I'd like to keep track of the ActiveX controls created by some process. To simplify the problem, I'd first like to monitor the current process only. I want to do this so that I can check whether any ActiveX control supports IOleWindow and if so, whether a given HWND belongs to that ActiveX control (so that I can map HWNDs to ActiveX controls).
Does anybody have experience with this? My first idea was to use API hooking to monitor CoCreateInstance invocations, but I read that this doesn't work in all cases. Some Google research revealed http://www.pocketsoap.com/sf/activation.html which talks about installing a custom class factory - how would this work?
You may find you can find out what you need to know using the UI Automation and Active Accessibility APIs:
http://msdn.microsoft.com/en-us/library/dd317978(VS.85).aspx
If you are sure you need to do this, be aware of the following. CoCreateInstance is essentially a convenience function, which wraps CoGetClassObject and IClassObject::CreateInstance.
If you are going to use that technique you will therefore have to hook CoGetClassObject too, as the process may use it directly.
And of course there is no law saying any library or DLL cannot provide it's own convenience functions which bypass the COM registry altogether. The registry itself is a convenience - if you know where the DLL is you can use LoadLibrary, GetProcAddress to find DllGetClassObject and retrieve the class object without involving the COM libraries, and indeed without the DLL being registered at all.
I ended up hooking CoCreateInstance and CoGetClassObject to track all COM objects being created.
Related
I am trying to learn hooking and want to hook only an .exe's send/recv function.
I'm building the project as a .dll and then injecting it to the .exe
Edit: solved
There are 3 ways of hooking an API call as far as I know:
Inject a DLL in the application that will rewrite the Import Address Table containing the address of the API call, so that the application calls your function instead;
Write a dummy DLL with same name of the DLL with the API call you want to hook and place it in the applications's root directory, so it will load your APIs instead of the system's;
Detour the API call by rewriting it's code with a JMP yourfunc or something with similar effect.
Method 1 is pretty popular one, it's even described in the Wikipedia page about Hooking and in various examples if you Google it, like this one, or this one.
Method 2 is a bit tricky, you have to build a DLL with the same name and exports as the one you're mimicking, and bypass all the functions you're not interested in hooking and write custom code for the one you are. I find this method very clean because you don't have to modify memory, you don't have to explicitly inject this DLL using an external program, Windows just does it for you, and with a plus, it generally fly under the radar of anti-debug and anti-hack detection. Here is an example of how to do that (32-bit).
Method 3 is Microsoft's favorite. It has a particularly good advantage: You can hook any and every function, method, or virtual calls. It doesn't depend on the function being called externally to hook it, so it's very popular to hook DirectX methods for instance. This is the method used by FRAPS, Discord Overlay, Overwolf Overlay and pretty much every other software that either places an overlay in games or records gameplay. You don't need to use Microsoft Detours specifically, there's the generic alternative aswell.
I am new to .Net and hitting the brick wall trying to resolve this....
Having done enough googling for the past few days I've come across nothing but some vague (at lease for me) C# related info
Basically, I am trying to set up a few global hooks to carry out certain automation process. Since the development environment is VS2008 C++ windows forms, I started by compiling a native Dll to be injected by the calling prog. The strategy being for the callback proc in native dll calling a function in .Net program (or maybe a wrapper managed dll), passing the filtered raw data (keyboard/mouse/WM_create/etc) messages for further processing.
Question: How do I pass on the handle of such function(s) to my injected dll?
Is the managed wrapper dll path an easier choice or simply have the managed & native functions residing side by side in the main application?
I'll have to do a lot of Marshalling which is yet another dark side of the matter. Is there a link to precise documentation/examples of marshalling functions?
I thank you for your help in advance.
Mark
Have a look at 'Marshal.GetFunctionPointerForDelegate'
I'm trying to understand event hooks in C++. I know what an event is, I've used them a lot in Java, C# and Javascript.
What I'm having trouble with is finding the documentation, and tutorials on stuff like global hooks, dll injection, global hooks without a DLL.
Lets say that I wanted to iterate through the browser tabis in FireFox .. would I need to hope that FireFox has an API for C++? Or lets say I wanted to do something when a user opens a new tab would I need to use a hook that FireFox would provide in their API?
The above is just an example so people know what I'm trying to learn/understand. Am I thinking on the right ines?
I seen a post on a forum and for the past 2 hours I've took an interest. I always say that a tricky challange, or a new challange, makes a stronger programmer.
Any resources, or any help, would be very much appreciated.
