SetWindowsHookEx - Dll Injection skips first few calls

Question

SetWindowsHookEx - Dll Injection skips first few calls

I am trying to use SetWindowsHookEx to capture API calls in java.dll.

So, I created another dll and injected all the other processes using setwindowsHookEx

g_hHook = SetWindowsHookEx (WH_CALLWNDPROC, JLoadSetFunc, g_hHookDll, 0)

The problem is as follows:

When I try to capture calls from a process, I notice that my dll is bound to this process after several hooked calls have already been made.

So the problem is that my connection mechanism misses the first few calls of the connected API.

Please suggest or comment on this issue to guide me. I am terribly stuck with this.

+4

c ++ winapi hook

Akash Jun 15 '09 at 8:36

source share

3 answers

Gili · Answer 1 · 2009-06-19T00:45:42+0000

I suggest the following:

Register your hook using SetWindowsHookEx ()
SendMessage () for a remote process using a special message that only your hook understands.
Repeat this until your hook answers
Call the code with which you want your hook to interact with

In short, wait for the installation to complete before attempting to use it.

Gynvael coldwind · Answer 2 · 2009-07-22T07:48:18+0000

@MSalters

A small correction: not in every process - it is loaded only for processes that import / use user32.dll, and not all use it (however, I agree that most processes really use it).

For more information, see Working with the AppInit_DLLs registry setting .

Msalters · Answer 3 · 2009-06-15T11:27:07+0000

There is a terribly dirty hack to load a DLL into each process using the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

SetWindowsHookEx - Dll Injection skips first few calls

More articles: