wolf9228 Posted April 16, 2011 Share Posted April 16, 2011 SetWindowsHookExhttp://msdn.microsoft.com/en-us/library/ms644990%28VS.85%29.aspxInstalls an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. RemarksSetWindowsHookEx can be used to inject a DLL into another process. A 32-bit DLL cannot be injected into a 64-bit process, and a 64-bit DLL cannot be injected into a 32-bit process. If an application requires the use of hooks in other processes, it is required that a 32-bit application call SetWindowsHookEx to inject a 32-bit DLL into 32-bit processes, and a 64-bit application call SetWindowsHookEx to inject a 64-bit DLL into 64-bit processes. The 32-bit and 64-bit DLLs must have different names. IDs that allowed by the HookExW.dll Library$WH_CBT$WH_DEBUG$WH_FOREGROUNDIDLE$WH_GETMESSAGE$WH_KEYBOARD$WH_MOUSE$WH_MSGFILTER$WH_SHELLAll project filesGlobalHookEx.zipGlobalHookEx.au3expandcollapse popup#Include <WinAPI.au3> OnAutoItExitRegister("CleanupHookEx") Global $HookExW = 0 , $iGuiHwnd = 0 ,$HOOK_GUI_MSG = 0 , $OkTestExeHwnd = 99999 Global $CBT_MSG = 0,$DEBUG_MSG = 0 ,$FOREGROUNDIDLE_MSG = 0,$GETMESSAGE_MSG = 0,$KEYBOARD_MSG = 0 Global $MOUSE_MSG = 0,$MSGFILTER_MSG = 0,$SHELL_MSG = 0 Global $HookHandleCBTProc,$HookHandleDebugProc,$HookHandleForegroundIdleProc,$HookHandleGetMsgProc, _ $HookHandleKeyboardProc,$HookHandleMouseProc,$HookHandleMessageProc,$HookHandleShellProc Global $PROCIDA,$PROCIDB,$PROCIDC,$PROCIDD,$PROCIDE,$PROCIDF,$PROCIDG,$PROCIDH Global $CODEA,$CODEB,$CODEC,$CODED,$CODEE,$CODEF,$CODEG,$CODEH Global $WPARAMA,$WPARAMB,$WPARAMC,$WPARAMD,$WPARAME,$WPARAMF,$WPARAMG,$WPARAMH Global $LPARAMA,$LPARAMB,$LPARAMC,$LPARAMD,$LPARAME,$LPARAMF,$LPARAMG,$LPARAMH ;SetWindowsHookEx ;http://msdn.microsoft.com/en-us/library/ms644990%28VS.85%29.aspx ;SetWindowsHookEx can be used to inject a DLL into another process. A 32-bit DLL cannot be injected ;into a 64-bit process, and a 64-bit DLL cannot be injected into a 32-bit process. If an application ;requires the use of hooks in other processes, it is required that a 32-bit application call ;SetWindowsHookEx to inject a 32-bit DLL into 32-bit processes, and a 64-bit application call ;SetWindowsHookEx to inject a 64-bit DLL into 64-bit processes. The 32-bit and 64-bit DLLs must ;have different names. Func SetDllGlobalWindowsHookEx($IdHook,$GuiHwnd,$MsgFunction) if Not IsHWnd($iGuiHwnd) Then $iGuiHwnd = $GuiHwnd if Not $HookExW Then $HookExW = DllOpen("HookExW.dll") if Not $HookExW Or Not IsHWnd($iGuiHwnd) Then Return SetError(1,0,0) if Not ($HOOK_GUI_MSG) Then Local $RT = DllCall($HookExW,"BOOL","DllGetModuleFileNameW","WSTR*","") If @error Or Not $RT[0] Then Return SetError(0,0,0) $MsgBuffer = $RT[1] $HOOK_GUI_MSG = RegisterWindowMessage($MsgBuffer) if Not $HOOK_GUI_MSG Or Not GUIRegisterMsg($HOOK_GUI_MSG,"TestExeHwnd") Then Return SetError(2,0,0) EndIf Switch $idHook Case $WH_CBT $CBT_MSG = RegisterWindowMessage("CBT_MSG") if Not $CBT_MSG Or Not GUIRegisterMsg($CBT_MSG,$MsgFunction) Then Return SetError(3,0,0) Case $WH_DEBUG $DEBUG_MSG = RegisterWindowMessage("DEBUG_MSG") if Not $DEBUG_MSG Or Not GUIRegisterMsg($DEBUG_MSG,$MsgFunction) Then Return SetError(3,0,0) Case $WH_FOREGROUNDIDLE $FOREGROUNDIDLE_MSG = RegisterWindowMessage("FOREGROUNDIDLE_MSG") if Not $FOREGROUNDIDLE_MSG Or Not GUIRegisterMsg($FOREGROUNDIDLE_MSG,$MsgFunction) Then Return SetError(3,0,0) Case $WH_GETMESSAGE $GETMESSAGE_MSG = RegisterWindowMessage("GETMESSAGE_MSG") if Not $GETMESSAGE_MSG Or Not GUIRegisterMsg($GETMESSAGE_MSG,$MsgFunction) Then Return SetError(3,0,0) Case $WH_KEYBOARD $KEYBOARD_MSG = RegisterWindowMessage("KEYBOARD_MSG") if Not $KEYBOARD_MSG Or Not GUIRegisterMsg($KEYBOARD_MSG,$MsgFunction) Then Return SetError(3,0,0) Case $WH_MOUSE $MOUSE_MSG = RegisterWindowMessage("MOUSE_MSG") if Not $MOUSE_MSG Or Not GUIRegisterMsg($MOUSE_MSG,$MsgFunction) Then Return SetError(3,0,0) Case $WH_MSGFILTER $MSGFILTER_MSG = RegisterWindowMessage("MSGFILTER_MSG") if Not $MSGFILTER_MSG Or Not GUIRegisterMsg($MSGFILTER_MSG,$MsgFunction) Then Return SetError(3,0,0) Case $WH_SHELL $SHELL_MSG = RegisterWindowMessage("SHELL_MSG") if Not $SHELL_MSG Or Not GUIRegisterMsg($SHELL_MSG,$MsgFunction) Then Return SetError(3,0,0) Case Else Return SetError(4,0,0) EndSwitch Local $RT = DllCall($HookExW,"handle","DllWindowsHookExW","UINT",$IdHook) If @error Or Not $RT[0] Then Return SetError(5,0,0) Switch $idHook Case $WH_CBT $HookHandleCBTProc = $RT[0] Case $WH_DEBUG $HookHandleDebugProc = $RT[0] Case $WH_FOREGROUNDIDLE $HookHandleForegroundIdleProc = $RT[0] Case $WH_GETMESSAGE $HookHandleGetMsgProc = $RT[0] Case $WH_KEYBOARD $HookHandleKeyboardProc = $RT[0] Case $WH_MOUSE $HookHandleMouseProc = $RT[0] Case $WH_MSGFILTER $HookHandleMessageProc = $RT[0] Case $WH_SHELL $HookHandleShellProc = $RT[0] EndSwitch Return SetError(0,0,$RT[0]) EndFunc Func TestExeHwnd($hWnd,$Msg,$wParam,$lParam) Return $OkTestExeHwnd EndFunc