not even sure how to investigate it. Any help would be greatly appreciated.
You already have one if you use WPF, there's no other way that it can get any Windows notifications. Every WPF app starts life with a call to Application.Run() on the main thread. It is usually well hidden, auto-generated in the bin\debug\app.g.cs source code file. Application.Run() in turn calls Dispatcher.Run()
Your vendor is correct, without a message loop many COM components go catatonic. But since you have one you need to look for the problem elsewhere. Don't use the component on threads.
Basically, I have two applications that run sequentially (second is started by the first, and the first exits immediately after.) I'd like to pass ownership of a window the first application created to the second application. The actual contents of the window don't need to be passed along, it's just being drawn in by DirectX.
Alternatively, but less desirably, is it possible to at least disable the window closing/opening animation, so it at least looks like the desired effect is achieved?
(This is in C, using the vanilla Win32 API.)
Instead of separated application make a DLL that will be loaded by the first application and run within it.
I suspect that you're going to run into problems because the WindowProc function is located in the memory address space of the program that you're closing.
Also, a quick look at the second remark at the bottom of the documentation for RegisterClass doesn't seem to offer up much hope.
The only work around that I can suggest for what you've described is to not close the first application until the second application is finished with the window in question.
you can use API hooking to make your DLL capture API windows calls sent by the application window and respond as if your DLL is the windows DLL
for more information about hooking check :
Hooks Overview
I am attempting to hook into whatever explorer calls when a file is opened (double-click, context menu open, etc.), however I can't figure out which function that is.
Originally, I thought it was ShellExecute, as that does the same thing as far as I can tell, but after hooking into it I learned that it's only used when a new explorer window is opened.
Any ideas which function I should be hooking?
It sounds like the AppInit_DLLs registry key should be good enough.
Make a simple DLL and call the GetCommandLine() in your DllMain function to get the full command line to the application being executed.
There are the ShellExecute hooks, but now (after XP) are deprecated because everybody used them for the strangest purposes. Have a look at this for some more detail, and at this for some documentation.
If you want to intercept these things, just register yourself as the default verb for shell items. Here are some samples.
If you just want to know if someone has change some files you are interested in, you should register for change notifications via FindFirstChangeNotification() and related APIs.
Much simpler than writing a device driver ( but much less amusing ) is the MS research tool detours. Have fun!