C++ itself does not have events or hooks, but a lot of C++ libraries and frameworks implement them. For an example of generic events library, see Boost.Signals.
Some of the implementations allow their events to be seen by other applications, but the API is application-specific (e.g. for Firefox, see XPCOM).
Windows has a mechanizm of hooks that allows to monitor various events in its windowing system. However, it is an OS feature, not related to C++. As it's a system mechanizm, all Windows applications are affected even if they don't do anything for it. The documentation for Windows hooks can be found here. Also, since you mentioned "global hooks without a DLL", see SetWinEventHook, which is a higher-level API than Windows hooks linked above and can be used with hook functions both implemented in DLLs or EXEs.
Look up MSDN for SetWindowsHookEx. It should be your entrance in Windows hooks. If you ar etargetting a parituclar window for mthe system then a less intrusive option is SetWindowLongPtr. For the first API you are going to need some Dll injection - which gets automatically for you by the system. Just follow these steps:
Create a Dll that exports a HOOKPROC function (actual type dependent upon the hook tpe - read in the docs)
Load that Dll in your application and retrieve a pointer to the HOOKPROC function. LoadLibrary / GetProcAddress APIs may be used for this.
From your application, make a call to SetWindowsHookEx feeding in the appropriate parameters - this will inject the dll in the target process. So, the dll is now loaded into both your app's process and in the target process. So you will need a mechanism to IPC between the two processes probably. Lots of ways here - sockets, pipes, shared segment in DLL, filesystem, windows messages, COM servers + events, etc etc.
The former API, while less powerful, does not require DLL injection.
Choose wisely & good luck!
I dont think firefox would be having a C++ aPI to find the open tabs....
If you want to find out open tabs or whenever a new tab is open , you can basically hook the firefox window and get all events happening on that window to your hook procedure.
If you open spy++ in VC++ and track firefox window , you can see a new MozillaContentWindowClass gets created every time whenever a new tab is opened. So you can basically iterate through window handles and get information about open tabs.
You can use SetWindowLongPtr to set the subclass procedure for that window.
Is there a ready-to-use API (C / C++) in Windows Mobile ecosystem that I could use to generate a GUID? I am looking for simple one-shot API to do this. If there is a need to write a whole algorithm or use some extra 3rd-party modules, I will do away without this.
Background. To display notification to the user I use SHNotificationAdd, which requires a GUID for it. Examples in MSDN and other sources show that GUID is hard-coded. However, I want to wrap the SHNotification* within a class that blends well within the overall design of my application. MSDN is very shy on details on what SHNOTIFICATIONDATA->clsid represents. The "class" mentioned raise more questions than it answers.
Use CoCreateGUID() for Windows Mobile...
You don't need to generate a GUID for SHNOTIFICATIONDATA.
You only set the clsid if you want WM to notify a COM object that implements IshellNotificationCallback interface.
Quote from MSDN:
When loading up the SHNOTIFICATIONDATA
structure, you can specify either the
notification class (clsid), the window
to receive command choices (hwndSink),
or both. If you specify the clsid,
your COM component must implement
IshellNotificationCallback. If you
specify the clsid and an hwndSink,
both COM and Window Message-style
callbacks will be generated.
I've never personally used the COM callback, I always use the windows message callback. It's a lot easier to setup and use and you don't need to generate a GUID.
You could also use UuidCreate (which CoCreateGuid eventually calls).
I have a VB6 application that I don't have source code. This application uses third-party ActiveX controls. I want to automate these ActiveX controls. Is it possible to get the IUnknowns or Object references? For some of these, I can get the underlying HWNDs, but from what I can tell there isn't a generic way to convert these HWNDs to the ActiveX control.
Some testing software allows you to script VB6 applications with ActiveX controls. How do they do it?
Are these ActiveX controls in a separate DLL? If so, you can use OLE View (an VS 6.0 tool) to open the dll and view all the interfaces, coclasse and etc.
You might be able to using DLL injection via Microsoft Research Detours library. Basically you'd want to hook the cocreate for those specific controls. You will need to be ultra careful especially if you do anything cross-thread/cross-process (COM threading rules are vitally important).
On whole Detours is easy to use... but I've never tried it with COM routines. You might want to look at a different solution.
Also note that Detours has some licensing restrictions on it that may affect your ability to distribute it.
Testing software may well just send the appropriate WM_XXX messages to the particular windows in question (eg. WM_MOUSEMOVE).
Sorry to say but the VB6 EXE don't contain the manifests needed to pull out the COM objects it uses. You best bet is trying some of rbobby's suggestions especially about sending WM_XXX messages.