Func RegisterWindowMessage($lpString) $RT = DllCall("User32.dll","int","RegisterWindowMessageW","WSTR",$lpString) if @error Then Return SetError(1,0,0) Return SetError(_WinAPI_GetLastError(),0,$RT[0]) EndFunc Func Read_Lparama_FromProcessMemory($Msg,$ProcessID,$LPARAMA) Local $iSYNCHRONIZE = (0x00100000),$iSTANDARD_RIGHTS_REQUIRED = (0x000F0000) Local $iPROCESS_ALL_ACCESS = ($iSTANDARD_RIGHTS_REQUIRED + $iSYNCHRONIZE + 0xFFF) Local $hProcess , $LparamaStruct , $LparamaStructPtr , $LparamaStructSize , $iRead $hProcess = _WinAPI_OpenProcess($iPROCESS_ALL_ACCESS,False,$ProcessID) if @error Then Return SetError(@error,1,$LparamaStruct) Switch $Msg Case $DEBUG_MSG Local $tagDEBUGHOOKINFO = "DWORD idThread;DWORD idThreadInstaller;LPARAM lParam;WPARAM wParam;INT code" $LparamaStruct = DllStructCreate($tagDEBUGHOOKINFO) $LparamaStructSize = DllStructGetSize($LparamaStruct) Case $GETMESSAGE_MSG Local $tagMSG = "HWND hwnd;UINT message;WPARAM wParam;LPARAM lParam;DWORD time;INT X;INT Y" $LparamaStruct = DllStructCreate($tagMSG) $LparamaStructSize = DllStructGetSize($LparamaStruct) Case $MOUSE_MSG $tagMOUSEHOOKSTRUCT = "INT X;INT Y;HWND hwnd;UINT wHitTestCode;ULONG_PTR dwExtraInfo" $LparamaStruct = DllStructCreate($tagMOUSEHOOKSTRUCT) $LparamaStructSize = DllStructGetSize($LparamaStruct) Case $MSGFILTER_MSG Local $tagMSG = "HWND hwnd;UINT message;WPARAM wParam;LPARAM lParam;DWORD time;INT X;INT Y" $LparamaStruct = DllStructCreate($tagMSG) $LparamaStructSize = DllStructGetSize($LparamaStruct) EndSwitch $LparamaStructPtr = DllStructGetPtr($LparamaStruct) _WinAPI_ReadProcessMemory($hProcess,$LPARAMA,$LparamaStructPtr,$LparamaStructSize,$iRead) Return SetError(@error,2,$LparamaStruct) EndFunc Func CleanupHookEx() if ($HookHandleCBTProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleCBTProc) if ($HookHandleDebugProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleDebugProc) if ($HookHandleForegroundIdleProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleForegroundIdleProc) if ($HookHandleGetMsgProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleGetMsgProc) if ($HookHandleKeyboardProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleKeyboardProc) if ($HookHandleMouseProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleMouseProc) if ($HookHandleMessageProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleMessageProc) if ($HookHandleShellProc) Then _WinAPI_UnhookWindowsHookEx($HookHandleShellProc) EndFuncProcGlobalHookEx.au3expandcollapse popup#Include "GlobalHookEx.au3" #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> HotKeySet("{ESC}", "Terminate") $GuiHwnd = GUICreate("Form1", 601, 179, 47, 3) $Label1 = GUICtrlCreateLabel("", 16, 8,150,150,$WS_BORDER) $Label2 = GUICtrlCreateLabel("", 300, 8,150,150,$WS_BORDER) GUISetState(@SW_SHOW) $HookHandleA = SetDllGlobalWindowsHookEx($WH_MOUSE,$GuiHwnd,"MouseProc") ;$HookHandleB = SetDllGlobalWindowsHookEx($WH_GETMESSAGE,$GuiHwnd,"GetMsgProc") While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit EndSwitch WEnd Func Terminate() Exit 0 EndFunc Func CBTProc($hWnd,$Msg,$ParamNo,$Param) Switch $ParamNo Case 1 $PROCIDA = $Param Return 0 Case 2 $CODEA = $Param Return 0 Case 3 $WPARAMA = $Param Return 0 Case 4 $LPARAMA = $Param Case Else Return 0 EndSwitch Local $CODE = $CODEA ,$wParam = $WPARAMA, $lParam = $LPARAMA Return 0 EndFunc Func DebugProc($hWnd,$Msg,$ParamNo,$Param) Switch $ParamNo Case 1 $PROCIDB = $Param Return 0 Case 2 $CODEB = $Param Return 0 Case 3 $WPARAMB = $Param Return 0 Case 4 $LPARAMB = $Param Case Else Return 0 EndSwitch $DEBUGHOOKINFO_Struct = Read_Lparama_FromProcessMemory($Msg,$PROCIDB,$LPARAMB) Local $CODE = $CODEB ,$wParam = $WPARAMB, $lParam = $LPARAMB Return 0 EndFunc Func ForegroundIdleProc($hWnd,$Msg,$ParamNo,$Param) Switch $ParamNo Case 1 $PROCIDC = $Param Return 0 Case 2 $CODEC = $Param Return 0 Case 3 $WPARAMC = $Param Return 0 Case 4 $LPARAMC = $Param Case Else Return 0 EndSwitch Local $CODE = $CODEC ,$wParam = $WPARAMC, $lParam = $LPARAMC Return 0 EndFunc Func GetMsgProc($hWnd,$Msg,$ParamNo,$Param) Switch $ParamNo Case 1 $PROCIDD = $Param Return 0 Case 2 $CODED = $Param Return 0 Case 3 $WPARAMD = $Param Return 0 Case 4 $LPARAMD = $Param Case Else Return 0 EndSwitch $MSG_Struct = Read_Lparama_FromProcessMemory($Msg,$PROCIDD,$LPARAMD) Local $CODE = $CODED,$wParam = $WPARAMD, $lParam = $LPARAMD $Text = "GetMsgProc " & @CRLF & "hwnd " & DllStructGetData($MSG_Struct ,1) & @CRLF $Text &= "message " & DllStructGetData($MSG_Struct ,2) & @CRLF $Text &= "wParam " & DllStructGetData($MSG_Struct ,3) & @CRLF $Text &= "lParam " & DllStructGetData($MSG_Struct ,4) & @CRLF $Text &= "time " & DllStructGetData($MSG_Struct ,5) & @CRLF $Text &= "X " & DllStructGetData($MSG_Struct ,6) & @CRLF $Text &= "Y " & DllStructGetData($MSG_Struct ,7) & @CRLF GUICtrlSetData($Label2,$Text) Return 0 EndFunc Func KeyboardProc($hWnd,$Msg,$ParamNo,$Param) Switch $ParamNo Case 1 $PROCIDE = $Param Return 0 Case 2 $CODEE = $Param Return 0 Case 3 $WPARAME = $Param Return 0 Case 4 $LPARAME = $Param Case Else Return 0 EndSwitch Local $CODE = $PROCIDE, $wParam = $WPARAME, $lParam = $LPARAME Return 0 EndFunc Func MouseProc($hWnd,$Msg,$ParamNo,$Param) Switch $ParamNo Case 1 $PROCIDF = $Param Return 0 Case 2 $CODEF = $Param Return 0 Case 3 $WPARAMF = $Param Return 0 Case 4 $LPARAMF = $Param Case Else Return 0 EndSwitch $MOUSEHOOKSTRUCT_Struct = Read_Lparama_FromProcessMemory($Msg,$PROCIDF,$LPARAMF) Local $CODE = $PROCIDF, $wParam = $WPARAMF, $lParam = $LPARAMF $Text = "MouseProc " & @CRLF & "X " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,1) & @CRLF $Text &= "Y " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,2) & @CRLF $Text &= "hwnd " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,3) & @CRLF $Text &= "wHitTestCode " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,4) & @CRLF $Text &= "dwExtraInfo " & DllStructGetData($MOUSEHOOKSTRUCT_Struct,5) & @CRLF GUICtrlSetData($Label1,$Text) Return 0 EndFunc Func MessageProc($hWnd,$Msg,$ParamNo,$Param) Switch $ParamNo Case 1 $PROCIDG = $Param Return 0 Case 2 $CODEG = $Param Return 0 Case 3 $WPARAMG = $Param Return 0 Case 4 $LPARAMG = $Param Case Else Return 0 EndSwitch Local $CODE = $PROCIDG, $wParam = $WPARAMG, $lParam = $LPARAMG Return 0 EndFunc Func ShellProc($hWnd,$Msg,$ParamNo,$Param) Return 2 Switch $ParamNo Case 1 $PROCIDH = $Param Return 0 Case 2 $CODEH = $Param Return 0 Case 3 $WPARAMH = $Param Return 0 Case 4 $LPARAMH = $Param Case Else Return 0 EndSwitch Local $CODE = $PROCIDH, $wParam = $WPARAMH, $lParam = $LPARAMH Return 0 EndFunc;C++ Compiler 5.5;downloadhttps://downloads.embarcadero.com/free/c_builder;C++Builder Compiler (bcc compiler) free download. See the file bcb5tool.hlp in the Help;directory for complete instructions on using the C++Builder Compiler and Command Line Tools.;Windows English 8.5MBCompiler.au3#include <Constants.au3> #Include <WinAPI.au3> ;C++ Compiler 5.5 ;download ;https://downloads.embarcadero.com/free/c_builder ;C++Builder Compiler (bcc compiler) free download. See the file bcb5tool.hlp in the Help ;directory for complete instructions on using the C++Builder Compiler and Command Line Tools. ;Windows English 8.5MB ;C:\Borland\BCC55\Bin\bcc32.exe $var1 = FileOpenDialog("Choose bcc32.exe","C:\Borland\BCC55\Bin", "(*.Exe)", 1 + 4 ,"bcc32.exe") if @error Then Exit $var2 = FileOpenDialog("Choose HookExW.cpp",@MyDocumentsDir, "(*.cpp)", 1 + 4 ,"HookExW.cpp") if @error Then Exit $var3 = FileSelectFolder("Choose Out File folder.", @MyDocumentsDir) if @error Then Exit Dim $iPatch1 = "" , $iPatch2 = $var2 , $iPatch3 = $var3 , $foo , $line = "" $Patch1 = StringSplit($var1,"\") For $i = 1 To $Patch1[0] - 2 $iPatch1 &= $Patch1[$i] & "\" Next $iPatch1 = StringTrimRight($iPatch1,1) FileChangeDir($iPatch1 & "\Bin\") $Command = "bcc32.exe " & _ "-I" & $iPatch1 & "\Include " & _ "-L" & $iPatch1 & "\Lib " & _ "-e" & $iPatch3 & "\HookExW.dll " & _ "-tWD " & $iPatch2 $foo = Run($Command,"", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) While 1 $line = StdoutRead($foo) If @error Then ExitLoop MsgBox(0, "STDOUT", $line) WendC ++ 6HookExW.cppexpandcollapse popup#include <shlobj.h> #include <windows.h> #include <stdio.h> static int OkTestExeHwnd = 99999; static HINSTANCE ihinstDLL = 0; static HWND ExeHwnd = 0; static UINT CBT_MSG,DEBUG_MSG,FOREGROUNDIDLE_MSG,GETMESSAGE_MSG,KEYBOARD_MSG,MOUSE_MSG, MSGFILTER_MSG,SHELL_MSG,HOOK_GUI_MSG; static HHOOK HHOOKA,HHOOKB,HHOOKC,HHOOKD,HHOOKE,HHOOKF,HHOOKG,HHOOKH; LRESULT CALLBACK WINAPI CBTProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI DebugProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI ForegroundIdleProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI MouseProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI MessageProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI ShellProc(int nCode,WPARAM wParam,LPARAM lParam); HWND GetExeHwnd(); void AtExitHookExW(void); #ifdef __cplusplus extern "C" { #endif __declspec(dllexport) HHOOK WINAPI DllWindowsHookExW(UINT idHook); __declspec(dllexport) BOOL WINAPI DllGetModuleFileNameW(LPWSTR &iMsgBuffer); #ifdef __cplusplus } #endif extern "C" BOOL WINAPI DllMain(HANDLE hinstDLL,DWORD dwReason, LPVOID lpvReserved) { if (dwReason == DLL_PROCESS_ATTACH) { ihinstDLL = (HINSTANCE) hinstDLL; WCHAR MsgBuffer[600]; GetModuleFileNameW((HMODULE) hinstDLL,MsgBuffer,sizeof(MsgBuffer)); HOOK_GUI_MSG = RegisterWindowMessageW(MsgBuffer); CBT_MSG = RegisterWindowMessageW(L"CBT_MSG"); DEBUG_MSG = RegisterWindowMessageW(L"DEBUG_MSG"); FOREGROUNDIDLE_MSG = RegisterWindowMessageW(L"FOREGROUNDIDLE_MSG"); GETMESSAGE_MSG = RegisterWindowMessageW(L"GETMESSAGE_MSG"); KEYBOARD_MSG = RegisterWindowMessageW(L"KEYBOARD_MSG"); MOUSE_MSG = RegisterWindowMessageW(L"MOUSE_MSG"); MSGFILTER_MSG = RegisterWindowMessageW(L"MSGFILTER_MSG"); SHELL_MSG = RegisterWindowMessageW(L"SHELL_MSG"); atexit(AtExitHookExW); } return 1; } HHOOK WINAPI DllWindowsHookExW(UINT idHook) { switch( idHook ) { case WH_CBT: if (HHOOKA) return 0; HHOOKA = SetWindowsHookExW(idHook,CBTProc,ihinstDLL,0); if (HHOOKA) return HHOOKA; break; case WH_DEBUG: if (HHOOKB) return 0; HHOOKB = SetWindowsHookExW(idHook,DebugProc,ihinstDLL,0); if (HHOOKB) return HHOOKB; break; case WH_FOREGROUNDIDLE: if (HHOOKC) return 0; HHOOKC = SetWindowsHookExW(idHook,ForegroundIdleProc,ihinstDLL,0); if (HHOOKC) return HHOOKC; break; case WH_GETMESSAGE: if (HHOOKD) return 0; HHOOKD = SetWindowsHookExW(idHook,GetMsgProc,ihinstDLL,0); if (HHOOKD) return HHOOKD; break; case WH_KEYBOARD: if (HHOOKE) return 0; HHOOKE = SetWindowsHookExW(idHook,KeyboardProc,ihinstDLL,0); if (HHOOKE) return HHOOKE; break; case WH_MOUSE: if (HHOOKF) return 0; HHOOKF = SetWindowsHookExW(idHook,MouseProc,ihinstDLL,0); if (HHOOKF) return HHOOKF; break; case WH_MSGFILTER: if (HHOOKG) return 0; HHOOKG = SetWindowsHookExW(idHook,MessageProc,ihinstDLL,0); if (HHOOKG) return HHOOKG; break; case WH_SHELL: if (HHOOKH) return 0; HHOOKH = SetWindowsHookExW(idHook,ShellProc,ihinstDLL,0); if (HHOOKH) return HHOOKH; break; default: return 0; break; } return 0; } BOOL WINAPI DllGetModuleFileNameW(LPWSTR &iMsgBuffer) { if (GetModuleFileNameW((HMODULE) ihinstDLL,iMsgBuffer,600) != 0) return 1; return 0; } LRESULT CALLBACK WINAPI CBTProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKA,nCode,wParam,lParam); SendMessage(ExeHwnd,CBT_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,CBT_MSG,2,nCode); SendMessage(ExeHwnd,CBT_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,CBT_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKA,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI DebugProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKB,nCode,wParam,lParam); SendMessage(ExeHwnd,DEBUG_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,DEBUG_MSG,2,nCode); SendMessage(ExeHwnd,DEBUG_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,DEBUG_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKB,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI ForegroundIdleProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKC,nCode,wParam,lParam); SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,2,nCode); SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKC,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKD,nCode,wParam,lParam); SendMessage(ExeHwnd,GETMESSAGE_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,GETMESSAGE_MSG,2,nCode); SendMessage(ExeHwnd,GETMESSAGE_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,GETMESSAGE_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKD,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKE,nCode,wParam,lParam); SendMessage(ExeHwnd,KEYBOARD_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,KEYBOARD_MSG,2,nCode); SendMessage(ExeHwnd,KEYBOARD_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,KEYBOARD_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKE,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI MouseProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKF,nCode,wParam,lParam); SendMessage(ExeHwnd,MOUSE_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,MOUSE_MSG,2,nCode); SendMessage(ExeHwnd,MOUSE_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,MOUSE_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKF,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI MessageProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKG,nCode,wParam,lParam); SendMessage(ExeHwnd,MSGFILTER_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,MSGFILTER_MSG,2,nCode); SendMessage(ExeHwnd,MSGFILTER_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,MSGFILTER_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKG,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI ShellProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKH,nCode,wParam,lParam); SendMessage(ExeHwnd,SHELL_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,SHELL_MSG,2,nCode); SendMessage(ExeHwnd,SHELL_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,SHELL_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKH,nCode,wParam,lParam); } } HWND GetExeHwnd() { HWND hwnd = NULL; do { hwnd = FindWindowEx(NULL,hwnd,NULL,NULL); if ((int) SendMessage(hwnd,HOOK_GUI_MSG,0,0) == OkTestExeHwnd) return hwnd; } while (hwnd != NULL); return 0; } void AtExitHookExW() { if (HHOOKA) UnhookWindowsHookEx(HHOOKA); if (HHOOKB) UnhookWindowsHookEx(HHOOKB); if (HHOOKC) UnhookWindowsHookEx(HHOOKC); if (HHOOKD) UnhookWindowsHookEx(HHOOKD); if (HHOOKE) UnhookWindowsHookEx(HHOOKE); if (HHOOKF) UnhookWindowsHookEx(HHOOKF); if (HHOOKG) UnhookWindowsHookEx(HHOOKG); if (HHOOKH) UnhookWindowsHookEx(HHOOKH); } صرح السماء كان هنا Link to comment Share on other sites More sharing options...
trancexx Posted April 18, 2011 Share Posted April 18, 2011 I would like to see implementation of other hook procedures. Possible? Also maybe porting more code from script to dll. Btw, I can't help noticing relatively big size of your dll. I recommend adjusting the compiler not to include unnecessary run time code. Switching to some other compiler maybe. For example I compiled your code with VS 2010 Express (which is free) and the result is 32 bit dll in size of 4.5 kB and 64 bit of 5.5 kB. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
wolf9228 Posted April 20, 2011 Author Share Posted April 20, 2011 (edited) I would like to see implementation of other hook procedures. Possible? Also maybe porting more code from script to dll. Btw, I can't help noticing relatively big size of your dll. I recommend adjusting the compiler not to include unnecessary run time code. Switching to some other compiler maybe. For example I compiled your code with VS 2010 Express (which is free) and the result is 32 bit dll in size of 4.5 kB and 64 bit of 5.5 kB. #include <stdio.h> #include <shlobj.h> Previously I used a functions of the stdio.h and shlobj.h functions Then I changed the project work plan I did not know that VS 2010 Express can Compile issue six of the C + + As I know there is a significant difference between C + + Net and C + + 6 HookExW.cpp expandcollapse popup#include <windows.h> static int OkTestExeHwnd = 99999; static HINSTANCE ihinstDLL = 0; static HWND ExeHwnd = 0; static UINT CBT_MSG,DEBUG_MSG,FOREGROUNDIDLE_MSG,GETMESSAGE_MSG,KEYBOARD_MSG,MOUSE_MSG, MSGFILTER_MSG,SHELL_MSG,HOOK_GUI_MSG; static HHOOK HHOOKA,HHOOKB,HHOOKC,HHOOKD,HHOOKE,HHOOKF,HHOOKG,HHOOKH; LRESULT CALLBACK WINAPI CBTProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI DebugProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI ForegroundIdleProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI MouseProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI MessageProc(int nCode,WPARAM wParam,LPARAM lParam); LRESULT CALLBACK WINAPI ShellProc(int nCode,WPARAM wParam,LPARAM lParam); HWND GetExeHwnd(); void AtExitHookExW(void); #ifdef __cplusplus extern "C" { #endif __declspec(dllexport) HHOOK WINAPI DllWindowsHookExW(UINT idHook); __declspec(dllexport) BOOL WINAPI DllGetModuleFileNameW(LPWSTR &iMsgBuffer); #ifdef __cplusplus } #endif extern "C" BOOL WINAPI DllMain(HANDLE hinstDLL,DWORD dwReason, LPVOID lpvReserved) { if (dwReason == DLL_PROCESS_ATTACH) { ihinstDLL = (HINSTANCE) hinstDLL; WCHAR MsgBuffer[600]; GetModuleFileNameW((HMODULE) hinstDLL,MsgBuffer,sizeof(MsgBuffer)); HOOK_GUI_MSG = RegisterWindowMessageW(MsgBuffer); CBT_MSG = RegisterWindowMessageW(L"CBT_MSG"); DEBUG_MSG = RegisterWindowMessageW(L"DEBUG_MSG"); FOREGROUNDIDLE_MSG = RegisterWindowMessageW(L"FOREGROUNDIDLE_MSG"); GETMESSAGE_MSG = RegisterWindowMessageW(L"GETMESSAGE_MSG"); KEYBOARD_MSG = RegisterWindowMessageW(L"KEYBOARD_MSG"); MOUSE_MSG = RegisterWindowMessageW(L"MOUSE_MSG"); MSGFILTER_MSG = RegisterWindowMessageW(L"MSGFILTER_MSG"); SHELL_MSG = RegisterWindowMessageW(L"SHELL_MSG"); atexit(AtExitHookExW); } return 1; } HHOOK WINAPI DllWindowsHookExW(UINT idHook) { switch( idHook ) { case WH_CBT: if (HHOOKA) return 0; HHOOKA = SetWindowsHookExW(idHook,CBTProc,ihinstDLL,0); if (HHOOKA) return HHOOKA; break; case WH_DEBUG: if (HHOOKB) return 0; HHOOKB = SetWindowsHookExW(idHook,DebugProc,ihinstDLL,0); if (HHOOKB) return HHOOKB; break; case WH_FOREGROUNDIDLE: if (HHOOKC) return 0; HHOOKC = SetWindowsHookExW(idHook,ForegroundIdleProc,ihinstDLL,0); if (HHOOKC) return HHOOKC; break; case WH_GETMESSAGE: if (HHOOKD) return 0; HHOOKD = SetWindowsHookExW(idHook,GetMsgProc,ihinstDLL,0); if (HHOOKD) return HHOOKD; break; case WH_KEYBOARD: if (HHOOKE) return 0; HHOOKE = SetWindowsHookExW(idHook,KeyboardProc,ihinstDLL,0); if (HHOOKE) return HHOOKE; break; case WH_MOUSE: if (HHOOKF) return 0; HHOOKF = SetWindowsHookExW(idHook,MouseProc,ihinstDLL,0); if (HHOOKF) return HHOOKF; break; case WH_MSGFILTER: if (HHOOKG) return 0; HHOOKG = SetWindowsHookExW(idHook,MessageProc,ihinstDLL,0); if (HHOOKG) return HHOOKG; break; case WH_SHELL: if (HHOOKH) return 0; HHOOKH = SetWindowsHookExW(idHook,ShellProc,ihinstDLL,0); if (HHOOKH) return HHOOKH; break; default: return 0; break; } return 0; } BOOL WINAPI DllGetModuleFileNameW(LPWSTR &iMsgBuffer) { if (GetModuleFileNameW((HMODULE) ihinstDLL,iMsgBuffer,600) != 0) return 1; return 0; } LRESULT CALLBACK WINAPI CBTProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKA,nCode,wParam,lParam); SendMessage(ExeHwnd,CBT_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,CBT_MSG,2,nCode); SendMessage(ExeHwnd,CBT_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,CBT_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKA,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI DebugProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKB,nCode,wParam,lParam); SendMessage(ExeHwnd,DEBUG_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,DEBUG_MSG,2,nCode); SendMessage(ExeHwnd,DEBUG_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,DEBUG_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKB,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI ForegroundIdleProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKC,nCode,wParam,lParam); SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,2,nCode); SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,FOREGROUNDIDLE_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKC,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKD,nCode,wParam,lParam); SendMessage(ExeHwnd,GETMESSAGE_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,GETMESSAGE_MSG,2,nCode); SendMessage(ExeHwnd,GETMESSAGE_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,GETMESSAGE_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKD,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKE,nCode,wParam,lParam); SendMessage(ExeHwnd,KEYBOARD_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,KEYBOARD_MSG,2,nCode); SendMessage(ExeHwnd,KEYBOARD_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,KEYBOARD_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKE,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI MouseProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKF,nCode,wParam,lParam); SendMessage(ExeHwnd,MOUSE_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,MOUSE_MSG,2,nCode); SendMessage(ExeHwnd,MOUSE_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,MOUSE_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKF,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI MessageProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKG,nCode,wParam,lParam); SendMessage(ExeHwnd,MSGFILTER_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,MSGFILTER_MSG,2,nCode); SendMessage(ExeHwnd,MSGFILTER_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,MSGFILTER_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKG,nCode,wParam,lParam); } } LRESULT CALLBACK WINAPI ShellProc(int nCode,WPARAM wParam,LPARAM lParam) { if (!(ExeHwnd)) ExeHwnd = GetExeHwnd(); if (!(ExeHwnd)) return CallNextHookEx(HHOOKH,nCode,wParam,lParam); SendMessage(ExeHwnd,SHELL_MSG,1,GetCurrentProcessId()); SendMessage(ExeHwnd,SHELL_MSG,2,nCode); SendMessage(ExeHwnd,SHELL_MSG,3,wParam); INT RT = SendMessage(ExeHwnd,SHELL_MSG,4,lParam); if (RT) { return RT; } else { return CallNextHookEx(HHOOKH,nCode,wParam,lParam); } } HWND GetExeHwnd() { HWND hwnd = NULL; do { hwnd = FindWindowEx(NULL,hwnd,NULL,NULL); if ((int) SendMessage(hwnd,HOOK_GUI_MSG,0,0) == OkTestExeHwnd) return hwnd; } while (hwnd != NULL); return 0; } void AtExitHookExW() { if (HHOOKA) UnhookWindowsHookEx(HHOOKA); if (HHOOKB) UnhookWindowsHookEx(HHOOKB); if (HHOOKC) UnhookWindowsHookEx(HHOOKC); if (HHOOKD) UnhookWindowsHookEx(HHOOKD); if (HHOOKE) UnhookWindowsHookEx(HHOOKE); if (HHOOKF) UnhookWindowsHookEx(HHOOKF); if (HHOOKG) UnhookWindowsHookEx(HHOOKG); if (HHOOKH) UnhookWindowsHookEx(HHOOKH); } Edited April 20, 2011 by wolf9228 صرح السماء كان هنا Link to comment Share on other sites More sharing options...
KaFu Posted April 20, 2011 Share Posted April 20, 2011 (edited) From the first glance this really looks great and definitely needs deeper exploration . How about adding some more examples, so people do realize it's usefulness? 5 Stars from me ... Edit: Could you also provide a compiled 64bit dll? Edited April 20, 2011 by KaFu OS: Win10-22H2 - 64bit - German, AutoIt Version: 3.3.16.1, AutoIt Editor: SciTE, Website: https://funk.eu AMT - Auto-Movie-Thumbnailer (2024-Oct-13) BIC - Batch-Image-Cropper (2023-Apr-01) COP - Color Picker (2009-May-21) DCS - Dynamic Cursor Selector (2024-Oct-13) HMW - Hide my Windows (2024-Oct-19) HRC - HotKey Resolution Changer (2012-May-16) ICU - Icon Configuration Utility (2018-Sep-16) SMF - Search my Files (2024-Oct-20) - THE file info and duplicates search tool SSD - Set Sound Device (2017-Sep-16) Link to comment Share on other sites More sharing options...
trancexx Posted April 21, 2011 Share Posted April 21, 2011 I did not know that VS 2010 Express can Compile issue six of the C + +As I know there is a significant difference between C + + Net and C + + 6You know what? I think we both don't know what you are talking about. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
wolf9228 Posted April 24, 2011 Author Share Posted April 24, 2011 You know what? I think we both don't know what you are talking aboutFor example I compiled your code with VS 2010 Express (which is free) and the result is 32 bit dll in size of 4.5 kB and 64 bit of 5.5 kB.Can not compile the project code with the VS 2010 ExpressBecause it concerned the C ++ 6 languageIf you mean that you wrote the code again using the C ++ Net, and you compile it with VS 2010 Express Let's see what the new code to take advantage صرح السماء كان هنا Link to comment Share on other sites More sharing options...
trancexx Posted April 24, 2011 Share Posted April 24, 2011 (edited) Can not compile the project code with the VS 2010 Express Because it concerned the C ++ 6 language If you mean that you wrote the code again using the C ++ Net, and you compile it with VS 2010 Express Let's see what the new code to take advantage There is no new code. The only difference is that I removed/replaced atexit() with DLL_PROCESS_DETACH handling inside your DllMain and adjusted compiler/linker switches. BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved) { switch (fdwReason) { case DLL_PROCESS_ATTACH: ihinstDLL = hinstDLL; WCHAR MsgBuffer[32767]; GetModuleFileNameW((HMODULE) hinstDLL,MsgBuffer,sizeof(MsgBuffer)); HOOK_GUI_MSG = RegisterWindowMessageW(MsgBuffer); CBT_MSG = RegisterWindowMessageW(L"CBT_MSG"); DEBUG_MSG = RegisterWindowMessageW(L"DEBUG_MSG"); FOREGROUNDIDLE_MSG = RegisterWindowMessageW(L"FOREGROUNDIDLE_MSG"); GETMESSAGE_MSG = RegisterWindowMessageW(L"GETMESSAGE_MSG"); KEYBOARD_MSG = RegisterWindowMessageW(L"KEYBOARD_MSG"); MOUSE_MSG = RegisterWindowMessageW(L"MOUSE_MSG"); MSGFILTER_MSG = RegisterWindowMessageW(L"MSGFILTER_MSG"); SHELL_MSG = RegisterWindowMessageW(L"SHELL_MSG"); break; case DLL_PROCESS_DETACH: if (HHOOKA) UnhookWindowsHookEx(HHOOKA); if (HHOOKB) UnhookWindowsHookEx(HHOOKB); if (HHOOKC) UnhookWindowsHookEx(HHOOKC); if (HHOOKD) UnhookWindowsHookEx(HHOOKD); if (HHOOKE) UnhookWindowsHookEx(HHOOKE); if (HHOOKF) UnhookWindowsHookEx(HHOOKF); if (HHOOKG) UnhookWindowsHookEx(HHOOKG); if (HHOOKH) UnhookWindowsHookEx(HHOOKH); break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; } return TRUE; } You can find resulting dlls here. What net? Spider's? Edited April 24, 2011 by trancexx ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
wolf9228 Posted April 24, 2011 Author Share Posted April 24, 2011 There is no new code. The only difference is that I removed/replaced atexit() with DLL_PROCESS_DETACH handling inside your DllMain and adjusted compiler/linker switches. BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved) { switch (fdwReason) { case DLL_PROCESS_ATTACH: ihinstDLL = hinstDLL; WCHAR MsgBuffer[32767]; GetModuleFileNameW((HMODULE) hinstDLL,MsgBuffer,sizeof(MsgBuffer)); HOOK_GUI_MSG = RegisterWindowMessageW(MsgBuffer); CBT_MSG = RegisterWindowMessageW(L"CBT_MSG"); DEBUG_MSG = RegisterWindowMessageW(L"DEBUG_MSG"); FOREGROUNDIDLE_MSG = RegisterWindowMessageW(L"FOREGROUNDIDLE_MSG"); GETMESSAGE_MSG = RegisterWindowMessageW(L"GETMESSAGE_MSG"); KEYBOARD_MSG = RegisterWindowMessageW(L"KEYBOARD_MSG"); MOUSE_MSG = RegisterWindowMessageW(L"MOUSE_MSG"); MSGFILTER_MSG = RegisterWindowMessageW(L"MSGFILTER_MSG"); SHELL_MSG = RegisterWindowMessageW(L"SHELL_MSG"); break; case DLL_PROCESS_DETACH: if (HHOOKA) UnhookWindowsHookEx(HHOOKA); if (HHOOKB) UnhookWindowsHookEx(HHOOKB); if (HHOOKC) UnhookWindowsHookEx(HHOOKC); if (HHOOKD) UnhookWindowsHookEx(HHOOKD); if (HHOOKE) UnhookWindowsHookEx(HHOOKE); if (HHOOKF) UnhookWindowsHookEx(HHOOKF); if (HHOOKG) UnhookWindowsHookEx(HHOOKG); if (HHOOKH) UnhookWindowsHookEx(HHOOKH); break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; } return TRUE; } You can find resulting dlls here. What net? Spider's? thanks صرح السماء كان هنا Link to comment Share on other sites More sharing options...
wolf9228 Posted April 24, 2011 Author Share Posted April 24, 2011 (edited) C ++ UnLoadLibrary.cpp#include <windows.h> void AtUnLoadLibrary(); extern "C" BOOL WINAPI DllMain(HANDLE hinstDLL,DWORD dwReason, LPVOID lpvReserved) { if (dwReason == DLL_PROCESS_ATTACH) { atexit(AtUnLoadLibrary); } return 1; } void AtUnLoadLibrary() { MessageBox(0,"AtUnLoadLibrary","AtUnLoadLibrary",0); } UnLoadLibrary.au3$DllOpen = DllOpen("UnLoadLibrary.dll") DllClose($DllOpen) While 1 WEndCompiler.au3#include <Constants.au3> #Include <WinAPI.au3> ;C++ Compiler 5.5 ;download ;https://downloads.embarcadero.com/free/c_builder ;C++Builder Compiler (bcc compiler) free download. See the file bcb5tool.hlp in the Help ;directory for complete instructions on using the C++Builder Compiler and Command Line Tools. ;Windows English 8.5MB ;C:\Borland\BCC55\Bin\bcc32.exe $var1 = FileOpenDialog("Choose bcc32.exe","C:\Borland\BCC55\Bin", "(*.Exe)", 1 + 4 ,"bcc32.exe") if @error Then Exit $var2 = FileOpenDialog("Choose UnLoadLibrary.cpp",@MyDocumentsDir, "(*.cpp)", 1 + 4 ,"UnLoadLibrary.cpp") if @error Then Exit $var3 = FileSelectFolder("Choose Out File folder.", @MyDocumentsDir) if @error Then Exit Dim $iPatch1 = "" , $iPatch2 = $var2 , $iPatch3 = $var3 , $foo , $line = "" $Patch1 = StringSplit($var1,"\") For $i = 1 To $Patch1[0] - 2 $iPatch1 &= $Patch1[$i] & "\" Next $iPatch1 = StringTrimRight($iPatch1,1) FileChangeDir($iPatch1 & "\Bin\") $Command = "bcc32.exe " & _ "-I" & $iPatch1 & "\Include " & _ "-L" & $iPatch1 & "\Lib " & _ "-e" & $iPatch3 & "\HookExW.dll " & _ "-tWD " & $iPatch2 $foo = Run($Command,"", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) While 1 $line = StdoutRead($foo) If @error Then ExitLoop MsgBox(0, "STDOUT", $line) WendDLL_PROCESS_DETACHhttp://msdn.microsoft.com/en-us/library/ms682583%28VS.85%29.aspxThe DLL is being unloaded from the virtual address space of the calling process because it was loaded unsuccessfully or the reference count has reached zero (the processes has either terminated or called FreeLibrary one time for each time it called LoadLibrary).The lpReserved parameter indicates whether the DLL is being unloaded as a result of a FreeLibrary call, a failure to load, or process termination.The DLL can use this opportunity to call the TlsFree function to free any TLS indices allocated by using TlsAlloc and to free any thread local data.Note that the thread that receives the DLL_PROCESS_DETACH notification is not necessarily the same thread that received the DLL_PROCESS_ATTACH notification.#pragma unmanaged #pragma managed managed, unmanagedhttp://msdn.microsoft.com/en-us/library/0adb9zxe%28VS.80%29.aspxAn Overview of Managed/Unmanaged Code Interoperabilityhttp://msdn.microsoft.com/en-us/library/ms973872.aspx Edited April 24, 2011 by wolf9228 صرح السماء كان هنا Link to comment Share on other sites More sharing options...
trancexx Posted April 24, 2011 Share Posted April 24, 2011 #pragma unmanaged #pragma managed managed, unmanagedhttp://msdn.microsoft.com/en-us/library/0adb9zxe%28VS.80%29.aspxAn Overview of Managed/Unmanaged Code Interoperabilityhttp://msdn.microsoft.com/en-us/library/ms973872.aspxI'm sorry, are you trying to say something to me? ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
musicstashall Posted December 15, 2017 Share Posted December 15, 2017 Somebody, share HookExW.dll for x64 Please. Link to comment Share on other sites More sharing options...
philpw99 Posted March 24, 2022 Share Posted March 24, 2022 (edited) I was in a dire need to get certain WM_Messages. This HookExW.dll can capture lots of messages, but at the same time overwhelm the AutoIt program. After a few days of struggle, I finally figured out that when you compile this in VisualStudio, the DLL function name got changed. They are no longer "DllGetModuleFileNameW" and "DllWindowsHookExW", but "_DllGetModuleFileNameW@4" and "_DllWindowsHookExW@4" instead, because "WINAPI" was used in the declaration. So now finally I compiled them with 32 and 64 bit dll, and hope someone will find them useful. I will improve this DLL more and add the message filtering. You will see. For now, it's just the two dlls. ( Attachment was deleted. A working one is below.) Edited March 27, 2022 by philpw99 Link to comment Share on other sites More sharing options...
argumentum Posted March 24, 2022 Share Posted March 24, 2022 @philpw99, the CRC32's in the ZIP are the same. Likely is the same file, but different names. Gianni 1 Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting. Link to comment Share on other sites More sharing options...
philpw99 Posted March 27, 2022 Share Posted March 27, 2022 (edited) On 3/23/2022 at 11:25 PM, argumentum said: @philpw99, the CRC32's in the ZIP are the same. Likely is the same file, but different names. Oops, sorry ! I didn't realize that the output files are in different folders. Anyway, I have been working in this and find out the sample program has quite some issues. The program will stop working after a short while. And if you are not careful, the whole windows will become slow. Since the most widely use hook is CallWNDProc. This is my sample program just for it, with both 32bit and 64bit dlls. In this sample, you can see the captured messages through the console output. The GUI has 2 buttons, "Check" and "Rehook". Check is to find out if the hook still working. If not, you can click on the "Rehook" to make it work again. 2 global variables are important: $nMsgFilter: Default to be 0 (all), can set to an int number to receive only certain type of message. You can set it to any WM messages. $hHwndFilter: Default to be 0 (all), can set to a number so only monitor a process with that winhandle. Not recommend setting it to 0. Of course, if you want to use the original HookExW, you can just copy and paste the code to DllMain.cpp and build the DLL under Visual Studio. One more thing, please use the free DllExportViewer to see the real functions that you can actually call, or spend days wondering why it doesn't work. ( Attachment deleted. The working one is below. ) Edited March 27, 2022 by philpw99 Link to comment Share on other sites More sharing options...
Nine Posted March 27, 2022 Share Posted March 27, 2022 @philpw99 Your dlls won't work unless you have Visual Studio installed. “They did not know it was impossible, so they did it” ― Mark Twain Spoiler Block all input without UAC Save/Retrieve Images to/from Text Monitor Management (VCP commands) Tool to search in text (au3) files Date Range Picker Virtual Desktop Manager Sudoku Game 2020 Overlapped Named Pipe IPC HotString 2.0 - Hot keys with string x64 Bitwise Operations Multi-keyboards HotKeySet Recursive Array Display Fast and simple WCD IPC Multiple Folders Selector Printer Manager GIF Animation (cached) Screen Scraping Multi-Threading Made Easy Link to comment Share on other sites More sharing options...
philpw99 Posted March 27, 2022 Share Posted March 27, 2022 9 hours ago, Nine said: @philpw99 Your dlls won't work unless you have Visual Studio installed. Thank you ! I didn't know this is the case. I will test it on a different machine. Link to comment Share on other sites More sharing options...
philpw99 Posted March 27, 2022 Share Posted March 27, 2022 I am very glad to say that I found the reason: a debug DLL is not supposed to run without Visual Studio. So here I attach the release builds of both DLLs, they are tested with a new machine, and the size is much smaller. 😄 NewHook.zip argumentum and KaFu 2 Link to comment Share on other sites More sharing options...
philpw99 Posted March 30, 2022 Share Posted March 30, 2022 (edited) Now this is my program to monitor a running process called "DMMDCore3.exe". My program will monitor all WM_COPYDATA message from this process and display the string data sent by WM_COPYDATA. It works well in receiving and displaying the data, but when sending my own WM_COPYDATA to the process, there is no response. Of course this is another totally different topic. Also now it will display the number plus the type of WM_Message by using WM_Messages.txt. NewHook2.zip Edited March 30, 2022 by philpw99 Link to comment Share on other sites More sharing options...
argumentum Posted March 31, 2022 Share Posted March 31, 2022 $hFile = FileOpen(@ScriptDir & "\WM_Messages.txt") is better Also, for the clueless ( me ), add the DMMDCore3.au3 code. Thanks for sharing philpw99 1 Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting. Link to comment Share on other sites More sharing options...
philpw99 Posted April 3, 2022 Share Posted April 3, 2022 DMMDCore3.exe is part of DesktopMMD3 from Steam. It has thousands of dancing girls/mascots you can put on the desktop. The program was abandoned for over a year, and I want to add some features to it, hence the monitoring of its WM_COPYDATA messages. Right now I have made some progress, hopefully in the end I will be able to control the program with my own au3 scripts. argumentum 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now